PLD — Directive (EU) 2024/2853¶
The Product Liability Directive (PLD). It lays down common rules on the liability of economic operators for damage suffered by natural persons and caused by defective products, and on compensation for such damage (Art. 1(1)). It replaces the historical Directive 85/374/EEC — in force for almost forty years — by adapting its principles to the digital age: software, including AI systems, is explicitly classified as a 'product' for the purposes of no-fault liability, and the rules of evidence are recalibrated in favour of the injured person for technologically complex and 'opaque' (black-box) systems. It applies alongside the AI Act, GDPR and Data Act, with which it interacts substantively.
Identifiers¶
| Field | Value |
|---|---|
| Official title | Directive (EU) 2024/2853 of the European Parliament and of the Council of 23 October 2024 on liability for defective products and repealing Council Directive 85/374/EEC |
| CELEX | 32024L2853 |
| ELI | http://data.europa.eu/eli/dir/2024/2853/oj |
| Publication | OJ L, 2024/2853, 18.11.2024 |
| Adoption | 23 October 2024 |
| Entry into force | 8 December 2024 |
| Transposition deadline | 9 December 2026 |
| Application | to products placed on the market or put into service after 9 December 2026 |
| Legal basis | Article 114 TFEU |
| Type of act | Directive — requires transposition into national law |
| Repealed act | Directive 85/374/EEC (with effect from 9 December 2026) |
Structure¶
4 chapters · 24 articles · 63 numbered recitals (plus the introductory sentence of the preamble) · 1 annex.
| Chapter | Subject | Articles |
|---|---|---|
| I | General provisions | 1 – 4 |
| II | Specific provisions on liability for defective products | 5 – 11 |
| III | General provisions on liability | 12 – 17 |
| IV | Final provisions | 18 – 24 |
The Annex contains the correlation table between Directive 85/374/EEC (repealed) and this Directive, with the article-by-article migration between the old and the new regime.
Scope of application¶
Material (Art. 1(1); Art. 2(1)): applies to compensation for damage caused to natural persons by defective products placed on the market or put into service after 9 December 2026. The notion of 'product' (Art. 4, point (1)) expressly includes electricity, digital manufacturing files, raw materials and — a key novelty — software, regardless of the mode of supply (local, cloud, software-as-a-service).
Personal (Arts. 4, point (10), and 8): liability falls on the manufacturer, defined as the person who develops, produces or manufactures a product, or who presents themselves as such by putting their name or trademark on it. According to Recital 13, AI system providers within the meaning of Regulation (EU) 2024/1689 (AI Act) are treated as manufacturers. Importers, authorised representatives, fulfilment service providers, distributors and — under certain conditions — online platforms are also liable (Art. 8(2)-(3)).
Exclusions (Art. 2(2)-(5)): does not apply to free and open-source software developed or supplied outside the course of a commercial activity (Recitals 14-15 specify the rules on subsequent integrations); does not apply to damage from nuclear accidents governed by international conventions; does not affect national rules on contractual and non-contractual liability, nor special national regimes in force prior to 30 July 1985 (notably on pharmaceutical liability).
Type of recoverable damage (Art. 6(1)): death; personal injury (including medically recognised and certified psychological harm, with reference to the WHO ICD — Recital 21); damage to or destruction of movable or immovable property used for private or mixed purposes; destruction or corruption of data not used for professional purposes. Recital 24 expressly excludes from the PLD perimeter pure economic loss, privacy infringements and discrimination: for such damage, the right to compensation under other applicable regimes (notably the GDPR) remains intact.
Quintuple cross-references with AI Act, GDPR, Data Act and DGA¶
The PLD interacts simultaneously with four other EU acts that have dedicated pages in this section: the AI Act (for the qualification of AI systems as 'products' and for the alleviation of evidence in black-box systems), the GDPR (for delimiting the 'data' damage from the 'privacy' damage), the Data Act (for related services as components of the product and for liability on security updates) and the DGA (for the definitional cross-reference on 'data' and for dataset quality underlying AI systems).
