The UK’s product safety legal regime seeks to balance the rights of consumers with those of business, aiming for the highest level of public safety that does not stifle innovation.
The product safety regimes apply to consumer products, including:
The system consists of the following fundamental legislative pillars.
General product safety requirements
These are contained within the General Product Safety Regulations 2005 (GPSR). This legislation contains fundamental, overarching concepts of product safety, including the following:
Supplementary product-specific safety requirements
These are contained within sector-specific legislation, to more specifically address unique or specific risks associated with certain types of products. Where they exist, such requirements take precedence over the above-mentioned general requirements contained in the GPSR. Otherwise, these product-specific requirements apply where the GPSR are silent. Sector-specific laws exist in respect of the following, for example:
Separate product-specific safety regimes
Separate product safety regimes aim to address the unique and quite separate risks of products that are not considered "industrial products" (which are addressed by the above-mentioned legislation). These operate separately from the GPSR and include the following, for example:
Enforcement and Monitoring of Obligations Imposed by Regulators
Market surveillance activities are carried out by regulators, who are empowered to monitor and enforce compliance with the above-mentioned product safety laws. Please refer to 1.2 Regulatory Authorities for Product Safety for further detail.
The Role of Technical Standards
In practice, compliance with the above legal requirements is often achieved through adherence to technical standards specific to each product type/category/feature, which provides a benefit of conformity under the relevant legislation. Technical standards are developed by relevant standardisation organisations, and are designated under appropriate legislation by the Secretary of State who is empowered to do so in the UK.
The Effect of Brexit on the UK Product Safety Law Regime
The above UK product safety laws derive largely from EU legislation (the GPSR give effect to EU Directive 2001/95/EC on general product safety, for example). Given the implementation of local UK laws to enact EU-level obligations prior to Brexit and/or the direct effect of EU laws in the UK at the time of initial pre-Brexit implementation, much of the legislative framework for product safety in the UK remains substantively unchanged post-Brexit.
However, various UK legislation, such as, most relevantly, the Product Safety and Metrology etc. (Amendment etc.) (EU Exit) Regulations 2019, was enacted to amend EU-based legislation to make correct references to the UK rather than the EU, and to ensure the continued applicability of the legislation in the UK. Supplementary legislation was also required to be enacted in some sectors to empower the relevant UK law-makers to implement future changes to UK legislation. In some specific areas, including medical devices, the EU and UK positions already deviated significantly because of legislative changes in the EU that did not take effect prior to Brexit. Future deviation is also likely, particularly in the context of legislative reviews and amendments of UK and EU product safety systems currently underway. Please refer to 3.1 Trends in Product Liability and Product Safety Policy for further detail.
Oversight of the UK product safety regimes is undertaken by several regulators in the UK, at various levels.
Local authorities have day-to-day responsibility for the enforcement of product safety legislation in the UK, which is carried out through local Trading Standards (TS) offices. Through the GPSR and Consumer Rights Act 2015 (CRA), such authorities have a wide range of powers, including the ability to:
Overarching Product Safety-Specific Regulator
The Department for Business, Energy and Industrial Strategy (BEIS) is responsible for high-level oversight of policy and strategy in the area of product safety regulation. In January 2018, the Office for Product Safety and Standards (OPSS) was developed within BEIS to address an apparent need for a technical, centralised resource to assist localised regulatory enforcement around product safety issues. The OPSS carries out the following functions:
OPSS is empowered with many of the aforementioned enforcement powers of TS.
There are product-specific regulators for the following product categories:
Product producers in the UK are required to conduct corrective actions to address product safety issues that make a product unsafe (GPSR Section 7), in contravention of the GPSR safety requirements or other relevant product safety laws. The actions taken by producers must be “commensurate with the characteristics of the product” and there are a range of corrective actions that can be taken, including withdrawal from the supply chain, additional warnings to consumers, in-market repairs or alterations, and a consumer-facing recall. Generally, consumer-facing recalls are considered a last resort. The nature of the corrective action undertaken is determined by the results of a risk assessment.
In March 2018, OPSS co-operated with the UK’s standards institution, the British Standards Institution (BSI), to launch a Code of Practice for Product Safety Recalls (PAS 7100:2018). The Code has two parts.
EU-level guidance on topics of risk assessments (RAPEX methodology, 2019) and guidelines (European Commission and PROSAFE guides) may still be useful, given the basis of the laws, notwithstanding the event of Brexit, but will not necessarily be held in the same regard without further changes being implemented to preserve their position as official guidance in the UK.
There are no mandatory requirements for advertisements or other form-specific requirements for the advertising of product safety recalls in the UK. However, the above-mentioned Code provides detailed guidance on the form and content of corrective action announcements.
Under Article 9 of the GPSR, or equivalent sector-specific regimes, there is a mandatory obligation on producers or distributors to report to authorities where they know that a product they supply is “incompatible with the general safety requirement” under the GPSR.
The GPSR requires the report to be in writing and to contain certain mandatory information – namely, the action taken to prevent risk to consumers and the location of supplied products, as well as further identifying information if the product is thought to pose a serious risk.
There is no mandatory procedure to follow to make these reports, and the practices of TS offices can differ greatly in practice, including requiring completion of specific forms. There is also sometimes interaction between the OPSS and TS; for example, where a report to both entities is requested, or warranted for certain more significant issues.
Post-Brexit, the UK is no longer part of the European Commission’s rapid alert system, Safety Gate (formerly RAPEX), which assists with Europe-wide information sharing regarding non-food product safety risks. Reports to UK market surveillance regulators will be recorded, in certain circumstances, on the OPSS’ Product Safety Database, which covers consumer products under the ambit of OPSS’ work.
Although there are no specific timeframes under statute regarding these reports (the legislation simply states that obliged entities should “forthwith notify an enforcement authority”), the recommended timeframe for reporting, provided in guidance documents only, is generally dictated by the assessed risk of the safety matter to consumers who use the affected products.
It is a criminal offence to fail to report to authorities under Section 20(3) of the GPSR, punishable with an unlimited fine or imprisonment for a term not exceeding three months.
In practice, companies and regulators work to resolve issues before there is a need to prosecute formally. Regulators are likely to employ the wide range of powers available to them under relevant legislation prior to commencing formal prosecution; please refer to 1.2 Regulatory Authorities for Product Safety for details. There are a few isolated examples of companies being prosecuted, particularly toy or children’s product manufacturers where the risk to vulnerable users is considered particularly egregious, or where there has been a significant delay in reporting to authorities. Generally, companies plead guilty in short hearings in UK Magistrates' Courts, and fines have also historically been small.
