Product Liability & Safety 2024

Last Updated May 23, 2024

EU

Law and Practice

Authors



Ashurst has a reputation for successfully managing large and complex multi-jurisdictional transactions, disputes and projects and delivering outstanding outcomes for clients. Ashurst has 31 offices in 18 countries and offers the reach and insight of a global network of legal, new law and risk professionals, combined with the knowledge and understanding of local markets. With over 490 partners and a further 2,000 lawyers working across 11 different time zones, the firm is able to respond to clients wherever and whenever required.

General Overview

The EU product safety regime is a sophisticated, multi-faceted one which seeks to balance the rights of consumers, patients and users of products, with the rights of businesses. Its principal aim is to provide the highest level of public and patient safety without stifling innovation, framed around the three key legislative pillars set out below.

Underpinned by the EU’s core principles of free movement and maximum harmonisation, and with the public’s safety as its goal, the regime has three complementary limbs consisting of:

  • mandatory obligations for all economic operators within the supply chain;
  • minimum competence requirements for any third parties assessing product or quality management systems; and
  • market surveillance mechanisms.

The product safety regime includes numerous pieces of legislation which both complement and overlap each other.

Separate product safety regimes

The following products, which give rise to unique and distinct risks, are subject to their own legislative frameworks which operate independently from other product safety legislation:

  • medical devices;
  • pharmaceuticals; and
  • food and nutrition supplements.

Supplementary sector-specific safety requirements

These work in concert with the general product safety regime detailed below, to have effect where there are specific risks introduced by recognised product categories. Sector-specific laws include those relating to:

  • biocides;
  • cosmetics;
  • chemicals;
  • toys;
  • low-voltage electrical equipment;
  • motor vehicles;
  • machinery;
  • radio equipment; and
  • personal protective equipment.

General product safety regime

For consumer products that fall outside the sector-specific regimes listed above, or where regimes are silent, the general product safety framework applies by way of the General Product Safety Directive or GPSD (Directive 2001/95/EC), which mandates overarching requirements for product safety of consumer products in the EU. The GPSD requires all products to be safe in their normal or reasonably foreseeable usage. Member states hold powers to take suitable action should this obligation not be met.

The General Product Safety Regulation (GPSR), which entered into force on 13 June 2023, is set to replace the GPSD, as well as the Food Imitating Product Directive, from 13 December 2024. This key new EU measure has the objective of modernising the EU product safety regime responding to risks posed by advancements in technology. It updates the existing framework to enable it to adapt to the challenges posed by the modern digital age and reinforce safety for products sold both offline and online. Please refer to 3.1 Trends in Product Liability and Product Safety Policy for further detail.

It is possible that other relevant regimes may apply, including:

  • Regulation (EC) No 1272/2008 on classification, labelling and packaging of substances and mixtures (the “CLP Regulation”), which places obligations on manufacturers to appropriately label, classify and pack products containing any dangerous substances and mixtures;
  • Regulation (EC) 1907/2006 on the registration, evaluation, authorisation and restriction of chemicals (REACH), which acts to regulate both production and use of chemical substances;
  • Directive 2009/48/EC on the safety of toys, which lays down criteria that toys must meet before they can be marketed in the EU;
  • Directive 2011/65/EU on the restriction of the use of certain hazardous substances in electrical and electronic equipment (the “recast RoHS Directive”), which regulates the restriction on the use of certain hazardous substances in electrical and electronic equipment;
  • Directive 2012/19/EU on waste and electronic equipment (the “recast WEEE Directive”), which regulates waste electrical and electronic equipment (WEEE) and allows for collection schemes in respect of consumer products;
  • Regulation (EU) 1007/2011 on textile fibre names and related labelling and marking of the fibre composition of textile products (the “Textiles Regulation”), which outlines fibre names and related labelling requirements for textile products;
  • Directive 2014/53/EU Radio Equipment, which outlines the framework for placing such equipment on the market; and
  • Directive 2014/30/EU on Electromagnetic Compatibility (EMC), which outlines the requirements for the design and testing of electronic and electrical products to ensure they do not give rise to electromagnetic interference.

Member states are involved in drafting the above-mentioned applicable regimes to a varying degree, dependent on the nature of the EU laws applicable – with Regulations being directly applicable and member states needing to implement Directives into local laws to make them legally binding. Evidently, although the EU system always strives for maximum harmonisation across the laws of all EU member states for which an EU law is the basis, local implementation of laws tends to increase the likelihood for local deviations and variance.

When Does the Product Safety Regime Apply?

Generally, the product safety regime applies:

  • where a product is “placed on the market” in the EU, and to any subsequent action which could be considered placing the product on the EU market until it reaches the end user;
  • in respect of all forms of selling, including e-commerce or tangible stores;
  • in respect of newly manufactured, used or second-hand products;
  • to products that enter the EU for the first time after being imported from a third country;
  • to finished products; and
  • to products that have been subjected to important changes or amendments aiming to modify their original performance, purpose or type.

Determination of which EU regime is applicable can be a complex process and should always be carefully considered.

There is no EU-level regulator that oversees product safety. Generally, there are member state/national-level regulators for product safety – those that oversee and regulate general consumer products and product-specific regulators that oversee specific product categories, such as medical devices and consumer health products. Generally, the demarcation between these types of regulators is along the lines of the applicable regulatory regimes, as outlined in 1.1 Product Safety Legal Framework.

Across the EU, there is generally no hierarchy of regulators. Regulators of specialist product categories have different ambits of work, however, and regulators are therefore not layered in terms of oversight and there is generally a single layer of regulation.

EU-Wide Regulatory Agencies for Specific Product Categories

Whilst there are no regulators at an EU-wide level per se, there are relevant EU-wide regulatory agencies for some product categories, including medicines (the European Medicines Agency (EMA)) and chemicals (the “European Chemicals Agency” or ECHA). Whilst these organisations do not typically get involved in actual enforcement practices, or authorisation processes, they do provide expert guidance and broader policy input.

