Liability for non-manufacturer companies within the supply chain

The new PLD introduces a structured approach to determining who may be held responsible for harm caused by allegedly defective products within the EU. This framework is designed to ensure that individuals suffering damage can always identify a party within the EU against whom to bring a claim, even when the original manufacturer is based outside the Union.

• Where the manufacturer is located outside the EU, the responsibility of any harm caused by a defective product shifts to the importer—defined as the party that brings the product into the EU market. If there is no identifiable importer, liability then passes to the manufacturer’s authorized representative within the EU, provided such a representative has been appointed. This is likely to be a significant change as under the EU GPSR, manufacturers of all products (and not just CE-marked products) must have a “responsible person” for product compliance based in the EU.
• Should neither an importer nor an authorized representative be present in the EU, the next in line is the fulfillment service provider. These are entities that handle logistics, such as storage, packaging, and shipping, but do not take ownership of goods. Their liability is engaged only if no other responsible party within the EU can be identified.
• In cases where none of the above parties can be identified, distributors may be held liable if, upon request, they fail to identify within one month an EU-based manufacturer, importer, authorized representative, or fulfillment service provider, or their own supplier.
• Online platforms that facilitate the sale of products to EU consumers may also be held liable under certain conditions, particularly if they present products in a way that could lead consumers to believe that the platform itself is the supplier or if they do not promptly identify a responsible party within the EU when requested by the claimant. However, online platforms acting purely as intermediaries cannot be liable, similar to the Digital Services Act.
• Persons who substantially modify products outside the original manufacturer’s control, including through software updates and AI-driven changes, are treated as manufacturers for liability purposes.

Practical implications for non-manufacturer operators

Importers should prepare for front-line exposure where manufacturers are outside the EU, and ensure rapid access to conformity and safety documentation. Distributors should ensure they can promptly identify upstream operators and demonstrate robust product handling, traceability, and vigilance procedures. Authorized representatives should evaluate mandate terms, evidence access, and response timelines in light of the cascading liability. Fulfillment service providers should clarify scope and information rights and build processes to identify upstream operators; their exposure is subsidiary, but real where no importer or authorised representative exists in the EU. Online platforms should assess storefront presentation and seller onboarding to avoid creating the impression that the platform is the supplier, and ensure that they can promptly identify an EU-based operator. Across all roles, cybersecurity compliance, update processes, and defensible technical documentation will be central to defect and causation disputes.

Action steps to take now

• Map roles and operators. For each product line, companies should identify their relevant role (importer, distributor, authorized representative, fulfillment service provider, online platform, etc.) and confirm which upstream and downstream operators they can promptly identify.
• Strengthen product and technical documentation. Maintain comprehensive, contemporaneous records on product safety, conformity assessments, design history, software/AI update logs, cybersecurity compliance, post-market surveillance, instructions for use, warnings, origin, and traceability.
• Update contracts across the chain. Build in obligations for timely information-sharing, defined documentation delivery timelines, cooperation in claims, indemnities aligned to risk allocation, audit rights, and coordinated claims handling. Include withdrawal and remediation provisions where upstream parties fail to cooperate.
• Platform and fulfillment readiness. Align platform presentation and seller onboarding with the distributor framework and ensure rapid identification of an EU-based operator. For fulfillment service providers, clarify service scope, notice/response timelines, and information rights to address subsidiary exposure.
• Address privilege and disclosure risk. Calibrate communications and protocols to EU disclosure standards and the narrower, non-harmonized scope of legal professional privilege across Member States, including common limits on in-house and non-EU counsel. Involve external, EU-qualified counsel early for sensitive matters. Document the circumstances of any compelled disclosure.
• Reassess insurance. Confirm coverage for expanded heads of loss, longer liability tails, defense costs, cyber-related harms, and data loss/corruption, including for digital products and software-driven features.
• Prepare for collective actions and forum strategy. Anticipate representative actions and consider how national transposition, disclosure practice, and privilege rules may influence forum risk and defense strategy.
• Monitor national transposition. Track Member State implementing laws for variations in defenses, disclosure practice, definitions such as “excessive difficulties,” and treatment of platforms and fulfillment providers.

Given these developments, now is the time to take appropriate precautions. Companies should review their product and contract portfolio and initiate any necessary adjustments to their contractual framework with suppliers and manufacturers, particularly regarding product documentation, information exchange, and liability provisions in the event of damage. Our team is available to provide further details and discuss any specific questions or concerns.

Client Alert 2025-258