A recent illustrative example is the fining of a toy manufacturer following a prosecution by Thurrock Council Trading Standards. The company pleaded guilty to the import and supply of unsafe toys at a hearing in Southend Magistrate's Court on 14 April 2021. Initial raiding of the premises by TS uncovered toys without relevant safety documents, and further testing confirmed that the toys presented risks of choking asphyxiation. The company was ordered to pay approximately GBP4,100. The prosecution was said by the Council to be brought after "repeated attempts" to encourage the company to comply with its legal obligations.
There are three main causes of action typically employed by claimants pursuing product liability claims in the UK. Each suit offers certain strategic advantages that might make it preferable to certain claimants in certain circumstances; however, claimants often elect to pursue more than one of the causes of action in parallel, in respect of the same facts, to increase the likelihood of success and overcome some of the limitations of certain causes of action.
"Strict Liability" Statutory Regime Under the Consumer Protection Act 1987 (CPA)
The CPA creates a no-fault liability scheme in respect of defective products that have caused personal injury or damage to private property, excluding damage to the product itself.
Under the regime, the following entities have joint and several liability:
The following three key elements of the cause of action must be established by the claimant.
Section 3 of the CPA establishes there is a defect in the product "if the safety of the product is not such as persons generally are entitled to expect." The court will take into account all of the circumstances when assessing the safety of the product, including:
The landmark case of Colin Gee & Others v DePuy International Limited  EWHC 1208 (QB) ("Gee") provides the following guidance on the application of this statutory test:
Generally, death, personal injury or any property loss (property for private use, occupation or consumptions) are damages for which claimants can seek compensation under the CPA.
Damage to the product is excluded from the scope of recoverable heads of damage. There is also a minimum monetary value of GBP275 that the property damage suffered must exceed in order to be entitled to pursue a claim under the CPA.
There must be a causal link between the product defect and the damage/injury sustained. The traditional English law tests for causation apply to product liability cases.
Tortious Liability – Negligence
Manufacturers or other actors in the supply chain (mostly where a manufacturer cannot be identified) can be liable in common law negligence in respect of a defective product.
To bring a successful claim in negligence, a claimant must prove, on the balance of probabilities, that:
The key distinguishing feature of such actions is that the claimant must establish fault on the part of the defendant. For this reason, this claim is generally considered to be more difficult to bring than that under the no fault mechanism of the CPA.
Breach of Contract – Express or Implied Statutory Term
Consumers that are party to a contract with a seller or supplier of products can pursue a breach of contract claim if a product supplied is defective or otherwise fails to conform to the contract of sale.
The seller may be exposed in respect of breach of either express terms, or those implied by the Consumer Rights Act 2015 (CRA) in respect of:
To bring a claim in contract, a claimant must prove the following on the balance of probabilities.
There are different requirements to bring the three causes of action mentioned in 2.1 Product Liability Causes of Action and Sources of Law in relation to product liability claims in the UK, as follows.
Consumers (“any person who purchases or uses the product in question for private use”) have legal standing to bring product liability claims. Persons who purchase or use goods for the purpose of resale or commercial use are expressly excluded from the definition of consumers. In order to have a right of action under the CPA, the consumer must have suffered damage of a kind covered by Part 1 of the CPA.
Any person to whom a duty of care is owed can bring a negligence claim in circumstances where that duty is breached and they sustain a reasonably foreseeable loss or damage caused by a defective product.
A claimant need not know the defendant in order to bring a successful claim in negligence. A claim may be brought by a consumer/purchaser of the product, a person who uses the product, or a third-party bystander who is injured by the product.
Generally, because of the doctrine of "privity of contract", only the parties to a contract can enforce the terms of that contract. However, in certain circumstances a third party may seek enforcement under the Contract (Rights of Third Parties) Act 1999, unless these rights have been expressly excluded.
There are strict time limits for bringing civil claims in England and Wales, including product liability claims.
Negligence and Contract
Under the Limitation Act 1980, claims involving personal injury must be brought within three years from the date that the damage occurred or the date that the claimant knew, or reasonably ought to have known, that they had a cause of action (“the date of knowledge”). Knowledge can be acquired from the date that the claimant knew the identity of the defendant or realised the significance of their injury.
For non-personal injury claims, the claim must be brought within six years from the date on which the damage or loss occurred, or three years from the date of knowledge for claims concerning latent damage. The three-year limitation period can be extended at the court’s discretion.
Working in tandem with these time limits, the CPA contains a ten-year long-stop provision, allowing claims under it to be brought within ten years from the date on which the product was put into circulation. Absent the issuing of court proceedings within that timeframe, rights under the CPA are extinguished and cannot be extended by the court.
Prior to Brexit, the jurisdiction of UK courts, as opposed to other EU member state courts, was determined by the operation of EU-level laws. Post-Brexit the situation is as follows.
Generally, UK courts, as with other European-based courts, will assume jurisdiction to try a case where either the injury, loss or damage occurs, or where both parties are domiciled, in that country.
Prior to the UK leaving the EU, where a defendant was domiciled in England, the English court had jurisdiction and could not decline jurisdiction, pursuant to Owusu v Jackson (Case C-281/02)  ECR I-1383. This no longer applies now that the UK has left the EU, and UK-domiciled defendants are able to challenge the English court’s jurisdiction on grounds of it not being the appropriate forum.
In order to invoke the jurisdiction of English courts in respect of negligence claims, it is sufficient for a defendant to be physically present in England and Wales to enable the claimant to serve proceedings on that defendant.
Contractual terms agreed by both parties ordinarily determine the applicable law, jurisdiction and location of proceedings in respect of contractual breaches.
There are mandatory pre-action protocols applicable in respect of product liability claims, under the Civil Procedure Rules Practice Direction on Pre-Action Conduct and Protocols, that must be complied with prior to the commencement of formal claims.
The following Pre-Action Protocols may typically be applicable to product liability claims:
These Pre-Action Protocols ordinarily dictate the following pre-action procedural steps:
Breach of these protocols can have a substantive impact on the ability to commence formal proceedings and/or can have negative costs consequences for the defaulting party, with the court potentially taking the following actions:
Broad document preservation obligations are imposed on parties to proceedings in England and Wales, including product liability matters. These rules work in tandem with rules regarding document disclosure; please refer to 2.7 Rules for Disclosure of Documents in Product Liability Cases for further detail.
Under Civil Procedure Rules (CPR) Practice Direction 31B (paragraph 7), once litigation is contemplated, parties must ensure that all potentially disclosable documents are preserved, including any relevant products, devices, design files, testing information, etc; please refer to 2.7 Rules for Disclosure of Documents in Product Liability Cases for further detail.
