Choose the experimental features you want to try

This document is an excerpt from the EUR-Lex website

Document 52022PC0496

Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on adapting non-contractual civil liability rules to artificial intelligence (AI Liability Directive)

COM/2022/496 final

Brussels, 28.9.2022

COM(2022) 496 final

2022/0303(COD)

Proposal for a

DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

on adapting non-contractual civil liability rules to artificial intelligence
(AI Liability Directive)

(Text with EEA relevance)

{SEC(2022) 344 final} - {SWD(2022) 318 final} - {SWD(2022) 319 final} - {SWD(2022) 320 final}


EXPLANATORY MEMORANDUM

1.CONTEXT OF THE PROPOSAL

·Reasons for and objectives of the proposal

This explanatory memorandum accompanies the proposal for a Directive on adapting non-contractual civil liability rules to artificial intelligence (AI). In a representative survey of 2020 1 , liability ranked amongst the top three barriers to the use of AI by European companies. It was cited as the most relevant external obstacle (43%) for companies that are planning to, but have not yet adopted AI.

In her Political Guidelines, Commission President Ursula von der Leyen laid out a coordinated European approach on AI 2 . In its White Paper on AI of 19 February 2020 3 , the Commission undertook to promote the uptake of AI and to address the risks associated with some of its uses by fostering excellence and trust. In the Report on AI Liability 4 accompanying the White Paper, the Commission identified the specific challenges posed by AI to existing liability rules. In its conclusions on shaping Europe’s digital future of 9 June 2020, the Council welcomed the consultation on the policy proposals in the White Paper on AI and called on the Commission to put forward concrete proposals. On 20 October 2020, the European Parliament adopted a legislative own-initiative resolution under Article 225 TFEU requesting the Commission to adopt a proposal for a civil liability regime for AI based on Article 114 of the Treaty on the Functioning of the EU (TFEU). 5

Current national liability rules, in particular based on fault, are not suited to handling liability claims for damage caused by AI-enabled products and services. Under such rules, victims need to prove a wrongful action or omission by a person who caused the damage. The specific characteristics of AI, including complexity, autonomy and opacity (the so-called “black box” effect), may make it difficult or prohibitively expensive for victims to identify the liable person and prove the requirements for a successful liability claim. In particular, when claiming compensation, victims could incur very high up-front costs and face significantly longer legal proceedings, compared to cases not involving AI. Victims may therefore be deterred from claiming compensation altogether. These concerns have also been retained by the European Parliament (EP) in its resolution of 3 May 2022 on artificial intelligence in a digital age.  6

If a victim brings a claim, national courts, faced with the specific characteristics of AI, may adapt the way in which they apply existing rules on an ad hoc basis to come to a just result for the victim. This will cause legal uncertainty. Businesses will have difficulties to predict how the existing liability rules will be applied, and thus to assess and insure their liability exposure. The effect will be magnified for businesses trading across borders, as the uncertainty will cover different jurisdictions. It will particularly affect small and medium-sized enterprises (SMEs), which cannot rely on in-house legal expertise or capital reserves.

National AI strategies show that several Member States are considering, or even concretely planning, legislative action on civil liability for AI. Therefore, it is expected that, if the EU does not act, Member States will adapt their national liability rules to the challenges of AI. This will result in further fragmentation and increased costs for businesses active throughout the EU.

The open public consultation informing the Impact Assessment of this proposal, confirmed the problems explained above. In the opinion of the public, the ‘black box’ effect can make it difficult for the victim to prove fault and causality and there may be uncertainty as to how the courts will interpret and apply existing national liability rules in cases involving AI. Furthermore, it showed a public concern as to how legislative action on adapting liability rules initiated by individual Member States, and the ensuing fragmentation, would affect the costs for companies, especially SMEs, preventing the uptake of AI Union wide.

Thus, the objective of this proposal is to promote the rollout of trustworthy AI to harvest its full benefits for the internal market. It does so by ensuring victims of damage caused by AI obtain equivalent protection to victims of damage caused by products in general. It also reduces legal uncertainty of businesses developing or using AI regarding their possible exposure to liability and prevents the emergence of fragmented AI-specific adaptations of national civil liability rules.

