Product Liability & Safety 2022

Last Updated June 23, 2022


Law and Practice


Kennedys is a global law firm with particular expertise in litigation and dispute resolution, especially in defending insurance and liability claims. The firm has 70 offices, associations and co-operations across the UK and Europe, the Americas, Asia-Pacific and the Middle East. Kennedys has a market-leading team handling product safety and regulation, large-scale product liability, recall and "mass tort" litigation and international claims. The firm's core team is comprised of six partners in London, supported by more than 40 associates, as well as many partners and colleagues across its international offices. A number of its lawyers have requalified in the law following careers in relevant industries (such as engineering, construction and medicine), which broadens the firm's expertise to its clients’ benefit. Kennedys acts for parties across various industries and has gained in-depth expertise in high-profile and complex matters involving a wide range of products, including automotive, chemicals, pharmaceuticals, medical devices, healthcare products and consumer goods.

The UK’s product safety legal regime seeks to balance the rights of consumers with those of business, aiming for the highest level of public safety that does not stifle innovation.

Regulated Products

The product safety regimes apply to consumer products, including:

  • products that are newly manufactured and, in certain instances, that are used and second-hand;
  • products marketed through all modes of sale, including traditional bricks-and-mortar stores or via e-commerce;
  • products that enter the UK for the first time after being imported from a third country (including the EU, post-Brexit); and
  • products that have been subjected to significant changes that modify their function or safety profile.


The system consists of the following fundamental legislative pillars.

General product safety requirements

These are contained within the General Product Safety Regulations 2005 (GPSR). This legislation contains fundamental, overarching concepts of product safety, including the following:

  • only “safe” products are marketed in the UK;
  • various actors within the supply chain are responsible for product safety and compliance, or aspects thereof;
  • conformity assessments that analyse the risks and features of products are necessary before marketing a product;
  • compliance with relevant safety legislation is usually denoted by appropriate marking, including the new UKCA mark or, in certain circumstances, the EU CE mark and/or Northern Ireland UKNI mark, as underpinned by relevant declarations of conformity or similar;
  • the trigger for most significant regulatory obligations is “placing on the market” and/or “making available on the market”;
  • post-market surveillance obligations exist after the initial sale of products;
  • corrective actions are required in certain circumstances; and
  • reports to regulators are required in certain circumstances.

Supplementary product-specific safety requirements

These are contained within sector-specific legislation, to more specifically address unique or specific risks associated with certain types of products. Where they exist, such requirements take precedence over the above-mentioned general requirements contained in the GPSR. Otherwise, these product-specific requirements apply where the GPSR are silent. Sector-specific laws exist in respect of the following, for example:

  • chemicals;
  • cosmetics;
  • construction products;
  • low voltage electrical equipment;
  • machinery;
  • motor vehicles;
  • personal protective equipment; and
  • toys.

Separate product-specific safety regimes

Separate product safety regimes aim to address the unique and quite separate risks of products that are not considered "industrial products" (which are addressed by the above-mentioned legislation). These operate separately from the GPSR and include the following, for example:

  • food;
  • pharmaceuticals; and
  • medical devices.

Enforcement and Monitoring of Obligations Imposed by Regulators

Market surveillance activities are carried out by regulators, who are empowered to monitor and enforce compliance with the above-mentioned product safety laws. Please refer to 1.2 Regulatory Authorities for Product Safety for further detail.

The Role of Technical Standards

In practice, compliance with the above legal requirements is often achieved through adherence to technical standards specific to each product type/category/feature, which provides a benefit of conformity under the relevant legislation. Technical standards are developed by relevant standardisation organisations, and are designated under appropriate legislation by the Secretary of State who is empowered to do so in the UK.

The Effect of Brexit on the UK Product Safety Law Regime

The above UK product safety laws derive largely from EU legislation (the GPSR give effect to EU Directive 2001/95/EC on general product safety, for example). Given the implementation of local UK laws to enact EU-level obligations prior to Brexit and/or the direct effect of EU laws in the UK at the time of initial pre-Brexit implementation, much of the legislative framework for product safety in the UK remains substantively unchanged post-Brexit.

However, various UK legislation, such as, most relevantly, the Product Safety and Metrology etc. (Amendment etc.) (EU Exit) Regulations 2019, was enacted to amend EU-based legislation to make correct references to the UK rather than the EU, and to ensure the continued applicability of the legislation in the UK. Supplementary legislation was also required to be enacted in some sectors to empower the relevant UK law-makers to implement future changes to UK legislation. In some specific areas, including medical devices, the EU and UK positions already deviated significantly because of legislative changes in the EU that did not take effect prior to Brexit. Future deviation is also likely, particularly in the context of legislative reviews and amendments of UK and EU product safety systems currently underway. Please refer to 3.1 Trends in Product Liability and Product Safety Policy for further detail.

Oversight of the UK product safety regimes is undertaken by several regulators in the UK, at various levels.

Local Authorities

Local authorities have day-to-day responsibility for the enforcement of product safety legislation in the UK, which is carried out through local Trading Standards (TS) offices. Through the GPSR and Consumer Rights Act 2015 (CRA), such authorities have a wide range of powers, including the ability to:

  • issue recall/withdrawal notices;
  • issue requirements to warn;
  • issue product recall enforcement notices;
  • enter and search premises;
  • seize documents and goods;
  • require information;
  • test equipment;
  • observe the carrying on of business;
  • inspect products;
  • issue statutory notices;
  • issue cautions;
  • seek the imposition of civil sanctions; and
  • commence criminal prosecutions.

Overarching Product Safety-Specific Regulator

The Department for Business, Energy and Industrial Strategy (BEIS) is responsible for high-level oversight of policy and strategy in the area of product safety regulation. In January 2018, the Office for Product Safety and Standards (OPSS) was developed within BEIS to address an apparent need for a technical, centralised resource to assist localised regulatory enforcement around product safety issues. The OPSS carries out the following functions:

  • supports the work of TS, by providing advice and access to technical and scientific assistance, including product testing and risk assessments;
  • co-ordinates national responses to safety issues by providing an incident management capability and working with TS to collate intelligence and identify emerging trends;
  • works with industry to inform the approach to regulation and enforcement; and
  • administers the Primary Authority scheme where companies work with specific authorities.

OPSS is empowered with many of the aforementioned enforcement powers of TS.

Product-Specific Regulators

There are product-specific regulators for the following product categories:

  • food;
  • vehicles;
  • medicines and medical devices; and
  • workplace equipment (including PPE).

Product producers in the UK are required to conduct corrective actions to address product safety issues that make a product unsafe (GPSR Section 7), in contravention of the GPSR safety requirements or other relevant product safety laws. The actions taken by producers must be “commensurate with the characteristics of the product” and there are a range of corrective actions that can be taken, including withdrawal from the supply chain, additional warnings to consumers, in-market repairs or alterations, and a consumer-facing recall. Generally, consumer-facing recalls are considered a last resort. The nature of the corrective action undertaken is determined by the results of a risk assessment.

In March 2018, OPSS co-operated with the UK’s standards institution, the British Standards Institution (BSI), to launch a Code of Practice for Product Safety Recalls (PAS 7100:2018). The Code has two parts.

  • Part 1 provides guidance to manufacturers, importers and distributors (of non-food products) on planning and managing corrective actions, establishing mechanisms to monitor product safety, investigating potential product safety issues and reviewing corrective action programmes.
  • Part 2 provides guidance to market surveillance authorities, such as TS, regarding their roles.

EU-level guidance on topics of risk assessments (RAPEX methodology, 2019) and guidelines (European Commission and PROSAFE guides) may still be useful, given the basis of the laws, notwithstanding the event of Brexit, but will not necessarily be held in the same regard without further changes being implemented to preserve their position as official guidance in the UK.

There are no mandatory requirements for advertisements or other form-specific requirements for the advertising of product safety recalls in the UK. However, the above-mentioned Code provides detailed guidance on the form and content of corrective action announcements.

Under Article 9 of the GPSR, or equivalent sector-specific regimes, there is a mandatory obligation on producers or distributors to report to authorities where they know that a product they supply is “incompatible with the general safety requirement” under the GPSR.

The GPSR requires the report to be in writing and to contain certain mandatory information – namely, the action taken to prevent risk to consumers and the location of supplied products, as well as further identifying information if the product is thought to pose a serious risk.

There is no mandatory procedure to follow to make these reports, and the practices of TS offices can differ greatly in practice, including requiring completion of specific forms. There is also sometimes interaction between the OPSS and TS; for example, where a report to both entities is requested, or warranted for certain more significant issues.

Post-Brexit, the UK is no longer part of the European Commission’s rapid alert system, Safety Gate (formerly RAPEX), which assists with Europe-wide information sharing regarding non-food product safety risks. Reports to UK market surveillance regulators will be recorded, in certain circumstances, on the OPSS’ Product Safety Database, which covers consumer products under the ambit of OPSS’ work.