The European Commission (EC) also regularly produces relevant guidance and interpretation, including with expert groups who are specialists in specific product categories. For example, the Medical Devices Expert Group (MDG) of the EC produces comprehensive guidance in respect of the medical devices regime, in the form of the MEDEEV guidance documents. The EC’s key role in ensuring compliance with EU-level product safety regulations also extends to requiring member states to take specific actions in certain circumstances where warranted, for example, requiring a temporary ban, recall or withdrawal from market of unsafe products on the EU market.

Generally, specialist regulators are also empowered to enforce the specific regimes.

Greater Centralisation of the EU Product Safety Regime

In general, the issue of enforcement of product regulatory regimes was historically left to the member states, and was not governed at EU level. This led to widely discrepant regulatory enforcement practices across the EU – and often resulted in criticism that the enforcement of the EU product safety laws was a weak link in an otherwise sophisticated regime.

Against this backdrop, there has been an increasing focus in recent years on increased, and more robust, enforcement practices, but also increased EU-wide enforcement practices for product safety generally, as part of the EU’s Goods Package. In particular, the new Market Surveillance Regulation (2019/1020, MSR) aims at enhancing, as well as harmonising, enforcement powers across the EU, as does Directive (EU) 2019/2161 on the better enforcement and modernisation of EU consumer protection rules, which came into force in January 2020 and introduced changes to four consumer protection laws, namely the Unfair Commercial Practices Directive (2005/29/EC), the Unfair Contract Terms Directive (93/13/EEC), the Consumer Rights Directive (2011/83/EU) and the Price Indications Directive (98/6/EC).

Post-market Surveillance Requirements

Alongside pre-market requirements, post-market requirements are a fundamental aspect of product safety regimes in the EU. There are varying requirements and trigger points for post-market surveillance obligations and record-keeping practices across various product categories. Some examples of the more onerous requirements are set out below.

Manufacturers, and in some instances other actors in the supply chain, have an obligation to address any product safety risks that become apparent in their products once they are circulating in the market, including by way of recall or withdrawal from the supply chain.

Post-market surveillance obligations for medical devices, for example, generally require the existence of:

  • a comprehensive system to gather information on patient use of the product (post-market surveillance system);
  • the appointment of a responsible person to ensure continued compliance of products;
  • the existence of a post-market surveillance system for collecting information and characterising the safety and performance of the device, or family of devices; and
  • methods and processes to assess the collected information.

Under Article 5(1) of the GPSD, producers must “adopt measures commensurate with the characteristics of the products they supply”. This would typically include, for example, warning consumers, withdrawing products from the market where required, and, if required, recalling products. Similar provisions exist in sector-specific legislation.

Risk Assessment

Classification of product safety risks is determined, according to the GPSD, by undertaking a risk assessment. Such an assessment determines risk by assessing the possible severity of harm and likely probability of any risk identified. Though the GPSD itself is silent on how such an assessment should be performed, the EC has previously published guidance on how to approach said assessment as well as an online tool.

In general, risks determined can be categorised as follows:

  • low risk – not normally requiring action for products on the market;
  • medium risk – normally requiring some action;
  • high risk – normally requiring rapid action; and
  • serious risk - normally requiring rapid action.

Specific products may have more prescriptive rules or guidance for recall (for example, motor vehicles, medicinal products and medical devices).

The GPSR expands on what should be considered when assessing the safety of a product and provides that all relevant aspects of the product should be taken into account, in particular its physical, mechanical and chemical characteristics, its presentation, as well as specific needs and risks which the product represents for particular categories of individuals such as persons with disabilities, older persons and children. It further states that any health risks, physical and mental, posed by connected products should be considered and when assessing the safety of digital connected products likely to have an impact on children, manufacturers should ensure that their products meet the highest standards of safety, security and privacy.

Article 5(3) of the GPSD requires producers and distributors to “immediately inform the competent authorities” of the member state in which the products in question are or have been, marketed or otherwise supplied to consumers where they “know or ought to have known” that the product they have marketed is unsafe.

Notification involves, depending on the nature of the product in question, the following.

  • Pharmaceutical products: marketing and/or manufacturing authorisation holders are obliged to report to the EMA and any affected member states regarding any product quality defect, including a suspected defect, of a centrally authorised medicine which could result in a recall or abnormal restriction on supply.
  • Cosmetic products: cosmetics regulations require notification to relevant member state competent authorities, without delay, of any serious undesirable effects (SUEs) attributable to the use of cosmetics.
  • Products where the general consumer product safety regime applies in terms of reporting obligations: generally, there is a risk-based requirement to report to authorities in the event a product is not compliant with the applicable product safety regime.
  • Medical devices: medical device manufacturers are legally required to report adverse incidents and Field Safety Corrective Actions (FSCAs) to EU Competent Authorities.

The EC “Safety Gate” system is an online platform that facilitates notification of several relevant member states simultaneously. This system was formerly known as “RAPEX”.

The GPSR bolsters notification obligations. Under Article 9(8) thereof, where a manufacturer considers or has reason to believe that a product it has placed on the market is dangerous, it must immediately inform, through the Safety Business Gateway, the market surveillance authorities of the member states in which the product has been made available.

Given the need for EU-level product safety laws to be implemented into national legislation by member states, member states are empowered to impose penalties for a breach of product safety regulations. Such penalties can range considerably, and include monetary fines and, in rare instances, imprisonment of key individuals.

The GPSR gives discretion to member states to lay down rules on penalties and directs that such penalties should be effective, proportionate and dissuasive.

