Trusq

factual analysis · traceable to primary sources

Topics Opportunities Take the check Work with us LinkedIn NL·EN
Explainer

AI liability: who pays when AI causes harm?

Adopted 2026-06-21 · ≈ 2 min read · Dirk Baaijen

The AI Act governs safety up front, not compensation after the fact. That question shifts to the revised Product Liability Directive (PLD), which treats software and AI explicitly as products and eases the burden of proof — while the separate AI Liability Directive was withdrawn in 2025.

Short answer: The AI Act sets out how you place an AI system on the market safely, but not who pays for the damage if it goes wrong anyway. That civil-law question is governed mainly by the revised Product Liability Directive (PLD, Directive (EU) 2024/2853), which treats software and AI explicitly as a "product" and lightens the burden of proof for claimants. The separate proposal for an AI Liability Directive was withdrawn by the Commission in 2025.

Two sets of rules not to confuse

The AI Act is public-law product regulation: risk classification, conformity assessment, supervision and fines. It gives an injured party no right to compensation. That is the domain of liability law: the rules that decide who bears the financial cost of damage suffered. An organisation can therefore be fully AI Act compliant and still be held civilly liable — and vice versa.

The revised Product Liability Directive

The old 1985 product liability directive fitted software and AI poorly. The revised PLD (Directive (EU) 2024/2853) fixes that on three points that are crucial for AI:

  • Software and AI are "products". Standalone software, AI systems and digital services that determine how a product works fall under strict (no-fault) liability.
  • Updates and self-learning behaviour count too. A product can become defective through a missing security update or through behaviour it teaches itself after sale; the manufacturer can remain liable.
  • Lighter burden of proof. For complex or opaque systems a court can order disclosure of evidence and may presume defectiveness or causation where the claimant could otherwise barely prove it. That removes the "black box" hurdle.

Member States must transpose the directive by 9 December 2026; it applies to products placed on the market after that date.

Why the AI Liability Directive disappeared

Alongside the PLD there was a proposal for an AI Liability Directive (AILD), aimed at fault-based liability (for example, careless use) independent of a product defect. The Commission withdrew that proposal in 2025 for lack of agreement. The result: fault-based liability for AI runs for now through the national law of each Member State — with the familiar divergence that entails.

Sharpest for agentic AI

The liability question becomes hardest with agentic AI: systems that act independently and cause irreversible consequences. Does responsibility lie with the provider of the agent, the organisation deploying it, or the supplier of the underlying model? The PLD offers a product route, but the boundary between those parties is exactly what still has to crystallise in contracts and case law.

What to do

  • Allocate responsibilities contractually with suppliers of AI systems and models — see AI in contracts.
  • Keep evidence: logging, technical documentation and version control will determine whether you can rebut a presumption of defectiveness.
  • Stay on top of updates: an omitted security update can render a product defective.
  • Review your insurance: does your business or product liability policy cover harm from AI behaviour?

AI compliance and AI liability are two separate worlds. Steering on the AI Act alone secures the licence but not the risk.

Sources

  1. https://eur-lex.europa.eu/eli/dir/2024/2853/oj
    Directive (EU) 2024/2853 (revised Product Liability Directive); software and AI fall within the definition of product. Transposition by 9 December 2026.
  2. https://eur-lex.europa.eu/eli/reg/2024/1689/oj
    Regulation (EU) 2024/1689 (AI Act): ex-ante safety and conformity rules, no civil compensation.
  3. https://commission.europa.eu/strategy-and-policy/strategic-planning/commission-work-programme_en
    European Commission Work Programme 2025, which placed the proposed AI Liability Directive on the list of withdrawals.

Share on LinkedIn

Read next

U

AI and insurability: covering AI risks and liability

Whether AI harm is insured depends on the policy, not the AI Act. The revised Product Liability Directive widens liability exposure, while insurers struggle with opaque, self-learning and agentic systems.

U

AI agent vs chatbot: what is the difference and why does it matter legally?

A chatbot answers; an AI agent plans, uses tools and acts on its own. That difference drives your risk and obligations — an agent that takes actions touches not just the AI Act but also the GDPR, liability and oversight duties.

U

Agentic AI: how do autonomous AI agents fall under the rules?

Agentic AI — systems that plan, use tools and take actions on their own — has no dedicated category in the AI Act. Yet it is covered: through the GPAI regime, risk classification that follows the use, and the transparency and human-oversight duties. Open question: liability for autonomous actions.

Dirk Baaijen

About this knowledge base

Compiled and maintained by YRproject — programme and project direction at the intersection of digital transformation, AI and regulation. Every factual claim is traceable to its primary source. YRproject is led by Dirk Baaijen About & method →

A project or programme? Work with YRproject →

The monthly briefing

AI regulation in five minutes: what changed, what is coming and what it means. No spam, unsubscribe anytime.

Your address is used for this only and stored on our own servers.