Although there are no specific timeframes under statute regarding these reports (the legislation simply states that obliged entities should “forthwith notify an enforcement authority”), the recommended timeframe for reporting, provided in guidance documents only, is generally dictated by the assessed risk of the safety matter to consumers who use the affected products.

It is a criminal offence to fail to report to authorities under Section 20(3) of the GPSR, punishable with an unlimited fine or imprisonment for a term not exceeding three months.

In practice, companies and regulators work to resolve issues before there is a need to prosecute formally. Regulators are likely to employ the wide range of powers available to them under relevant legislation prior to commencing formal prosecution; please refer to 1.2 Regulatory Authorities for Product Safety for details. There are a few isolated examples of companies being prosecuted, particularly toy or children’s product manufacturers where the risk to vulnerable users is considered particularly egregious, or where there has been a significant delay in reporting to authorities. Generally, companies plead guilty in short hearings in UK Magistrates' Courts, and fines have also historically been small.

A recent illustrative example is the fining of a toy manufacturer following a prosecution by Thurrock Council Trading Standards. The company pleaded guilty to the import and supply of unsafe toys at a hearing in Southend Magistrate's Court on 14 April 2021. Initial raiding of the premises by TS uncovered toys without relevant safety documents, and further testing confirmed that the toys presented risks of choking asphyxiation. The company was ordered to pay approximately GBP4,100. The prosecution was said by the Council to be brought after "repeated attempts" to encourage the company to comply with its legal obligations.

There are three main causes of action typically employed by claimants pursuing product liability claims in the UK. Each suit offers certain strategic advantages that might make it preferable to certain claimants in certain circumstances; however, claimants often elect to pursue more than one of the causes of action in parallel, in respect of the same facts, to increase the likelihood of success and overcome some of the limitations of certain causes of action.

"Strict Liability" Statutory Regime Under the Consumer Protection Act 1987 (CPA)

The CPA creates a no-fault liability scheme in respect of defective products that have caused personal injury or damage to private property, excluding damage to the product itself.

Under the regime, the following entities have joint and several liability:

  • the manufacturer of the product, or an entity that holds itself out as such by having the product designed/manufactured on its behalf and marketing the product under this trade mark/name;
  • the importer of the product into the UK (post-Brexit, there are significant changes to liability exposure and responsibility under product safety regulations in respect of former distributors within the UK now being considered importers); and
  • the distributor/supplier, in rare circumstances where the above-listed entities cannot be identified by the distributor within a reasonable timeframe when that information is requested or a claim is made against the supplier/distributor.

The following three key elements of the cause of action must be established by the claimant.


Section 3 of the CPA establishes there is a defect in the product "if the safety of the product is not such as persons generally are entitled to expect." The court will take into account all of the circumstances when assessing the safety of the product, including:

  • product marketing;
  • date of supply;
  • any safety mark;
  • warnings;
  • what might reasonably be expected to be done with the product; and
  • the time when the product was supplied by its producer to another.

The landmark case of Colin Gee & Others v DePuy International Limited  [2018] EWHC 1208 (QB) ("Gee") provides the following guidance on the application of this statutory test:

  • the test is objective (what persons generally are entitled to expect) and not subjective (what the individual claimant expected);
  • hindsight is not relevant in determining entitled expectation – entitled expectation must be assessed as at the date of supply of the product; and
  • a court can take into account all of the circumstances it considers factually and legally relevant to the evaluation of safety, on a case-by-case basis.


Generally, death, personal injury or any property loss (property for private use, occupation or consumptions) are damages for which claimants can seek compensation under the CPA.

Damage to the product is excluded from the scope of recoverable heads of damage. There is also a minimum monetary value of GBP275 that the property damage suffered must exceed in order to be entitled to pursue a claim under the CPA.

Causal link

There must be a causal link between the product defect and the damage/injury sustained. The traditional English law tests for causation apply to product liability cases.

Tortious Liability – Negligence

Manufacturers or other actors in the supply chain (mostly where a manufacturer cannot be identified) can be liable in common law negligence in respect of a defective product.

To bring a successful claim in negligence, a claimant must prove, on the balance of probabilities, that:

  • the defendant owed the claimant a duty of care;
  • the defendant breached that duty of care;
  • the breach caused the claimant’s loss or damage; and
  • the loss was reasonably foreseeable.

The key distinguishing feature of such actions is that the claimant must establish fault on the part of the defendant. For this reason, this claim is generally considered to be more difficult to bring than that under the no fault mechanism of the CPA.

Breach of Contract – Express or Implied Statutory Term

Consumers that are party to a contract with a seller or supplier of products can pursue a breach of contract claim if a product supplied is defective or otherwise fails to conform to the contract of sale.

The seller may be exposed in respect of breach of either express terms, or those implied by the Consumer Rights Act 2015 (CRA) in respect of:

  • the fitness for purpose of the product;
  • it being as described; and
  • it being of satisfactory quality.

To bring a claim in contract, a claimant must prove the following on the balance of probabilities.

  • A contract is in place – ie:
    1. there is a mutual intention to create a contract;
    2. an offer has been made;
    3. that offer has been accepted; and
    4. there has been "consideration" (value) exchanged between the parties.
  • The contract has been breached.
  • The breach of contract has led to loss.

There are different requirements to bring the three causes of action mentioned in 2.1 Product Liability Causes of Action and Sources of Law in relation to product liability claims in the UK, as follows.


Consumers (“any person who purchases or uses the product in question for private use”) have legal standing to bring product liability claims. Persons who purchase or use goods for the purpose of resale or commercial use are expressly excluded from the definition of consumers. In order to have a right of action under the CPA, the consumer must have suffered damage of a kind covered by Part 1 of the CPA.


Any person to whom a duty of care is owed can bring a negligence claim in circumstances where that duty is breached and they sustain a reasonably foreseeable loss or damage caused by a defective product.

A claimant need not know the defendant in order to bring a successful claim in negligence. A claim may be brought by a consumer/purchaser of the product, a person who uses the product, or a third-party bystander who is injured by the product.


Generally, because of the doctrine of "privity of contract", only the parties to a contract can enforce the terms of that contract. However, in certain circumstances a third party may seek enforcement under the Contract (Rights of Third Parties) Act 1999, unless these rights have been expressly excluded.

There are strict time limits for bringing civil claims in England and Wales, including product liability claims.

Negligence and Contract

Under the Limitation Act 1980, claims involving personal injury must be brought within three years from the date that the damage occurred or the date that the claimant knew, or reasonably ought to have known, that they had a cause of action (“the date of knowledge”). Knowledge can be acquired from the date that the claimant knew the identity of the defendant or realised the significance of their injury.

For non-personal injury claims, the claim must be brought within six years from the date on which the damage or loss occurred, or three years from the date of knowledge for claims concerning latent damage. The three-year limitation period can be extended at the court’s discretion.


Working in tandem with these time limits, the CPA contains a ten-year long-stop provision, allowing claims under it to be brought within ten years from the date on which the product was put into circulation. Absent the issuing of court proceedings within that timeframe, rights under the CPA are extinguished and cannot be extended by the court.

Prior to Brexit, the jurisdiction of UK courts, as opposed to other EU member state courts, was determined by the operation of EU-level laws. Post-Brexit the situation is as follows.


Generally, UK courts, as with other European-based courts, will assume jurisdiction to try a case where either the injury, loss or damage occurs, or where both parties are domiciled, in that country.

Prior to the UK leaving the EU, where a defendant was domiciled in England, the English court had jurisdiction and could not decline jurisdiction, pursuant to Owusu v Jackson (Case C-281/02) [2005] ECR I-1383. This no longer applies now that the UK has left the EU, and UK-domiciled defendants are able to challenge the English court’s jurisdiction on grounds of it not being the appropriate forum.


In order to invoke the jurisdiction of English courts in respect of negligence claims, it is sufficient for a defendant to be physically present in England and Wales to enable the claimant to serve proceedings on that defendant.


Contractual terms agreed by both parties ordinarily determine the applicable law, jurisdiction and location of proceedings in respect of contractual breaches.

There are mandatory pre-action protocols applicable in respect of product liability claims, under the Civil Procedure Rules Practice Direction on Pre-Action Conduct and Protocols, that must be complied with prior to the commencement of formal claims.

The following Pre-Action Protocols may typically be applicable to product liability claims:

  • the Pre-Action Protocol for Personal Injury (Employers’ Liability and Public Liability) Claims; and
  • the Pre-Action Protocol for Low Value Personal Injury (Employers’ Liability and Public Liability) Claims.

These Pre-Action Protocols ordinarily dictate the following pre-action procedural steps:

  • exchanges of correspondence, including for example a brief outline of each party’s case, in the form of either a letter or a prescribed form; and
  • the exchange of evidence in some circumstances, including, for example, high-level medical evidence in respect of personal injury claims.