Under this provision, past, present and future documents must be preserved.
Failure to comply with these requirements – including by interfering with evidence by deleting, overwriting, updating or destroying documents – has far-reaching consequences, including the following measures which the courts can and do impose:
There are far-reaching disclosure requirements in respect of product liability cases in the UK.
CPR Part 31 sets out the parties’ responsibilities. Generally, as part of "standard disclosure", parties to an action are required to disclose the following:
The court, in its discretion, may limit or dispose of the above requirements (CPR 31.5). CPR 31 does not apply to claims entering the small claims track (see 2.10 Courts in Which Product Liability Claims Are Brought). However, a court will ordinarily order standard disclosure, requiring each party to file and serve on the court and all parties copies of all documents upon which they intend to rely.
Parties are required to conduct a reasonable and proportionate search for the above-mentioned disclosable documents. Disclosure obligations are ongoing – ie, continual disclosure is required until the cessation of the matter, including in respect of documents created during the proceedings.
Electronic Document Disclosure
Given the prevalence of electronic documents and sources in modern litigation, specific rules apply to electronic documents. An electronic document is defined as any document held in electronic form – eg, emails, text messages, voicemails, word processed documents, social media messages and databases. CPR 31, Practice Direction 31A and 31B set out the rules of disclosure of electronic documents in multi-track claims (though a court can also apply these rules to small or fast-track claims), and provide for the following, amongst other things.
There are prescriptive requirements for expert evidence in respect of product liability claims in England and Wales courts, as set out in the following CPR provisions:
Generally, the above provisions provide that parties’ use of experts is limited to:
Other requirements include the following.
Courts are increasingly limiting the use of experts in cases in an attempt to control costs. Accordingly, if an expert is instructed, it is important that parties manage costs carefully, including by the following means.
In respect of each cause of action in product liability claims, the claimant bears the onus of proof. The standard of proof required, in respect of each discrete action, is to prove the case against the defendant on the balance of probabilities (civil standard).
The forum in which a product liability is heard is dictated by the value and/or complexity of the claim. Claims all commence, in the first instance, in either the High Court or the County Court. Thereafter, courts allocate these defended claims to one of three procedural tracks, at an early stage:
Multi-track claims can be heard at either the High Court or County Court. Claims with a value of less than GBP50,000 which are commenced in the High Court are generally transferred to a County Court unless there is a specific reason for them to be heard at the High Court (for example, where the case concerns particularly difficult questions of law or where it might attract significant public interest).
In general, in the first instance, product liability cases are heard by a single judge who will generally be alive to the potential complexity of such claims and will allow evidence from a range of expert disciplines and lay witnesses where required. On appeal in the Court of Appeal or Supreme Court, cases may be heard by three or five judges. Jury trials do not take place in civil product liability cases.
There is no upper threshold for the award of damages in product liability cases generally.
Claimants that succeed with an action in negligence are entitled to an award of damages, the aim of which is generally to place that claimant in the position they would have been had the negligence not occurred.
Appeals in respect of product liability claims follow the general rules applicable to appeals for all civil claims in England and Wales, as follows.
The nature of available defences depends on the cause of action pursued.
Given the statutory nature of the CPA, the defences available are limited to those provided under the legislation, as follows:
In practice, negligence claims are most often defended on the basis that the requisite elements of the cause of action have not been established – eg, there was no duty of care owed, there was no breach of said duty and/or there was insufficient evidence to establish causation.
Other common defences to claims in negligence are as follows.
Again, contractual claims are often defended in practice on the basis that not all elements of the claim are made out – eg, there was no contract in place or the contractual terms did not include the term allegedly breached.
Otherwise, the following defences may be available in contract claims:
Under the CPA, it is a statutory defence to allege that the fact of compliance with mandatory regulatory standards introduced a product defect (see 2.12 Defences to Product Liability Claims).
Furthermore, although it is still considered an area of development for judicial consideration, it is generally accepted that whilst compliance or lack thereof with regulatory obligations is a persuasive factor in determining whether or not a product is defective, it is by no means decisive.
Wilkes v DePuy International Limited  EWHC 3096 (QB) made it clear that compliance with appropriate mandatory regulatory standards and/or the grant of regulatory approval are appropriate circumstances to take into account under the CPA statutory test for whether a product is defective. It was said by the court that, whilst these factors are not complete defences to a claim under the CPA, they would be “powerful evidence” to indicate that the level of safety contemplated by the CPA had been reached, and that against that backdrop “it may be challenging” for the claimant to make out a case that a higher level was expected. Compliance with the manufacturer’s own specification and standards could also be persuasive on the same basis.
The link between regulatory decisions and/or approvals is important to other product-related matters and is further illustrated in the case of Volkswagen Emissions Litigation  EWHC 783 (QB). In that matter, the English High Court held it was bound under EU law (pre-Brexit) by the German type-approval authority’s finding that certain vehicles contained a “defeat device”, and the defendants’ attempt to re-litigate that decision was an abuse of process.
Non-adherence to regulatory requirements is a separate cause of action, which can attract criminal liability; please refer to 1.5 Penalties for Breach of Product Safety Obligations.
The general principle for the payment of costs in English law applies to product liability cases: the losing party pays the costs of the successful party, including fees, court fees and disbursements (including expert fees).
The court can award costs on two bases.
In product liability claims involving damages for personal injury or death, the regime of qualified one-way costs shifting (QOCS) applies. In practice, this means that the claimant will not be responsible for the defendant’s costs in most claims where a claimant is unsuccessful. However, the QOCS provisions may not apply if the claim is struck out, or if the court determines that the claimant was fundamentally dishonest. If the claimant’s claim is successful, they may recover their costs from the defendant, subject to a "set-off" of any (interlocutory) costs orders made in the defendant’s favour.
Costs are subject to a formal assessment procedure if they are not or cannot be agreed between the parties.
The court has wide discretion to vary any of the above general positions regarding costs, however.
As with all civil claims in England and Wales, there are many litigation funding options regularly used by product liability claimants to fund their litigation. The following are common mechanisms used in product liability cases:
Lawyers can charge success fees, and third-party funding is permissible.
Notably, for the above agreements entered into after 1 April 2013, successful claimants can no longer recover success fees, after the event (ATE) premiums or other arrangement costs from the defendant.
Several mechanisms, both formal and informal, exist in respect of group actions in England and Wales, as set out below.
Group litigation orders (GLOs)
Under CPR 19 Section III, a GLO allows the management of multiple claims that give rise to common or similar issues of fact or law. Claimants to these actions must “opt in”. In the process of GLO proceedings, there will be a trial of issues that are common to all underlying claims. Lead cases that are considered the most appropriate can be chosen, and they are used to allow the parties to put common issues into context. Decisions made in respect of these lead cases are binding on all parties to the GLO. This is the most commonly used formal mechanism in respect of product liability claims.