·Consistency with existing policy provisions in the policy area

This proposal is part of a package of measures to support the roll-out of AI in Europe by fostering excellence and trust. This package comprises three complementary work streams:

a legislative proposal laying down horizontal rules on artificial intelligence systems (AI Act); 7  

a revision of sectoral and horizontal product safety rules;

EU rules to address liability issues related to AI systems.

In the AI Act proposal, the Commission has proposed rules that seek to reduce risks for safety and protect fundamental rights. Safety and liability are two sides of the same coin: they apply at different moments and reinforce each other. While rules to ensure safety and protect fundamental rights will reduce risks, they do not eliminate those risks entirely. 8  Where such a risk materialises, damage may still occur. In such instances, the liability rules of this proposal will apply. 

Effective liability rules also provide an economic incentive to comply with safety rules and therefore contribute to preventing the occurrence of damage. 9 In addition, this proposal contributes to the enforcement of the requirements for high-risk AI systems imposed by the AI Act, because the failure to comply with those requirements constitutes an important element triggering the alleviations of the burden of proof. This proposal is also consistent with the general 10 and sectoral product safety proposed rules applicable to AI-enabled machinery products 11 and radio equipment. 12

The Commission takes a holistic approach in its AI policy to liability by proposing adaptations to the producer’s liability for defective products under the Product Liability Directive as well as the targeted harmonisation under this proposal. These two policy initiatives are closely linked and form a package, as claims falling within their scope deal with different types of liability. The Product Liability Directive covers producer’s no-fault liability for defective products, leading to compensation for certain types of damages, mainly suffered by individuals. This proposal covers national liability claims mainly based on the fault of any person with a view of compensating any type of damage and any type of victim. They complement one another to form an overall effective civil liability system.

Together these rules will promote trust in AI (and other digital technologies) by ensuring that victims are effectively compensated if damage occurs despite the preventive requirements of the AI Act and other safety rules.

·Consistency with other Union policies

The proposal is coherent with the Union’s overall digital strategy as it contributes to promoting technology that works for people, one of the three main pillars of the policy orientation and objectives announced in the Communication ‘Shaping Europe's digital future’ 13 .  

In this context, this proposal aims to build trust in the AI and to increase its uptake. This will achieve synergies and is complementary with the [Cyber Resilience Act] 14 , which also aims to increase trust in products with digital elements by reducing cyber vulnerabilities and to better protect business and consumer users.

This proposal does not affect the rules set by [the Digital Services Act (DSA)], which provide for a comprehensive and fully harmonised framework for due diligence obligations for algorithmic decision making by online platforms, including its exemption of liability for providers of intermediary services.

In addition, by promoting the roll-out of AI, this proposal is linked to the initiatives under the EU strategy for data 15 . It also strengthens the Union’s role to help shape global norms and standards and promote trustworthy AI that is consistent with Union values and interests.

The proposal also has indirect links with the European Green Deal 16 . In particular, digital technologies, including AI, are a critical enabler for attaining the sustainability goals of the Green Deal in many different sectors (including healthcare, transport, environment and farming).

·Main economic, social and environmental impacts

The Directive will contribute to the rollout of AI. The conditions for the roll-out and development of AI-technologies in the internal market can be significantly improved by preventing fragmentation and increasing legal certainty through harmonised measures at EU level, compared to possible adaptations of liability rules at national level. The economic study 17 underpinning the Impact Assessment of this proposal concluded – as a conservative estimate – that targeted harmonisation measures on civil liability for AI would have a positive impact of 5 to 7 % on the production value of relevant cross-border trade as compared to the baseline scenario. This added value would be generated notably through reduced fragmentation and increased legal certainty regarding stakeholders’ liability exposure. This would lower stakeholders’ legal information/representation, internal risk management and compliance costs, facilitate financial planning as well as risk estimates for insurance purposes, and enable companies – in particular SMEs – to explore new markets across borders. Based on the overall value of the EU AI market affected by the liability-related problems addressed by this Directive, it is estimated that the latter will generate an additional market value between ca. EUR 500mln and ca. EUR 1.1bln.