Breach of these protocols can have a substantive impact on the ability to commence formal proceedings and/or can have negative costs consequences for the defaulting party, with the court potentially taking the following actions:

  • requiring explanation for any breach or variation of protocols, particularly in circumstances where both parties have departed from their prescriptive requirements;
  • awarding costs, taking into account any breaches or defaults under the protocols;
  • applying sanctions against the offending party; and
  • staying proceedings entirely until there is pre-action compliance.

Broad document preservation obligations are imposed on parties to proceedings in England and Wales, including product liability matters. These rules work in tandem with rules regarding document disclosure; please refer to 2.7 Rules for Disclosure of Documents in Product Liability Cases for further detail.

Under Civil Procedure Rules (CPR) Practice Direction 31B (paragraph 7), once litigation is contemplated, parties must ensure that all potentially disclosable documents are preserved, including any relevant products, devices, design files, testing information, etc; please refer to 2.7 Rules for Disclosure of Documents in Product Liability Cases for further detail.

Under this provision, past, present and future documents must be preserved.

Failure to comply with these requirements – including by interfering with evidence by deleting, overwriting, updating or destroying documents – has far-reaching consequences, including the following measures which the courts can and do impose:

  • penalties for interference with evidence;
  • satellite litigation regarding affected documents;
  • costs sanctions;
  • striking out a party’s particulars of claim or defence; and
  • the drawing of adverse inferences as to the contents of those documents (Earles v Barclays Bank Plc [2009] EWHC 1) – it is likely that the court will order a party to provide an explanation as to why the documents have not been preserved before drawing adverse inferences or making further orders.

There are far-reaching disclosure requirements in respect of product liability cases in the UK.

CPR Part 31 sets out the parties’ responsibilities. Generally, as part of "standard disclosure", parties to an action are required to disclose the following:

  • those documents that are or have been in their control; and
  • documents on which they rely; or
  • documents that may adversely affect their own or another party’s case; or
  • documents that support another party’s case (standard disclosure).

The court, in its discretion, may limit or dispose of the above requirements (CPR 31.5). CPR 31 does not apply to claims entering the small claims track (see 2.10 Courts in Which Product Liability Claims Are Brought). However, a court will ordinarily order standard disclosure, requiring each party to file and serve on the court and all parties copies of all documents upon which they intend to rely.

Parties are required to conduct a reasonable and proportionate search for the above-mentioned disclosable documents. Disclosure obligations are ongoing – ie, continual disclosure is required until the cessation of the matter, including in respect of documents created during the proceedings.

Electronic Document Disclosure

Given the prevalence of electronic documents and sources in modern litigation, specific rules apply to electronic documents. An electronic document is defined as any document held in electronic form – eg, emails, text messages, voicemails, word processed documents, social media messages and databases. CPR 31, Practice Direction 31A and 31B set out the rules of disclosure of electronic documents in multi-track claims (though a court can also apply these rules to small or fast-track claims), and provide for the following, amongst other things.

  • A party requesting the specific disclosure of electronic documents that are not reasonably accessible must demonstrate the relevance of those documents in order to justify the costs and burden of retrieving them.
  • The parties must advise the court before the first scheduled case management conference (CMC) if an agreement has been reached concerning electronic disclosure. If an agreement has not been reached before the first scheduled CMC, the parties will be required to identify issues to put before the court for directions. It may be considered reasonable for a party to search for relevant documents using "key word searches" if a full review of every document would be considered unreasonable or disproportionate in terms of costs and review time involved.

There are prescriptive requirements for expert evidence in respect of product liability claims in England and Wales courts, as set out in the following CPR provisions:

  • Annex C of the CPR Practice Direction on Pre-Action Conduct, outlining the general procedure for the use of expert evidence;
  • CPR Part 35 sets out the control and use of experts in proceedings;
  • Practice Direction 35;
  • the Protocol for the Instructions of Experts to give Evidence in Civil Claims; and
  • Part 7 of the Pre-Action Protocol for Personal Injury Claims (where applicable).

Generally, the above provisions provide that parties’ use of experts is limited to:

  • circumstances where such evidence is reasonably required to resolve the proceedings; and/or
  • those cases where the court grants express permission.

Other requirements include the following.

  • Form:
    1. expert evidence must generally be in written form (written report), unless the court directs otherwise;
    2. with the court’s permission only, in certain circumstances parties can put forward written questions to the experts, including to other parties’ experts; and
    3. oral evidence can be relied upon, but subject to permission from the court (CPR 35.4).
  • Expert duties:
    1. expert witnesses are impartial in their analysis and must acknowledge their duty to act independently when preparing their own expert report, with their overriding duty being owed to the court and not the party instructing or paying them; and
    2. experts must verify their report by including a statement of truth. CPR Practice Direction 35 paragraph 3.3 sets out the recommended template for statements of truth for experts to include in their reports.


Courts are increasingly limiting the use of experts in cases in an attempt to control costs. Accordingly, if an expert is instructed, it is important that parties manage costs carefully, including by the following means.

  • In lower value claims, using a single joint expert to address both parties’ positions may be the most cost-effective solution.
  • In respect of small claims or fast-track matters, experts will generally be directed not to attend the hearing, except in limited circumstances where the court deems that necessary.
  • In high-value claims where parties instruct their own experts, the court may direct a joint discussion between experts for the purpose of identifying and discussing the issues in the proceedings and, where possible, direct the experts to reach an agreed opinion on those issues. The court may direct that, following the discussion, the experts prepare a joint statement for the court setting out the issues on which they agree and disagree (with reasoning).

In respect of each cause of action in product liability claims, the claimant bears the onus of proof. The standard of proof required, in respect of each discrete action, is to prove the case against the defendant on the balance of probabilities (civil standard).

The forum in which a product liability is heard is dictated by the value and/or complexity of the claim. Claims all commence, in the first instance, in either the High Court or the County Court. Thereafter, courts allocate these defended claims to one of three procedural tracks, at an early stage:

  • small claims track – claims with a value of no more than GBP10,000 or where personal injury damages is valued up to GBP1,000 only;
  • fast-track – claims with a value over the small claims track limit, but less than GBP25,000; and
  • multi-track claims – claims valued over GBP25,000.

Multi-track claims can be heard at either the High Court or County Court. Claims with a value of less than GBP50,000 which are commenced in the High Court are generally transferred to a County Court unless there is a specific reason for them to be heard at the High Court (for example, where the case concerns particularly difficult questions of law or where it might attract significant public interest).

In general, in the first instance, product liability cases are heard by a single judge who will generally be alive to the potential complexity of such claims and will allow evidence from a range of expert disciplines and lay witnesses where required. On appeal in the Court of Appeal or Supreme Court, cases may be heard by three or five judges. Jury trials do not take place in civil product liability cases.

Damages Available

There is no upper threshold for the award of damages in product liability cases generally.

Claimants that succeed with an action in negligence are entitled to an award of damages, the aim of which is generally to place that claimant in the position they would have been had the negligence not occurred.

Appeals in respect of product liability claims follow the general rules applicable to appeals for all civil claims in England and Wales, as follows.

  • Standing – the court’s permission must be obtained before an appeal can be lodged by way of an application.
  • Time limits – a party ordinarily has only 21 days following a judgment to make a request for an appeal against a County Court or High Court decision.
  • Application for permission to appeal – the courts only grant such permission in circumstances where the appeal appears to have a real prospect of success or there are other compelling reasons why it should be heard; the application process is usually "on the papers" (rather than by way of oral hearing) only, unless the court deems the application exceptionally requires an oral hearing.
  • Scope of appeal – an appeal is usually limited to a review of the lower court’s decision; however, the court can apply its discretion to order a re-hearing if the interests of justice would be served by doing so.
  • Grounds for an appeal – an appeal will be allowed where the decision of the lower court was wrong (eg, where the court made an error of law, or of fact, or in the exercise of its discretion) or if the decision was unjust because of a serious procedural or other irregularity of the lower court; in practice, the courts rarely interfere with findings of fact made by lower courts, on the basis the judgments were made with the benefit of hearing witness and expert evidence first-hand.
  • Effect of appeal decision – an appeal court may affirm, vary or set aside any order or judgment made by the lower court, order a new trial or hearing, or make any other appropriate order.
  • Forum of appeal – the Court of Appeal hears appeals against decisions made in a County Court or in the High Court; these are heard at the Royal Courts of Justice in London. The Supreme Court in London is the final appellate court, which hears appeals on arguable points of law of general public importance.

The nature of available defences depends on the cause of action pursued.