PLD ↔ AI Act axis (qualification and burden of proof)¶
| PLD | AI Act | Nature of the intersection |
|---|---|---|
| Recital 3 | Whole AI Act | Political driver of the revision: AI is explicitly cited as the technology that has rendered Directive 85/374/EEC obsolete |
| Recital 13; Art. 4, point (1) | AI Act, Art. 3(1) | Software (including operating systems, firmware, computer programs, applications and AI systems) is explicitly a 'product' for PLD purposes, regardless of the mode of supply |
| Recital 13; Art. 4, point (10) | AI Act, Art. 3, points (3), (4) | AI system providers within the meaning of Reg. 2024/1689 are treated as manufacturers for PLD purposes |
| Recital 32; Art. 7(2)(f) | AI Act, Art. 15 (cybersecurity); Art. 16(1)(a) | Compliance with AI Act cybersecurity requirements contributes to determining the non-defectiveness of the system; conversely, cybersecurity vulnerabilities can constitute defectiveness under PLD |
| Recital 40 | AI Act, Art. 16(1)(h); Art. 21 | The continuous learning of an AI system that substantially modifies its behaviour and risk profile after being placed on the market is considered a substantial modification under PLD: new product, new start of the limitation period |
| Recital 48; Art. 10(2)(c); Art. 10(4) | AI Act, Art. 13 (transparency); Art. 86 (right to explanation) | Rebuttable presumption of defectiveness or causal link when, due to technical or scientific complexity (explicitly: machine learning, opaque AI systems), it would be 'excessively difficult' for the claimant to provide direct proof. It is sufficient to demonstrate that it is 'likely' that the product was defective or that the defectiveness was a probable cause of the damage |
| Recitals 50, 51; Art. 11(2) | AI Act, Art. 16(1)(h); Art. 72 (post-market monitoring) | The manufacturer cannot escape liability by invoking the 'defectiveness came after marketed' exception if the defect arises from failure to release software updates under its control, in particular for cybersecurity obligations (also under AI Act post-market) |
PLD ↔ GDPR axis (delimitation of 'data' damage)¶
| PLD | GDPR | Nature of the intersection |
|---|---|---|
| Recital 20; Art. 6(1)(c) | GDPR, Art. 82 | Destruction or corruption of data (e.g. digital files deleted from a hard drive) is recoverable damage under PLD; it is not to be confused with personal data breaches and the right to compensation under the GDPR (and Regulations 2018/1725 and 2016/680, Directive 2002/58/EC), which remain unaffected and cumulative |
| Recital 24 | GDPR, Art. 82(1) | Privacy infringement as such, pure economic loss and discrimination are not recoverable damages under PLD per se. The right to compensation for such damage under other liability regimes (notably the GDPR, which has its own autonomous notion of damage) remains intact |
| Recital 21; Art. 6(1)(b) | GDPR, Art. 82(1) | The notion of personal injury (Art. 6(1)(b)) expressly includes psychological harm medically recognised and certified, with reference to the WHO ICD — narrower scope than the GDPR 'non-material damage', but technically compatible with the CJEU case law on Art. 82 GDPR |
| Recital 22; Art. 6(1)(c) | GDPR, Arts. 4, 6, 9 | Damage to property used exclusively for professional purposes is not recoverable under PLD; the separation between private and professional use mirrors the logic of some GDPR protections for personal data |
PLD ↔ Data Act axis (components, manufacturer's control and cybersecurity)¶
| PLD | Data Act | Nature of the intersection |
|---|---|---|
| Recitals 17, 18; Art. 4, point (4) | Data Act, Art. 2, points (1), (6) ('connected product', 'related service') | The related services integrated into or interconnected with the product are treated as components of the product for PLD purposes; this extends the manufacturer's liability also to ongoing digital services (e.g. traffic data flow for navigation, health monitoring, voice-assistant), mirroring the Data Act perimeter |
| Recitals 18, 50; Art. 4, point (5) | Data Act, Chapter II; Chapter VI | The 'manufacturer's control' post-placing on the market (software updates, modifications, integrations) is the cornerstone of PLD; the Data Act regulates the corresponding obligations of data access generated by the device and portability between cloud providers: PLD liability does not extinguish if the manufacturer maintains control via cloud or related services |
| Recitals 32, 51; Art. 11(2) | Data Act, relevant security recitals | Failure to provide security updates to address cybersecurity vulnerabilities triggers PLD liability on the manufacturer, which cannot be sterilised by invoking the moment of placing on the market |
| Recital 16; Art. 4, point (2) | Data Act, Art. 2, point (16) (adjacent definitions) | Digital manufacturing files (CAD, 3D-printing) are treated as products for PLD purposes: the same defective file giving rise to a defective product triggers liability on the file's author |
PLD ↔ DGA axis (definition of 'data' and dataset quality)¶
The PLD ↔ DGA intersection operates mainly on two levels: the definition of 'data' for PLD purposes (Article 4, point (6) of the Directive expressly cross-refers to Reg. (EU) 2022/868) and the quality of the dataset feeding AI systems qualified as 'products' under PLD. Defects in a dataset shared under the DGA may propagate into the behaviour of the resulting AI system and thus into the assessment of defectiveness for PLD purposes.
