Product Risks Today: The draft implementation bill of the EU Product Liability Directive

I. Introduction

With the adoption of the new EU Product Liability Directive 2024/2853 (the Directive) in December 2024, EU Member States must transpose its provisions by 9 December 2026. In response, the German Federal Ministry of Justice has just presented a draft implementation bill (the Draft Bill) on 11 September 2025. Rather than amending the existing German Product Liability Act, the Draft Bill introduces an entirely new statute, reflecting the Directive’s full harmonisation approach and substantially modernising German product liability law.  Both the old and new product liability regimes are based on a strict (no-fault) liability standard, under which a claimant in principle only needs to prove three elements for a successful claim: a product defect, the damage suffered, and the causal link between the two.

Just as the Directive requires, the Draft Bill broadens the scope of products that can give rise to strict liability, expands the categories of compensable damage and the circle of liable stakeholders, modernises defect tests, curtails liability defences, and introduces claimant-friendly procedural mechanisms. For businesses operating in or supplying the German market, the liability landscape will become considerably stricter.

II. Key changes to the German product liability law

Software and related digital services within scope of “product” definition

The definition of “product” is significantly expanded beyond tangible goods and electricity. The Draft Bill explicitly includes non-embodied software to fall within the realm of strict liability (such as AI systems, applications, and firmware, Section 2(1) of the Draft Bill). The Draft Bill deliberately lacks a definition of “software”, ensuring the legal framework remains adaptable to future technological developments. Free and open-source software developed outside a commercial activity remains exempt.

One other notable change is the introduction of “related services” as a product component and thus potential source of liability. A related service is defined as a digital service that is integrated into, or inter-connected with, a product in such a way that its absence would prevent the product from performing one or more of its functions (Section 4(2) sentence 2 of the Draft Bill). As an example for “related services”, the German draft refers to a navigation system in a self-driving car. Both the manufacturer of the product (the car) and the manufacturer of the product component (navigation system including the data it uses) can be held liable for a defect of the component, e.g. a software bug, and the damage caused by it (e.g. damage to property following a car accident; Section 4(1) of the Draft Bill).

Modernised test for defectiveness 

Under the Directive and the Draft Bill, the test for defectiveness is still based on the product’s safety, not its fitness for purpose (as it is in contractual warranty law). A product shall be considered defective where it does not provide the safety that a person is entitled to expect or that is required under Union or national law (Section 7 of the Draft Bill). The draft introduces new aspects that Member State courts shall consider when assessing defectiveness, such as a product’s ability to continue to learn (AI-enabled products), reasonably foreseeable inter-connection risks (e.g. for smart home products such as lighting systems or voice-controlled assistants) and relevant cybersecurity requirements.

Additionally, ongoing post-sale control by manufacturers (e.g., through software updates) becomes relevant for the assessment of a product’s defectiveness (Section 8 of the Draft Bill). The Draft Bill establishes ongoing liability for as long as the manufacturer retains control over the product, such as through software updates. This could create liability for digital products for up to 25 years after the product was placed on the market.

Damage to privately used data can give rise to compensation

Compensation is no longer limited to cases of personal injury and property damage. Most importantly, liability is extended to the destruction or corruption of data that is not used for professional purposes (Section 1(1) no. 3 of the Draft Bill). Claimants may seek actual restoration or (even hypothetical) recovery costs (Section 14(1), Section 249(2) German Civil Code (BGB)). 

Expanded range of potential defendants

Liability will no longer be confined to manufacturers and importers. A cascade of “economic operators” (Sections 3, 4, 10–13 of the Draft Bill) may be held jointly and severally liable (Section 15 of the Draft Bill):

• Manufacturers of products or components; this also includes providers of related digital services and re-sellers who refurbish and thereby substantially modify a product;
• Importers and authorised representatives, where the manufacturer is established outside the EU;
• Fulfilment service providers (i.e. businesses that store, pack, label, and ship products on behalf of sellers), if there is no importer or authorised representative;
• Distributors and online platforms failing to identify an EU-based operator.

This expansion means almost every stakeholder operating in a supply chain is potentially exposed to strict liability.

Fewer exemptions and unlimited financial liability

The Draft Bill continues to allow exemptions from liability, i.e. where the objective state of scientific and technical knowledge at the time the product was placed on the market was such that the defectiveness could not have been discovered (Section 9(1) no. 3 of the Draft Bill, “development risk defence”). The Directive permits Member States to maintain or introduce specific carve-outs from development risk defence, and Germany has made use of this option: the exemption from liability does not apply in the field of genetic engineering (Section 37 German Genetic Engineering Act).

