Software in focus for the EU

As the digital age continues to advance, new, more complex goods and services are constantly being introduced to the market. The fact that legislation must therefore try to keep pace with current societal developments is something that has escaped few. At the same time, it has proved difficult to develop legislation that is comprehensive enough to have a visible impact, yet flexible enough to remain relevant over time. At EU level, legislation has now been developed in the area of product safety and product liability to address this very issue.

The new AI Regulation[1] is in the spotlight, but other legislation that software developers should be aware of is also on the horizon. Below we touch on two of these.

In December 2023, the European Parliament and the Council reached a provisional agreement on a new product liability directive. Like its predecessor, the proposed Product Liability Directive aims to make it easier for consumers to claim compensation for damage caused by a defective product. The new Product Liability Directive proposes to extend the definition of a “product” to include software, both stand-alone software and software programmed into a physical product, stored on a device, accessed over a network or provided through a SaaS arrangement. The Directive also redefines the concept of damage. “Damage” is proposed to include, among other things, medically recognized damage to mental health, which is in line with other attempts to regulate the use of software at EU level. Loss of data would also be included in the concept of “damage”. The proposed directive has not yet been formally adopted but is expected to be adopted later this year. Once adopted, EU Member States will need to implement the Directive.

From 13 December 2024, a new Product Safety Regulation will apply in the EU, aiming, among other things, to ensure that products placed on the EU market are safe. It therefore imposes requirements on product manufacturers, suppliers, importers, distributors and even some online marketplaces. Unlike the proposed Product Liability Directive, the new GPSD does not go so far as to classify stand-alone software as a “product”, i.e. pure software products are not covered by the regulation. However, it is clear that the Regulation intends to regulate physical products using new (AI) technologies (e.g. robotic vacuum cleaners and smartphones) and address the safety risks associated with such technologies. For example, when assessing whether a product is safe, the impact that digitally connected products can have on each other and cybersecurity aspects should be taken into account.

In this context, it is also relevant to mention that the new GPSD introduces a new definition of “health”, which is relevant when assessing whether a product is safe. The preamble to the GPSD refers to a definition of “health” taken from the World Health Organization, which states that “health” consists of psychological, mental and social well-being.

If you have any questions about how upcoming EU legislation may affect your business and your products or services, please contact us.

[1] See e.g. https://www.gulliksson.se/the-ai-act-the-european-parliament-approves-proposal/ and https://www.gulliksson.se/soon-in-force-the-ai-act-has-been-approved-by-the-council/