| PLD | DGA | Nature of the intersection |
|---|---|---|
| Art. 4, point (6) ('data') | Whole DGA, in particular Art. 2, point (1) | The PLD expressly cross-refers to the DGA definition of 'data': direct definitional cross-reference to Reg. (EU) 2022/868 |
| Recital 13; Art. 7(2) (presumption of defectiveness) | DGA, Chapter II — Articles 3-9 (re-use of protected public sector data); Article 5(1)-(2) (re-use conditions) | Public data re-used for AI system training: compliance with DGA conditions (quality, completeness, anonymisation, secure processing environment) contributes to determining the non-defectiveness of the resulting product; conversely, incomplete or biased datasets may amount to defectiveness of the resulting AI system |
| Recitals 18, 50 (manufacturer's continuing control); Art. 11 ('defectiveness came after marketed' defence) | DGA, Article 5(9)-(13); Chapter VII — Article 31 (international transfer of non-personal data) | Extra-EU transfer of non-personal data (DGA Chapter VII) interferes with the manufacturer's continuing control: PLD liability does not extinguish if datasets or models are relocated outside the manufacturer's effective control perimeter |
| Art. 8 (liable operators) | DGA, Article 11 (notification and requirements for data intermediation service providers) | Data intermediation service providers are not as such 'manufacturers' under the PLD; they may, however, fall within the PLD scope if they integrate related services or software components into a defective product |
Definitional quintuplet¶
Four key notions cut across all five acts simultaneously, with the PLD adopting their qualification by direct or implicit cross-reference to the sectoral acts:
| Concept | PLD | AI Act | GDPR | Data Act | DGA |
|---|---|---|---|---|---|
| Software / AI system as 'product' | Art. 4, point (1); Recital 13 | (definition 'AI system': Art. 3(1)) | n/a | (relevant: 'connected product': Art. 2, point (5)) | n/a |
| Manufacturer / provider | Art. 4, point (10) | Art. 3, points (3), (4) ('provider', 'deployer') | Art. 4, points (7), (8) (controller/processor) | Art. 2, points (13), (14) (data holder/recipient) | Art. 2, point (11) ('data intermediation service provider') |
| Component / related service | Art. 4, point (4) | (relevant: Art. 25 AI value chain) | n/a | Art. 2, points (6), (8) | n/a |
| Data (personal / non-personal) | Art. 4, point (6) (refers to Reg. 2022/868); Recital 20 | Art. 3(33) | Art. 4(1) | Art. 2, point (1) (data); point (3) (personal data, GDPR cross-reference) | Art. 2, points (1), (3) (data, personal data) |
The table covers direct cross-references. Broader operational cross-references (interactions with the Cyber Resilience Act, NIS2, Digital Services Act and the upcoming AI Liability Directive) will be addressed in dedicated insights in the Soft law and Resources sections as the corresponding pages are published.
Amendments and corrigenda¶
The original text of 23 October 2024 entered into force on 8 December 2024. As of the publication date of this fact sheet, no corrigenda have been published in the Official Journal of the EU. Any future corrigenda or implementing/delegated acts will be incorporated in subsequent revisions of this page.
Application status¶
The PLD entered into force on 8 December 2024. Member States are required to transpose it into national law by 9 December 2026 (Art. 24). The new regime applies to products placed on the market or put into service after 9 December 2026 (Art. 2(1)); for products placed on the market before that date, Directive 85/374/EEC continues to apply in accordance with national transposition regimes (Recital 63 and Art. 23).
For Italian law, the PLD will require a rewriting of d.P.R. 24 maggio 1988, n. 224 (later merged into the Consumer Code, d.lgs. 6 settembre 2005, n. 206, Arts. 114-127), with particular regard to: the broader notion of 'product' (software and digital files); the mechanisms for alleviating the burden of proof; liability for related services and cybersecurity updates; the duration and start of the limitation period.
Related glossary terms¶
Entries from the AI-centric glossary relevant to this act:
Official sources¶
- EUR-Lex — Italian version (CELEX 32024L2853)
- EUR-Lex — English version (CELEX 32024L2853)
- EUR-Lex — European Legislation Identifier (ELI)
- European Commission — page on the new PLD
- Directive 85/374/EEC (text repealed from 9.12.2026)
Section index¶
- Recitals — full text of the 63 recitals in bilingual version, preceded by the introductory sentence of the preamble
- Text of the Directive — all articles organised by chapter:
- Annex: