The EU Product Liability Directive: Key insurance themes

The EU Product Liability Directive and why it matters

The new EU Product Liability Directive (the PLD) overhauls Europe’s strict liability regime for defective products.

It modernises the existing 1985 framework, explicitly bringing software, AI systems, firmware, and certain digital services into scope and creating claimant‑friendly rules that lower evidential hurdles. Importantly, liability will now extend beyond manufacturers to a wider set of economic operators, such as authorised representatives, importers, distributors, fulfilment providers, certain online marketplaces, and software publishers, reflecting modern supply chains.

The PLD must be implemented by EU Member States into their domestic laws by 9 December 2026. The PLD will apply to products placed on the EU market from 9 December 2026 onwards.

Scope of the Directive

Businesses outside of the EU should still pay close attention – component suppliers, software providers, and platforms supplying the EU market may be exposed to claims under the Directive and need to consider steps to align risk, contracts, and insurance coverage accordingly.

The PLD also broadens recoverable damage to include death, personal injury, medically recognised psychological harm, property damage, and even data destruction or corruption, as well as related recovery costs, with the former minimum and maximum claim thresholds being removed.

Key legal shifts driving insurance exposure

The PLD has shifted risk from a narrow manufacturer-centric model to a broader distributed model that more accurately mirrors many of today’s supply chains and product architectures. Businesses exposed to the PLD’s wider reach should be cognisant of the following in the context of assessing their existing and future insurance programmes:

1. The introduction of “defect by non-compliance”: this entails breaches of mandatory safety or cybersecurity requirements (e.g., under the CRA, NIS2, and MDR/IVDR regimes), which can create presumptions of defect and, in some cases, causation. Failure to provide security updates/patches within a party’s control can also render a product defective.
2. Expanded disclosure powers and rebuttable presumptions where technical complexity makes proof difficult (particularly for digital and life‑sciences products), increasing defence costs and settlement pressure. Collective actions under the EU Representative Actions regime will further elevate litigation risk and the need to call on insurance cover.
3. Extension of the general 10‑year longstop to 25 years for latent injuries. In addition, a three‑year limitation runs from knowledge of damage and defect while contractual exclusions against injured persons are not permitted.

Reshaping risk allocation and coverage

Coverage boundaries will blur between product liability, general liability, cyber, technology, recall, and D&O as software and lifecycle duties become central to “safety”. We can expect to see more multi‑defendant claims being brought earlier, involving broader disclosure combined with complex allocation across policies.

The Directive may also lead to a mix of trigger mechanisms, as product liability is often occurrence‑based, while cyber/tech E&O are typically claims‑made with retroactive dates and tight notification duties – creating potential gaps or overlaps for software‑driven injuries or property damage.

Insurers are also likely to review and potentially revise definitions (e.g., “product”, “defect”, “bodily injury”, “property damage”, “data impairment”) and exclusions (regulatory breaches, prior knowledge, security standards) as they re‑price portfolios for higher frequency and defence‑heavy claims.

Practical insurance considerations for insureds

• Core policy review. Review relevant policies to ensure product liability and associated definitions of “product” expressly include software, updates, and digital elements, and whether “loss/damage” is aligned to encompass bodily injury (including medically recognised psychological harm), property damage, and data corruption/restoration costs.
• Cyber and tech fit. Consideration should be given to whether coverage for third‑party injury or property damage arising from software malfunction or security incidents is included.
• Triggers, retroactive dates, and notice. Close attention should be paid to retroactive dates across cyber and professional indemnity coverage and whether these can be harmonised with product introduction timelines where applicable. Protocols around notifications to preserve claims‑made cover should be reviewed.
• Programme architecture. A full programme audit should be considered to remove any gaps across product liability, cyber, tech, professional indemnity, and D&O coverage. If renewing cover, increasing defence cost limits should be considered given the increased disclosure burdens and presumptions and the need for extended reporting or run‑off, being mindful of the 25‑year longstop
• Supply chain and contracts. Consideration of supply chains and associated agreements will be important. Where possible, representations on compliance with mandatory safety and cybersecurity regimes should be included, as well as language on cooperation in relation to disclosure obligations, flow down obligations, and minimum insurance standards

Looking ahead

The Directive turns regulatory compliance, especially cybersecurity and software lifecycle management, into a liability determinant, increasing both the likelihood and complexity of claims.

Insureds should align product safety governance with policy wording, triggers, and limits, and tighten supplier risk transfer to protect balance sheets ahead of the December 2026 deadline for implementation across the EU Member States.

EU PLD resources

• Interactive tracker: To support companies in tracking Member State implementation efforts, we have developed an interactive EU Product Liability Tracker. This resource allows users to view implementation status by country, access links to draft legislation where available, review comment periods and deadlines, and read summaries of proposed national measures.
• Webinar recordings: We held our inaugural EU Product Liability Directive Virtual Conference from 10-13 February 2026. The conference comprised a series of webinars designed to help attendees prepare for and navigate the changes the Directive will bring, all of which are now available to view on demand.
• Resource Center: To view EU PLD related news, insights, blogs and events, visit our European Product Liability Directive Resource Center.

Client Alert 2026-060