In terms of social impacts, the Directive will increase societal trust in AI-technologies and access to an effective justice system. It will contribute to an efficient civil liability regime, adapted to the specificities of AI, where justified claims for compensation of damage are successful. Increasing societal trust would also benefit all companies in the AI-value chain, because strengthening citizens’ confidence will contribute to a faster uptake of AI. Due to the incentivising effect of liability rules, preventing liability gaps would also indirectly benefit all citizens through an increased level of protection of health and safety (Article 114(3) TFEU) and the obviation of sources of health risks (Article 168(1) TFEU).

As regards environmental impacts, the Directive is also expected to contribute to achieving the related Sustainable Development Goals (SDGs) and targets. The uptake of AI applications is beneficial for the environment. For instance, AI systems used in process optimisation make processes less wasteful (e.g. by reducing the amount of fertilizers and pesticides needed, decreasing the water consumption at equal output, etc.). The Directive would also impact positively on SDGs because effective legislation on transparency, accountability and fundamental rights will direct AI’s potential to benefit individuals and society towards achieving the SDGs.

2.LEGAL BASIS, SUBSIDIARITY AND PROPORTIONALITY

·    Legal basis

The legal basis for the proposal is Article 114 TFEU, which provides for the adoption of measures to ensure the establishment and functioning of the internal market.

The problems this proposal aims to address, in particular legal uncertainty and legal fragmentation, hinder the development of the internal market and thus amount to significant obstacles to cross-border trade in AI-enabled products and services.

The proposal addresses obstacles stemming from the fact that businesses that want to produce, disseminate and operate AI-enabled products and services across borders are uncertain whether and how existing liability regimes apply to damage caused by AI. This uncertainty concerns particularly Member States where businesses will export to or operate their products and services. In a cross-border context, the law applicable to a non-contractual liability arising out of a tort or delict is by default the law of the country in which the damage occurs. For these businesses, it is essential to know the relevant liability risks and to be able to insure themselves against them.

In addition, there are concrete signs that a number of Member States are considering unilateral legislative measures to address the specific challenges posed by AI with respect to liability. For example, AI strategies adopted in Czechia 18 , Italy 19 , Malta 20 , Poland 21 and Portugal 22 mention initiatives to clarify liability. Given the large divergence between Member States’ existing civil liability rules, it is likely that any national AI-specific measure on liability would follow existing different national approaches and therefore increase fragmentation.

Therefore, adaptations of liability rules taken on a purely national basis would increase the barriers to the rollout of AI-enabled products and services across the internal market and contribute further to fragmentation.

·Subsidiarity

The objectives of this proposal cannot be adequately achieved at national level because emerging divergent national rules would increase legal uncertainty and fragmentation, creating obstacles to the rollout of AI-enabled products and services across the internal market. Legal uncertainty would particularly affect companies active cross-borders by imposing the need for additional legal information/representation, risk management costs and foregone revenue. At the same time, differing national rules on compensation claims for damage caused by AI would increase transaction costs for businesses, especially for cross-border trade, entailing significant internal market barriers. Further, legal uncertainty and fragmentation disproportionately affect start-ups and SMEs, which account for most companies and the major share of investments in the relevant markets.

In the absence of EU harmonised rules for compensating damage caused by AI systems, providers, operators and users of AI systems on the one hand and injured persons on the other hand would be faced with 27 different liability regimes, leading to different levels of protection and distorted competition among businesses from different Member States.

Harmonised measures at EU level would significantly improve conditions for the rollout and development of AI-technologies in the internal market by preventing fragmentation and increasing legal certainty. This added value would be generated notably through reduced fragmentation and increased legal certainty regarding stakeholders’ liability exposure. Moreover, only EU action can consistently achieve the desired effect of promoting consumer trust in AI-enabled products and services by preventing liability gaps linked to the specific characteristics of AI across the internal market. This would ensure a consistent (minimum) level of protection for all victims (individuals and companies) and consistent incentives to prevent damage and ensure accountability.

·Proportionality

The proposal is based on a staged approach. In the first stage, the objectives are achieved with a minimally invasive approach; the second stage involves re-assessing the need for more stringent or extensive measures.

