EU Product Liability Directive 2024/2853 Explained: Key Changes & Compliance Impact

The European Union has adopted Directive (EU) 2024/2853, which modernises the EU framework for liability for defective products. It replaces the previous EU Product Liability Directive and updates the rules for today’s market realities (software-driven products, connected devices, complex global supply chains, and frequent product updates). Member States must transpose the Directive into national law by 9 December 2026, and it will apply to products placed on the market (or put into service) after the relevant national implementation takes effect.

What EU Product Liability Means in Practice

No-fault liability (the core concept)

EU product liability is a no-fault regime. In simple terms, an injured person does not need to prove negligence. Instead, the claimant typically needs to establish three elements:

1) the product was defective, 2) damage occurred, and 3) a causal link between the defect and the damage.

Why the EU updated the rules

Many products now rely on software, digital services, and updates throughout their lifecycle. The new Directive aims to make liability rules fit for that reality. It also responds to evidence challenges in complex cases (where claimants may struggle to access technical information) and clarifies who may be liable across modern supply chains.

Key Changes Introduced by Directive (EU) 2024/2853

1) Expanded definition of “product”

A major change is the expanded scope of what counts as a “product”. The updated framework is designed to capture modern product configurations, including digital components that can be essential for safe functioning.

Software and digital elements are brought clearly into scope

The rules explicitly address software and digital elements in a way that aligns with how products are designed and maintained today. This matters for products whose safety depends on software performance, security, configuration, or updates (for example, smart devices, connected wearables, app-controlled equipment, and products using digital control systems).

Updates and changes throughout the lifecycle matter

Products do not remain static after sale. Updates, patches, feature changes, and security fixes can affect safety. The updated framework reflects that reality by focusing attention on safety over time, not just at first sale.

2) Clearer focus on “defectiveness” and safety expectations

The basic defect standard remains grounded in what safety a person is entitled to expect, but the new rules are more explicit about the factors that influence this assessment in practice.

Presentation, foreseeable use, and instructions become even more important

Product presentation (including claims, warnings, instructions, and labelling) plays a central role in the safety expectations assessment. If instructions are unclear, incomplete, poorly translated, or inconsistent with actual use conditions, the liability risk increases.

Regulatory compliance becomes more relevant to liability risk

Compliance with EU product safety rules does not automatically eliminate liability risk, but compliance failures can substantially increase exposure (because they can support an argument that a product is defective). In practical terms, this raises the value of robust technical documentation, traceability, and evidence of compliance decisions, including a structured GPSR risk analysis.

3) Broader categories of compensable damage

The Directive expands and clarifies what kinds of harm may be compensated. This reflects the modern reality that harm is not always limited to classic physical injury from a purely mechanical failure.

Medically recognised psychological harm

The updated rules recognise that certain forms of medically recognised psychological harm can be compensable (subject to the legal conditions and proof requirements that apply under the Directive and national implementing rules).

Data loss and data corruption in defined circumstances

Where data is lost or corrupted in ways that meet the Directive’s requirements, compensation may be available. This is especially relevant for products and systems where data integrity is part of safe and reliable operation (for example, connected products storing personal settings, health-related information, or critical usage logs).

4) Evidence and disclosure improvements (practical impact on disputes)

A recurring challenge in product liability cases is information asymmetry. Claimants often lack access to technical documentation, internal investigations, software logs, or supply-chain evidence needed to establish defect and causation. The Directive introduces mechanisms intended to reduce that gap.

Greater emphasis on access to relevant evidence

The updated approach strengthens pathways for claimants to request disclosure of relevant evidence (within defined safeguards). For businesses, this increases the importance of well-organised documentation, version control, and decision records for safety-related changes and updates, including records linked to chemical testing and supporting Safety Data Sheets (SDS) where relevant.

Why documentation discipline matters more than before

If a business cannot produce clear, consistent technical evidence (test reports, risk assessments, design rationale, change logs, incident handling records, supplier compliance files), it may face higher litigation pressure. Good documentation does not guarantee a defence, but poor documentation can quickly become a liability multiplier, particularly when reviewed alongside the EU GPSR technical file.

5) Supply chain clarity (who can be liable)

Modern supply chains often involve brand owners, OEM factories, importers, fulfilment models, online sales, distributors, and component suppliers. The Directive clarifies responsibilities and improves the ability to identify a liable party when a claimant cannot reasonably pursue the original manufacturer.

Non-EU businesses selling into the EU

If you sell into the EU, the liability picture is shaped by how the product is placed on the market, who controls branding, what is promised in product presentation, and what documentation exists to show safe design and compliant labeling. Non-EU businesses should treat EU compliance as a liability risk-control tool, not just a marketplace requirement, especially where an EU Responsible Person is mandatory.

6) Defences and risk allocation (what businesses can rely on)

The Directive preserves and refines key defences and concepts used in product liability, including scenarios where a defect was not present at placement, where later modifications changed the product, or where scientific knowledge at the time could not detect the defect (subject to the Directive’s conditions and national implementation).

Contracting and supplier management become more strategic

Liability risk is not only about legal rules, it is also about how businesses allocate responsibilities contractually and operationally. Supplier agreements, quality controls, change-control processes, and traceability requirements should be reviewed so that responsibilities for safety and compliance evidence are clear and enforceable, particularly where recall handling under the GPSR recall framework may apply.

What This Means for Your Business (Practical Steps)

Compliance and liability are now even more connected

Under the updated framework, product liability risk is tightly linked to real-world compliance maturity. If compliance is treated as an afterthought, liability risk is harder to control. If compliance is treated as an operational system (risk assessment, traceability, documentation, controlled changes, and correct labeling), liability exposure can be reduced and managed more predictably. A broader overview is available in our EU compliance guide for consumer products.

Recommended preparation checklist

1) Map your product scope

Confirm whether software, apps, connected services, digital features, updates, and configurable settings are safety-relevant (and document your reasoning).

2) Strengthen technical documentation

Ensure you have a complete and structured technical file (risk assessment, test evidence, warnings and instructions, change logs, supplier declarations, and traceability records), as outlined in our GPSR technical file documentation guide.

3) Review labeling and instructions

Check that warnings and instructions match foreseeable use and misuse, and that translations are accurate and consistent. Any ambiguity can become a defect argument later. Practical examples are covered in our GPSR warning examples.

4) Implement change control for updates

For software-enabled products, maintain release notes, version control, security patch procedures, and evidence of safety impact assessments for updates.

5) Review contracts and responsibilities

Align responsibilities across manufacturer, brand owner, importer, and key suppliers. Ensure your contracts support access to evidence when you need it (test reports, material declarations, incident data). Cost and role implications are explained in this GPSR cost overview.

Conclusion

Directive (EU) 2024/2853 is a major EU legal update that brings product liability into line with modern technology and supply chains. The key message for businesses is straightforward: liability risk management now depends even more on disciplined compliance work, accurate labeling and instructions, documented safety decisions, and traceability (especially for software-enabled and connected products). Further practical guidance is available via our GPSR compliance services and FAQ section.

Official References

EUR-Lex, Directive (EU) 2024/2853 (Official Journal)

European Commission, Liability for defective products (policy overview)