EU Product Liability Directive (EU PLD): what businesses need to know before 9 December 2026

The EU Product Liability Directive is changing. Directive (EU) 2024/2853, also known as the new EU Product Liability Directive or EU PLD, updates the EU rules on liability for defective products and replaces the previous Product Liability Directive 85/374/EEC.
The new rules apply to products placed on the EU market or put into service from 9 December 2026. Products placed on the market or put into service before that date remain covered by the previous product liability regime.
For manufacturers, importers, authorised representatives, fulfilment service providers, distributors, online platforms, software providers and businesses offering AI-enabled products, this is a major change. The PLD directive now reflects the realities of modern products: software, connected devices, cybersecurity, digital manufacturing files, AI functionality, remote updates and complex global supply chains.
For non-EU businesses selling products into the EU, the new Product Liability Directive makes it even more important to understand who is responsible in the EU, which documents must be available, and how product safety evidence is managed.
At 24hour-AR, we work with non-EU manufacturers entering the EU market. This guide explains Directive 2024/2853, what changes under the new EU PLD, and what businesses should do before 9 December 2026.

This guide is specifically for you if:

Directive 2024/2853 applies to products placed on the EU market or put into service from 9 December 2026.
The previous Product Liability Directive 85/374/EEC continues to apply to products placed on the market or put into service before that date.
This distinction matters for businesses with long product lifecycles, connected products, software updates, spare parts, refurbished products and product models that remain available for sale over several years.
Businesses should use the period before 9 December 2026 to review their product documentation, supply chain roles, authorised representative arrangements, software update procedures, cybersecurity controls and insurance coverage.

The new EU Product Liability Directive has a broader product scope than the previous directive.
Products include movable goods, even where they are integrated into another movable product or into immovable property. The definition also includes software, digital manufacturing files, raw materials and electricity.
This means the new Product Liability Directive 2024/2853 covers more than traditional physical goods. It applies to modern products where safety depends on software, data, connectivity, updates or digital instructions.
Examples include connected consumer electronics, smart appliances, wearables, software-controlled machinery, medical software, AI-enabled safety components, digital manufacturing files used for 3D printing, standalone software placed on the market, software integrated into physical products and products that receive remote updates.
Free and open-source software developed or supplied outside a commercial activity is excluded from the scope. Once software is supplied commercially, integrated into a commercial product, or provided as part of a business activity, that exclusion no longer applies in the same way.
Custom-built software should also be assessed carefully. Businesses should not assume that all bespoke software is automatically outside the PLD. The legal assessment depends on how the software is supplied, whether it is placed on the market or put into service, and how it interacts with a product.

Yes. Software is explicitly defined as a product under Article 4(1) of Directive (EU) 2024/2853, irrespective of how it is supplied: whether stored on a device, accessed through cloud technology or delivered via a software-as-a-service model. A developer or producer of software, including AI system providers within the meaning of the EU AI Act (Regulation (EU) 2024/1689), is treated as a manufacturer.

Related digital services are also relevant. A related service is not simply any digital service. It is a digital service that is integrated into or interconnected with a product in such a way that the product cannot perform one or more of its functions without that service.
This is important for connected products that rely on apps, cloud connections, remote monitoring, software updates or digital control functions.

The Product Liability Directive AI topic is also important because AI functionality can be assessed within the broader product liability framework. The Directive does not create a separate AI liability regime, but AI-enabled products and AI software can be assessed under the product liability rules where they qualify as products or components.
For AI-enabled products, defectiveness can include the product’s ability to learn, acquire new features or change behaviour after being placed on the market. This matters for AI-enabled medical devices, AI-powered machinery, autonomous systems, AI-based consumer products, smart safety systems and machine-learning software.
Cybersecurity is also now a product liability issue. A product can be defective where a cybersecurity vulnerability causes the product to fall below the level of safety that people are entitled to expect.
For businesses, this means software documentation, update logs, cybersecurity controls, AI safeguards and service dependencies should be part of the product safety file.

No. The EU Product Liability Directive and the AI Liability Directive EU are not the same thing.
The EU Product Liability Directive 2024/2853 has been adopted and is part of EU law. It applies to defective products, including software and AI-enabled products where they fall within the definition of product or component.
The AI Liability Directive EU was a separate proposal dealing with certain civil liability rules for AI. The European Commission announced its withdrawal in its 2025 work programme, and the proposal was officially withdrawn in October 2025.
This means businesses should not wait for a separate AI Liability Directive before preparing. AI-related product liability risk is already addressed through the new EU PLD, alongside other relevant laws such as the EU AI Act, the General Product Safety Regulation, sector-specific product safety rules and cybersecurity requirements.

A product is defective when it does not provide the safety that a person is entitled to expect or that is required under EU or national law.
The assessment of defectiveness is objective. It is not based only on whether the product works as intended. It looks at the level of safety the public is entitled to expect.
Relevant factors include the product’s presentation, foreseeable use and misuse, instructions and warnings, the reasonably expected lifespan of the product, applicable product safety requirements, cybersecurity requirements, software updates, AI learning capabilities, interactions with other products and related services that affect product safety.
A product is not defective simply because a better product is later placed on the market. A product is also not automatically defective just because a software update or upgrade is later supplied. The issue is whether the product provided the required level of safety at the relevant time.