Representative actions, under CPR 19 Section II, can be brought by one or more claimants on behalf of a group considered to have the “same interest”. The UK Supreme Court (UKSC) judgment in Lloyd v Google LLC  UKSC 50 provided clarity on the interpretation of the “same interest” requirement in the context of a large-scale data privacy action. In this action, the UKSC held that, to bring a claim for compensatory damages for a breach of the Data Protection Act 1998, a claimant must establish that there has been a breach, and that damage has been suffered as a result, in the form of material damage or distress. As this would involve an assessment of individual damages and loss, the claim could not proceed as a representative action under CPR 19.6 as the “same interest” requirement had not been met.
In cases requiring an individual assessment of damages, the UKSC suggested that the representative action procedure could still be used to determine common issues of fact or law, leaving issues that require individual determination to be dealt with subsequently.
Representative actions operate on an "opt-out" basis, such that all group members will be automatically included in the group and represented in the action, and a judgment will be binding on all those represented unless they expressly state that they wish to be excluded. Such actions are rare, although there are signs they may become more widely used.
The courts can also manage group litigation informally, including by hearing one or more representative test cases at trial while staying remaining cases. The test case decision is not binding on parties to the other claims; however, the decision is intended to determine common issues relevant to the subsequent cases to assist parties to resolve remaining claims without further litigation.
Product liability cases do not commonly reach trial in England and Wales. Claims that do reach trial are often in respect of medical devices or pharmaceutical products rather than general consumer products.
A small body of cases have assisted in interpreting statutory tests under the no-fault mechanism of the CPA. Of these, the Gee judgment remains the seminal decision in product liability. That case related to the metal-on-metal hip prosthesis group litigation in England in Wales. The court found in favour of the defendant manufacturer in concluding that the claimant’s argument that the products had a “tendency” to cause soft tissue reactions (adverse reaction to metal debris – ARMD) was “untenable” on the basis it would render all similar hip prostheses defective and is “directly contrary to the spirit and objectives” of the CPA. Based on a lack of evidence, even though it accepted the approach, the court also rejected the claimant’s alternative argument that the products had “an abnormal potential for damage”.
Gee adopted much of the reasoning of an earlier seminal product liability case, Wilkes v DePuy International Limited  EWHC 3096 (QB), but departed from A v National Blood Authority  3 All E.R. 289, a somewhat controversial case that previously provided guidance on how to approach the question of "defect" in product liability cases. The Wilkes method of “abnormal potential for damage” was considered favourably, but no finding was made on the basis of that test due to a lack of claimant evidence. In doing so, the A v NBA approach, of first identifying “the harmful characteristic which caused the injury”, was discredited.
The court in Gee:
The above position taken in Gee was largely approved in another case involving a metal-on metal hip prosthesis: Hastings v Finsbury Orthopaedics Limited and Stryker UK Limited  CSOH 96. In this Scottish matter, the court found for the defendant manufacturers. That finding was upheld on appeal ( CSIH 6) and a further appeal was brought by the pursuer, which was heard before the UKSC in April 2022. The UKSC’s judgment, which was handed down on 29 June 2022, unanimously dismissed the appeal brought against the respondent manufacturers, thereby maintaining the finding of the lower courts that the appellant failed to prove that the metal on metal hip product in question is defective under the CPA. The UKSC’s ruling reinforces the approach to the question of defect under the CPA, as determined in Wilkes and Gee.
Further, the UKSC held that the appeal was "no more than an attempt to appeal against the … findings of fact". In the circumstances, it declined the appellant’s invitation to overturn the factual findings made by the judge at first instance as they were findings the lower court had been entitled to make on the evidence. The appellant had suggested that the UKSC examine such findings through a different prism that introduced principles such as a benevolent approach to the application of the Act.
The appellant further argued that the lower court was not entitled to find against him on defect because the evidence before the court raised a presumption of defect that was not capable of being rebutted by the manufacturers. The UKSC rejected this argument, holding that:
Divergence of UK Laws from EU Position
Alongside parallel legislative developments at EU and UK levels, Brexit has resulted in the increasing divergence of product safety laws across the region. The timing has meant the immediate divergence of UK laws from EU laws in some instances, such as medical devices. Otherwise, the UK looks poised to make a decision to actively depart from the EU in other instances by the creation of new legislation eg, as foreshadowed by ongoing consultations in respect of UK product safety laws generally, and genetically modified organism (GMO) legislation.
Multiplication of Product Compliance Obligations Across Europe
The above phenomenon also means that there are now separate and distinct requirements across the region, including, by way of example, the requirement for UK and/or EU-based notified bodies and/or UKCA, UKNI, CE marking on products. Such multiple requirements are a departure from the prior Europe-wide product safety regime, which operated on the basis of maximum harmonisation and single market principles. There are strict timelines and rules attached to these new UK-only requirements, of which companies need to be aware. Furthermore, UK-based companies continuing to sell in the EU must be aware of ongoing EU obligations. Generally, EU compliance practices are more accepted in the UK post-Brexit – during some ongoing transition periods allowed in some instances – than UK compliance practices will be in the EU.
New Enforcement Practices
In line with a Europe-wide ramp up of product safety enforcement, there is an increased focus on market surveillance and increased empowerment of regulators, including by way of the implementation of new legislation regarding the same.
Focus on Online Selling
In line with the general principles of UK product liability laws, which expose companies to liability notwithstanding the mode of sale (ie, online sales are included), there is now an increased focus on properly ascribing responsibility to online sellers in respect of product safety compliance obligations and breaches thereof, including by way of a requirement to have a local entity in place to nominally be responsible for these issues. The EU-led "Product Safety Pledge" practices may yet be implemented in the UK also.
Similarly, the UK government’s anticipated reform of its product safety framework is expected to strengthen the current framework, including in relation to online and marketplace sales. The EU has already taken steps to regulate online marketplaces by virtue of the Market Surveillance Regulation (EU) 2019/120, which came into force in July 2021 to bring online platforms within the remit of the EU’s product safety framework, including online marketplaces. Given the further growth of online sales during the COVID-19 pandemic and beyond, this is an area of particular focus for regulators and law makers alike.
Development of Collective Redress Regime
The much-discussed collective redress regimes to bring about US-style "class actions", including in respect of consumer law issues specifically, are poised to change the product liability landscape across Europe, with the EU Directive on representative actions having now come into force and due to take effect in EU member states by July 2023.