Given the statutory nature of the CPA, the defences available are limited to those provided under the legislation, as follows:

  • the defect is attributable to compliance with any requirement of UK or retained EU law post-Brexit;
  • the defendant did not at any time supply the product;
  • the product was not supplied in the course of the defendant’s business or with a view to profit;
  • the defect did not exist in the product at the time of supply;
  • the state of scientific and technical knowledge at the time the product was put into circulation was not such that a producer of products of the same description as the product in question might be expected to have discovered the defect if it had existed in their products while they were under their control (known as “state of the art” or “development risks” defence); and
  • the defect was not in the component supplied but in the finished product in total, for which the defendant should not be responsible.


In practice, negligence claims are most often defended on the basis that the requisite elements of the cause of action have not been established – eg, there was no duty of care owed, there was no breach of said duty and/or there was insufficient evidence to establish causation.

Other common defences to claims in negligence are as follows.

  • Contributory negligence – a claimant contributed, at least to some extent, to their damage and/or injury; the liability of the defendant is reduced by the contribution of the claimant.
  • Voluntary assumption of risk – the claimant consented to the risk that resulted in injury/loss.
  • Establishing that the injury was caused by the claimant’s participation in a criminal enterprise.


Again, contractual claims are often defended in practice on the basis that not all elements of the claim are made out – eg, there was no contract in place or the contractual terms did not include the term allegedly breached.

Otherwise, the following defences may be available in contract claims:

  • the breach of contract was waived and the claimant did not act on the breach within a reasonable time (or at all);
  • the contract terms were varied; and
  • promissory estoppel.

Under the CPA, it is a statutory defence to allege that the fact of compliance with mandatory regulatory standards introduced a product defect (see 2.12 Defences to Product Liability Claims).

Furthermore, although it is still considered an area of development for judicial consideration, it is generally accepted that whilst compliance or lack thereof with regulatory obligations is a persuasive factor in determining whether or not a product is defective, it is by no means decisive.

Wilkes v DePuy International Limited [2016] EWHC 3096 (QB) made it clear that compliance with appropriate mandatory regulatory standards and/or the grant of regulatory approval are appropriate circumstances to take into account under the CPA statutory test for whether a product is defective. It was said by the court that, whilst these factors are not complete defences to a claim under the CPA, they would be “powerful evidence” to indicate that the level of safety contemplated by the CPA had been reached, and that against that backdrop “it may be challenging” for the claimant to make out a case that a higher level was expected. Compliance with the manufacturer’s own specification and standards could also be persuasive on the same basis.

The link between regulatory decisions and/or approvals is important to other product-related matters and is further illustrated in the case of Volkswagen Emissions Litigation [2020] EWHC 783 (QB). In that matter, the English High Court held it was bound under EU law (pre-Brexit) by the German type-approval authority’s finding that certain vehicles contained a “defeat device”, and the defendants’ attempt to re-litigate that decision was an abuse of process.

Non-adherence to regulatory requirements is a separate cause of action, which can attract criminal liability; please refer to 1.5 Penalties for Breach of Product Safety Obligations.

The general principle for the payment of costs in English law applies to product liability cases: the losing party pays the costs of the successful party, including fees, court fees and disbursements (including expert fees).

The court can award costs on two bases.

  • Standard basis, under CPR 44.3(2) – the court will only award costs that are considered to be both reasonably and necessarily incurred by the party seeking recovery; any costs considered to be disproportionate may be disallowed or reduced, even if they were reasonably and necessarily incurred.
  • Indemnity basis, under CPR 44.3(1)(b) – where the court orders costs to be assessed on an indemnity basis, costs need not be incurred by necessity and there is no requirement for costs to be proportionate to the issue in dispute. They need only be reasonable; essentially, a party that has an indemnity costs order made in their favour is more likely to recover a sum that reflects the actual costs incurred in the proceedings.

In product liability claims involving damages for personal injury or death, the regime of qualified one-way costs shifting (QOCS) applies. In practice, this means that the claimant will not be responsible for the defendant’s costs in most claims where a claimant is unsuccessful. However, the QOCS provisions may not apply if the claim is struck out, or if the court determines that the claimant was fundamentally dishonest. If the claimant’s claim is successful, they may recover their costs from the defendant, subject to a "set-off" of any (interlocutory) costs orders made in the defendant’s favour.

Costs are subject to a formal assessment procedure if they are not or cannot be agreed between the parties.

The court has wide discretion to vary any of the above general positions regarding costs, however.

As with all civil claims in England and Wales, there are many litigation funding options regularly used by product liability claimants to fund their litigation. The following are common mechanisms used in product liability cases:

  • conditional fee agreements (CFAs), whereby the legal fees of legal representatives are contingent upon a certain event taking place (usually the client "winning" the case); and
  • damages-based agreements (DBAs), whereby the lawyer’s fees are contingent on success in the case, determined as a percentage of the compensation received by the successful party.

Lawyers can charge success fees, and third-party funding is permissible.

Notably, for the above agreements entered into after 1 April 2013, successful claimants can no longer recover success fees, after the event (ATE) premiums or other arrangement costs from the defendant.

Several mechanisms, both formal and informal, exist in respect of group actions in England and Wales, as set out below.

Formal Mechanisms

Group litigation orders (GLOs)

Under CPR 19 Section III, a GLO allows the management of multiple claims that give rise to common or similar issues of fact or law. Claimants to these actions must “opt in”. In the process of GLO proceedings, there will be a trial of issues that are common to all underlying claims. Lead cases that are considered the most appropriate can be chosen, and they are used to allow the parties to put common issues into context. Decisions made in respect of these lead cases are binding on all parties to the GLO. This is the most commonly used formal mechanism in respect of product liability claims.

Representative actions

Representative actions, under CPR 19 Section II, can be brought by one or more claimants on behalf of a group considered to have the “same interest”. The UK Supreme Court (UKSC) judgment in Lloyd v Google LLC [2021] UKSC 50 provided clarity on the interpretation of the “same interest” requirement in the context of a large-scale data privacy action. In this action, the UKSC held that, to bring a claim for compensatory damages for a breach of the Data Protection Act 1998, a claimant must establish that there has been a breach, and that damage has been suffered as a result, in the form of material damage or distress. As this would involve an assessment of individual damages and loss, the claim could not proceed as a representative action under CPR 19.6 as the “same interest” requirement had not been met.

In cases requiring an individual assessment of damages, the UKSC suggested that the representative action procedure could still be used to determine common issues of fact or law, leaving issues that require individual determination to be dealt with subsequently.

Representative actions operate on an "opt-out" basis, such that all group members will be automatically included in the group and represented in the action, and a judgment will be binding on all those represented unless they expressly state that they wish to be excluded. Such actions are rare, although there are signs they may become more widely used.

Informal Mechanisms

The courts can also manage group litigation informally, including by hearing one or more representative test cases at trial while staying remaining cases. The test case decision is not binding on parties to the other claims; however, the decision is intended to determine common issues relevant to the subsequent cases to assist parties to resolve remaining claims without further litigation.

Product liability cases do not commonly reach trial in England and Wales. Claims that do reach trial are often in respect of medical devices or pharmaceutical products rather than general consumer products.

A small body of cases have assisted in interpreting statutory tests under the no-fault mechanism of the CPA. Of these, the Gee judgment remains the seminal decision in product liability. That case related to the metal-on-metal hip prosthesis group litigation in England in Wales. The court found in favour of the defendant manufacturer in concluding that the claimant’s argument that the products had a “tendency” to cause soft tissue reactions (adverse reaction to metal debris – ARMD) was “untenable” on the basis it would render all similar hip prostheses defective and is “directly contrary to the spirit and objectives” of the CPA. Based on a lack of evidence, even though it accepted the approach, the court also rejected the claimant’s alternative argument that the products had “an abnormal potential for damage”.

Gee adopted much of the reasoning of an earlier seminal product liability case, Wilkes v DePuy International Limited [2016] EWHC 3096 (QB), but departed from A v National Blood Authority [2001] 3 All E.R. 289, a somewhat controversial case that previously provided guidance on how to approach the question of "defect" in product liability cases. The Wilkes method of “abnormal potential for damage” was considered favourably, but no finding was made on the basis of that test due to a lack of claimant evidence. In doing so, the A v NBA approach, of first identifying “the harmful characteristic which caused the injury”, was discredited.

The court in Gee:

  • recognised the inherent flexibility of the no fault mechanism under the CPA;
  • promoted assessing defect under the CPA in a holistic manner, whereby the court is entitled to take into account all relevant factors, including legal and factual circumstances, when evaluating product safety;
  • determined that hindsight has no place in the formulation of the "entitled expectation" of safety, the test for defect under the CPA; and
  • found that a known and inherently harmful, or potentially harmful, consequence of the ordinary use of a product did not amount to a defect.