The first stage is limited to the burden-of-proof measures to address the AI-specific problems identified. It builds on the substantive conditions of liability currently existing in national rules, such as causality or fault, but focuses on targeted proof-related measures, ensuring that victims have the same level of protection as in cases not involving AI systems. Moreover, from the various tools available in national law for easing the burden of proof 23 , this proposal has chosen to use rebuttable presumptions as the least interventionist tool. Such presumptions are commonly found in national liability systems, and they balance the interests of claimants and defendants. At the same time they are designed to incentivise compliance with existing duties of care set at Union or national level. The proposal does not lead to a reversal of the burden of proof, to avoid exposing providers, operators and users of AI systems to higher liability risks, which may hamper innovation and reduce the uptake of AI-enabled products and services.

The second stage included in the proposal ensures that, when assessing the effect of the first stage in terms of victim protection and uptake of AI, future technological, regulatory and jurisprudential developments will be taken into account when re-assessing the need to harmonise other elements of the claims for compensation or other tools related to liability claims, including for situations where strict liability would be more appropriate, as requested by the European Parliament. Such assessment would also likely consider whether such a harmonisation would need to be coupled with mandatory insurance to ensure effectiveness.

·Choice of instrument

A directive is the most suitable instrument for this proposal, as it provides the desired harmonisation effect and legal certainty, while also providing the flexibility to enable Member States to embed the harmonised measures without friction into their national liability regimes.

A mandatory instrument would prevent protection gaps stemming from partial or no implementation. While a non-binding instrument would be less intrusive, it is unlikely to address the identified problems in an effective manner. The implementation rate of non-binding instruments is difficult to predict and there is insufficient indication that the persuasive effect of a recommendation would be strong enough to produce consistent adaptation of national laws.

This effect is even more unlikely for measures concerning private law, of which non contractual liability rules form part. This area is characterised by long-standing legal traditions, which makes Member States reluctant to pursue coordinated reform unless driven by the clear prospect of internal market benefits under a binding EU instrument or the need to adapt to new technologies in the digital economy.

The existing significant divergences between Member States’ liability frameworks are another reason why a recommendation is unlikely to be implemented in a consistent manner.

1.RESULTS OF EX POST EVALUATIONS, STAKEHOLDER CONSULTATIONS AND IMPACT ASSESSMENTS

·Stakeholder consultations

An extensive consultation strategy was implemented to ensure a wide participation of stakeholders throughout the policy cycle of this proposal. The consultation strategy was based on both public and several targeted consultations (webinars, bilateral discussions with companies and various organisations).

After the initial questions on liability which were part of the public consultation on the White Paper on AI and the Commission report on safety and liability, a dedicated online public consultation was open from 18 October 2021 to 10 January 2022 to gather views from a wide variety of stakeholders, including consumers, civil society organisations, industry associations, businesses, including SMEs, and public authorities. After analysing all the responses received, the Commission published a summary outcome and the individual responses on its website 24 .

In total, 233 responses were received from respondents from 21 Member States, as well as from third countries. Overall, the majority of stakeholders confirmed the problems with burden of proof, legal uncertainty and fragmentation and supported action at EU level.

EU citizens, consumer organizations and academic institutions overwhelmingly confirmed the need for EU action to ease victims’ problems with the burden of proof. Businesses, while recognising the negative effects of the uncertainty around the application of liability rules, were more cautious and asked for targeted measures to avoid limiting innovation.

A similar picture appeared regarding the policy options. EU citizens, consumer organizations and academic institutions strongly supported measures on the burden of proof and harmonising no-fault liability (referred to as ‘strict liability’) coupled with mandatory insurance. Businesses were more divided on the policy options, with differences depending in part on their size. Strict liability was considered disproportionate by the majority of business respondents. Harmonisation of the easing of the burden of proof gained more support, particularly among SMEs. However, businesses cautioned against a complete shift of the burden of proof.

Therefore, the preferred policy option was developed and refined in light of feedback received from stakeholders throughout the impact assessment process to strike a balance between the needs expressed and concerns raised by all relevant stakeholder groups.

·Collection and use of expertise

The proposal builds on 4 years of analysis and close involvement of stakeholders, including academics, businesses, consumer associations, Member States and citizens. The preparatory work started in 2018 with the setting up of the Expert Group on Liability and New Technologies (New Technologies Formation). The Expert Group produced a Report in November 2019 25 that assessed the challenges some characteristics of AI pose to national civil liability rules.

