Does the EU Product Liability Directive cover software?

Yes. The revised PLD adopted in 2024 explicitly defines software, including AI systems and digital manufacturing files, as a product. Standalone software and digital services that affect how a product works can both trigger strict producer liability for defects causing harm.

Who counts as the producer for liability purposes?

The manufacturer of the product or component, anyone who puts their name or trademark on it, and, where the manufacturer is outside the EU, the importer or authorised representative. For software, the developer that places it on the market is the producer.

Are security updates relevant to liability?

Yes. Under the new regime a product can be defective if it lacks the software updates or cybersecurity fixes needed to stay safe within the producer's control. Failing to ship a needed security update can itself be the defect.

What documentation should I keep?

Keep technical documentation, a record of the safety and security design decisions, your update and vulnerability-handling process, and evidence of the state of the art at release. These help rebut the presumption of defectiveness if a claim arises.

Is this legal advice?

No. This tool is an educational decision aid based on the published structure of the EU PLD and UK product safety framework. Liability outcomes depend on specific facts and national transposition. Confirm with qualified counsel before relying on the result.

Product Liability Classification Checker for Digital Products (EU/UK)

The 2024 revision of the EU Product Liability Directive pulled software, digital services, and AI squarely into strict product liability — and the UK has its own evolving product safety regime. This checker walks the key questions to tell you whether the regime applies to your product, who the liable producer is, and what to document.

How it works

The tool follows the decision logic of the revised PLD and UK product safety framework:

Is it software / a digital service / connected hardware / a tangible good?
  → If software or a digital service that affects a product's safety → PLD applies
  → If connected hardware → PLD + cyber/update obligations apply
Who placed it on the market, and is the manufacturer outside the EU?
  → Determines whether you are producer, importer, or authorised representative
Does it receive updates or contain AI?
  → Missing security updates can themselves be a "defect"

Each branch resolves to a classification: whether you carry producer liability, your role in the chain, and the records that help rebut the directive’s presumption of defectiveness.

Notes and tips

The big change in the 2024 PLD is that “defectiveness” now expressly includes a product becoming unsafe because the producer failed to provide a needed software or security update that was within their control. So a connected product that ships fine but is later left unpatched can become defective after sale. Keep a documented vulnerability-handling and update process, and retain evidence of the state of the art at release — these are your main defences. This is an educational aid, not legal advice; confirm specifics with counsel, as national transposition varies.