Not having adopted the EU laws prior to Brexit, the UK will be able to take its own stance in respect of this developing area of law. The UKSC’s decision in Mastercard Incorporated and others v Walter Hugh Merricks CBE  UKSC 51 (“Merricks”), as delivered on 11 December 2020, demonstrates that, in the right circumstances, an English court will not stand in the way of a group action. Following the UKSC’s decision, the Competition Appeals Tribunal (CAT) certified Mr Merrick’s application for an opt-out Collective Proceedings Order (CPO), in which he represents a class of more than 46.2 million consumers in respect of a GBP7.2 billion action concerning allegedly unlawful bank charges. The CAT has since certified a further six CPOs, indicating a growing trend towards large consumer class actions.
In this vein, there have been calls for a generic opt-out class action regime beyond the scope of the CAT, driven by claimant law firms and consumer groups who share the view that the burden of proof is too high in product liability actions, particularly those concerning allegedly defective medical devices and pharmaceutical products, compared to actions brought in the competition sphere.
Convergence of Multi-sector Product Safety Laws
Whilst there is a divergence of product safety laws from a geographical perspective, there is, in parallel, a convergence of laws in terms of product safety issues in the UK. For example, issues formerly considered primarily privacy concerns are now increasingly being considered product safety issues. This is particularly the case in respect of radio equipment and medical devices, and there is an increasing reliance on parallel or potentially relevant separate product safety regimes across other sectors. For example, the food contact materials laws are now being relied upon for cosmetics packaging in certain circumstances.
Corporate Social Responsibility and Environmental Sustainability
There has been a broadening of product compliance obligations to incorporate concepts of corporate social responsibility, environment and sustainability, and increased focus on these areas. In line with EU-based initiatives in which the UK participated prior to Brexit, including the EU Green Deal and Circular Economy practices, there is now an increased focus on product compliance requirements, contemplating this broadened scope.
Modernisation of Product Safety and Liability Regimes
As part of an ongoing review at EU level in respect of the fitness of product liability laws to respond to issues created by modern technologies, there is currently a debate regarding the application of the CPA to new technologies – eg, in software supplied over-the-air (OTA). This type of software is updated wirelessly (and used in products such as smart pacemakers) and several questions are currently being debated, including:
If the CPA is updated to adapt to new technologies, there may be a proliferation of product liability group actions where there has been a data breach in relation to smart consumer products.
There are wide-ranging imminent policy developments in respect of product liability and safety in the UK, including as a result of Brexit but also in response to long-standing issues that were being grappled with for some time at an EU level.
Product Safety Law
In March 2021, the UK government announced its plans to review and strengthen the UK’s current product safety laws to ensure that they are fit to deal with emerging innovations and technologies. The UK Product Safety Review Consultation "Modernising Product Safety Laws to Ensure they are fit for the 21st Century" focuses primarily on product safety and covers consumer products such as toys, electrical equipment and cosmetics, but excludes medical and healthcare products, food products, vehicles, chemicals and construction products.
In November 2021, the OPSS published its analysis of 158 responses received from stakeholders to the call for evidence, which will be used to shape policy proposals for the UK’s future product safety regulatory framework. The responses called for the new framework to be adaptable and responsive to new technologies that encompass the physical and virtual worlds to facilitate safe innovation and to ensure that there are no gaps in enforcement.
The result of the review, and any hard or soft laws created on the basis thereof, would mark a significant development in UK product safety laws, which are more than 30 years old.
The review is in parallel to a similar review held at EU level, which has been ongoing for several years, including by two European Commission Expert Groups. The positions taken by the EU and UK after each respective review could result in a departure of the two sets of product safety laws and further onerous requirements for companies operating in both markets.
Connected Products and Cybersecurity
In April 2021, the UK government published a policy paper providing an overview of the government’s updated intentions for proposed legislation to regulate the cybersecurity of connected consumer products. The government’s aim is to implement a new robust scheme of regulation to protect consumers from insecure connected products, mandating base requirements and disclosures for those selling such products.
The UK government also launched its National Cyber Strategy in January 2022, setting out its plan to protect its citizens in cyberspace, including by implementing the Product Security and Telecommunications Infrastructure Bill to enable enforcement of minimum security standards in all new connectable products sold in the UK.
On 26 May 2021, the new EU Medical Devices Regulation (EU) 2017/745 (MDR) became applicable, bringing EU legislation into line with new technical advances in medical devices and changes in medical science. More recently, the EU In Vitro Diagnostic Regulations, which took effect from 26 May 2022, introduce a new mandatory regulatory framework for IVD medical devices, such as pregnancy tests and COVID-19 test kits.
Against the backdrop of perceived historical issues with medical device safety in Europe generally, these new laws aim to create a more robust, transparent and sustainable regulatory framework, to improve clinical safety and create fair market access for manufacturers and health care professionals. The UK is preparing to introduce similar domestic legislation by virtue of the Medicines and Medical Devices Act 2021 which provides legislators with powers to amend the Medical Devices Regulations 2002 which currently govern medical devices in Great Britain.
On 26 June 2022, the UK government published its response to the Medicines and Healthcare products Regulatory Agency’s consultation on the future regulation of medical devices in the UK, which indicates that certain aspects of the future regulatory framework will have some alignment with the EU MDR.
On 21 April 2021, the European Commission published its proposal for a regulation laying down harmonised rules on artificial intelligence, with the first ever legal framework on AI to address the risks and trustworthiness thereof. With the UK having already published its National AI Strategy in September 2021, it is anticipated that the UK government will seek to implement similar measures in the UK.
Sustainability and Environment
Following several related initiatives, the UK government undertook a consultation on waste prevention proposals for products: the “Waste Prevention Programme for England”. This UK-led initiative mirrored a parallel EU initiative of a similar nature, called the Sustainable Products Initiative, and addresses topics such as end of life, repair, reuse and remanufacturing, and extended producer responsibility. The consultation, which focused on construction products, textiles, furniture, electronics, vehicles, food and plastic packaging, closed in June 2021 and the outcome is awaited.
The subsequent introduction of the Environment Act 2021, described by the UK government as “world-leading legislation”, empowers the government to make targets, plans and policies for improving the national environment, including addressing waste and resource efficiency, air and water quality, and nature and biodiversity, with cross-sector impact. National authorities will be empowered to introduce regulation that aims to eliminate avoidable waste by 2050 by introducing robust measures such as making producers responsible for the disposal of waste products and charges.
