Internet Explorer 11 (IE11) is not supported. For the best experience please open using Chrome, Firefox, Safari or MS Edge

Liability for Defective Digital Health Products

Proposals for changes to the current regime governing liability for defective digital health products, and products generally, are expected to be introduced in the EU in the coming months. The proposals are likely to include amendments to current EU liability rules, and may require further changes to existing national laws. The proposals are aimed an updating liability rules to take account of developments in the digital economy and emerging technologies.

Liability for defective digital health products, and products generally, is determined by a combination of EU and Irish law. The current EU legal framework is laid down in Council Directive 85/374/EEC (the Directive), which was adopted in 1985 and was transposed into Irish law by the Liability for Defective Products Act 1991 (the 1991 Act). The Directive and the 1991 Act provide for strict liability where a defect in a producer’s product has caused injury or damage to a consumer, provided the consumer can prove the existence of the defect, the damage and a causal link between them. In addition to this strict liability regime, under Irish law, liability for injury or damage caused by products can also arise under fault-based principles, such as common law principles of negligence.

A review of the Directive has been on-going for several years. A 2018 evaluation of the Directive by the European Commission (the 2018 Evaluation) found that it was difficult to apply to digital products because of outdated concepts and definitions in the Directive.

It also found that it was difficult for consumers to get compensation because of difficulties proving complex products, particularly digital products, were defective and caused the injury or damage. It is likely that the proposed changes to the Directive will include revisions to certain key definitions. Those changes are likely to have particular significance for digital health products.

For example, although the current definition of “product” is broad, and captures digital health products, the definition is no longer as clear-cut in the digital age, where the lines between products and services can be blurred. Issues have also emerged regarding the identification of the “producer” of a product, as one producer’s products can now be easily combined with products and services from other providers. The current definition of “defect” can also lead to uncertainty in the context of unique problems of the digital age, such as defects in autonomous behaviours and processes, and privacy and data infringements. The 2018 Evaluation also noted that the current definition of “damage” is limited to physical and material damage, but does not include other types of damage, such as economic or environmental damage.

In addition to issues with definitions, the 2018 Evaluation highlighted concerns about the balance between the interests of consumers and producers, particularly relating to the burden of proof. The more complex a product is, where it may be difficult to access the required technical information, and this can be particularly so with digital products, the more difficult it is likely to be for a consumer to prove that there was a defect in the product or to prove the causal link between a defect and damage.

The Commission recently published a summary report on the public consultation it ran from October 2021 to January 2022 on adapting the current EU liability rules for the digital age. The aim of the public consultation was to assess the relevance of issues identified by the 2018 Evaluation. Stakeholder interviews, workshops and targeted consultations have been conducted in parallel with the public consultation.

The public consultation has highlighted differences in views on adapting current liability rules. Certain stakeholders, particularly those representing consumer interests, believe the current regime is inadequate in the digital age, and does not adequately address issues with digital and emerging technologies. Other stakeholders, particularly those representing industry interests, consider that existing rules and concepts are broadly adequate and achieve a fair balance, and do not favour a wide-ranging amendment of the Directive.

A total of 291 responses, and various position papers, were received in response to questions on adapting the Directive. Over 93% of the responses came from EU Member States, with the largest proportion, over a third, coming from Germany. Only one response was received from Ireland. Just under 7% of responses came from non-EU countries, including the UK and US. The views expressed as part of the public consultation demonstrate differences in views between stakeholders on various issues, including liability for intangible products such as software and digital services, the position regarding non-EU online marketplaces, new risks and kinds of damage, and the policy options for adapting the Directive.

Respondents mainly agreed that consumers should get compensation when intangible products, such as software and digital services, are defective and cause physical or property damage, particularly in the case of software that controls how a product works, software upgrades or updates, software supplied separately to use on a product, and digital services that control how a product works. However, there was disagreement about how issues relating to data or information should be accommodated within the liability rules.

Over two-thirds of respondents agreed or strongly agreed that the Directive needs to ensure consumer protection for defective products that are bought through online marketplaces where there is no EU-based producer or importer. There was disagreement about whether the proposed draft Digital Services Act and draft General Product Safety Regulation were sufficient to ensure consumer protection in the context of online marketplaces.

A majority of respondents agreed or strongly agreed that producers should be liable for failing to provide security updates, that producers should be liable for damage to data, and that producers should be liable for data protection infringements.

Academic and research institutions, consumer organisations and NGOs supported legislative change, while business associations, and companies and businesses largely opposed it. Overall, 56% of respondents, excluding individual members of the public, were in favour of legislative change, with 62% of those in favour of treating digital content and software as a product in its own right.


The Commission is expected to bring forward proposals for a revised framework for liability for defective products in the third quarter of 2022. It remains to be seen what changes will be proposed to current liability rules and how those will specifically impact digital health products.

For more information on the potential impact of the proposed amendments to the law, contact a member of our Dispute Resolution team.

The content of this article is provided for information purposes only and does not constitute legal or other advice.

Share this: