I Introduction

The subject of this contribution is product liability in the context of the Principles of European Tort Law, which, as is well known, do not contain provisions that explicitly address liability for damage caused by defective products. An explanation of this state of affairs can be found in the commentary to art 4:202 PETL.^[1] It is stated that a specific product liability rule would be superfluous in view of the harmonisation already achieved in Europe by means of Directive 85/374^[2] (henceforth: PLD) and that it was not the intention of the drafters of PETL to change or replace the harmonised European product liability regime with an enterprise liability rule.^[3] From PETL’s point of view, the product liability regime harmonised in the European Union falls under ‘other strict liabilities’, governed by national law, to which art 5:102(1) PETL refers.^[4] Despite this, discussing product liability in the context of PETL still makes sense, as an expression of the conviction that PETL is not a completed project, but may and should evolve as the law, the economy and technology develop.

As can be seen from the commentary to the PETL, leaving a gap in the instrument was not the intention of its drafters, and PETL and product liability regimes were treated as complementary. However, it is worth examining whether now, in view of recent developments, harmonised European law leaves any significant gaps in the protection of potential victims. If such gaps are identified, it should be examined whether the PETL in their current form can fill them. This is what the first part of the article will be devoted to, preceded only by a brief explanation of the nature of producers’^[5] strict liability. In the second part of this work, I examine whether the proposed new product liability directive can fill the existing gaps and restore the state of affairs intended by the drafters of the PETL, in which the Principles, together with European law, comprise a coherent system to protect the interests of potential victims.

II Basics of product liability

It is, of course, impossible to cover all aspects of product liability and its relationship to the PETL in a short paper, so I will focus on those that seem most important.^[6]

The simplest explanation of the essence of product liability under current European law is that the manufacturer of a tangible product is obliged to repair harm caused by a defect in its product which existed at the time it placed the product on the market (arts 1, 2, 4, and 7 PLD). It is irrelevant whether the manufacturer acted with due care when manufacturing and marketing the product – the liability arises from the mere fact that it produced and placed on the market a product that was at that moment defective, and this defect caused somebody’s harm. The liability is, therefore, usually categorised as strict.

It is instantly evident that such a simplified product liability rule is incomplete and incomprehensible unless one at least clarifies what it means for a product to be defective and what constitutes reparable harm. The first issue is the core of the matter. The producer or manufacturer is not liable for every damage caused by a product, but only for the damage that is the result of a product defect. The current laws in the European Union follow art 6(1) PLD, which states that ‘a product is defective when it does not provide the safety which a person is entitled to expect, taking all circumstances into account’. This wording has often been criticised for its ambiguity. It can be interpreted to mean that the required level of safety of a product is determined by the actual expectations of those exposed to it. However, it can also be interpreted in such a way that there are ‘legitimate’ and ‘illegitimate’ safety expectations, and that the product must only meet the former. This, in turn, opens a discussion about what or who determines what the ‘justified’ expectations are, and in particular whether the cost-benefit ratio can be invoked in this reasoning. Some divergences on this point are indeed emerging in the case law of the Member States or, in one case, a former Member State.^[7]

A further distinctive feature of the European product liability regime, though for the time being practically less important, is the admissibility of the so-called development risk defence (art 7(e) PLD, the implementation of which was optional, but most countries have used this option). This means that liability for damage is excluded despite a defect in the product if, at the time the product was marketed, the defect could not be discovered in the light of the current state of scientific and technical knowledge. However, the admissibility of this defence does not alter the fact that the producer’s liability does not depend on an assessment of its conduct. It allows the producer to escape liability by proving that the state of scientific and technical knowledge at the time when it put the product into circulation was not such as to make it possible to discover the existence of the defect. Thus, what really is the subject of assessment is still the product (its defectiveness) and not the producer’s conduct.

When it comes to harm, the PLD covers damage ‘caused by death or by personal injuries’ and ‘damage to, or destruction of, any item of property other than the defective product itself’, the latter being applicable, however, only to damage to property used for private purposes (art 9 PLD).

It is also worth noting that product liability may be borne not only by the producer of the final product or the manufacturer of the material or parts from which it is made, but also by the importer of the product into the Union, and that other intermediaries (suppliers of the product) may bear subsidiary liability (art 3 PLD). The suppliers are liable, so to speak, ‘in place of’ the producer or importer when they are unknown.