As of 1 April 2022, manufacturers or importers of plastic packaging products into the UK may be liable under Part 2 of the Finance Act 2021 to pay a tax on those products, known as PPT. The introduction of PPT follows the EU’s introduction of a levy on non-recycled plastic packaging waste in July 2020 and reflects the growing trend toward sustainable practices across industries and the demand for greater corporate responsibility by large-scale manufacturers, importers and their insurers. It aims to incentivise manufacturers and importers to incorporate more recycled plastic into their packaging.
Food Technological Practices
Following an EU initiative of the same nature, the UK government is currently considering the scope of GMO legislation.
The impact of COVID-19 on all stakeholders (business, third parties, governments, regulators and insurers) has been unprecedented. Given its importance to the fight against COVID-19, the life sciences industry has been disproportionately impacted.
In particular, the pandemic has resulted in a demand for the rapid production of specific products, such as diagnostic tests, vaccines, treatments and personal protective wear. The race to combat COVID-19 has also been a catalyst for a shift towards the following trends in the regulatory framework and processes, as well as industry practices.
25 Fenchurch Avenue
+ (44) email@example.com www.kennedyslaw.com
Product Liability in the UK: an Introduction
Product liability is the area of law governing the liability of producers, suppliers and distributors of defective products. In the UK, claims relating to product liability may be brought in negligence, breach of contract or pursuant to the Consumer Protection Act 1987 (CPA), the implementing legislation that transposed the EU Product Liability Directive 85/374/EEC (PLD) into UK law.
Consumer products have evolved considerably since the CPA came into force more than 30 years ago. At that time, the World Wide Web was yet to go live, and CD-ROMs were at the forefront of technology. The products on the market then were more simplistic in nature and tended to be physical items – eg, a car or a washing machine – that were not subject to updates or modifications once they left the factory gates. The traditional risks of personal injury and property damage associated with these products were tangible and widely understood.
Fast-forward 30-plus years and many of the products that we use today have features and characteristics that could not have been imagined in the 1980s, such as remote access and wireless application protocols like Bluetooth, with products capable of manual or automated modification via software updates.
Connected devices, commonly referred to as the internet of things (IoT), and technologies powered by AI ("emerging technologies" for the purpose of this report), including robotics, continue to develop at lightning speed and have set the stage for ongoing technological advancement. Research by Statistica suggests that, by 2030, around 50 billion of these connected devices will be in use around the world. From wearable health monitoring devices to home security systems to virtual AI assistants like Apple’s Siri, consumers’ increasing reliance on these emerging technologies has changed the way we live today, and this has been brought to the fore by the COVID-19 pandemic.
With technology having developed faster than the law, the way that the CPA applies to these emerging technologies, or indeed whether it does apply, is far from clear. The unique features and characteristics of these technologies present challenges to the existing legal framework and raise questions as to whether it is fit for purpose, or the extent to which it may need to be adapted. We examine how these challenges have been recognised by legislators and what the future may hold for product liability legislation in the UK.
Emerging Technologies and CPA Claims
Minding the liability gap
With the exception of A v National Blood Authority , which concerned transfused blood, CPA claims in England and Wales have predominantly concerned standalone, physical products, usually involving an easily identifiable producer and physical damage. By way of example, the recent landmark authorities of Wilkes v DePuy International Limited  and Gee & Others v DePuy International Ltd  ("Gee") concerned hip implants, while Wilson & Ors v Beko Plc  involved a fridge freezer. Although the CPA definition of "product" is relatively wide in scope, its application to emerging technologies has yet to be tested.
Product or service
The CPA imposes strict liability on a producer for damage caused by a defective product, sometimes referred to as "no fault liability". A claimant must prove the defect and that the defect caused the damage claimed.
Notably, the CPA only applies to products, not the provision of services. Section 1(2) of the CPA explains that a product “means any goods or electricity and… includes a product which is comprised in another product, whether by virtue of being a component part or raw material or otherwise.”
The distinction between "product" and "service" has not posed any great challenge to the application of the CPA thus far. However, as recognised by the European Commission (the "Commission") in its Fifth Report on the application of the PLD (2018), there are open questions as to what separates a product from a service in the context of emerging technologies, where products and services typically have a close interaction. For example, an AI-powered medical device like a connected pacemaker comprises the physical hardware of the pacemaker and cloud-based software that produces patient data.
Whether software is to be considered a product as defined by the CPA, or a service, is fundamental to the application of the CPA to emerging technologies. It is conceivable that AI-based software, or data that is integrated into hardware as an intangible “component part”, could be considered a product. This issue was addressed at European level as early as 1988, not long after the PLD came into force, with Lord Cockfield of the European Commission stating that “the Directive applied to software in the same way, moreover, that it applies to handicraft and artistic products.” Despite this direction, these issues continue to be the subject of extensive debate by European and UK legislative bodies.
More recently, in VI v KRONE-Verlag Gesselschaft mbH & Co KG , the Court of Justice of the European Union (CJEU) ruled that inaccurate health advice in a printed newspaper that, when followed, causes injury to the reader does not constitute a "defective product" within the meaning of the PLD. The CJEU considered that the provision of inaccurate advice, which by its nature constituted a "service" and not a “product”, was unrelated to the printed newspaper and, furthermore, the service concerned neither the presentation nor the use of the newspaper. Accordingly, the service was not part of the inherent characteristics of the printed newspaper, which alone permits an assessment as to whether the product is defective. The newspaper is merely the medium in which the advice is contained.
The CJEU ruled that liability of service providers and liability of manufacturers of finished products constitute two distinct liability regimes, as the activity of service providers cannot be equated with that of producers, importers and suppliers. Furthermore, it considered that a liability regime applicable to providers of services should be governed by separate legislation. This case offers an insight into how a court may approach defective product claims brought in respect of emerging technologies, where the line between what is considered a product and a service is blurred.
In a similar vein, in The Software Incubator Ltd v Computer Associates (UK) Ltd), the CJEU was asked by the UK Supreme Court (UKSC) to give a preliminary ruling as to whether software could constitute "goods" for the purposes of the Commercial Agents Directive (86/653/EEC), implemented into UK law by virtue of the Commercial Agents (Council Directive) Regulations 1993. The CJEU ruled that software can constitute "goods", regardless of whether it is supplied on a tangible medium or by electronic download.
Although this decision is in the context of the protection of commercial agents regarding the sale and purchase of goods, as opposed to the protection of consumers, it indicates that the CJEU is prepared to widen the scope of existing legislation in order to respond to new technologies. The UKSC’s final decision is awaited.
Why the ongoing debate?