The input from the Expert Group report was complemented by three additional external studies:

a comparative law study based on a comparative legal analysis of European tort laws focused on key AI-related issues 26 ;

a behavioural economics study on the impacts of targeted adaptations of the liability regime on consumers’ decision making, in particular their trust and willingness to take up AI-enabled products and services 27 ;

an economic study 28 covering a number of issues: the challenges faced by victims of AI applications compared to victims of non-AI devices when trying to obtain compensation for their loss; whether and to what extent businesses are uncertain about the application of current liability rules to their operations involving AI, and whether the impact of legal uncertainty can hamper investment in AI; whether further fragmentation of national liability laws would reduce the effectiveness of the internal market for AI applications and services, and whether and to what extent harmonising certain aspects of national civil liability via EU legislation would reduce these problems and facilitate the overall uptake of AI technology by EU companies.

·Impact assessment

In line with its “Better Regulation” policy, the Commission conducted an impact assessment for this proposal examined by the Commission's Regulatory Scrutiny Board. The meeting of the Regulatory Scrutiny Board on 6 April 2022 led to a positive opinion with comments.

Three policy options were assessed:

Policy option 1: three measures to ease the burden of proof for victims trying to prove their liability claim.

Policy option 2: the measures under option 1 + harmonising strict liability rules for AI use cases with a particular risk profile, coupled with a mandatory insurance.

Policy option 3: a staged approach consisting of:

a first stage: the measures under option 1;

a second stage: a review mechanism to re-assess, in particular, the need for harmonising strict liability for AI use cases with a particular risk profile (possibly coupled with a mandatory insurance).

The policy options were compared by way of a multi-criteria analysis taking into account their effectiveness, efficiency, coherence and proportionality. The results of the multi-criteria and sensitivity analysis show that policy option 3, easing the burden of proof for AI-related claims + targeted review regarding strict liability, possibly coupled with mandatory insurance, ranks highest and is therefore the preferred policy choice for this proposal.

The preferred policy option would ensure that victims of AI-enabled products and services (natural persons, businesses and any other public or private entities) are no less protected than victims of traditional technologies. It would increase the level of trust in AI and promote its uptake.

Furthermore, it would reduce legal uncertainty and prevent fragmentation, thus helping companies, and most of all SMEs, that want to realise the full potential of the EU single market by rolling out AI-enabled products and services cross-border. The preferred policy option also creates better conditions for insurers to offer coverage of AI-related activities, which is crucial for businesses, especially SMEs to manage their risks. It is namely estimated that the preferred policy option would generate an increased AI market value in the EU-27 between ca. EUR 500mln and ca. EUR 1.1bln in 2025.

·Fundamental rights

One of the most important functions of civil liability rules is to ensure that victims of damage can claim compensation. By guaranteeing effective compensation, these rules contribute to the protection of the right to an effective remedy and a fair trial (Article 47 of the EU Charter of Fundamental Rights, referred to below as 'the Charter') while also giving potentially liable persons an incentive to prevent damage, in order to avoid liability.

With this proposal, the Commission aims to ensure that victims of damage caused by AI have an equivalent level of protection under civil liability rules as victims of damage caused without the involvement of AI. The proposal will enable effective private enforcement of fundamental rights and preserve the right to an effective remedy where AI-specific risks have materialised. In particular, the proposal will help protect fundamental rights, such as the right to life (Article 2 of the Charter), the right to the physical and mental integrity (Article 3), and the right to property (Article 17). In addition, depending on each Member State’s civil law system and traditions, victims will be able to claim compensation for damage to other legal interests, such as violations of personal dignity (Articles 1 and 4 of the Charter), respect for private and family life (Article 7), the right to equality (Article 20) and non-discrimination (Article 21).

In addition, this proposal complements other strands in the Commission’s AI policy based on preventive regulatory and supervisory requirements aimed directly at avoiding fundamental rights breaches (such as discrimination). These are the AI Act, the General Data Protection Regulation, the Digital Services Act and EU law on non-discrimination and equal treatment. At the same time, this proposal does not create or harmonise the duties of care or the liability of various entities whose activity is regulated under those legal acts and, therefore, does not create new liability claims or affect the exemptions from liability under those other legal acts. This proposal only introduces alleviations of the burden of proof for the victims of damage caused by AI systems in claims that can be based on national law or on these other EU laws. By complementing these other strands, this proposal protects the victim's right to compensation under private law, including compensation for fundamental rights breaches.