The EU mechanisms for product liability claims apply regardless of product classification, and generally can be divided into four main categories, as set out below. These mechanisms of liability all work together in the EU. The strict liability regime is generally preferred by claimants for the primary reason that it requires no proof of fault. However, in reality, parallel causes of action tend to be pursued by claimants in order to benefit from as many regimes as possible.

Generally, the below offences create civil liability. However, criminal offence provisions also exist under the GPSD.

Statutory Liability Under Product Liability Laws

EU Directive 85/374/EEC of 25 July 1985 on the approximation of the laws, regulations and administrative provisions of the member states concerning liability for defective products (the “Product Liability Directive” or PLD) establishes strict liability offences for defective products, also referred to as a “no fault” regime. Key features of the legislation include:

  • manufacturers, importers and suppliers being jointly and severally liable;
  • liability arising “for damage caused by a defect” in a product; and
  • “product” being defined broadly as “all moveables” but expressly excluding “primary agricultural products and game”.

In bringing a claim, claimants are required to prove the following elements exist:

  • damage, including personal injury and/or property damage;
  • defect – a product is generally defective when “it does not provide the safety which a person is entitled to expect”, taking into account “all circumstances”, including but not limited to the product’s presentation, the use(s) to which it could be reasonably expected that the product would be put, and the time it was put into circulation; and
  • a causal relationship between the damage and defect, as based on the application of national member state laws on causation.

Those entitled to bring claims under the PLD are “injured persons”. There can be multiple claimants bringing a joint action in many instances, though not to the extent of amounting to a so-called class action in many instances.

Generally, claims under the PLD must be brought within three years from “the day on which the plaintiff became aware, or should reasonably have become aware of the damage, the defect and the identity of the producer”. Member state laws may also apply to allow for a suspension of this time limit in some circumstances. The PLD also stipulates that the period for bringing claims is completely extinguished “10 years from the date on which the producer put into circulation the actual product which caused the damage, unless the injured person has in the meantime instituted proceedings against the producer”. This is known as the ten-year long stop period.

The new EU Product Liability Directive, which was approved by the European Parliament on 12 March 2024, is set to address the risks and challenges posed by the digital age, modern supply chains and the circular economy. The legislative measure contains significant changes to the existing regime (as described throughout 2. Product Liability), which are likely to make it easier for EU claimants to pursue product liability claims, particularly in respect of cases involving new technologies. It will enter into force 20 days after its publication in the Official Journal of the EU and must be transposed within 24 months by member states. Please refer to 3.1 Trends in Product Liability and Product Safety Policy for further detail.

Liability in the Tort of Negligence

Unlike the above-mentioned PLD-based action, negligence claims require establishment of some fault on the part of the manufacturer and/or defendant party. The elements of this claim are determined by member state laws that apply.

Liability in Contract

Liability in contract can be made out under the Consumer Sales and Guarantees Directive (1999/44/EEC) where a seller, that is “any natural or legal person who, under contract, sells consumer goods in the course of his trade, business or profession” sells a product that does not conform to the contract of sale.

Breach of Product Safety Regulation

In respect of unsafe products, there is also a possible cause of action for breach of product safety regulation.

Article 4 of the PLD stipulates that the “injured person” is entitled to bring an action.

Individual claimants injured by a defective product may choose to commence proceedings under the PLD. However, as noted in 2.1 Product Liability Causes of Action and Sources of Law, in reality, parallel causes of action tend to be pursued by claimants in respect of a single product.

Under Article 5 of the new PLD, any natural person who suffers damage caused by a defective product is entitled to compensation.

Generally, claims under the PLD must be brought within three years from “the day on which the plaintiff became aware, or should reasonably have become aware of the damage, the defect and the identity of the producer”. Member state laws may also apply to allow for a suspension of this time limit in some circumstances. The PLD also stipulates that the period for bringing claims is completely extinguished “10 years from the date on which the producer put into circulation the actual product which caused the damage, unless the injured person has in the meantime instituted proceedings against the producer”. This is known as the ten-year long stop.

The new PLD similarly provides a limitation period of three years. The period within which claims can be brought is extinguished upon the expiry of ten years from the date on which the actual defective product which caused the damage was placed on the market, put into service or, indeed, substantially modified.

PLD and/or Negligence Claims

The rules for determining whether the jurisdiction of EU courts is triggered, and if so which courts (in terms of which member state) in respect of PLD and/or negligence claims are notoriously complex.

Regulation (EC) 864/2007 on the law applicable to non-contractual obligations (“Rome Regulation II”), provides the following parameters to help determine in which EU court the claim can be validly brought (on the proviso the product was marketed in that country):

  • the “habitual residence” of the person bringing the claim and/or the person against whom the claim is brought;
  • the location where the product was acquired; and
  • the location where the damage was sustained.

Contractual Claims

For contractual claims, unlike the above-mentioned PLD and negligence claims, choice of law/forum is usually a feature of any contractual agreement such that the above laws are not relevant. However, in the absence of such common contractual provisions, Regulation (EC) 593/2008 on the law applicable to contractual obligations (the “Rome I Regulation”) can apply to product liability matters. Generally, the requirement under this law provides that “a contract for a sale of goods shall be governed by the law of the country where the seller has ‘habitual residence’”. This requirement supplements any country-specific requirements in that regard.

Given the complexity of these above regimes, careful legal analysis must be deployed to ensure the correct jurisdiction of the claims applies, as often this can be the determining factor of whether a claim succeeds or fails.

Regulation (EU) 1215/2012 of the European Parliament and of the Council on jurisdiction and the recognition and enforcement of judgments in civil and commercial matters (recast) (the “Recast Brussels Regulation”) regulates jurisdiction and the recognition and enforcement of judgments between EU member states.

The member state in which the product liability claim is made often has specific pre-litigation steps a claimant must take before being permitted to bring a formal claim.

