Insurers and reinsurers face a significant rewrite of their product liability exposure as the European Union's revised directive drags software, artificial intelligence and post-market updates into the strict liability net, according to a new whitepaper from broker Howden Re.
The overhaul applies from Dec. 9, 2026, but Howden Re said the commercial fallout for the EU market is already in motion, with claimants better placed to bring and win cases, a widened pool of liable parties, and longer tails for latent injury.
The 1985 regime being replaced has long struggled with connected, software-driven products and supply chains where evidence sits inside opaque systems or spans multiple jurisdictions.
"Product" now explicitly covers software, digital manufacturing files, raw materials and electricity. Free and open-source software developed outside commercial activity is carved out, but digital services can count as product components when essential to core functions.
Compensable damage extends to medically recognized mental health harm and the destruction or corruption of non-professional data. Financial caps on death and personal injury liability are banned, scrapping the previous €500 minimum.
Importers, authorized representatives and fulfilment service providers are now squarely in scope, along with distributors and online platforms in certain cases, especially where manufacturers sit outside the EU.
Courts can also compel disclosure of evidence, with presumptions of defect and causation kicking in if defendants refuse, safety rules are breached, or proof is "excessively difficult." Long-stop periods stretch from 10 to 25 years in exceptional latent-injury cases.
Law firm Gibson Dunn said the disclosure shift, for the first time, gives plaintiffs across the bloc access to information previously available only in US, UK or other common law discovery.
As of late 2025, the Netherlands, Sweden and Germany have draft legislation on the table. Italy, Hungary, Denmark, Austria, the Czech Republic, Romania, Slovakia and Finland have taken preparatory steps. Most of the rest are yet to show their hand.
The insurance market is already recalibrating. Japanese insurer Sompo said in a recent note that "the inclusion of software as a product introduces a hybrid exposure combining technology risk and product risk," and warned the line between cyber and product liability cover remains unsettled.
It is urging clients toward layered programs mixing enhanced product liability, technology errors and omissions, cyber liability and integrated product-cyber policies.
The US comparison is sharpening. Research group RAND has pointed out that "software is not considered a product under the Uniform Commercial Code," and US courts have mostly declined to treat software as a product for strict liability.
That position is fraying: in an older but watershed 2025 ruling, a Florida federal court allowed a product liability claim to proceed against the developer of an AI chatbot. Law firm K&L Gates said PLD concepts will likely surface in US complaints as persuasive reference points.
Howden Re said underwriters should layer software governance and cyber-safety controls onto traditional rating factors, tighten aggregation language, and scrub legacy 1985 caps from wordings.
