"Manufacturers Failing to Address Cybersecurity Vulnerabilities Liable Under New European Rules"
The European Commission has recently publicized new liability rules on digital products and artificial intelligence (AI) in order to protect consumers from harm, including in cases where cybersecurity vulnerabilities fail to be addressed. The two proposals the Commission recently adopted will modernize the existing rules on the strict liability of manufacturers for defective products (from smart technology to pharmaceuticals). Additionally, the Commission proposes for a targeted harmonization of national liability rules for AI, making it easier for victims of AI-related damage to get compensation. This will be adopted in line with the Commission’s 2021 AI Act proposal. It was noted that the liability rules allow compensation for damages when products like robots, drones, or smart-home systems are made unsafe by software updates, AI, or digital services that are needed to operate the product, as well as when manufacturers fail to address cybersecurity vulnerabilities. The recent directives will need to be turned into national law. In addition, the AI Act is not expected to become law before late 2023, with a period for compliance after that likely to be 2 years, but this is still being debated.