III Limitations of the PLD – can the PETL overcome them?

The imperfections and limitations of product liability law, especially resulting from technological developments, have already been widely analysed. They have been recognised in the preparatory work of the European Commission^[8] and discussed in more detail in the Commission’s Expert Group report.^[9] Among others, the European Law Institute (ELI) addressed these issues in the course of the European Commission’s Public Consultation on Civil Liability,^[10] as well as in ELI’s proposal of a revised directive.^[11] I will briefly list the most important of these shortcomings.

Firstly, European law leaves digital products and their manufacturers outside the scope of its application, even if they are manufactured in the course of a business, distributed in large quantities and contain defects capable of causing damage. The definition of a product in the PLD and the way it has been implemented into national laws leave little room for arguing that non-tangible goods can be products within the meaning of these provisions (for the current proposal for reform of the PLD, see below IV).

Secondly, for either digital products or products using software, it is difficult to set an ‘expected level of safety’, the non-achievement of which constitutes a defect, particularly where cybersecurity is concerned. Clarifying the concept of ‘defect’ to such a level that it becomes operative is not easy in general, but for such a rapidly evolving industry and volatile risks, it is particularly difficult.^[12]

Thirdly, both digital products and those tangible products that work thanks to software are no longer marketed once and then left unchanged. They are subject to changes made by or under the control of the manufacturer through software updates and upgrades. These changes can result in the product acquiring unsafe features that it did not possess when it was put on the market, for which the producer is currently not responsible due to the defence in art 7(b) PLD. The same is true for products whose performance changes because of data obtained from the user or from the environment.

Fourthly, this changing nature of products, as well as their dynamic development and rapid marketing, can create a problem due to the admissibility of the development risk defence. Although it currently does not play a significant role, it may become – in a way probably unintended by the legislator – an important instrument for producers to evade liability.

Fifthly, the limitation of compensable harm to damage to property used for private purposes is becoming increasingly problematic, as economic changes (phenomena such as self-employment or the gig economy) make the distinction between ‘private’ and ‘business’ property unclear and expand the sphere of mixed-use property. Furthermore, it is uncertain whether damage to intangible property (such as data) is compensable in the European regime, considering the provisions that implement the PLD in most countries. There is also, I think, no basis for claiming compensation for non-economic loss caused by an interference with personal data in this regime. They do not constitute ‘property’ and their infringement does not constitute ‘personal injury’.^[13]

Sixthly, the victim’s burden of proving defect and causation is becoming increasingly difficult to discharge, especially when it comes to damage caused by systems composed of interoperable devices coming from different manufacturers or by software defects that are difficult to detect. It can be virtually impossible or very time-consuming and costly to produce evidence, which makes victim protection illusory. This is especially troublesome in those cases where such evidence is more readily available to the defendant manufacturer.

Seventhly, an important new category of players has emerged in the global economy that are neither producers, importers nor suppliers, yet their role is at least similarly significant: online platforms which allow users to conclude distance contracts. They are not parties to the contracts, but sometimes exercise significant control over the sellers and are the only entity known and available to the victim capable of redressing the damage.^[14]

As can be seen from this brief overview, the PLD and its national implementation will not provide protection to a victim whose computer was damaged because the game she bought and installed had a bug that caused the graphics card to overheat. The game is not a product, at least if it is downloaded (and it would still have to be examined whether the victim used the computer mainly to write research papers). A robbed homeowner whose alarm shut off due to an error in a firmware update will not be compensated either under these rules. The alarm was not defective at the time it left the factory. A victim of hacking must expect the court to demand proof that their computer’s software did not provide sufficient security, including a determination of what level of cybersecurity was appropriate at the time, which may prove difficult or impossible. Someone who got electrocuted when charging a phone with a charger made outside the EU and bought on a global trading platform will find out that they can sue the manufacturer at the other end of the world, if they can identify it at all, and not the trading platform, because the platform only put them in touch with each other and provided storage and delivery of the good, but did not manufacture, import, or sell it.

These shortcomings do not render the PLD incapable of fulfilling its functions. It continues to provide protection to those harmed by traditional products in typical situations. Rather, there is a growing sphere of products and the damage they potentially cause is not covered under this regime; however, it should be, in light of the rationale behind the PLD. In many cases, the producers may still be liable under some national liability rule, either under strict liability (if the system in question knows a sufficiently flexible rule for this liability) or fault-based liability, with a suitably objectivised concept of fault and simplified proof of it. However, this will result in legal uncertainty for victims, different levels of protection in different countries and different burdens for businesses selling their goods in these countries.