Member states within which a product liability claim is made often have their own rules protecting against the destruction of evidence and/or maintaining preservation of evidence in respect of product liability claims.

Within the EU, claims can and do proceed even in the absence of the “defective” device or product itself.

Requirements for disclosure in product liability cases are heavily reliant on the rules of each member state within which the claims are brought. The rules for which documents may be withheld on the basis of legal privilege differ vastly from member state to member state. In addition, common law system countries tend to have wider concepts of disclosure than civil law system countries.

Rules in respect of expert evidence in product liability cases are heavily reliant on the rules of each member state within which the claims are brought. Generally, however, EU rules governing such evidence are strict.

In a similar vein to the concept of disclosure, civil law systems often have more stringent formalities attached to and greater weight placed on expert evidence, in comparison with common law systems. It is also the case for oral vs written testimony and collaboration between opposing parties and their experts. Additionally, the courts in some EU jurisdictions are heavily guided by a court-appointed expert.

Under the PLD, the strict liability mechanism means claimants are not obliged to prove negligence or fault of the defendants. Article 4 of the PLD specifies that the “injured person” is entitled to bring an action and must only prove damage, the defect and the causal relationship between defect and damage.

Similarly, Article 5 of the new Product Liability Directive provides that an injured person can bring an action if they have suffered damage caused by a defective product.

The mechanism and standard of proof required are determined in the member state within which the claim is brought.

The applicable civil procedure rules for any claim brought under the PLD will be determined by the laws of the member state within which the claim is brought.

Article 267 of the Treaty on the Functioning of the European Union allows the Court of Justice of the European Union (CJEU) to hear matters referred to it from national courts in respect of any claims stemming from the PLD. As the highest European court, the CJEU is the final decision-maker in any interpretation of EU law. Pending any judgment of the CJEU, local proceedings in member states are stayed.

Any mechanisms available to claimants in product liability claims are determined by the laws of the member state within which the claim is brought.

As noted in 2.10 Courts in Which Product Liability Claims Are Brought, the CJEU is the final decision-maker in any interpretation of EU law and any matters referred from national courts.

The statutory defences available to a defendant, the subject of a product liability claim, are set out under Article 7 of the PLD. These include the following:

  • The defendant did not manufacture or distribute the product.
  • The defect which caused the damage did not exist at the time the product was put into circulation.
  • At the time the product was put into circulation, the state of scientific and technical knowledge was not such that it would enable the defect to be discovered (the “state of the art” defence).
  • The defect is due to compliance with a mandatory regulatory requirement. In order to benefit from this defence, the defect must be caused by compliance with a specific regulatory requirement rather than mere compliance with all regulatory compliance obligations relating to that product. Compliance with relevant regulatory obligations does, however, remain a useful factor for defending a product liability claim.
  • For any potential liability of a component manufacturer, the defect of the product is attributable to the design or instructions of the product in which the component has been fitted.

The new Product Liability Directive also provides that liability may be avoided by a person who modifies a product where the defectiveness that caused the damage is related to a part of the product not affected by the modification.

The issue as to whether a product, which is subject to strict EU safety regulations and the requirements therein, can be defective if it complies with said regulations, remains a point of contention.

Whilst it appears that regulatory compliance will rarely be a full defence, compliance with the requirements of product safety regulations remains an important factor when considering a consumer’s legitimate expectations under the PLD.

It is also the case that a breach of regulatory obligations can, on its own, give rise to separate liability which, in some circumstances, can lead to criminal sanctions against individuals of defendant companies.

Rules for payment of costs are determined by the laws of the member state within which the claim is brought.

Rules in respect of the availability of funding are determined by the laws of the member state within which the claim is brought. Third-party litigation funding is permitted and available in some member states, although to date, it has not been subject to any EU-wide regulation framework. The European Parliament’s Legal Affairs Committee has put forward a proposal for a Directive on regulation of third-party litigation funding, titled the “Responsible private funding of litigation”. The resolution proposing the Directive was approved by the European Parliament on 13 September 2022.

Each member state has its own specific procedures and rules in relation to mass litigation/collective redress with a wide disparity in the quality of such systems across the member states. Some countries have a high functioning system of collective redress in mass harm situations, for example the Netherlands and Denmark, whilst others, including Ireland, Cyprus and Latvia, have poorly functioning systems regarding actions for mass harm.

Member states are, however, in the process of being required to implement into local laws an EU-wide collective redress regime. Directive (EU) 2020/1828, the Collective Redress Directive, which came into force in December 2020 and will become effective across the EU in June 2023, aims to improve consumers’ access to justice and to facilitate redress where a number of consumers are victims of the same infringement of their rights. The Directive mandates that a procedure for representative actions is available across the entirety of the EU and introduces safeguards for the avoidance of abusive litigation and illegal practices. This will have a sizeable impact on EU jurisdictions with non-existent or poorly functioning systems for collective redress/mass tort litigation. Further detail is provided in 3. Recent Policy Changes and Outlook.

Product liability cases that interpret the PLD are relatively infrequent in the EU. However, a recent case offers an interesting insight into the CJEU’s views on what constitutes a defective product and, perhaps more widely, the potential application of the PLD to software and other digital content.

In the case of Krone, Case C-65/20, a product liability claim was raised against Krone, an Austrian newspaper publisher, for damages suffered by a reader who had followed incorrect herbal medicinal advice for treating rheumatic pain that had been included in an issue of the newspaper of which she had referred to a printed copy. The question was referred to the CJEU for consideration.

The CJEU considered “whether health advice which, by its nature, constitutes a service, can […] result […] in the newspaper itself being defective in nature”. It found that the printed newspaper acted as “merely the medium” of the service of providing inaccurate health advice. In separating the health advice from the printed newspaper and labelling it as a service, the CJEU concludes that the information – the medical advice – is excluded from the scope of the PLD and therefore inaccurate health advice included in a printed newspaper copy does not constitute a “defective product”.

