As the EU evolves its policy on regulating Artificial Intelligence, product liability issues arising out of the use of products incorporating AI systems have been tackled as a priority, not only in the proposed AI Act itself, but in proposals to:
These proposals set out how the EU intends to legislate for liability risks in AI products and provide recourse for consumers in the event these cause harm. However, they have also raised concerns given the potential significance of some of the changes proposed.
Stakeholder views in response to the proposals have been mixed. This is unsurprising given the balance that needs to be struck between modernising the product liability regime to adequately protect consumers from the risks of AI, and stifling innovation. It seems clear that a number of the proposals will greatly assist consumers in bringing more claims against technology companies and increase exposure for those supplying AI products and systems in the EU.
The draft AI Act is working its way through the legislative process and trilogues are likely to start shortly. The definitions are very much up for debate, but as currently drafted, the Regulation applies to all providers of AI systems that place them on the market or operate them in the EU as well as providers that use the results of AI systems in the EU and respective users of AI systems. AI systems in the context of the AI Act are intended to include the following modes of operation (but are not limited to these):
AI systems are classed into risk categories with separate obligations and levels of scrutiny. AI systems that pose an unacceptable risk, for example, will be banned. These include systems that can harm people through subliminal influence, as well as those that actively classify people and treat them differently according to their personality or social behaviour (eg social scoring). High-risk systems may only be used subject to strict compliance requirements. This applies, for example, to systems used for remote biometric identification, securing critical infrastructure, decision-making in human resources management, creditworthiness evaluation, and risk assessment in criminal prosecution. Systems that pose little or minimal risk, must only meet certain transparency requirements.
The AI Act is designed to set the safety standards and regulatory regime for placing products incorporating AI systems onto the market. This is like any other product safety legislation focussing on minimising risks and preventing damage.
In the event damage occurs, the amendments to the PLD are designed to expand the strict liability framework to products incorporating AI systems, allowing compensation for damage when products like robots, drones or smart-home systems are made unsafe by software updates, AI or digital services required to operate the product. Damage includes material losses due to loss of life, damage to health or property and data loss.
The new PLD will also increase the list of potentially liable defendants. The manufacturer, own-brander and/or importer into the EU will remain liable on a joint and several basis as is currently the position, but the legislation also introduces new potential defendants. For example, those entities which substantially modify a product once placed on the market might now be liable. Further, where the manufacturer of a defective product is based outside the EU, the importer of the defective product and any Authorised Representative of the manufacturer can be held liable for damage caused by that product. This extends the parties potentially liable for defective products to include Authorised Representatives of non-EU businesses and fulfilment service providers (ie warehouse, packing and postage providers).
The new AI Liability Directive sets out a targeted reform of national fault-based liability regimes and will apply to claims against any person for fault that influenced the AI system which caused the damage such as software developers, users or AI providers. It covers any type of damage under national law (eg for harm not covered by the PLD such as infringements of fundamental rights or claims against users of products rather than against the manufacturer).
The aim of the proposals is to shift difficult evidentiary problems regarding the culpability of AI systems from the consumer and on to the manufacturer, AI provider or operator.
As a result, there are plans to require AI system operators to disclose relevant evidence on a claimant's request in the event that a high-risk system (under the AI Act) is suspected of causing damage. If such a request is not complied with after a court order, the burden of proof is reversed, and there will then be a rebuttable presumption that the operator breached its duty of care.
A reversal of the burden of proof with regard to liability also applies if, for example, the relevant cyber security guarantees were not adhered to during the development and operation of the AI system, or where the system was trained with non-qualitative data sets.
This is a significant step change for tech companies placing AI products on the EU market and will likely make evidence gathering easier for claimants by allowing them to seek a court order requiring disclosure of relevant records. The proposals do recognise that appropriate safeguards for the protection of sensitive information and trade secrets should also be provided, but no further clarity is given on this.
Such far-reaching proposals to amend the European product liability regime are naturally facing scrutiny from a wide variety of stakeholders.
It will be some time before the entire set of AI law regulations comes into force and the Directives are transposed into national law. The proposed amendments to the PLD and newly proposed AI Liability Directive are currently being presented to the European Parliament and so we wait to see the final form of the new regime which is likely come into force in 2024-2025.
European governments have generally published strategic goals and objectives in respect of AI without producing any concrete legislative proposals. The EU Member States need to wait until the proposals have been finalised before taking further steps, but change is definitely coming.
Debbie Heywood (not ChatGPT) looks at the evolution of the UK's policy on regulating AI.
1 von 6 Insights
Benedikt Kohn and Fritz-Ulli Pieper look at the approach to regulating AI in key jurisdictions.
2 von 6 Insights
Xuyang Zhu and Noelle Huang look at the key things to consider when using and training generative AI tools given the potential IP ownership and infringement issues.
3 von 6 Insights
Thorsten Troge looks at regulation of dark patterns in the EU and at whether this is sufficient as they become increasingly AI-driven.
5 von 6 Insights
Nicholas Vollers and Alison Dennis compare and contrast the UK and EU approaches to regulating the use of AI in healthcare.
6 von 6 Insights