Product Risks Today: Digital services in the scope of the new Product Liability Directive

Introduction

The new Product Liability Directive (PLD) marks a significant evolution in European liability law. While traditionally focused on physical products, the revised directive effectively expands liability to the providers of digital services to address today’s reality where product-related risks emanate from digitalisation and the Internet of Things as much as from a product’s physical features. One of the most notable changes is the introduction of "related services" as a potential source of product defectiveness. This shift has far-reaching consequences for both traditional product manufacturers and digital service providers, fundamentally altering the liability landscape.

This article examines the concept of related services within the PLD, its legal and practical implications, and the broader impact on businesses operating in the EU. For a more general overview please see our previous blog posts on the new rules here and on the key implications of the PLD for software and AI here.

The concept of related services under the PLD

The PLD introduces a new layer of no-fault liability for digital services that are integrated with or connected to physical products. Traditionally, product liability law has focused on the physical characteristics of a product at the time of its being placed on the market. However, modern products often rely on continuous interaction with digital services for core functionality. After the PLD will have been implemented by the EU Member States (which is due by 9 December 2026), both the manufacturer of a product and the manufacturer of a product component including a related service can be liable for a defect of such component or service (Article 8(1) in conjunction with Article 4(4) PLD). The rationale behind this inclusion is that these services can significantly influence a product’s performance and, by extension, its safety.

Under Article 4(3) PLD, a related service is defined as a digital service that is integrated into, or inter-connected with, a product in such a way that its absence would prevent the product from performing one or more of its functions. Examples for related services are given in recitals (17) and include the continuous supply of traffic data in a navigation system, a health monitoring service that relies on a physical product’s sensors to track the user’s physical activity or health metrics, a temperature control service that monitors and regulates the temperature of a smart fridge, or a voice-assistant service that allows one or more products to be controlled by using voice commands.

Although the term “digital service” is quintessential in defining the scope of products for which manufacturers can be liable under the PLD, it is not explicitly defined in the PLD. However, the recitals provide for some examples (see above), and adjacent laws such as the GDPR and the DSA can be used for guidance. Based on these points of reference, a digital service could be described as any service on the digital provision and transmission of data in the course of a commercial activity through devices enabling digital electronic processing and storage. The defining characteristic of a digital service lies in the continuous or regular transmission of data — distinguishing it from software.

The “control factor”: a key element of liability

A critical aspect of related service liability is the concept of “control” over the service. Both the manufacturer of the product and the manufacturer of the component (such as the provider of the related service) are only liable where the service was integrated into, or inter-connected with, the product within each manufacturer’s control (Art. 8(1) PLD). Manufacturers are considered to exercise control if they perform, authorise or consent to the integration, inter-connection or supply of a component like a related service (Article 4(5) PLD). This broad definition of control means that even if a manufacturer does not develop or operate the related service, they could still be held liable if they explicitly endorse or facilitate its use.

Key aspects of liability for products with related services

The PLD does not only introduce strict liability for products with digital elements but also tailors the prerequisites for a compensation claim to capture risks originating from combining a physical product with digital services:

• Test for defectiveness (Art. 7 PLD): A product is considered defective if it fails to meet safety requirements e.g. under EU law, including regulations such as the AI Act or the Cyber Resilience Act. Notably, AI’s ability to evolve post-deployment, combination-risks with other products and safety-relevant cybersecurity requirements are factored into the assessment of defectiveness. Even more importantly, the traditional “factory gate principle” is replaced by ongoing liability for as long as the manufacturer retains control over the product — such as through updates. This could create liability for related services for up to 25 years (subject to the limitation and expiry periods of Art. 16 and 17 PLD).
• Limited exemptions from liability (Art. 11 PLD): The PLD allows an exemption from liability where it is probable that the defect arose after the product was put on the market. However, in line with the concept of assessing defectiveness not at the factory gates but throughout the lifetime of a product where its manufacturer continues to provide updates (Article 7 PLD), a manufacturer cannot invoke this exemption from liability where the defect is due to a related service, software or the lack of updates. Thus, contrary to the statement in recital 51 that the directive does not impose an obligation to provide updates, the PLD effectively creates an obligation to provide safety updates for products with digital elements.
• Damage to private data qualifies as compensable harm (Art. 6 PLD): The PLD explicitly includes destruction or corruption of private data as damage that can give rise to a compensation claim, recognising the growing (cybersecurity) risks originating from inter-connected products.
• Disclosure of evidence (Art. 9 PLD): The PLD strengthens claimants' access to evidence by allowing courts to order manufacturers to disclose relevant technical information, including source code, where necessary to establish defectiveness. However, the evidence needs to be at the manufacturer’s disposal, i.e. the manufacturer of the product is not obliged to obtain evidence from the provider of the related service.
• Presumptions favouring claimants (Art. 10): The burden of proof is eased in cases where manufacturers fail to meet disclosure obligations or where technical complexity makes proving defectiveness excessively difficult for a claimant — an important shift for software-based and inter-connected products.

Conclusion and outlook

The PLD represents a fundamental shift in EU product liability law, acknowledging the critical role of digital services in modern products. By treating related services as potential sources of defectiveness, the directive expands both the scope and duration of liability for manufacturers and introduces new risks for digital service providers. With the increasing reliance on digital components in products, liability risks will continue to evolve, making proactive risk management essential for companies operating in the EU.