The European Commission has publicized new liability rules on digital products and artificial intelligence (AI) in order to protect consumers from harm, including in cases where cybersecurity vulnerabilities fail to be addressed. The two proposals the Commission adopted on September 28th, 2022 will modernize the existing rules on the strict liability of manufacturers for defective products, from smart technology to pharmaceuticals.

Additionally, the Commission proposes – for the first time, it says – a targeted harmonization of national liability rules for AI, making it easier for victims of AI-related damage to get compensation. This will be adopted in line with the Commission’s 2021 AI Act proposal. The liability rules allow compensation for damages when products like robots, drones or smart-home systems are made unsafe by software updates, AI or digital services that are needed to operate the product, as well as when manufacturers fail to address cybersecurity vulnerabilities.

Explaining how the new rules shift the focus in such litigations, John Buyers, head of AI at Osborne Clarke, said “there is a very intentional interplay between the AI Act and the proposed new presumptions on liability, linking non-compliance with the EU's planned regulatory regime with increased exposure to damages actions. Instead of having to prove that the AI system caused the harm suffered, claimants who can prove noncompliance with the Act (or certain other regulatory requirements) will benefit from a presumption that their damages case is proven. The focus will then shift to the defendant to show that its system is not the cause of the harm suffered.”

However, one challenge Buyers points out is the need for claimants to get hold of the defendant's regulatory compliance documentation to inform their claims. In addition, Buyers said that the AI Act is not expected to become law before late 2023, with a period for compliance after that — which will likely be 2 years, but this is still being debated.

Internet: <www.infosecurity-magazine.com> (adapted).

The European Commission has publicized new liability rules on digital products and artificial intelligence (AI) in order to protect consumers from harm, including in cases where cybersecurity vulnerabilities fail to be addressed. The two proposals the Commission adopted on September 28th, 2022 will modernize the existing rules on the strict liability of manufacturers for defective products, from smart technology to pharmaceuticals.

Additionally, the Commission proposes – for the first time, it says – a targeted harmonization of national liability rules for AI, making it easier for victims of AI-related damage to get compensation. This will be adopted in line with the Commission’s 2021 AI Act proposal. The liability rules allow compensation for damages when products like robots, drones or smart-home systems are made unsafe by software updates, AI or digital services that are needed to operate the product, as well as when manufacturers fail to address cybersecurity vulnerabilities.

Explaining how the new rules shift the focus in such litigations, John Buyers, head of AI at Osborne Clarke, said “there is a very intentional interplay between the AI Act and the proposed new presumptions on liability, linking non-compliance with the EU's planned regulatory regime with increased exposure to damages actions. Instead of having to prove that the AI system caused the harm suffered, claimants who can prove noncompliance with the Act (or certain other regulatory requirements) will benefit from a presumption that their damages case is proven. The focus will then shift to the defendant to show that its system is not the cause of the harm suffered.”

However, one challenge Buyers points out is the need for claimants to get hold of the defendant's regulatory compliance documentation to inform their claims. In addition, Buyers said that the AI Act is not expected to become law before late 2023, with a period for compliance after that — which will likely be 2 years, but this is still being debated.

Internet: <www.infosecurity-magazine.com> (adapted).