Given the growing presence of consumer goods that use software and digital content along with the complex liability risks involving digital technologies that blend both the physical and digital spheres, such as the internet of things (IoT) and AI, this judgment has the potential to have far-reaching consequences, particularly as to whether non-tangible products, such as software and other digital content, can qualify as a “product” for the purposes of the PLD.

Though there continues to be disparity between member states, it is widely acknowledged that product liability risks continue to rise. The availability and frequency of litigation are also increasing.

New Enforcement Practices

In response to the renewed focus on product safety enforcement, increased attention is being paid to market surveillance and regulators are being given greater powers, including by way of the implementation of new legislation in this area. This is reflected in the new General Product Safety Regulation, which seeks to align market surveillance rules, clarify obligations for economic operators, enhance market surveillance of dangerous products and facilitate more effective recalls.

Focus on Online Selling

In line with the general principles of EU product liability laws, there is now an increased focus on properly ascribing responsibility to online sellers in respect of product safety compliance obligations and breaches of the same, including by way of a requirement to have a local entity in place to nominally be responsible for these issues.

In July 2021, the MSR came into force to bring online platforms (OPs), including online marketplaces, within the remit of the EU’s product safety framework, establishing more robust processes for market surveillance, compliance controls and promoting closer cross-border co-operation among enforcement authorities.

The EU-led “Product Safety Pledge” is a voluntary commitment, which goes beyond product safety legal obligations. It contributes to the faster removal of dangerous non-food consumer products offered for sale online and sets out actions by online marketplaces to strengthen product safety, such as providing a clear way for customers to notify dangerous product listings.

In addition, the new GPSR seeks to regulate the conduct of online marketplaces and lays down specific obligations for companies operating the same. Online content will also be regulated through the Digital Services Act, which came into force on 16 November 2022 and applied from 1 January 2024. The DSA aims to combat the risks posed by online content, reduce harm and protect users’ fundamental rights.

The Digital Markets Act, which came into force on 1 November 2022 and applied from 2 May 2023, aims to regulate unfair practices amongst online platforms by levelling the playing field for digital companies.

Given the further growth of online sales during the COVID-19 pandemic, this topic has become one of particular focus for regulators and law makers alike.

Cybersecurity

Whilst cybersecurity regulation is not a new concept, with cybersecurity requirements having been accounted for in sector-specific regulation such as the EU Medical Devices Regulation, the EU has introduced a series of laws and initiatives in order to strengthen the framework governing cybersecurity risks, including those arising from connected products. The EU Cybersecurity Act which came into force in 2019 establishes an EU-wide cybersecurity certification for ICT products and services. The more recent NIS 2 Directive (EU) 2022/2555 which replaces the NIS Directive, aims to harmonise cybersecurity requirements and implement cybersecurity measures in member states.

The Cyber Resilience Act is also one step closer to becoming law after it was approved by the European Parliament in March this year. The Act sets obligations that apply to manufacturers of products with digital elements such as the implementation of essential cybersecurity requirements, the carrying out of conformity assessment procedures and the notification of vulnerabilities and serious cybersecurity incidents to relevant bodies.

Development of Collective Redress Regime

Over the last decade, the EC has worked towards providing the means by which all EU consumers can bring collective actions in respect of infringements of EU law, referred to as “collective redress”.

The Directive of the European Parliament and of the Council on representative actions for the protection of the collective interests of consumers 2020/1828 (the “Collective Redress Directive”) empowers qualified representative entities to bring collective actions and seek injunctive relief and/or redress on behalf of groups of EU consumers who have been harmed by “illegal practices” that breach European laws, including the PLD and the GPSD and going forward the GPSR and new PLD.

The Directive, now in force, and due to apply from June 2023, supplements existing national procedural mechanisms aimed at the protection of collective consumer interests and is in the process of being transposed into member states’ domestic legislation.

Modernisation of Product Safety and Liability Regimes

Significant reform has taken place with the GPSR and the new PLD, due to enter into force shortly, responding to issues created by modern technologies. However, this is an area which will need to be continually monitored as products continue to evolve and ensuring the fitness of its product safety and liability regimes will remain an going priority for the EU. 

Corporate Social Responsibility and Environmental Sustainability

There continues to be a broadening of product compliance obligations to incorporate concepts of corporate social responsibility, environmental sustainability and increased focus on these areas. On 23 February 2022, the EC adopted a proposal for a Directive on corporate sustainability due diligence which was adopted in May this year. The aim of this Directive is to foster sustainable and responsible corporate behaviour and to anchor human rights and environmental considerations in companies’ operations and corporate governance. The new rules will ensure that businesses address the adverse impacts of their actions, including in their value chains inside and outside Europe.

There are wide-ranging imminent policy developments in respect of product liability and safety in the EU in response to long-standing issues that have been major concerns for some time.

Artificial Intelligence

On 21 April 2021, the EC published its proposal for a regulation laying down harmonised rules on AI with the first ever legal framework on AI to address the risks and trustworthiness of AI, known as the AI Act. The AI Act adopts a risk-based approach to the regulation of AI, with the most stringent requirements and obligations imposed on those providing AI systems that are considered “high risk”, such as AI-enabled medical devices. Certain “blacklist” AI technologies, which are at risk of causing individuals physical or psychological harm, are completely prohibited. On 16 June 2024, the Act signed into law and awaits publication in the Official Journal. The proposed AI Act is now complemented by a proposal for a civil liability regime for AI, titled the Directive on adapting non-contractual civil liability rules to artificial intelligence, published on 28 September 2022.

The measure is set to modernise and complement the EU liability framework by introducing new rules specific to damages caused by AI systems and enabling individuals who have suffered harm at the hands of AI systems to sue the provider.

The draft rules are intended to ensure persons that are harmed by AI systems have an equal level of protection as those harmed by other non-AI technologies in the EU. It also seeks to introduce a rebuttable “presumption of causality” which would alleviate the burden of proof in establishing damage caused by an AI system.

Digital Content and Services

On 1 January 2022, the new EU rules on digital content and the sale of goods entered into force. Directive (EU) 2019/770 on certain aspects concerning contracts for the supply of digital content and digital services and Directive (EU) 2019/771 on certain aspects concerning contracts for the sale of goods, are intended to harmonise key consumer contract law rules across the EU and introduce harmonised rules for digital content and digital services within the EU. For example, if digital content is or digital services are faulty, consumers now have rights similar to those they have when they buy defective tangible goods and, if the problem persists, may claim a price reduction or terminate the contract and claim a refund. This applies not only where consumers have paid for the content or services but also where they have provided personal data to the entrepreneur.

In addition, entrepreneurs who provide digital content or services as well as sellers of goods with digital elements (eg, a smartphone with its operating system or “smart products”) are now required to supply consumers with updates that are necessary to keep the content, services or goods in conformity – especially but not necessarily limited to security updates. This obligation continues to apply for as long as the consumers may reasonably expect such updates in the individual case, which could be significantly longer than the statutory warranty periods.

Sustainability and the Environment

On 5 July 2024, the EC adopted a Directive on corporate sustainability due diligence was published in the Official Journal of the European Union. The aim of this Directive is to foster sustainable and responsible corporate behaviour and to anchor human rights and environmental considerations in companies’ operations and corporate governance. The new rules will ensure that businesses address the adverse impacts of their actions, including in their value chains inside and outside Europe.

On 20 January 2022, the EC launched a public consultation seeking views on the proposed revision of REACH aiming to align the EU chemical rules with the EC’s ambition for safe and sustainable chemicals and a high level of protection of health and the environment, while preserving the internal market. Movement on this has been notably slow and very little progress has been made.

The consultation is wide in scope and covers a range of topics, including the revision of registration requirements, such as establishing the obligation to register polymers, simplification of communication in supply chains and the revision of provisions for control and enforcement.

In a similar vein, the EU opened a public consultation, which closed on 21 June 2022, to consider how Cosmetics Products Regulation No 1223/2009 could be improved in order to protect public health and the functioning of the internal market. The EC’s adoption of the proposal is awaited and progress is similarly slow on this. This proposed targeted revision of the Cosmetics Products Regulation sits alongside the proposed revision of other key chemicals legislation, including REACH and the CLP Regulation No 272/2008 regarding the classification, labelling and packaging of substances and mixtures, forming part of the EC’s ambitious Chemical Strategy for Sustainability, and the wider European Green Deal, which seeks to protect citizens and the environment against hazardous chemicals and encourage innovation to foster the development of safer and more sustainable alternatives.

EU sustainability initiatives have developed further momentum in 2023. On 1 February 2023, the EC published its Green Deal Industrial Plan, which aims to provide a more supportive environment for the scaling up of the EU’s manufacturing capacity for net-zero technologies and products to meet the EU’s climate targets.

On 22 March 2023, the EC published proposals for a Green Claims Directive to tackle “greenwashing” and unsubstantiated environmental claims. On the same date, it published its proposal for a Directive on common rules promoting the repair of goods. Whilst the Green Claims Directive is still working its way through the machinations of the legislative process, the right to repair Directive on Common Rules has been signed into law.

The Directive promotes the repair of broken or defective goods, making it easier for consumers to seek repair instead of replacement, and making repair services more transparent and accessible. It increases manufacturers’ obligations, requiring them to repair products that are technically repairable under EU law and making a voluntary repair form available with clear information on the repair process. Examples of products in scope include washing machines, dishwashers, and refrigerators.

Food Technological Practices

In 2022, the EC opened two public consultations to address the EU’s goals outlined under the European Green Deal and the “farm to fork” strategy.

The proposal for a legislative framework for sustainable food systems (FSFS), one of the flagship initiatives of the farm to fork strategy, aims to accelerate, and make the transition to sustainable food easier. It was originally hoped that it would be adopted by the end of 2023; however, this has failed to materialise and it was notably absent from European Commission President Ursula von der Leyen’s 2023 State of the Union address, nor was it present in the EU’s 2024 Commission Work Programme.

The food waste initiative aims to propose legally binding targets. These targets will help limit the food supply chain’s impact on the environment and climate and ensure more food is available for human consumption, thereby creating a more sustainable food system. In a similar vein, the Initiative on plants obtained by new genomic techniques aims to maintain a high level of protection for human and animal health and the environment, and enable innovation in the agri-food system. The Initiative will propose a legal framework for plants obtained by targeted mutagenesis and cisgenesis and for their food and feed products. It is based on the findings of a Commission study on new genomic techniques.

Chemicals

Perfluoroalkyl and polyfluoroalkyl substances (PFAS) are subject to stringent regulation, including REACH restrictions, the Classification, Labelling and Packaging Regulation, and the Drinking Water Directive. The EC has also pledged to phase out all PFAS, allowing their use only where they are proven to be irreplaceable and essential to society. The European Chemicals Agency opened a six-month public consultation on 22 March 2023 on the proposed PFAS restriction. Please refer to the EU Trends and Developments article in this guide for further information.

Ashurst

Fruit & Wool Exchange
1 Duval Square
London
E1 6PW
UK

+44 778 9816 477

Sarah-Jane.Dobson@ashurst.com www.ashurst.com/en/our-locations/london/
Author Business Card

Trends and Developments


Authors



Ashurst has a reputation for successfully managing large and complex multi-jurisdictional transactions, disputes and projects and delivering outstanding outcomes for clients. Ashurst has 31 offices in 18 countries and offers the reach and insight of a global network of legal, new law and risk professionals, combined with the knowledge and understanding of local markets. With over 490 partners and a further 2,000 lawyers working across 11 different time zones, the firm is able to respond to clients wherever and whenever required.

