Product liability 2.0: when software becomes a product

Content:

Who will be affected by the changes?
What changes will be made?
Actions required for companies

The liability of companies for the products manufactured by them is facing a fundamental change: With the EU Directive (EU) 2024/2853 on liability for defective products and on the repeal of Directive 85/374/EEC, the existing liability regime is, for the first time, to be comprehensively extended to the digital world.
The Product Liability Act defines who is considered a manufacturer of products and how he is liable for damage caused by defective products – even without the need to prove negligence on his part. Typical claims for liability include, for example, material or design defects.

Who will be affected by the changes?

As of 09 December 2026, the regulations will apply to all new products placed on the market from that date onwards.

This may particularly affect:

  • Manufacturer, developers and providers of digital solutions
  • Retailers and online Shop Operators
  • Importers, suppliers and fulfilment service providers and
  • Platforms and providers of private labels

According to the German Product Liability Act, a manufacturer is defined as anyone who manufactures a product, a raw material or parts of a product, or provides software and digital services that are essential for the product.

In addition, a company may be held liable as a quasi-manufacturer if it places a product on the market under its own name or brand – such as retailers with private labels or platform operators who sell products with their own branding. As a result, EU-based retailers or other actors involved in the supply chain may also be affected.

Furthermore, the number of liable parties along the supply chain will be expanded. In the future, importers, suppliers and fulfilment service providers may also be subject to liability, especially if there is no manufacturer based in the EU or where the manufacturer cannot be identified. In such cases, multi-tiered liability mechanisms applies. Importers regularly take the place of the manufacturer for products from third countries, suppliers may be liable if they do not name the manufacturer or importer, and fulfilment service providers may also be covered, for example in the case of direct sales via online platforms without an identifiable responsible economic operator within the EU.

What changes will be made?

1. Implementation of the German legislator

The Government's draft law contains the following new regulations:

a. Product Term
The previous definition of a product, which was limited to physical objects, is being expanded to cover software and digital design documents, e.g. operating systems, firmware, computer programs and applications of AI systems.

Defects in software, digital components or necessary updates may also constitute a product defect in future.

b. Extensions of liability
The scope of application of the Product Liability Act will be extended to so-called "related services". These are services (often software or apps) that are essentially linked to a physical, networked product. They control, supplement or update its function, whereby data is exchanged. This may mean, for example, that in the event of damage caused by a vehicle due to a fault in a navigation service, both the vehicle manufacturer and the provider of the navigation service could be held liable.

In addition, liability will be extended to the cases of adapted products. Anyone who performs "substantial modifications" to a product that has already been placed on the market will henceforth be liable as the manufacturer of the modified product in the same way as the original manufacturer.

Finally, the liability limits for personal injury are being abolished, meaning that liability risks will subsequently be unlimited.

c. Easened evidence requirements for injured parties

The extended liability is reinforced by facilitations the requirements of evidence for injured parties. Manufacturers will in future be obliged to disclose how software operates, provided this is necessary to establish the causal link between the software and the damage. If the manufacturer refuses to provide this information, it is presumed that the software has malfunctioned. If a defect in a product is established and a breach of a legal interest is typically attributable to this defect, companies must disclose evidence upon the order of a court to which the injured party has applied. These measures serve exclusively to examine whether the product defect actually caused the damage and take into account the protection of the company’s trade secrets.

Actions required for companies

The tightened regulations of the new Product Liability Act make it necessary to adapt operational processes at an early stage.

In particular, companies should:

  • review and adjust contracts with manufacturers and suppliers,
  • draft terms and conditions for digital products in a legally compliant manner,
  • examine their role in the supply chain for classification as a manufacturer or quasi-manufacturer, 
  • strengthen documentation and compliance processes, and
  • establish internal structures for the preservation of evidence, for the documentation of product development, software changes and tests, in order to be able to present the causes in a comprehensible manner in the event of a claim.
    .

We stand ready to check whether your company is affected by the legal changes and which specific measures would be appropriate.


Author: Dr. Karolin Nelles
Author: Charlotte Wagner