The above position taken in Gee was largely approved in another case involving a metal-on metal hip prosthesis: Hastings v Finsbury Ortho­paedics Limited and Stryker UK Limited [2019] CSOH 96. In this Scottish matter, the court found for the defendant manufacturers. That finding was upheld on appeal ([2021] CSIH 6) and a fur­ther appeal was brought by the pursuer, which was heard before the UKSC in April 2022. The UKSC’s judgment, which was handed down on 29 June 2022, unanimously dismissed the appeal brought against the respondent manufacturers,  thereby maintaining the finding of the lower courts that the appellant failed to prove that the metal on metal hip product in question is defective under the CPA. The UKSC’s ruling reinforces the approach to the question of defect under the CPA, as determined in Wilkes and Gee.

Further, the UKSC held that the appeal was "no more than an attempt to appeal against the … findings of fact". In the circumstances, it declined the appellant’s invitation to overturn the factual findings made by the judge at first instance as they were findings the lower court had been entitled to make on the evidence. The appellant had suggested that the UKSC examine such findings through a different prism that introduced principles such as a benevolent approach to the application of the Act.

The appellant further argued that the lower court was not entitled to find against him on defect because the evidence before the court raised a presumption of defect that was not capable of being rebutted by the manufacturers. The UKSC rejected this argument, holding that:

  • Expressions of professional concern in the surgical community regarding metal on metal hip prostheses generally did not help to establish that the product in question was defective, given that revision rates for the metal on metal class of hip prostheses varied from product to product.
  • The lower court was entitled to find that the product was withdrawn from the market based on commercial considerations, and therefore the fact of the withdrawal did not assist a case on defect.
  • Product safety alerts and notices issued by a regulator and/or manufacturer cannot of themselves be determinative of product defect. In the appellant’s case, his reliance on the issued Medical Device Alert and Field Safety Notices was undermined by the accepted evidence on the unreliability of the underlying statistics on which the alert/notices were based.

Divergence of UK Laws from EU Position

Alongside parallel legislative developments at EU and UK levels, Brexit has resulted in the increasing divergence of product safety laws across the region. The timing has meant the immediate divergence of UK laws from EU laws in some instances, such as medical devices. Otherwise, the UK looks poised to make a decision to actively depart from the EU in other instances by the creation of new legislation eg, as foreshadowed by ongoing consultations in respect of UK product safety laws generally, and genetically modified organism (GMO) legislation.

Multiplication of Product Compliance Obligations Across Europe

The above phenomenon also means that there are now separate and distinct requirements across the region, including, by way of example, the requirement for UK and/or EU-based notified bodies and/or UKCA, UKNI, CE marking on products. Such multiple requirements are a departure from the prior Europe-wide product safety regime, which operated on the basis of maximum harmonisation and single market principles. There are strict timelines and rules attached to these new UK-only requirements, of which companies need to be aware. Furthermore, UK-based companies continuing to sell in the EU must be aware of ongoing EU obligations. Generally, EU compliance practices are more accepted in the UK post-Brexit – during some ongoing transition periods allowed in some instances – than UK compliance practices will be in the EU.

New Enforcement Practices

In line with a Europe-wide ramp up of product safety enforcement, there is an increased focus on market surveillance and increased empowerment of regulators, including by way of the implementation of new legislation regarding the same.

Focus on Online Selling

In line with the general principles of UK product liability laws, which expose companies to liability notwithstanding the mode of sale (ie, online sales are included), there is now an increased focus on properly ascribing responsibility to online sellers in respect of product safety compliance obligations and breaches thereof, including by way of a requirement to have a local entity in place to nominally be responsible for these issues. The EU-led "Product Safety Pledge" practices may yet be implemented in the UK also.

Similarly, the UK government’s anticipated reform of its product safety framework is expected to strengthen the current framework, including in relation to online and marketplace sales. The EU has already taken steps to regulate online marketplaces by virtue of the Market Surveillance Regulation (EU) 2019/120, which came into force in July 2021 to bring online platforms within the remit of the EU’s product safety framework, including online marketplaces. Given the further growth of online sales during the COVID-19 pandemic and beyond, this is an area of particular focus for regulators and law makers alike.

Development of Collective Redress Regime

The much-discussed collective redress regimes to bring about US-style "class actions", including in respect of consumer law issues specifically, are poised to change the product liability landscape across Europe, with the EU Directive on representative actions having now come into force and due to take effect in EU member states by July 2023.

Not having adopted the EU laws prior to Brexit, the UK will be able to take its own stance in respect of this developing area of law. The UKSC’s decision in Mastercard Incorporated and others v Walter Hugh Merricks CBE [2020] UKSC 51 (“Merricks”), as delivered on 11 December 2020, demonstrates that, in the right circumstances, an English court will not stand in the way of a group action. Following the UKSC’s decision, the Competition Appeals Tribunal (CAT) certified Mr Merrick’s application for an opt-out Collective Proceedings Order (CPO), in which he represents a class of more than 46.2 million consumers in respect of a GBP7.2 billion action concerning allegedly unlawful bank charges. The CAT has since certified a further six CPOs, indicating a growing trend towards large consumer class actions.

In this vein, there have been calls for a generic opt-out class action regime beyond the scope of the CAT, driven by claimant law firms and consumer groups who share the view that the burden of proof is too high in product liability actions, particularly those concerning allegedly defective medical devices and pharmaceutical products, compared to actions brought in the competition sphere.

Convergence of Multi-sector Product Safety Laws

Whilst there is a divergence of product safety laws from a geographical perspective, there is, in parallel, a convergence of laws in terms of product safety issues in the UK. For example, issues formerly considered primarily privacy concerns are now increasingly being considered product safety issues. This is particularly the case in respect of radio equipment and medical devices, and there is an increasing reliance on parallel or potentially relevant separate product safety regimes across other sectors. For example, the food contact materials laws are now being relied upon for cosmetics packaging in certain circumstances.

Corporate Social Responsibility and Environmental Sustainability

There has been a broadening of product compliance obligations to incorporate concepts of corporate social responsibility, environment and sustainability, and increased focus on these areas. In line with EU-based initiatives in which the UK participated prior to Brexit, including the EU Green Deal and Circular Economy practices, there is now an increased focus on product compliance requirements, contemplating this broadened scope.

Modernisation of Product Safety and Liability Regimes

As part of an ongoing review at EU level in respect of the fitness of product liability laws to respond to issues created by modern technologies, there is currently a debate regarding the application of the CPA to new technologies – eg, in software supplied over-the-air (OTA). This type of software is updated wirelessly (and used in products such as smart pacemakers) and several questions are currently being debated, including:

  • whether software can be considered a product under the CPA;
  • if software is considered a product under the CPA, who will have the responsibility (and associated potential liability) to update the OTA software;
  • how the state of the art defence and limitation will apply to updated OTA software (see 2.12 Defences to Product Liability Claims); and
  • whether a data breach can be considered a defect under the CPA if the data breach causes injury such as psychological damage.

If the CPA is updated to adapt to new technologies, there may be a proliferation of product liability group actions where there has been a data breach in relation to smart consumer products.

There are wide-ranging imminent policy developments in respect of product liability and safety in the UK, including as a result of Brexit but also in response to long-standing issues that were being grappled with for some time at an EU level.

Product Safety Law

In March 2021, the UK government announced its plans to review and strengthen the UK’s current product safety laws to ensure that they are fit to deal with emerging innovations and technologies. The UK Product Safety Review Consultation "Modernising Product Safety Laws to Ensure they are fit for the 21st Century" focuses primarily on product safety and covers consumer products such as toys, electrical equipment and cosmetics, but excludes medical and healthcare products, food products, vehicles, chemicals and construction products.

In November 2021, the OPSS published its analysis of 158 responses received from stakeholders to the call for evidence, which will be used to shape policy proposals for the UK’s future product safety regulatory framework. The responses called for the new framework to be adaptable and responsive to new technologies that encompass the physical and virtual worlds to facilitate safe innovation and to ensure that there are no gaps in enforcement. 

The result of the review, and any hard or soft laws created on the basis thereof, would mark a significant development in UK product safety laws, which are more than 30 years old.

The review is in parallel to a similar review held at EU level, which has been ongoing for several years, including by two European Commission Expert Groups. The positions taken by the EU and UK after each respective review could result in a departure of the two sets of product safety laws and further onerous requirements for companies operating in both markets.

Connected Products and Cybersecurity

In April 2021, the UK government published a policy paper providing an overview of the government’s updated intentions for proposed legislation to regulate the cybersecurity of connected consumer products. The government’s aim is to implement a new robust scheme of regulation to protect consumers from insecure connected products, mandating base requirements and disclosures for those selling such products.

The UK government also launched its National Cyber Strategy in January 2022, setting out its plan to protect its citizens in cyberspace, including by implementing the Product Security and Telecommunications Infrastructure Bill to enable enforcement of minimum security standards in all new connectable products sold in the UK.

Medical Devices

On 26 May 2021, the new EU Medical Devices Regulation (EU) 2017/745 (MDR) became appli­cable, bringing EU legislation into line with new technical advances in medical devices and changes in medical science. More recently, the EU In Vitro Diagnostic Regulations, which took effect from 26 May 2022, introduce a new man­datory regulatory framework for IVD medical devices, such as pregnancy tests and COVID-19 test kits.

Against the backdrop of perceived historical issues with medical device safety in Europe generally, these new laws aim to create a more robust, transparent and sustainable regulatory framework, to improve clinical safety and create fair market access for manufacturers and health­ care professionals. The UK is preparing to introduce similar domestic legislation by virtue of the Medicines and Medical Devices Act 2021 which provides legislators with powers to amend the Medical Devices Regulations 2002 which currently govern medical devices in Great Britain.

On 26 June 2022, the UK government published its response to the Medicines and Healthcare products Regulatory Agency’s consultation on the future regulation of medical devices in the UK, which indicates that certain aspects of the future regulatory framework will have some alignment with the EU MDR.

Artificial Intelligence

On 21 April 2021, the European Commission published its proposal for a regulation laying down harmonised rules on artificial intelligence, with the first ever legal framework on AI to address the risks and trustworthiness thereof. With the UK having already published its National AI Strategy in September 2021, it is anticipated that the UK government will seek to implement similar measures in the UK.

Sustainability and Environment

Following several related initiatives, the UK government undertook a consultation on waste prevention proposals for products: the “Waste Prevention Programme for England”. This UK-led initiative mirrored a parallel EU initiative of a similar nature, called the Sustainable Products Initiative, and addresses topics such as end of life, repair, reuse and remanufacturing, and extended producer responsibility. The consultation, which focused on construction products, textiles, furniture, electronics, vehicles, food and plastic packaging, closed in June 2021 and the outcome is awaited.

The subsequent introduction of the Environment Act 2021, described by the UK government as “world-leading legislation”, empowers the government to make targets, plans and policies for improving the national environment, including addressing waste and resource efficiency, air and water quality, and nature and biodiversity, with cross-sector impact. National authorities will be empowered to introduce regulation that aims to eliminate avoidable waste by 2050 by introducing robust measures such as making producers responsible for the disposal of waste products and charges.

As of 1 April 2022, manufacturers or importers of plastic packaging products into the UK may be liable under Part 2 of the Finance Act 2021 to pay a tax on those products, known as PPT. The introduction of PPT follows the EU’s introduction of a levy on non-recycled plastic packaging waste in July 2020 and reflects the growing trend toward sustainable practices across industries and the demand for greater corporate responsibility by large-scale manufacturers, importers and their insurers. It aims to incentivise manufacturers and importers to incorporate more recycled plastic into their packaging.

Food Technological Practices

Following an EU initiative of the same nature, the UK government is currently considering the scope of GMO legislation.

The impact of COVID-19 on all stakeholders (business, third parties, governments, regulators and insurers) has been unprecedented. Given its importance to the fight against COVID-19, the life sciences industry has been disproportionately impacted.

In particular, the pandemic has resulted in a demand for the rapid production of specific products, such as diagnostic tests, vaccines, treatments and personal protective wear. The race to combat COVID-19 has also been a catalyst for a shift towards the following trends in the regulatory framework and processes, as well as industry practices.

  • Changes in life sciences industry practices, and resultant liability profiles of life sciences companies, including, for example:
    1. an increased use of emerging technologies such as genomics, telehealth and AI in the drug discovery process;
    2. a greater reliance upon data-driven technologies and related products, which may lead to a potentially more complex product liability matrix where liability may fall on multiple defendants; and
    3. a heightened risk of cybersecurity cases involving potential software data breaches such as COVID Test and Trace.
  • An increase in home-grown products and technologies by UK-based producers, which may give rise to liability exposure in unanticipated circumstances and may result in more actions being brought domestically.
  • An emerging trend towards more online marketplaces, and consumer purchases of non-compliant products or products not intended for their markets.
  • A proliferation of guidance, exemptions and derogations provided by regulators, particularly life sciences regulators, in an unprecedented manner and in an uncharacteristically non-uniform manner across Europe, including:
    1. the provision of guidance, including in respect of ventilator systems, virus and antibody detection kits, PPE and good manufacturing processes (GMP);
    2. the granting of exemptions, derogations and expedited pathways, including in respect of testing kits, medical devices, remote audits, COVID-19 vaccines, compassionate use medicines, labelling and packaging flexibilities for vaccines and supply and distribution methods for vaccines; and
    3. broader policy and system reforms, including in respect of a delay of the EU medical devices regime, delayed deadlines for nitrosamine risk evaluation assessments and transparency and authorisation mechanisms for COVID-19 vaccines.
  • The grant by governments of future-looking indemnities or protection from suits in respect of COVID-19 products, or otherwise consideration of compensation schemes for victims of COVID-19 products.

25 Fenchurch Avenue

+ (44) 07436039677
Author Business Card

Trends and Developments


Kennedys is a global law firm with particular expertise in litigation and dispute resolution, especially in defending insurance and liability claims. The firm has 70 offices, associations and co-operations across the UK and Europe, the Americas, Asia-Pacific and the Middle East. Kennedys has a market-leading team handling product safety and regulation, large-scale product liability, recall and "mass tort" litigation and international claims. The firm's core team is comprised of six partners in London, supported by more than 40 associates, as well as many partners and colleagues across its international offices. A number of its lawyers have requalified in the law following careers in relevant industries (such as engineering, construction and medicine), which broadens the firm's expertise to its clients’ benefit. Kennedys acts for parties across various industries and has gained in-depth expertise in high-profile and complex matters involving a wide range of products, including automotive, chemicals, pharmaceuticals, medical devices, healthcare products and consumer goods.

Product Liability in the UK: an Introduction

Product liability is the area of law governing the liability of producers, suppliers and distributors of defective products. In the UK, claims relating to product liability may be brought in negligence, breach of contract or pursuant to the Consumer Protection Act 1987 (CPA), the implementing legislation that transposed the EU Product Liability Directive 85/374/EEC (PLD) into UK law.

Consumer products have evolved considerably since the CPA came into force more than 30 years ago. At that time, the World Wide Web was yet to go live, and CD-ROMs were at the forefront of technology. The products on the market then were more simplistic in nature and tended to be physical items – eg, a car or a washing machine – that were not subject to updates or modifications once they left the factory gates. The traditional risks of personal injury and property damage associated with these products were tangible and widely understood.

Fast-forward 30-plus years and many of the products that we use today have features and characteristics that could not have been imagined in the 1980s, such as remote access and wireless application protocols like Bluetooth, with products capable of manual or automated modification via software updates.

Connected devices, commonly referred to as the internet of things (IoT), and technologies powered by AI ("emerging technologies" for the purpose of this report), including robotics, continue to develop at lightning speed and have set the stage for ongoing technological advancement. Research by Statistica suggests that, by 2030, around 50 billion of these connected devices will be in use around the world. From wearable health monitoring devices to home security systems to virtual AI assistants like Apple’s Siri, consumers’ increasing reliance on these emerging technologies has changed the way we live today, and this has been brought to the fore by the COVID-19 pandemic.

With technology having developed faster than the law, the way that the CPA applies to these emerging technologies, or indeed whether it does apply, is far from clear. The unique features and characteristics of these technologies present challenges to the existing legal framework and raise questions as to whether it is fit for purpose, or the extent to which it may need to be adapted. We examine how these challenges have been recognised by legislators and what the future may hold for product liability legislation in the UK.

Emerging Technologies and CPA Claims

Minding the liability gap

With the exception of A v National Blood Authority [2001], which concerned transfused blood, CPA claims in England and Wales have predominantly concerned standalone, physical products, usually involving an easily identifiable producer and physical damage. By way of example, the recent landmark authorities of Wilkes v DePuy International Limited [2016] and Gee & Others v DePuy International Ltd [2018] ("Gee") concerned hip implants, while Wilson & Ors v Beko Plc [2019] involved a fridge freezer. Although the CPA definition of "product" is relatively wide in scope, its application to emerging technologies has yet to be tested.

Product or service

The CPA imposes strict liability on a producer for damage caused by a defective product, sometimes referred to as "no fault liability". A claimant must prove the defect and that the defect caused the damage claimed.

Notably, the CPA only applies to products, not the provision of services. Section 1(2) of the CPA explains that a product “means any goods or electricity and… includes a product which is comprised in another product, whether by virtue of being a component part or raw material or otherwise.”

The distinction between "product" and "service" has not posed any great challenge to the application of the CPA thus far. However, as recognised by the European Commission (the "Commission") in its Fifth Report on the application of the PLD (2018), there are open questions as to what separates a product from a service in the context of emerging technologies, where products and services typically have a close interaction. For example, an AI-powered medical device like a connected pacemaker comprises the physical hardware of the pacemaker and cloud-based software that produces patient data.