EU Product Safety and Liability: a Rapidly Evolving Regulatory Landscape

In recent years, legislative and regulatory bodies in the EU have been prolific in bringing forward measures which have significant impacts in the fields of product safety and liability in a bid to keep pace with the latest developments in an ever-changing consumer world. Advances in technology and increases in digitalisation have brought changes to products on the market, as well as to how consumers purchase these products.

Coupled with this is the EU's drive to tackle both the environmental and social impact of companies. This is resulting in additional regulation impacting the product safety and liability regimes in the EU. The net effect is a complex and detailed regulatory system, with economic operator obligations and consumer rights spread across many diverse pieces of legislation.

Legal exposure

Representative actions

Against the backdrop of an increasing trend of consumer-led group actions globally, the EU Directive on Representative Actions for the Protection of the Collective Interests of Consumers (EU) 2020/1828 (the “Representative Actions Directive” or RAD) establishes a pan-European mechanism for collective redress to stop or prevent unlawful business practices that affect multiple claimants or compensate for the harm caused by these practices.

The Representative Actions Directive came into force on 24 December 2020 and member states were given two years to transpose it into their national laws. It became effective from June 2023. This expansion of access to collective mechanisms is likely to result in an increase in large group actions across the EU in relation to consumer products, as well as in other areas.

Increase in regulatory enforcement

The EU General Product Safety Regulation (GPSR), which entered into force on 13 June 2023 and will take effect from 13 December 2024, heralds a modernisation of product safety legislation in the EU. With it, and other recent measures, comes increased regulation of consumer products and it is highly likely, as a result, that this will have the knock-on effect of regulators being more active in the field of enforcement. The regulation aims to align market surveillance rules, clarify obligations for economic operators, enhance market surveillance of dangerous products, and facilitate more effective recalls.

Focus on online platforms

There has been a significant increase in the use of online platforms in recent times, particularly since the COVID-19 pandemic. With this has come rising concern about the risks posed by online marketplaces and other platforms and a recognition of the need to protect the consumers using them.

In response, Regulation (EU) 2019/1020 on Market Surveillance and Compliance of Products (MSR) was put in place, coming into force from 16 July 2021. The regulations bring online platforms such as marketplaces within the scope of the EU’s product safety framework and establish more robust processes, surveillance and enforcement of these platforms, particularly for consumer product sales.

Whilst the new GPSR will help regulate the conduct of online marketplaces, the increased use of such platforms is already giving rise to product liability litigation in the USA. In particular, US findings that e-commerce platforms can be considered a key part of the supply chain and are therefore integral to the sale of a defective product will inevitably impact any answers to similar questions posed to EU regulators and/or courts. It is expected that the EU will follow the same trend.

On a similar note, online content will also be regulated through the Digital Services Act (DSA), which came into force on 16 November 2022 and applied from 1 January 2024. The DSA aims to combat the risks posed by online content, reduce harm and protect users’ fundamental rights.

The Digital Markets Act, which came into force on 1 November 2022 and applied from 2 May 2023, aims to regulate unfair practices amongst online platforms by levelling the playing field of digital companies.

Environmental, Social and Governance Considerations

A raft of different measures have recently come to fruition in the EU, incentivised by the EU’s goal to reduce greenhouse gas emissions, minimise the use and waste of resources and achieve climate neutrality by 2050, while continuing to achieve economic growth.

Right to Repair

One such measure is the Directive on Common Rules promoting the repair of goods, published in the Official Journal on 10 July. The directive promotes the repair of broken or defective goods, making it easier for consumers to seek repair instead of replacement and making repair services more transparent and accessible. It increases manufacturers’ obligations, requiring them to repair products which are technically repairable under EU law and making a voluntary repair form available with clear information on the repair process. Examples of products in scope include washing machines, dishwashers, and refrigerators.

Deforestation

Other measures making for more environmentally and socially conscious products include the deforestation regulation, requiring companies trading in certain commodities, as well as products derived from these commodities, such as leather, wood and rubber, to conduct comprehensive due diligence on their value chain to ensure such goods do not breach local environmental and social laws or cause deforestation. Obligations in this regard will start to apply from 30 December 2024. 

Chemicals

The PFAS restriction proposed by Sweden, Norway, Denmark, Germany and the Netherlands in 2022 is still with the European Chemicals Agency (ECHA), which is currently reviewing comments received during the consultation process and is due to meet in June and September.

Perfluoroalkyl and polyfluoroalkyl substances (PFAS), known as “forever chemicals” due to their persistent qualities, are an expanding group of man-made chemicals found in a wide range of products. Growing concern about their use has triggered wide-scale investigations and studies with regulators in many jurisdictions considering steps to address the potential risks they pose. Both businesses and the insurance market have voiced concerns over the potential for a tidal wave of PFAS contamination claims.

Green Claims

Given increasing consumer preference for sustainable products, greater pressure is being placed on both industry sectors and government to lower the environmental impact and carbon footprint of all products. Reacting to these rising demands from socially and ethically conscious consumers, there has been a surge in the prevalence of “greenwashing” – the practice of making exaggerated and misleading environmental claims to promote sales.

In response to this growing issue, the EC has launched several initiatives with a view to establishing jointly a coherent policy framework to help the Union to make sustainable goods, services and business models the norm, and to push consumption patterns in a more sustainable direction. The European Green Deal states that “[c]ompanies making ‘green claims’ should substantiate these against a standard methodology to assess their impact on the environment”.