The new EU PLD expands the list of parties that can be held liable. Article 8 of Directive (EU) 2024/2853 sets out the full liability chain. The manufacturer remains central, but the Directive also addresses modern supply chains and non-EU manufacturers. This means liability does not stop at the factory gate. It runs through your EU market access structure.

For products from outside the EU, this creates a practical liability chain. The exact outcome depends on the product, the parties involved and the facts of the case, but the key structure is clear: if the manufacturer is outside the EU, liability can move to EU-based parties such as the importer, authorised representative, fulfilment service provider, distributor or online platform.
For non-EU manufacturers, this makes the EU market access structure a liability issue, not only an administrative issue.

The new Product Liability Directive is highly relevant for EU authorised representatives.
Under Directive 2024/2853, authorised representatives can be part of the liability chain for products from non-EU manufacturers. This does not mean that every authorised representative is automatically liable for every product issue. Liability depends on the product, the applicable legislation, the appointment, the available EU economic operators and the circumstances of the case.
However, the role is no longer just an administrative detail in the product liability discussion. For non-EU manufacturers, this increases the importance of appointing a serious EU authorised representative with a clear mandate, proper documentation processes and a strong understanding of product compliance.
For authorised representatives, it increases the importance of clear contractual scope, access to technical documentation, document retention procedures, incident escalation processes, traceability, cooperation with authorities, post-market communication, insurance and risk allocation.
A reliable EU authorised representative is not just an address on a label. The role sits inside a wider compliance, documentation and product safety system.

The new EU PLD strengthens the position of injured persons in product liability cases.
Courts can order defendants to disclose relevant evidence under Article 9 of Directive (EU) 2024/2853. If a defendant fails to comply with a disclosure obligation, the court can presume that the product is defective. Well-structured technical files are a legal asset. Missing documentation is a liability.
The directive also includes presumptions of defectiveness that help claimants in specific situations:

This does not remove the need for evidence. It does make evidence management much more important for businesses. A company that cannot produce technical documentation, testing records, software update records, risk assessments, post-market surveillance records or incident response documentation is in a weaker position.
The new Product Liability Directive also covers more types of damage than the previous regime. Covered damage includes death, personal injury, medically recognised damage to psychological health, damage to or destruction of property with certain exclusions, and destruction or corruption of data that are not used for professional purposes.
The inclusion of non-professional data loss is especially important for software, connected products, consumer electronics, cloud-connected devices and AI-enabled systems.

The right to bring a claim expires 10 years after the product was placed on the market or put into service. A longer period of 25 years applies for personal injury cases where symptoms are slow to appear, such as latent health effects from certain materials or long-term exposure risks. The 25-year extension applies only to those specific personal injury cases, not to property damage or data-related damage.

The new EU PLD also deals with substantial modifications. A product that is substantially modified after being placed on the market or put into service can be treated as a new product according to Article 4(18) of Directive (EU) 2024/2853. A substantial modification is one that alters the product’s original performance, purpose or risk profile in ways not foreseen in the manufacturer’s initial risk assessment, and that changes the nature of the hazard, creates a new hazard or increases the level of risk.
This matters for refurbished products, remanufactured products, products changed by third parties, software updates, software upgrades, AI model changes, connected products updated remotely and products modified outside the original manufacturer’s control.
The key question is whether the modification affects product safety and whether the party making the modification should be treated as taking on manufacturer responsibility for the changed product.
For software-driven products, businesses need a clear process for classifying updates. Bug fixes, cybersecurity patches, feature updates and AI model changes should be documented carefully, especially where they affect safety-related performance.

Businesses selling products into the EU should prepare before 9 December 2026 by reviewing both their product compliance and their EU market access structure.
Key steps include:

For non-EU manufacturers, the new EU Product Liability Directive increases the importance of having the right EU market access structure.
You need to know who your EU economic operator is, whether you need an authorised representative, who holds your technical documentation, how product complaints are escalated, how software updates and cybersecurity patches are documented, how product safety evidence is preserved, who responds to EU authority requests, and who carries liability risk in your contracts.
A reliable EU authorised representative is not just an address on a label. The role sits inside a wider compliance and product safety system. Under the new PLD, that system becomes even more important.
At 24hour-AR, we help non-EU businesses understand their EU market access obligations, act as their EU authorised representative where required, organise product compliance documentation and prepare for the practical responsibilities that come with selling products into the EU.

Directive 2024/2853, the new EU Product Liability Directive, is one of the most important updates to EU product liability law in decades. It extends the Product Liability Directive EU framework to software, digital manufacturing files, AI-enabled products, cybersecurity-related defects and modern supply chain structures.
For non-EU businesses selling into the EU, the message is clear: product liability risk is no longer limited to traditional physical defects. Software, AI functionality, updates, documentation, cybersecurity, supply chain roles and EU representation all matter.
Businesses should use the period before 9 December 2026 to review their EU product compliance setup, technical documentation, authorised representative arrangements, supply chain contracts, insurance and evidence response procedures.
Need help preparing your EU market access setup? Contact 24hour-AR to discuss authorised representative support and product compliance documentation for the EU market.