4.BUDGETARY IMPLICATIONS

This proposal will not have implications for the budget of the European Union.

5.OTHER ELEMENTS

·Implementation plans and monitoring, evaluation, monitoring programme and targeted review

This proposal puts forward a staged approach. To ensure that sufficient evidence is available for the targeted review in the second stage, the Commission will draw up a monitoring plan, detailing how and how often data and other necessary evidence will be collected.

The monitoring mechanism could cover the following types of data and evidence:

reporting and information sharing by Member States regarding application of measure to ease the burden of proof in national judicial or out-of-court settlement procedures;

information collected by the Commission or market surveillance authorities under the AI Act (in particular Article 62) or other relevant instruments;

information and analyses supporting the evaluation of the AI Act and the reports to be prepared by the Commission on implementation of that Act;

information and analyses supporting the assessment of relevant future policy measures under the ‘old approach’ safety legislation to ensure that products placed on the Union market meet high health, safety and environmental requirements;

information and analyses supporting the Commission’s report on the application of the Motor Insurance Directive to technological developments (in particular autonomous and semi-autonomous vehicles) pursuant to its Article 28c(2)(a).

·Detailed explanation of the specific provisions in the proposal

1. Subject matter and scope (Article 1)

The purpose of this Directive is to improve the functioning of the internal market by laying down uniform requirements for certain aspects of non-contractual civil liability for damage caused with the involvement of AI systems. It follows up on the European Parliament’s Resolution 2020/2014(INL) and adapts private law to the needs of the transition to the digital economy.

The choice of suitable legal tools is limited, given the nature of the burden-of-proof issue and the specific characteristics of AI that pose a problem for existing liability rules. In this respect, this Directive eases the burden of proof in a very targeted and proportionate manner through the use of disclosure and rebuttable presumptions. It establishes for those seeking compensation for damage a possibility to obtain information on high-risk AI systems to be recorded/documented pursuant to the AI Act. In addition to this, the rebuttable presumptions will give those seeking compensation for damage caused by AI systems a more reasonable burden of proof and a chance to succeed with justified liability claims.

Such tools are not new; they can be found in national legislative systems. Hence, these national tools constitute helpful reference points on how to address the issues raised by AI for existing liability rules in a way which interferes as little as possible with the different national legal regimes.

In addition, when asked about more far-reaching changes such as a reversal of the burden of proof or an irrebuttable presumption, businesses provided negative feedback in consultations. Targeted measures to ease the burden of proof in form of rebuttable presumptions were chosen as pragmatic and appropriate ways to help victims meet their burden of proof in the most targeted and proportionate manner possible.

Article 1 indicates the subject matter and scope of this Directive: it applies to non-contractual civil law claims for damages caused by an AI system, where such claims are brought under fault-based liability regimes. This means namely regimes that provide for a statutory responsibility to compensate for damage caused intentionally or by a negligent act or omission. The measures provided in this Directive can fit without friction in existing civil liability systems, since they reflect an approach that does not touch on the definition of fundamental concepts like ‘fault’ or ‘damage’, given that the meaning of those concepts varies considerably across the Member States. Thus, beyond the presumptions it establishes, this Directive does not affect Union or national rules determining, for instance, which party has the burden of proof, what degree of certainty is required as regards the standard of proof, or how fault is defined.

In addition, this Directive does not affect existing rules regulating the conditions of liability in the transport sector and those set by the Digital Services Act.

While this Directive does not apply with respect to criminal liability, it may be applicable with respect to state liability. State authorities are also covered by the provisions of the AI Act as subjects of the obligations prescribed therein.

This Directive does not apply retroactively, but only to claims for compensation of damages that occur as from the date of its transposition.

The proposal for this Directive has been adopted together with the proposal for a revision of the Product Liability Directive 85/374/EEC, in a package aiming to adapt liability rules to the digital age and AI, ensuring the necessary alignment between these two complementary legal instruments.

2.Definitions (Article 2)

The definitions in Article 2 follow those of the AI Act to ensure consistency.