Would the system of the PETL, as it stands, provide protection to a victim of a product who does not enjoy this protection under the European regime? The question is, of course, theoretical in that the PETL do not constitute binding law, but they are conceived as a model for such law. They can, therefore, be subjected to the test of completeness, ie the ability to respond adequately to various cases of damage that may require redress.

The Principles do not have a specific rule on product liability. The strict liability rule they adopt (art 5:101 PETL) is extremely narrow and will not cover the case of producing and marketing a defective product. The prerequisite for their application is the performance of an activity that is abnormally dangerous, that is it creates a foreseeable and highly significant risk (in terms of seriousness or likelihood) of damage even when all due care is exercised in its management, and is not a matter of common usage. Obviously, producing and marketing products is not an abnormally dangerous activity. Most (not all) cases of the release of a defective product could be avoided with careful design, production, and quality control. The main practical sense of framing this liability as strict is that the issue does not need to be investigated or proven, although of course it also ensures that the manufacturer is liable for those instances of defects that could not have been avoided by acting diligently (subject to the development risk defence).

In the most general terms, damage caused by products can be remedied according to art 4:202 PETL, concerning enterprise liability. According to this rule, ‘a person pursuing a lasting enterprise for economic or professional purposes who uses auxiliaries or technical equipment is liable for any harm caused by a defect of such enterprise or of its output unless he proves that he has conformed to the required standard of conduct’. Since there is a reference to the output of the enterprise, it is safe to assume that entrepreneurs engaged in manufacturing activities (manufacturers within the meaning of the PLD) may be the addressees of claims under art 4:202 PETL if they use auxiliaries or technical equipment in their operations. For the purpose of this liability mechanism, ‘defect’ is defined in para 2 of the same article as ‘any deviation from standards that are reasonably to be expected from the enterprise or from its products or services’.

Interestingly, if one compares the recitals of the PLD and the commentary to art 4:202 PETL,^[15] the rationale of both rules seems to be quite convergent. It boils down to the fact that the activities of the enterprise or producer create a risk for third parties, the entrepreneur/producer has control over this risk and benefits from its operations. Both the introduction of strict liability in the PLD and the reversal of the burden of proof in art 4:202 PETL serve, among other things, to relieve the injured party of having to establish how the defendant’s conduct contributed to the damage. To this end, both rules pursue, of course, different routes.

Discussing art 4:202 PETL in detail is not the subject of this contribution. For its purposes, it will suffice to highlight a few features that make this rule either similar to or different from the strict product liability rule.

Article 4:202 PETL applies only to an entrepreneur who uses auxiliaries or technical equipment – this limitation is not present in product liability law, at least as interpreted by the Court of Justice.^[16]

Article 4:202 PETL does not define in which economic role an entrepreneur is to act. It could, therefore, include producers, it mentions ‘products’ explicitly after all. It is not entirely clear whether it could also refer to commercial intermediaries, which do not seem to be excluded.

Neither does it define the output of the enterprise, in particular its product, so it does not limit this concept in any way, and furthermore it treats products and services alike.

The article in question concerns damage caused by a defect of an output of an enterprise and a defect is any deviation from standards that are reasonably to be expected from that enterprise’s products. The two regimes appear to be similar in this respect, as they both refer to expectations (and both definitions of defect are similarly open-ended), but the similarity is somewhat misleading. The assessment of a defect under the PLD is objective, independent of the characteristics of the producer or their enterprise, it relates only to the characteristics of the product, its purpose, its presentation, etc, whereas the assessment under art 4:202 PETL is more subjective – it relates to standards reasonably expected from the enterprise, so it takes into account the characteristics of the enterprise, its scale of operations and so on.^[17]

Article 4:202 PETL is not limited to situations where a product defect already existed at the time the product was placed on the market. It is hence possible to argue that an entrepreneur is liable for the consequences of such defects that arose after the marketing of the product if the required standard of conduct demanded that it react, for example by recalling the product or warning buyers. This aspect is currently ignored in European product liability law. Moreover, if the damage results from the entrepreneur’s actions that took place after the sale of the product, the rule applies to those actions as well.

