The EU has modernized product liability to include software, AI systems, digital manufacturing files, and digital services integral to a product’s operation, expanding the scope of what counts as a product.

Starting December 9, 2026, the EU will apply strict liability for these digital components, including post-market updates and software, with transposition advancing at national levels now.

Experts advise a comprehensive risk approach: conduct exposure assessments, review digital product architectures, strengthen cybersecurity governance, identify insurance gaps, update supplier agreements, and enhance product testing and safety assurance.

The insurance market is shifting toward layered programs that blend product liability, technology E&O, cyber liability, and integrated product-cyber coverage as the line between cyber and product liability blurs.

Courts can compel disclosure of evidence; withholding information can create presumptions of defect and causation, especially when safety rules are breached or proof is hard to obtain, with latent injury claims potentially spanning decades.

Manufacturers, technology providers, and importers face increased liability exposure, necessitating renewed governance of product safety, supply chain transparency, and insurance ahead of the December 2026 deadline.

A developing liability risk matrix shows how software defects, cyber breaches, AI algorithm errors, and supplier software failures require distinct exposure assessments and mitigation strategies.

Underwriters should layer software governance and cyber-safety controls into pricing, tighten aggregation terms, and remove obsolete caps to reflect the new liability regime.

Recognizing software and digital services as products strengthens consumer protection and helps proactive organizations manage the expanded liability landscape.

Product liability insurance should reassess coverage breadth for software defects and algorithmic failures, classify cyber-physical incidents, choose appropriate claims-made versus occurrence triggers, and consider higher policy limits.

The overhaul eliminates financial caps on death and personal injury, expands compensable damages to include mental health harm and data destruction or corruption, and treats digital components as product parts when they are core to function.

New scope extends to importers, authorized representatives, fulfilment providers, distributors, and some online platforms, especially where manufacturers are outside the EU.