Article 2(6)(b) provides that claims for damages can be brought not only by the injured person but also by persons that have succeeded in or have been subrogated into the injured person’s rights. Subrogation is the assumption by a third party (such as an insurance company) of another party’s legal right to collect a debt or damages. Thus one person is entitled to enforce the rights of another for their own benefit. Subrogation would also cover heirs of a deceased victim.

In addition, Article 2(6)(c) provides that an action for damages can also be brought by someone acting on behalf of one or more injured parties, in accordance with Union or national law. This provision aims to give more possibilities to persons injured by an AI system to have their claims assessed by a court, even in cases where individual actions may seem too costly or too cumbersome to bring, or where joint actions may entail a benefit of scale. To enable victims of damage caused by AI systems to enforce their rights in relation to this Directive through representative actions, Article 6 amends Annex I to Directive (EU) 2020/1828.

3.Disclosure of evidence (Article 3)

This Directive aims to provide persons seeking compensation for damage caused by high-risk AI systems with effective means to identify potentially liable persons and relevant evidence for a claim. At the same time, such means serve to exclude falsely identified potential defendants, saving time and costs for the parties involved and reducing the case load for courts.

In this respect, Article 3(1) of the Directive provides that a court may order the disclosure of relevant evidence about specific high-risk AI systems that are suspected of having caused damage. Requests for evidence are addressed to the provider of an AI system, a person who is subject to the provider’s obligations laid down by Article 24 or Article 28 (1) of the AI Act or a user pursuant to the AI Act. The requests should be supported by facts and evidence sufficient to establish the plausibility of the contemplated claim for damages and the requested evidence should be at the addressees’ disposal. Requests cannot be addressed to parties that bear no obligations under the AI Act and therefore have no access to the evidence.

According to Article 3(2) the claimant can request the disclosure of evidence from providers or users that are not defendants only in case all proportionate attempts were unsuccessfully made to gather the evidence from the defendant.

In order for the judicial means to be effective, Article 3(3) of the Directive provides that a court may also order the preservation of such evidence.

As provided in Article 3(4), first subparagraph, the court may order such disclosure, only to the extent necessary to sustain the claim, given that the information could be critical evidence to the injured person’s claim in the case of damage that involve AI systems.

By limiting the obligation to disclose or preserve to necessary and proportionate evidence, Article 3 (4), first subparagraph, aims to ensure proportionality in disclosing evidence, i.e. to limit the disclosure to the necessary minimum and prevent blanket requests.

The second and third subparagraphs of Article 3(4) further aim to strike a balance between the claimant’s rights and the need to ensure that such disclosure would be subject to safeguards to protect the legitimate interests of all parties concerned, such as trade secrets or confidential information.

In the same context, the fourth subparagraph of Article 3(4) aims to ensure that procedural remedies against the order of disclosure or preservation are at the disposal of the person subject to it.

Article 3(5) introduces a presumption of non-compliance with a duty of care. This is a procedural tool, relevant only in cases where it is the actual defendant in a claim for damages who bears the consequences of not complying with a request to disclose or preserve evidence. The defendant will have the right to rebut that presumption. The measure set out in this paragraph aims to promote disclosure but also to expedite court proceedings.

4.Presumption of causal link in the case of fault (Article 4)

With respect to damage caused by AI systems, this Directive aims to provide an effective basis for claiming compensation in connection with the fault consisting in the lack of compliance with a duty of care under Union or national law.

It can be challenging for claimants to establish a causal link between such non-compliance and the output produced by the AI system or the failure of the AI system to produce an output that gave rise to the relevant damage. Therefore, a targeted rebuttable presumption of causality has been laid down in Article 4 (1) regarding this causal link. Such presumption is the least burdensome measure to address the need for fair compensation of the victim.

The fault of the defendant has to be proven by the claimant according to the applicable Union or national rules. Such fault can be established, for example, for non-compliance with a duty of care pursuant to the AI Act or pursuant to other rules set at Union level, such as those regulating the use of automated monitoring and decision-making for platform work or those regulating the operation of unmanned aircraft. Such fault can also be presumed by the court on the basis of a non-compliance with a court order for disclosure or preservation of evidence under Article 3(5). Still, it is only appropriate to introduce a presumption of causality when it can be considered likely that the given fault has influenced the relevant AI system output or lack thereof, which can be assessed on the basis of the overall circumstances of the case. At the same time, the claimant still has to prove that the AI system (i.e. its output or failure to produce one) gave rise to the damage.

