A Security Leader’s Guide to the New Product Liability Directive

The EU has updated its product liability directive (PLD) to cover digital products, including software and AI products, and provide consumers with legal tools to hold companies liable for defective products. This update requires software companies operating in the EU to implement robust security and software development practices. Key changes include expanding the definition of defects to include software-specific issues like planned obsolescence and insecure software, allowing compensation for non-material losses, and simplifying the burden of proof for consumers. To mitigate risks associated with these changes, companies should adopt comprehensive, continuous cybersecurity strategies that incorporate crowdsourced security measures such as vulnerability disclosure programs or managed bug bounty programs.