If software is considered a service, a consumer would be precluded from bringing a defective products claim under the CPA but could pursue an action in negligence or breach of contract. To bring a claim in negligence, the consumer would need to demonstrate that the supplier of the service had not acted with reasonable skill or care, which is potentially more challenging than bringing a claim under the CPA as it involves an examination of the supplier’s actions. Furthermore, it could become problematic for courts to apply, for example, a “reasonable software standard”, instead of the reasonable person standard.
Who is a producer?
The CPA imposes strict liability on a producer, or those who hold themselves out to be a producer. As emerging technologies typically comprise software that is subject to regular updates, questions may be raised as to which person(s) is considered a producer for the purposes of the CPA. For example, is the software developer or the engineer responsible for the updates liable for damage caused by the software? Might the software itself be considered a producer, or the human using the technology?
Scope of "damage"
Section 5 of the CPA restricts recoverable damages to death, personal injury or damage to private property exceeding GBP275, but excludes damage to the defective product itself. However, whilst a vulnerability in software resulting in a cybersecurity attack arguably has the potential to render a product defective if the producer failed to protect the device from such attacks, it is questionable whether the scope of any consequential immaterial damage, such as the unauthorised disclosure of personal data (or any resulting Information Commissioner's Office (ICO) fines), will be covered by the CPA. Guidance may be sought from EU-level discussions, where it has been proposed that “immaterial loss” should be taken into account in respect of any future civil liability regime for AI.
The approach to "defect"
Section 3 of the CPA provides that a product is defective "if the safety of the product is not such as persons generally are entitled to expect." As the CPA applies to a range of products from toys to medical devices, this is a flexible test. In assessing the safety of a product, the court will take into account all of the circumstances it considers to be factually and legally relevant to the evaluation of safety on a case-by-case basis. These factors may include safety marks, regulatory compliance and warnings, and what might reasonably be expected to be done with the product.
What people are generally entitled to expect
In Gee, the court confirmed that the test for defect is objective and asks what people are generally entitled to expect when the product is released to market, not what the claimant actually expected. The application of this test to emerging technologies will not be straightforward, particularly given the fast pace of development.
Furthermore, whilst entitled expectation is judged at the date of supply of a product, determining the date of supply may be difficult where a product contains software that is subject to automatic modification. For example, if an update to software contained within AI-powered robotic surgical equipment causes it to malfunction, resulting in injury to a patient, is the date of supply the date the equipment was supplied to the hospital, or the date the software was updated?
“All of the circumstances”
In the UK, industry standards in respect of connected consumer products were first published in 2018 via a voluntary Code of Conduct setting out the security principles to be applied by producers and other relevant industry stakeholders. A new European Standard on connected product security was subsequently adopted in 2020, with the UK government contributing significantly to its development. When considering “all of the circumstances” for the purposes of considering whether an emerging technology is defective under the CPA, a court may therefore take into account the absence of published industry standards prior to 2018, in particular where the emerging technology has caused damage prior to that date.
The courts’ likely approach to defect in emerging technologies
Although the approach to defect in respect of a connected device is yet to come before the UK courts, some direction may be sought from the European case of Boston Scientific Medizintechnik GMbH v AOK Sachesn-Anhanlt-Die Gesundheitskasse  ("Boston"). Here, the court was willing to find a product defective within the meaning of the PLD where it belonged to a group of products where there was the potential for failure. Whilst the decision in Boston was fact-specific and concerned high-risk implantable medical devices, the application of a "presumption of defect" is perhaps superficially attractive in the context of emerging technologies where a product’s functionality has been unexpectedly compromised. However, it is arguable that this approach is only likely to prove persuasive if the compromised functionality poses similar life-threatening risks to that of the pacemaker device that was the subject of Boston.
Establishing a causal link between defect and damage can be an onerous burden on a consumer, particularly if the claimant is unable to establish what it is about a product that makes it defective and the cause of the damage. The burden may feel even heavier in the context of a complex emerging technology. For example, a user of a healthcare application may not be able to determine why an algorithm within the software has made a particular patient diagnosis that resulted in injury. Determining causation can be further complicated by multiple users and operators of the software in question. Problems may arise if the chain of causation has been broken, particularly if the consumer misused the software or did not follow the manufacturer’s instructions.
Application of the ten-year longstop period
The CPA provides for a ten-year longstop provision, which extinguishes any right of action for damages brought under the CPA more than ten years after the product was first supplied. The court will not allow circumvention of the ten-year longstop, as confirmed by Wilson & Ors v Beko Plc .
It is questionable whether the longstop is fit for purpose in respect of emerging technologies. For example, if an autonomous vehicle becomes faulty as a result of a software update performed ten years after the vehicle was supplied, is the longstop period calculated against the date the vehicle itself was supplied, or against the date of the software update that potentially changes the characteristics of the vehicle? Unless legislators clarify this issue, producers of emerging technologies could be at risk of open-ended liabilities lasting the product’s lifetime, the likely consequence of which is increased product prices and insurance premiums.
In February 2021, the Berlin Regional Court ruled that, for products that comprise individual parts that are put into circulation on different dates, it is those dates that are relevant for the purpose of the longstop period and not the date the products were subsequently assembled for use. This decision offers an insight into how courts could apply the longstop to claims concerning emerging technologies where software changes arguably result in the constitution of a new product, or where hardware and software components are manufactured by different manufacturers at different times.
Current defences under the CPA – will they survive?
Section 4(1)(d) provides one of the defences to a defective products claim where “the defect did not exist in the product at the relevant time.” The application of this defence to emerging technologies has been considered by the EU’s Expert Group on Liability and New Technologies (Expert Group), which recommends that a producer should still be liable for defects, even if the defects appear after the product was put into circulation, as long as the producer was still in control of updates to, or upgrades on, the technology.
Section 4(1)(e) also provides a "development risks defence" where “the state of scientific and technical knowledge at the relevant time was not such that a producer of products of the same description as the product in question might be expected to have discovered the defect if it had existed in his products whilst they were under his control.” A producer of emerging technologies may seek to rely on this defence to assert that a product risk was not reasonably foreseeable at the time of programming and/or that the programming was in line with the relevant industry standards at the time of development.
However, there may be difficulties in applying this defence to certain emerging technologies, particularly if the level of safety of those technologies is not yet fully known. This was recognised by the Expert Group, which recommended that this defence should not be available for emerging technologies generally, providing that the producer was still in control of updates to, or upgrades on, the technology, and where it is predictable that unforeseen developments might occur.
Future-Proofing Product Liability
EU driving change
The EU has long recognised that emerging technologies, particularly artificial intelligence (AI), have a significant role to play in economic development, acknowledging the importance of evaluating existing legislation to ensure that the EU is ready for the digital age. The regulation of emerging technologies has already materialised within the medical devices sphere with the introduction of the Medical Device Regulations and In Vitro Diagnostic Regulations (2017/745 and 746), which, belatedly, came into force on 26 May 2021.
