|
[To Eurosmart members only]
New AI liability rules and revision of the Product Liability Directive
Today [28 September], the European Commission presented two new legislations relating to Artificial Intelligence (AI) and liability:
-a proposal for a directive on liability rules for AI
-a proposal to revise the old Product Liability Directive
When presenting these texts, Justice Commissioner Didier Reynders made clear that these proposals target new technologies, in particular, AI systems. The aim is to ensure that consumers can claim damage in case AI systems are involved. The opacity, autonomy and complexity of AI systems make it difficult for a victim to prove that a defect in an AI system caused the damage.
AI Liability Directive
The AI Liability Directive concerns cases where there is wrongful behaviour on the manufacturers’ side, for instance, if they failed to comply with the AI Act. In this respect, the AI Liability Directive does not cover no-fault liability (defective product but no wrongdoing), which is the scope of the Product Liability Directive. However, the AI Liability Directive foresee that in five years, the Commission will assess the need for no-fault liability rules for AI-related claims.
The AI Liability Directive includes a very broad interpretation of damage. It corresponds to all types of damage that can be found in national laws. For instance, discrimination can be considered damage. The AI Liability Directive will make it easier to claim compensation for someone victim of discrimination in a recruitment process.
Likewise, the liable person can be not only the manufacturer of an AI system but also the user, depending on national laws.
Overall, the AI Liability Directive will make it easier for a victim (claimant) to prove that someone’s fault led to the damage. It introduces two key features:
1) Presumption of causality
Presumption of causality means that the victim does not have to explain how harm was caused in detail. National laws usually require the victim to prove a fault by the liable person and a causal link between the fault and relevant damage. Proving such a causal link can be quite difficult in the case of AI systems. This is why the Commission introduced this presumption of causality. National courts shall presume the causal link between the defendant’s fault (e.g., manufacturers’ fault) and the output produced by the AI system (that led to damage). However, the defendant can still fight such a claim by proving that another element caused the damage.
The text distinguishes high-risk AI systems from non-high risk AI systems:
In the case of non-high risk AI systems, national courts shall apply the presumption of causality only where it is excessively difficult for the claimant to prove the causal link. The presumption of causality is still subject to some conditions:
-the claimant must demonstrate that the defendant did not comply with requirements laid down in EU or national law
-it can be considered reasonably likely that the fault has influenced the output produced by the AI system
-the claimant must demonstrate that the output produced by the AI system gave rise to the damage
In the case of high-risk AI systems, it is easier for the claimant to trigger this presumption of causality. If the victim can show that the defendant did not comply with certain requirements of the AI Act, national courts can presume that this non-compliant system led to the damage. This includes non-compliance with the requirement of accuracy, robustness and cybersecurity.
2) Right of access to evidence
In the case of high-risk AI systems, the AI Liability Directive establishes a right of access to evidence. Victims are entitled to access the AI documentation, information and logging. However, the Directive also foresees limits to this right, including the protection of trade secrets and national security.
Member States would need to transpose this new AI Liability Directive two years after its entry into force.
Revision of the Product Liability Directive
The Product Liability Directive concerns cases of no-fault liability, i.e., a defective product caused damage but without fault on the manufacturer’s side. The Product Liability Directive was adopted in 1985. The Commission deemed the text too old and unfit for current trends, such as circular economy (refurbished products), digital technologies, and online marketplaces. The revised version of the Product Liability Directive intends to address these shortcomings.
First, software is defined as a product. The developer or producer of software should be treated as a manufacturer. Services can be considered components of products, where relevant. This is the case where the absence of the service would prevent the product from performing one of its functions, for instance, the continuous supply of traffic data in a navigation system.
Secondly, data loss or data corruption is now considered damage on the basis of which a victim can claim compensation. Thus, this is a new category of damage added alongside death, personal injury, damage to or destruction of property. The Directive also explicitly states that personal injury includes medically recognised damage to psychological health.
Thirdly, the definition of “defective product” is adjusted. Thus, a product can be found defective on account of its cybersecurity vulnerability. In most cases, a manufacturer’s liability only applies if the product was defective when it was placed on the market, as used to be the case in the original Product Liability Directive. However, in some cases, the manufacturer is still responsible after the product has been placed on the market and if a defect arises afterwards. For instance, manufacturers are liable for damage caused by their failure to supply software security updates or upgrades if the product is still under their control.
The new Product Liability Directive sets a time limit on manufacturers’ liability. Claims can take place 10 years following placement on the market or 15 years where the symptoms of a personal injury are slow to emerge (according to medical evidence).
Fourthly, the revised Directive clarifies responsibilities. In case a manufacturer integrates a defective component from another manufacturer (e.g., defective software), the injured person can seek compensation for the damage both from the manufacturer of the final product and from the manufacturer of the component. All parties can be held liable jointly or severally.
For circular economy, the revised version lays down clear liability rules for companies that substantially modify a product. These news provisions are particularly useful for refurbished products, such as refurbished smartphones. A product that is substantially modified outside the control of the originated manufacturer is considered to be a new product.
The new Product Liability Directive puts EU and non-EU manufacturers on equal footing for imported products. If consumers are injured by unsafe products imported from outside the EU, they can turn to the importer or the manufacturer’s EU representative for compensation.
Finally, manufacturers must disclose evidence, and the burden of proof is alleviated for victims in complex cases, such as those involving pharmaceuticals or AI.
Member States would need to transpose this Directive 12 months after its entry into force.
Next steps
The European Parliament and the Council will review the text and adopt it.
|