Liability is also exempted where it is probable that a defect arose only after the product was put into circulation (Section 9(2) of the Draft Bill). However, reflecting the Directive’s shift from a one-time “factory gate” assessment to a lifecycle-based view of product safety, this defence is expressly unavailable if the defect results from a related service, from software or firmware, from updates or from the absence of such updates or a substantial modification of the product (Section 9(2) no. 1 – 4 of the Draft Bill). In practice, the Draft Bill establishes a de facto duty for manufacturers to safeguard product safety by providing timely updates for digital elements in their products.

Importantly, the draft abolished the existing EUR 85 million liability cap for personal injury and the EUR 500 deductible for property damage, in line with the Directive’s full harmonisation mandate.

Extended limitation and expiry periods

The Draft Bill maintains a the three-year “standard” limitation period and a ten-year expiry period after claims are extinguished (Sections 16, 17(1) of the Draft Bill). However, it introduces a new long-stop date after which claims originating from a latent personal injury (i.e. an injury where the symptoms are slow to emerge) are extinguished only after 25 years after the product had first been placed on the market (i.e. where an injured person has not been able to initiate proceedings within 10 years due to the latency of a personal injury), Section 17(2) of the Draft Bill.

Claimant-friendly procedural rules will make it easier for claimants to establish compensation claims

Among its key changes, the Draft Bill introduces two claimant-friendly procedural mechanisms: enhanced disclosure obligations and presumptions for defect and causation, making it easier for claimants to prove their case.

• Disclosure obligations: As a main procedural novelty, the Draft Bill provides for the disclosure of evidence where a party (in most cases this will be the defendant) is ordered by the court to produce information to the court and the opposing litigant during pending litigation, Section 19 of the Draft Bill. Non-compliance with a court order can trigger a presumption of defectiveness. The rules are a close transposition of the Directive, including the direct adoption of the “plausibility” threshold that claimants need to meet before a court will consider ordering disclosure from the defendant. Notably, the Draft Bill sticks to a minimal transposition of the Directive’s requirements. While Recital 43 of the Directive explicitly gives Member States the discretion to stipulate rules on disclosure obligations not regulated by the Directive, the Draft Bill does not introduce rules on pre-trial and third-party disclosure, as well as on sanctions for non-compliance with court-ordered disclosure.
   
• Presumptions of defectiveness and causation: Defectiveness may be presumed in cases of non-disclosure of court-ordered evidence, non-compliance with safety regulations, or obvious malfunction of a product, Section 20 (1) of the Draft Bill. Causation may be presumed if the damage is typical for the established defect, Section 20 (2) of the Draft Bill. If, despite disclosure, it is excessively difficult for the claimant to prove defectiveness or causation due to technical or scientific complexity, courts may presume these elements if the claimant can demonstrate a certain likelihood that these elements exist, Section 20 (3) of the Draft Bill. This presumption de facto lowers the standard of proof from full proof to a balance of probabilities. It is remarkably claimant-friendly and will make it significantly easier for claimants to establish their case in complex product liability matters.

Key open questions for German courts

The Draft Bill leaves significant questions for German courts to resolve. The practical interpretation of new terms and application of disclosure rules and presumptions will depend heavily on judicial interpretation. Key battlegrounds in future litigation will likely include:

• How courts will differentiate between “software”, “digital service” and “information” and thus define the scope of liability;
• How courts will define a “substantial modification” in the context of continuous software updates and upcycling in a circular economy, including the resulting implications for identifying liable parties and determining the expiry period;
• Where to draw a line on post-market “control” by a manufacturer, especially concerning third-party components or services;
• What “excessive difficulty” constitutes for a claimant when trying to establish the elements of defect and causation, sufficient to trigger the relaxed standard of proof in complex technical cases;
• What facts and evidence are sufficient to support the “plausibility” of the claim for compensation in order to trigger an order for the disclosure of evidence.

III. Outlook 

The consultation period with the German federal states and relevant interest groups is currently underway and will conclude in October 2025, with the legislative process expected to conclude in the first half of 2026. The Draft Bill represents a major shift in German product liability law, supporting the Directive’s objective to facilitate private enforcement. Its procedural instruments are highly claimant-friendly and are likely to tip the balance against defendants. By broadening the scope of potential defendants, introducing presumptions of damage and causation combined with a formal obligation to disclose evidence, the new liability regime will increase both the number and complexity of product liability claims in Germany. The ultimate impact will, however, depend on how German courts interpret these new rules in practice.