Greenwashing is addressed in the EU’s 2020 Circular Economy action plan (the “Action Plan”), an initiative that targets how products are designed, promotes circular economy processes, encourages sustainable consumption, and aims to ensure the prevention of waste and re-use of resources within the EU economy for as long as possible. The Action Plan commits that “the Commission will also propose that companies substantiate their environmental claims using Product and Organisation Environmental Footprint methods”.

The EC has noted the importance of ensuring that measures of the environmental performance of companies and products are reliable, comparable and verifiable across the EU. Not only would this allow consumers, companies and investors to make greener decisions, it would also undoubtedly reduce the risk of reputational damage or potential legal action by either environmental action groups or consumers for any company that fails to heed the greenwashing warnings.

These initiatives have culminated in the publication of a proposal for a Directive on substantiation and communication of explicit environmental claims, known as the Green Claims Directive, with a view to providing consumers with clarity on environmental claims and labelling. The Directive aims to tackle false green claims by ensuring that environmental claims and labels are credible and trustworthy. It also aims to boost the competitiveness of businesses that are striving to increase the environmental sustainability of their products and activities.

Manufacturers should be prepared for this to continue in the long term and even expand further as these topics impact all aspects of the manufacturing process. Companies should review any claims made in respect of ESG and ensure they can be supported by appropriate data if required.

Many other measures and proposed measures have implications for products, including the ban on products made with forced labour, the corporate sustainability due diligence directive, the draft regulation on packaging and packaging waste and new rules on empowering consumers for the green transition.

Advances in Technologies and Products

Artificial intelligence

With the rise in the deployment of artificial intelligence and proliferation of connected products, new considerations have arisen which continue to shape the landscape of consumer product regulation in the EU. These technologies are welcome given the unrivalled opportunities for innovation they create within consumer industries, but they also give rise to numerous liability risks, including in respect of product liability, security and privacy. The EU has reacted swiftly, enacting new laws and regulations to respond to the challenges they present.

The Artificial Intelligence (AI) Act, is the first of its kind and regulates AI in a comprehensive manner. It has wide-ranging applicability and will affect both AI providers and users inside and outside the EU. It adopts a risk-based approach, banning applications and systems that create an unacceptable risk, such as government-run social scoring. High-risk applications of AI, for example in robot-assisted surgery, are subject to specific legal requirements. Other applications where the risk is not categorised as either unacceptable or high are left largely unregulated.

The requirements set for high-risk applications are strict and aimed at ensuring the technologies invoked are both safe and transparent. They include:

  • adequate risk assessment and mitigation systems;
  • high quality of the datasets feeding the system to minimise risks and discriminatory outcomes;
  • logging of activity to ensure traceability of results;
  • detailed documentation providing all information necessary on the system and its purpose for authorities to assess its compliance;
  • clear and adequate information to the deployer;
  • appropriate human oversight measures to minimise risk; and
  • high level of robustness, security and accuracy.

Another measure making its way through the legislative process, but at a much earlier stage, is the proposal for a Directive on adapting non-contractual civil liability rules to artificial intelligence, published on 28 September 2022. The measure is set to modernise and complement the EU liability framework by introducing new rules specific to damages caused by AI systems and enabling individuals who have suffered harm at the hands of AI systems to sue the provider.

The draft rules are intended to ensure persons that are harmed by AI systems have an equal level of protection as those harmed by other non-AI technologies in the EU. It also seeks to introduce a rebuttable “presumption of causality”, which would alleviate the burden of proof in establishing damage caused by an AI system.

Cyber resilience

The Cyber Resilience Act is also one step closer to becoming law after it was approved by the European Parliament in March this year. The Act sets obligations that apply to manufacturers of products with digital elements, such as the implementation of essential cybersecurity requirements, the carrying out of conformity assessment procedures and the notification of vulnerabilities and serious cybersecurity incidents to relevant bodies.

Product liability modernisation

The new Product Liability Directive (PLD), which was formally adopted by the European Parliament on 12 March this year, updates a 40-year-old regime to take account of the digital age and circular economy activities.

It covers digital products such as software and AI as well as remanufactured and refurbished equipment. The new rules will apply to products placed on the market 24 months after the entry into force of this Directive.

Given the significant advancements in technology and products, as well as methods of selling, regulators have found themselves in a race to keep up with the pace of change and address risks that may be posed to consumers. This game of cat and mouse shows no signs of abating, but recent measures have offered a glimmer of hope. These new regulations may provide a much-needed respite, allowing manufacturers and other economic operators to adapt and confidently navigate the ever-growing maze of compliance requirements.

Ashurst

Fruit & Wool Exchange
1 Duval Square
London
E1 6PW
UK

+44 778 9816 477

Sarah-Jane.Dobson@ashurst.com www.ashurst.com/en/our-locations/london/
Author Business Card

Law and Practice

Authors



Ashurst has a reputation for successfully managing large and complex multi-jurisdictional transactions, disputes and projects and delivering outstanding outcomes for clients. Ashurst has 31 offices in 18 countries and offers the reach and insight of a global network of legal, new law and risk professionals, combined with the knowledge and understanding of local markets. With over 490 partners and a further 2,000 lawyers working across 11 different time zones, the firm is able to respond to clients wherever and whenever required.

Trends and Developments

Authors



Ashurst has a reputation for successfully managing large and complex multi-jurisdictional transactions, disputes and projects and delivering outstanding outcomes for clients. Ashurst has 31 offices in 18 countries and offers the reach and insight of a global network of legal, new law and risk professionals, combined with the knowledge and understanding of local markets. With over 490 partners and a further 2,000 lawyers working across 11 different time zones, the firm is able to respond to clients wherever and whenever required.

Compare law and practice by selecting locations and topic(s)

{{searchBoxHeader}}

Select Topic(s)

loading ...
{{topic.title}}

Please select at least one chapter and one topic to use the compare functionality.