The duty to remedy extends to any harm, although this conclusion may be modified by art 2:102 PETL, concerning protected interests. Importantly, art 2:102(2) PETL mentions human dignity and liberty, which paves the way for protection against personal data violations, and art 2:102(3) PETL explicitly names property rights in intangible property.

Most importantly, however, the entrepreneur’s liability under art 4:202 PETL is based on fault (intentional or negligent violation of the required standard of conduct); only the burden of proof is shifted to the entrepreneur. The defendant can therefore escape liability for a defective product by demonstrating its own (and its staff’s) due care – in conformity with the required standard of conduct.

As to those prerequisites of liability which are common to both regimes, the burden of proof is distributed similarly – in both cases, the victim must prove the defect of the product (albeit understood slightly differently, as mentioned above), the damage and the causal link between the two.

Thus, the advantages of art 4:202 PETL, in the context considered here, are that it covers digital products and does away with the need to distinguish between a product and a service, which can be problematic in relation to software, given the different ways in which software is made available for use in contemporary trade. As was mentioned before, it lends itself to be interpreted in such a way as to cover defects that arise after the product has been put on the market. It also does not create difficulties in remedying damage other than personal injury or damage to consumer property.

However, the enterprise liability in PETL has two drawbacks similar to those of the current harmonised product liability regime: it requires clarification of what constitutes a defect in relation to a particular type of product (which is even more difficult here, as the characteristics of the producer in question must be considered). And it also requires the victim to prove the defect and the causal link. Furthermore, being a fault-based liability rule, it does not provide the victim with the same level of protection where product defects result from events outside the sphere of the manufacturer or arose despite the manufacturer’s exercise of due care. In essence, art 4:202 PETL introduces a two-pronged test. First, the product must be found to be defective, ie not meeting the standard applicable to the enterprise’s output. This proof – both as to the standard and the failure to meet it – is borne by the victim. Next, it is important to know what caused the defectiveness, and in particular whether it was the entrepreneur’s failure to meet the required standard of conduct. In this respect, the burden of proof is on the producer. The first issue is more objective (relating to the characteristics of the product, although qualities of the enterprise also play a role), the second is more subjective in the sense that it relates to the defendant’s conduct. When the claimant has proven that the product in question was defective, the reversal of the burden of proof of fault has the following consequences. If the cause of the defect is established in the proceedings and the defect was not the result of the entrepreneur’s misconduct (that is, if compliance with the standard of conduct would not have prevented the defect), liability does not arise. If, however, the evidentiary proceedings have failed to clarify what the exact cause of the defect was, the entrepreneur can still avoid liability by proving that it acted in accordance with the applicable standard. Thus, the model adopted in art 4:202 PETL means that the risk of harm due to product defects rests with the injured party in two types of cases. First, when the defect was not caused negligently by the manufacturer. Second, when the cause of the defect could not be ascertained, but the manufacturer exercised all required care. Producing evidence that it met the required standards may be difficult for the producer, but not impossible, especially if there are widely accepted and certified procedures and standards for the industry in question. In contrast, in the case of liability in a PLD regime, defects resulting from causes external to the manufacturer’s enterprise, or causes that remain unknown, are attributable to the manufacturer, and proof of compliance with the required standard is irrelevant. The limit of liability (in jurisdictions that allow this defence) is the demonstration that the defect could not have been discovered even with the utmost knowledge.

This means that, in my view, art 4:202 PETL is not a fully adequate substitute for product liability and will not help where the PLD fails. This is even more evident in relation to persons other than the manufacturer – intermediaries of all kinds, importers or online marketplaces. While in theory the provision can also be applied to them if they are running a lasting enterprise, in practice its application is unlikely to have the desired effect. They would not be liable in place of the producer for the defect of the product, as they are under the PLD. To succeed with a claim against them, one would have to show a defect in the operation of such an intermediary, and this operation does not usually affect the safety of the product. And that makes this option of seeking redress lose all its charm.

It is safe to say that art 4:202 PETL goes as far in protecting the victim as fault-based liability can go. It is not possible to provide protection to victims in the situations described above by means of liability based on a violation of a standard of conduct. What is required is a rule on strict liability. It does not, however, appear to be possible to introduce a liability rule into the PETL which would specifically apply to product damage, be independent of fault, neutral as to the types of products covered, and address the manufacturer’s continued control over the product after the sale, without compromising the nature of the PETL, which seek to avoid excessive specificity. Covering this case with a general strict liability rule does not seem easy either, and in any case would require a fundamental reconstruction of art 5:101 PETL.