The EU is now leading the charge for future reform, showing a commitment to developing legislation that balances the promotion of innovation with consumer protection, whilst protecting citizens’ fundamental rights. For example, recent proposals call for a restriction on the use of “real” time identification in publicly accessible places.
In a post-Brexit era, the proposed reform will not be implemented in the UK. Nevertheless, given the global nature of the AI market, UK product manufacturers will be directly affected when seeking to sell their products in the EU. Furthermore, as the UK is independently taking similar initiatives, such as its National AI Strategy launched in September 2021, it is anticipated that it will largely reflect any future legislative changes that may be made at the European level.
Focus on products and AI
In 2018, the Commission published its fifth report on the application of the PLD, evaluating its function and performance. It concluded that the PLD continues to serve its purpose despite the increased complexities of modern products, but signalled that certain concepts may need to be updated, including “product” and “defect”.
The above-mentioned Expert Group was subsequently formed to establish how effectively the existing EU liability framework would operate in relation to emerging technologies, with a view to drawing up future guidance on the PLD. Their findings culminated in the Commission’s White Paper on AI in February 2020, which set out proposals for a harmonised regulatory framework for AI.
The White Paper was accompanied by a “Report on the safety and liability implications of Artificial Intelligence, the Internet of Things and Robotics” (the Report). The Report does not advocate an overhaul of the entire product liability regime but, instead, acknowledges that provisions explicitly covering new risks presented by emerging digital technologies could be introduced to provide more legal certainty – eg, the mental safety risks to users and the risks of faulty data at the design stage. The Report also acknowledged uncertainty as to how, and to what extent, certain risks, including cyber-threats and loss of connectivity, are sufficiently addressed by the PLD or other existing European legislation.
In October 2020, the European Parliament (the EP) made recommendations to the Commission for a civil liability regime for AI, to take the form of a regulation. Notably, the recommendation acknowledges that the PLD is “an effective means of getting compensation for harm triggered by a defective product but should nevertheless be revised to adapt it to the digital world and to address the challenges posed by emerging digital technologies, ensuring, thereby, a high level of effective consumer protection, as well as legal certainty for consumers and businesses.” The EP urged the Commission to assess whether the PLD should be transformed into a regulation, to clarify the definition of "products" by determining whether digital content and digital services fall within its scope, and to consider adapting concepts including "damage", "defect" and "producer".
The EP also called on the Commission to:
The EP proposes a strict liability regime for high-risk AI systems, with "high-risk" defined as “a significant potential in an autonomously operating AI system to cause harm or damage to one or more persons in a manner that is random and goes beyond what can reasonably be expected.”
For AI systems not classified as high-risk, the recommendations provide that the operator shall be “subject to fault-based liability for any harm or damage that was caused by a physical or virtual activity, device or process driven by the AI system,” making it clear that the operator will not be able to escape liability by arguing that the harm or damage was caused by an activity, device or process driven by the AI system.
On 21 April 2021, the Commission published its long-awaited proposal for a regulation laying down harmonised rules on AI, also referred to as the “Artificial Intelligence Act”. The Commission’s proposed regulation is designed to complement existing EU legislation, such as the General Data Protection Regulation. The proposed regulation imposes strict controls and extensive risk management for the most risky forms of AI, including the requirement to undergo conformity assessments, the drawing up and maintenance of technical documentation, the implementation of quality management systems and the affixation of CE markings to indicate conformity with the proposed regulation, before products are released to market. The proposed regulation has wide-ranging applicability and will affect both AI providers and users inside and outside the EU.
In tandem with the EU’s proposed regulation on AI, the Commission is also seeking to address whether the PLD is fit for the digital age, AI and the circular economy and whether – and if so how and to what extent – it should be adapted to address “the challenges posed by emerging digital technologies, ensuring, thereby, a high level of effective consumer protection, as well as legal certainty for consumers and businesses.” In October 2021, the Commission launched a public consultation on the proposed revision of the PLD and whether the liability framework provided legal certainty and consumer protection in the digital age of smart products and AI-based products and services. The consultation closed in January 2022. Draft legislative changes could be available by Q3 2022.
With the CPA being the implementing legislation that transposed the PLD into UK law, UK legislators will undoubtedly be following these developments very closely.
UK product safety and liability review
Although not as advanced as the EU, the UK has taken, and continues to take, similar steps to address whether its existing product safety and liability regimes meet the challenges of emerging technologies.
We have seen the recent introduction of sector-specific legislation governing emerging technologies. In 2018, the Automated and Electrical Vehicles Act came into force, imposing liability on an insurer for damage caused by an insured automated vehicle. Developments subsequently followed in the medical devices arena, with the introduction of the Medicines and Medical Devices Act 2021, which gives the Secretary of State for Health wide powers to amend the existing regulatory framework for medical devices and medicines post-Brexit, including the improvement of medical device safety and performance through advances in technology.
On 11 March 2021, the government opened a consultation via its UK Product Safety Review (the Review), exploring changes to existing product safety laws to ensure the framework is fit for the future. This included a call for evidence from stakeholders to consider how and to what extent the existing framework may need to be adapted in respect of liability and enforcement. The Review expressly excluded food, chemicals, medical or healthcare products, construction products or vehicles, all of which are subject to separate regulation.
In November 2021, the UK product safety regulator – the Office for Product Safety and Standards – published its analysis of 158 responses received from stakeholders to the call for evidence, which will be used to shape policy proposals for the UK’s future product safety regulatory framework. The responses called for the new framework to be adaptable and responsive to new technologies that encompass the physical and virtual worlds to facilitate safe innovation and to ensure that there are no gaps in enforcement.
Whilst the Review did not have a central focus on the CPA, it acknowledged that its provisions do not reflect emerging technologies like internet-enabled devices, AI and 3D printing. The potential review and reform of the CPA is, however, being mooted by the Law Commission as part of its 14th Programme of Law Reform, having invited views as to whether the CPA should be extended to cover all software and other tech developments, citing the similar challenges that have been considered and addressed by the EU. Some responses in relation to potential CPA reform have been published, with many aligning with some of the EU’s policy proposals in relation to the proposed revision of the PLD.
Although the government’s Review and the Law Commission’s 14th Programme are still in their infancy, change is on the horizon and the UK product liability framework will inevitably be subject to amendment. Interested stakeholders will be watching these developments closely and, in particular, the extent to which the UK will mirror Europe’s proposals.
25 Fenchurch Avenue
+44 firstname.lastname@example.org www.kennedyslaw.com