Log in Sign up
← Global AI Risk & Regulation

Updated

EU AI Liability Directive Withdrawn — Revised Product Liability Directive Now the Primary Framework

The EU AI Liability Directive was withdrawn by the European Commission on October 6, 2025 after failing to reach political agreement. Its intended protections — presumption of causality and disclosure obligations — are now partially covered by the revised EU Product Liability Directive (2024/2853), which is now the primary EU framework for AI-caused harm.

What the Revised PLD Changes for AI Liability

Software as a Product

From December 9, 2026, software including AI systems is explicitly treated as a "product" under EU strict product liability law. Providers face claims without claimants needing to prove fault. This applies regardless of delivery method (installed, SaaS, API).

AI-as-a-Service Covered

Liability extends as long as the provider retains control via updates and patches. This captures cloud-delivered AI systems that are continuously updated.

Privacy-Related Harms

Privacy harms from AI-linked data breaches are explicitly recoverable alongside personal injury — a significant expansion from the 1985 directive.

Evidence and Disclosure (PLD Article 9)

Courts can compel AI vendors to disclose training data, source code, and test reports. Vendors whose documentation is inaccessible face an independent presumption of defect.

AI Act Non-Compliance Triggers Defect Presumption (PLD Article 10(2)(b))

If a claimant demonstrates that an AI system does not comply with the EU AI Act, a presumption arises that the product is defective. The defendant must then disprove the presumption. This makes AI Act compliance a civil liability shield, not merely a regulatory obligation.

The Provider-Deployer Distinction

  • Provider (places AI on market under own name): faces strict liability under the revised PLD
  • Deployer (uses AI in business context): faces fault-based tort liability under national law (e.g., §823 BGB in Germany) if it operated negligently
  • Both can face claims simultaneously; the deployer may seek indemnification from the vendor contractually

Inadvertent Provider Status

A deployer that substantially modifies an AI system — by fine-tuning on company data, changing its intended purpose, or deploying under its own brand — automatically becomes a provider under the EU AI Act and assumes full strict liability obligations under the PLD. This shift is automatic; no notification triggers it.

German Transposition

Germany's Federal Ministry of Justice published the draft transposition law (ProdHaftG-E) in September 2025. The transposition deadline for all member states is December 9, 2026.

Insurance Implications

The AI insurance market is projected to grow from USD 5.3 billion (2024) to USD 45 billion by 2035 at a 21.5% CAGR. Standard professional and product liability policies increasingly exclude AI-specific risks. Nine in ten businesses express interest in dedicated GenAI liability coverage.

Sources