Whether software is to be considered a product as defined by the CPA, or a service, is fundamental to the application of the CPA to emerging technologies. It is conceivable that AI-based software, or data that is integrated into hardware as an intangible “component part”, could be considered a product. This issue was addressed at European level as early as 1988, not long after the PLD came into force, with Lord Cockfield of the European Commission stating that “the Directive applied to software in the same way, moreover, that it applies to handicraft and artistic products.” Despite this direction, these issues continue to be the subject of extensive debate by European and UK legislative bodies.

More recently, in VI v KRONE-Verlag Gesselschaft mbH & Co KG [2021], the Court of Justice of the European Union (CJEU) ruled that inaccurate health advice in a printed newspaper that, when followed, causes injury to the reader does not constitute a "defective product" within the meaning of the PLD. The CJEU considered that the provision of inaccurate advice, which by its nature constituted a "service" and not a “product”, was unrelated to the printed newspaper and, furthermore, the service concerned neither the presentation nor the use of the newspaper. Accordingly, the service was not part of the inherent characteristics of the printed newspaper, which alone permits an assessment as to whether the product is defective. The newspaper is merely the medium in which the advice is contained.

The CJEU ruled that liability of service providers and liability of manufacturers of finished products constitute two distinct liability regimes, as the activity of service providers cannot be equated with that of producers, importers and suppliers. Furthermore, it considered that a liability regime applicable to providers of services should be governed by separate legislation. This case offers an insight into how a court may approach defective product claims brought in respect of emerging technologies, where the line between what is considered a product and a service is blurred.

In a similar vein, in The Software Incubator Ltd v Computer Associates (UK) Ltd), the CJEU was asked by the UK Supreme Court (UKSC) to give a preliminary ruling as to whether software could constitute "goods" for the purposes of the Commercial Agents Directive (86/653/EEC), implemented into UK law by virtue of the Commercial Agents (Council Directive) Regulations 1993. The CJEU ruled that software can constitute "goods", regardless of whether it is supplied on a tangible medium or by electronic download.

Although this decision is in the context of the protection of commercial agents regarding the sale and purchase of goods, as opposed to the protection of consumers, it indicates that the CJEU is prepared to widen the scope of existing legislation in order to respond to new technologies. The UKSC’s final decision is awaited.

Why the ongoing debate?

If software is considered a service, a consumer would be precluded from bringing a defective products claim under the CPA but could pursue an action in negligence or breach of contract. To bring a claim in negligence, the consumer would need to demonstrate that the supplier of the service had not acted with reasonable skill or care, which is potentially more challenging than bringing a claim under the CPA as it involves an examination of the supplier’s actions. Furthermore, it could become problematic for courts to apply, for example, a “reasonable software standard”, instead of the reasonable person standard.

Who is a producer?

The CPA imposes strict liability on a producer, or those who hold themselves out to be a producer. As emerging technologies typically comprise software that is subject to regular updates, questions may be raised as to which person(s) is considered a producer for the purposes of the CPA. For example, is the software developer or the engineer responsible for the updates liable for damage caused by the software? Might the software itself be considered a producer, or the human using the technology?

Scope of "damage"

Section 5 of the CPA restricts recoverable damages to death, personal injury or damage to private property exceeding GBP275, but excludes damage to the defective product itself. However, whilst a vulnerability in software resulting in a cybersecurity attack arguably has the potential to render a product defective if the producer failed to protect the device from such attacks, it is questionable whether the scope of any consequential immaterial damage, such as the unauthorised disclosure of personal data (or any resulting Information Commissioner's Office (ICO) fines), will be covered by the CPA. Guidance may be sought from EU-level discussions, where it has been proposed that “immaterial loss” should be taken into account in respect of any future civil liability regime for AI.

The approach to "defect"

Section 3 of the CPA provides that a product is defective "if the safety of the product is not such as persons generally are entitled to expect." As the CPA applies to a range of products from toys to medical devices, this is a flexible test. In assessing the safety of a product, the court will take into account all of the circumstances it considers to be factually and legally relevant to the evaluation of safety on a case-by-case basis. These factors may include safety marks, regulatory compliance and warnings, and what might reasonably be expected to be done with the product.

What people are generally entitled to expect

In Gee, the court confirmed that the test for defect is objective and asks what people are generally entitled to expect when the product is released to market, not what the claimant actually expected. The application of this test to emerging technologies will not be straightforward, particularly given the fast pace of development.

Furthermore, whilst entitled expectation is judged at the date of supply of a product, determining the date of supply may be difficult where a product contains software that is subject to automatic modification. For example, if an update to software contained within AI-powered robotic surgical equipment causes it to malfunction, resulting in injury to a patient, is the date of supply the date the equipment was supplied to the hospital, or the date the software was updated?

“All of the circumstances”

In the UK, industry standards in respect of connected consumer products were first published in 2018 via a voluntary Code of Conduct setting out the security principles to be applied by producers and other relevant industry stakeholders. A new European Standard on connected product security was subsequently adopted in 2020, with the UK government contributing significantly to its development. When considering “all of the circumstances” for the purposes of considering whether an emerging technology is defective under the CPA, a court may therefore take into account the absence of published industry standards prior to 2018, in particular where the emerging technology has caused damage prior to that date.

The courts’ likely approach to defect in emerging technologies

Although the approach to defect in respect of a connected device is yet to come before the UK courts, some direction may be sought from the European case of Boston Scientific Medizintechnik GMbH v AOK Sachesn-Anhanlt-Die Gesundheitskasse [2015] ("Boston"). Here, the court was willing to find a product defective within the meaning of the PLD where it belonged to a group of products where there was the potential for failure. Whilst the decision in Boston was fact-specific and concerned high-risk implantable medical devices, the application of a "presumption of defect" is perhaps superficially attractive in the context of emerging technologies where a product’s functionality has been unexpectedly compromised. However, it is arguable that this approach is only likely to prove persuasive if the compromised functionality poses similar life-threatening risks to that of the pacemaker device that was the subject of Boston.


Establishing a causal link between defect and damage can be an onerous burden on a consumer, particularly if the claimant is unable to establish what it is about a product that makes it defective and the cause of the damage. The burden may feel even heavier in the context of a complex emerging technology. For example, a user of a healthcare application may not be able to determine why an algorithm within the software has made a particular patient diagnosis that resulted in injury. Determining causation can be further complicated by multiple users and operators of the software in question. Problems may arise if the chain of causation has been broken, particularly if the consumer misused the software or did not follow the manufacturer’s instructions.

Application of the ten-year longstop period

The CPA provides for a ten-year longstop provision, which extinguishes any right of action for damages brought under the CPA more than ten years after the product was first supplied. The court will not allow circumvention of the ten-year longstop, as confirmed by Wilson & Ors v Beko Plc [2019].

It is questionable whether the longstop is fit for purpose in respect of emerging technologies. For example, if an autonomous vehicle becomes faulty as a result of a software update performed ten years after the vehicle was supplied, is the longstop period calculated against the date the vehicle itself was supplied, or against the date of the software update that potentially changes the characteristics of the vehicle? Unless legislators clarify this issue, producers of emerging technologies could be at risk of open-ended liabilities lasting the product’s lifetime, the likely consequence of which is increased product prices and insurance premiums.

In February 2021, the Berlin Regional Court ruled that, for products that comprise individual parts that are put into circulation on different dates, it is those dates that are relevant for the purpose of the longstop period and not the date the products were subsequently assembled for use. This decision offers an insight into how courts could apply the longstop to claims concerning emerging technologies where software changes arguably result in the constitution of a new product, or where hardware and software components are manufactured by different manufacturers at different times.

Current defences under the CPA – will they survive?

Section 4(1)(d) provides one of the defences to a defective products claim where “the defect did not exist in the product at the relevant time.” The application of this defence to emerging technologies has been considered by the EU’s Expert Group on Liability and New Technologies (Expert Group), which recommends that a producer should still be liable for defects, even if the defects appear after the product was put into circulation, as long as the producer was still in control of updates to, or upgrades on, the technology.

Section 4(1)(e) also provides a "development risks defence" where “the state of scientific and technical knowledge at the relevant time was not such that a producer of products of the same description as the product in question might be expected to have discovered the defect if it had existed in his products whilst they were under his control.” A producer of emerging technologies may seek to rely on this defence to assert that a product risk was not reasonably foreseeable at the time of programming and/or that the programming was in line with the relevant industry standards at the time of development.

However, there may be difficulties in applying this defence to certain emerging technologies, particularly if the level of safety of those technologies is not yet fully known. This was recognised by the Expert Group, which recommended that this defence should not be available for emerging technologies generally, providing that the producer was still in control of updates to, or upgrades on, the technology, and where it is predictable that unforeseen developments might occur.