IV If not PETL 2.0, then perhaps PLD 2.0?

Since 2018, the European Commission has been working on a package of legislative proposals which were expected to, among other things, address the shortcomings of the product liability rules identified above. The result of this work is a new Proposal for a product liability directive, announced at the end of September 2022.^[18] It seems that many of the problems identified above would be solved by its adoption.^[19]

Article 4(1) of the Proposal makes it clear that software (as well as digital manufacturing files) is a product, creating the possibility for producers to be liable for damage caused by defective computer programmes. Amendments proposed by the Council would make it clear that the only software sensu stricto (so-called functional software and not pure information or source code) is covered and that software does not necessarily have to be ‘delivered’ in a traditional sense.

Furthermore, the Proposal adopts a much more flexible approach as to the issue of the timing of the defect, taking into account the extended period of the producer’s influence on the properties of the product. In principle, the manufacturer is relieved of liability if it proves the probability that the defectiveness that caused the damage did not exist when the product was placed on the market (art 10(1)(c) of the Proposal). However, this defence will not work if the defectiveness of the product is due to, among others, software updates or upgrades within the producer’s control or lack of such updates or upgrades, when they were necessary for safety reasons.

The proposed new definition of damage (art 4(6) of the Proposal) broadens the scope of this concept in two ways. Mixed-purpose goods are clearly to be protected (the limit is to be exclusively professional use), and ‘loss or corruption of data that is not used exclusively for professional purposes’ is added to the list of categories of loss, although it is not clear whether this includes consequences of the leakage of data.

The proposed definition of defectiveness (art 6 of the Proposal) at its core (‘does not provide the safety which the public at large is entitled to expect’) is not much clearer than the existing one and will leave some doubt, but this seems unavoidable, as the assessment must be up to the judge on a case-by-case basis. However, a more extensive list of guidance as to the circumstances to be considered in this assessment will certainly be helpful. It includes the product’s interaction with other products, its ability to learn and develop, the further influence of the manufacturer on the product’s characteristics, and it addresses the relationship between the concept of product defectiveness and the public law requirements for product safety. If such standards were to emerge with regard to cybersecurity in particular, they would make it easier to apply product liability law to modern devices.

The Proposal not only retains the development risk defence,^[20] with a new emphasis on the objective nature of the knowledge forming the reference point, but makes it mandatory rather than optional (art 10(1)(e) of the Proposal).^[21] However, it does not, or at least not explicitly, address the issue of the admissibility of this defence in cases where a product has acquired unsafe properties as a result of learning or data acquisition during use. It is clear from art 6(c) of the Proposal that these capabilities of the product are to be taken into account when assessing its defectiveness, but this does not seem to exclude finding such a defect undiscoverable. And that, in my opinion, should be excluded.

An important part of the Proposal is a set of rules aiming at facilitating proof of a defect and a causal link between the defect and the damage (arts 8 and 9 of the Proposal). They consist of a provision allowing the injured party access to evidence in the possession of the defendant and of presumptions that make it easier to prove either a product defect or a causal link. The most general and practically important of these rules, providing for a rebuttable presumption of defect or causation in the event of excessive difficulty in proving them (art 9(4) of the Proposal), still needs some refinement,^[22] but the current draft is a good starting point.

The least successful point of the Proposal, in my opinion, is the attempt to address the liability of a new category of commercial intermediaries – online platforms. In the hierarchy of entities potentially liable for damage (art 7 of the Proposal), they have been placed at a very distant place, inadequate to the role they may play in bringing defective products into the Union and to the safety expectations that consumers develop as a result of their involvement in the dissemination of the product. At the same time, fulfilment service providers, whose definition (art 4(14)) is so broad that it also includes entities that have virtually no control over which products enter the European Union, are placed higher in this catalogue. The list and order of potential liable entities therefore requires further consideration.^[23]

V Conclusions

Subject to the doubts indicated above, if the proposed directive comes into force and closes the gaps in the protection of potential victims, the situation will once again be as the authors of PETL perceived it – the Principles will be complete in a sense that, together with the harmonised law, they will form a comprehensive and coherent system. Although, as we know, the road from the proposal for a directive to its entry into force is a long and hard one and not every legislative initiative has survived the ride, the good pace of work on the new directive allows one to be optimistic.