Future-Proofing Product Liability

EU driving change

The EU has long recognised that emerging technologies, particularly artificial intelligence (AI), have a significant role to play in economic development, acknowledging the importance of evaluating existing legislation to ensure that the EU is ready for the digital age. The regulation of emerging technologies has already materialised within the medical devices sphere with the introduction of the Medical Device Regulations and In Vitro Diagnostic Regulations (2017/745 and 746), which, belatedly, came into force on 26 May 2021.

The EU is now leading the charge for future reform, showing a commitment to developing legislation that balances the promotion of innovation with consumer protection, whilst protecting citizens’ fundamental rights. For example, recent proposals call for a restriction on the use of “real” time identification in publicly accessible places.

In a post-Brexit era, the proposed reform will not be implemented in the UK. Nevertheless, given the global nature of the AI market, UK product manufacturers will be directly affected when seeking to sell their products in the EU. Furthermore, as the UK is independently taking similar initiatives, such as its National AI Strategy launched in September 2021, it is anticipated that it will largely reflect any future legislative changes that may be made at the European level.

Focus on products and AI

In 2018, the Commission published its fifth report on the application of the PLD, evaluating its function and performance. It concluded that the PLD continues to serve its purpose despite the increased complexities of modern products, but signalled that certain concepts may need to be updated, including “product” and “defect”.

The above-mentioned Expert Group was subsequently formed to establish how effectively the existing EU liability framework would operate in relation to emerging technologies, with a view to drawing up future guidance on the PLD. Their findings culminated in the Commission’s White Paper on AI in February 2020, which set out proposals for a harmonised regulatory framework for AI.

The White Paper was accompanied by a “Report on the safety and liability implications of Artificial Intelligence, the Internet of Things and Robotics” (the Report). The Report does not advocate an overhaul of the entire product liability regime but, instead, acknowledges that provisions explicitly covering new risks presented by emerging digital technologies could be introduced to provide more legal certainty – eg, the mental safety risks to users and the risks of faulty data at the design stage. The Report also acknowledged uncertainty as to how, and to what extent, certain risks, including cyber-threats and loss of connectivity, are sufficiently addressed by the PLD or other existing European legislation.

In October 2020, the European Parliament (the EP) made recommendations to the Commission for a civil liability regime for AI, to take the form of a regulation. Notably, the recommendation acknowledges that the PLD is “an effective means of getting compensation for harm triggered by a defective product but should nevertheless be revised to adapt it to the digital world and to address the challenges posed by emerging digital technologies, ensuring, thereby, a high level of effective consumer protection, as well as legal certainty for consumers and businesses.” The EP urged the Commission to assess whether the PLD should be transformed into a regulation, to clarify the definition of "products" by determining whether digital content and digital services fall within its scope, and to consider adapting concepts including "damage", "defect" and "producer".

The EP also called on the Commission to:

  • consider reversing the rules governing the burden of proof for harm caused by emerging digital technologies in clearly defined cases;
  • ensure any update to the PLD remains limited to clearly identified problems for which feasible solutions already exist, whilst allowing future technological developments to be covered; and
  • continue using the PLD in respect of civil claims concerning defective AI systems when the AI system qualifies as a product under the PLD.

The EP proposes a strict liability regime for high-risk AI systems, with "high-risk" defined as “a significant potential in an autonomously operating AI system to cause harm or damage to one or more persons in a manner that is random and goes beyond what can reasonably be expected.”

For AI systems not classified as high-risk, the recommendations provide that the operator shall be “subject to fault-based liability for any harm or damage that was caused by a physical or virtual activity, device or process driven by the AI system,” making it clear that the operator will not be able to escape liability by arguing that the harm or damage was caused by an activity, device or process driven by the AI system.

On 21 April 2021, the Commission published its long-awaited proposal for a regulation laying down harmonised rules on AI, also referred to as the “Artificial Intelligence Act”. The Commission’s proposed regulation is designed to complement existing EU legislation, such as the General Data Protection Regulation. The proposed regulation imposes strict controls and extensive risk management for the most risky forms of AI, including the requirement to undergo conformity assessments, the drawing up and maintenance of technical documentation, the implementation of quality management systems and the affixation of CE markings to indicate conformity with the proposed regulation, before products are released to market. The proposed regulation has wide-ranging applicability and will affect both AI providers and users inside and outside the EU.

In tandem with the EU’s proposed regulation on AI, the Commission is also seeking to address whether the PLD is fit for the digital age, AI and the circular economy and whether – and if so how and to what extent – it should be adapted to address “the challenges posed by emerging digital technologies, ensuring, thereby, a high level of effective consumer protection, as well as legal certainty for consumers and businesses.” In October 2021, the Commission launched a public consultation on the proposed revision of the PLD and whether the liability framework provided legal certainty and consumer protection in the digital age of smart products and AI-based products and services. The consultation closed in January 2022. Draft legislative changes could be available by Q3 2022.

With the CPA being the implementing legislation that transposed the PLD into UK law, UK legislators will undoubtedly be following these developments very closely.

UK product safety and liability review

Although not as advanced as the EU, the UK has taken, and continues to take, similar steps to address whether its existing product safety and liability regimes meet the challenges of emerging technologies.

We have seen the recent introduction of sector-specific legislation governing emerging technologies. In 2018, the Automated and Electrical Vehicles Act came into force, imposing liability on an insurer for damage caused by an insured automated vehicle. Developments subsequently followed in the medical devices arena, with the introduction of the Medicines and Medical Devices Act 2021, which gives the Secretary of State for Health wide powers to amend the existing regulatory framework for medical devices and medicines post-Brexit, including the improvement of medical device safety and performance through advances in technology.

On 11 March 2021, the government opened a consultation via its UK Product Safety Review (the Review), exploring changes to existing product safety laws to ensure the framework is fit for the future. This included a call for evidence from stakeholders to consider how and to what extent the existing framework may need to be adapted in respect of liability and enforcement. The Review expressly excluded food, chemicals, medical or healthcare products, construction products or vehicles, all of which are subject to separate regulation.

In November 2021, the UK product safety regulator – the Office for Product Safety and Standards – published its analysis of 158 responses received from stakeholders to the call for evidence, which will be used to shape policy proposals for the UK’s future product safety regulatory framework. The responses called for the new framework to be adaptable and responsive to new technologies that encompass the physical and virtual worlds to facilitate safe innovation and to ensure that there are no gaps in enforcement.

Whilst the Review did not have a central focus on the CPA, it acknowledged that its provisions do not reflect emerging technologies like internet-enabled devices, AI and 3D printing. The potential review and reform of the CPA is, however, being mooted by the Law Commission as part of its 14th Programme of Law Reform, having invited views as to whether the CPA should be extended to cover all software and other tech developments, citing the similar challenges that have been considered and addressed by the EU. Some responses in relation to potential CPA reform have been published, with many aligning with some of the EU’s policy proposals in relation to the proposed revision of the PLD.

Although the government’s Review and the Law Commission’s 14th Programme are still in their infancy, change is on the horizon and the UK product liability framework will inevitably be subject to amendment. Interested stakeholders will be watching these developments closely and, in particular, the extent to which the UK will mirror Europe’s proposals.


25 Fenchurch Avenue

+44 7436039677
Author Business Card

Law and Practice


Kennedys is a global law firm with particular expertise in litigation and dispute resolution, especially in defending insurance and liability claims. The firm has 70 offices, associations and co-operations across the UK and Europe, the Americas, Asia-Pacific and the Middle East. Kennedys has a market-leading team handling product safety and regulation, large-scale product liability, recall and "mass tort" litigation and international claims. The firm's core team is comprised of six partners in London, supported by more than 40 associates, as well as many partners and colleagues across its international offices. A number of its lawyers have requalified in the law following careers in relevant industries (such as engineering, construction and medicine), which broadens the firm's expertise to its clients’ benefit. Kennedys acts for parties across various industries and has gained in-depth expertise in high-profile and complex matters involving a wide range of products, including automotive, chemicals, pharmaceuticals, medical devices, healthcare products and consumer goods.

Trends and Development


Kennedys is a global law firm with particular expertise in litigation and dispute resolution, especially in defending insurance and liability claims. The firm has 70 offices, associations and co-operations across the UK and Europe, the Americas, Asia-Pacific and the Middle East. Kennedys has a market-leading team handling product safety and regulation, large-scale product liability, recall and "mass tort" litigation and international claims. The firm's core team is comprised of six partners in London, supported by more than 40 associates, as well as many partners and colleagues across its international offices. A number of its lawyers have requalified in the law following careers in relevant industries (such as engineering, construction and medicine), which broadens the firm's expertise to its clients’ benefit. Kennedys acts for parties across various industries and has gained in-depth expertise in high-profile and complex matters involving a wide range of products, including automotive, chemicals, pharmaceuticals, medical devices, healthcare products and consumer goods.

Compare law and practice by selecting locations and topic(s)


Select Topic(s)

loading ...

Please select at least one chapter and one topic to use the compare functionality.