Paragraphs (2) and (3) differentiate between, on the one hand, claims brought against the provider of a high-risk AI system or against a person subject to the provider’s obligations under the AI Act and, on the other hand, claims brought against the user of such systems. In this respect, it follows the respective provisions and relevant conditions of the AI Act. In the case of claims based on Article 4(2), the defendants’ compliance with the obligations listed in that paragraph have to be assessed also in the light of the risk management system and its results, i.e. risk management measures, under the AI Act.

In case of high-risk AI systems as defined by the AI Act, Article 4(4) establishes an exception from the presumption of causality, where the defendant demonstrates that sufficient evidence and expertise is reasonably accessible for the claimant to prove the causal link. This possibility can incentivise defendants to comply with their disclosure obligations, with measures set by the AI Act to ensure a high level of transparency of the AI or with documenting and recording requirements.

In the case of non-high risk AI systems, Article 4(5) establishes a condition for the applicability of the presumption of causality, whereby the latter is subject to the court determining that it is excessively difficult for the claimant to prove the causal link. Such difficulties are to be assessed in light of the characteristics of certain AI systems, such as autonomy and opacity, which render the explanation of the inner functioning of the AI system very difficult in practice, negatively affecting the ability of the claimant to prove the causal link between the fault of the defendant and the AI output.

In cases where the defendant uses the AI system in the course of a personal non-professional activity, Article 4(6) provides that the presumption of causality should only apply if the defendant has materially interfered with the conditions of the operation of the AI system or if the defendant was required and able to determine the conditions of operation of the AI system and failed to do so. This condition is justified by the need to balance the interests of injured persons and non-professional users, by exempting from the application of the presumption of causality the cases in which non-professional users do not add risk through their behaviour.

Finally, Article 4(7) provides that the defendant has the right to rebut the causality presumption based on Article 4(1).

Such effective civil liability rules have the additional advantage that they give all those involved in activities related to AI systems an additional incentive to respect their obligations regarding their expected conduct.

5.Evaluation and targeted review (Article 5)

Various national legal systems provide for different strict liability regimes. Elements for such a regime at Union level were also suggested by the European Parliament in its own-initiative resolution of 20 October 2020, consisting of a limited strict liability regime for certain AI-enabled technologies and a facilitated burden of proof under fault-based liability rules. The public consultations also highlighted a preference for such a regime among respondents (except for non-SMEs businesses), whether or not coupled with mandatory insurance.

However, the proposal takes into account the differences between national legal traditions and the fact that the kind of products and services equipped with AI systems that could affect the public at large and put at risk important legal rights, such as the right to life, health and property, and therefore could be subject to a strict liability regime, are not yet widely available on the market.

A monitoring programme is put in place to provide the Commission with information on incidents involving AI systems. The targeted review will assess whether additional measures would be needed, such as introducing a strict liability regime and/or mandatory insurance.

6.Transposition (Article 7)

When notifying the Commission of national transposition measures to comply with this Directive, Member States should also provide explanatory documents which give sufficiently clear and precise information and state, for each provision of this Directive, the national provision(s) ensuring its transposition. This is necessary to enable the Commission to identify, for each provision of the Directive requiring transposition, the relevant part of national transposition measures creating the corresponding legal obligation in the national legal order, whatever the form chosen by the Member States.



2022/0303 (COD)

Proposal for a

DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

on adapting non-contractual civil liability rules to artificial intelligence
(AI Liability Directive)

(Text with EEA relevance)

THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 114 thereof,

Having regard to the proposal from the European Commission,

After transmission of the draft legislative act to the national parliaments,

Having regard to the opinion of the European Economic and Social Committee 29 ,

Having regard to the opinion of the Committee of the Regions 30 ,

Acting in accordance with the ordinary legislative procedure,

Whereas:

(1)Artificial Intelligence (‘AI’) is a set of enabling technologies which can contribute to a wide array of benefits across the entire spectrum of the economy and society. It has a large potential for technological progress and allows new business models in many sectors of the digital economy.

(2)At the same time, depending on the circumstances of its specific application and use, AI can generate risks and harm interests and rights that are protected by Union or national law. For instance, the use of AI can adversely affect a number of fundamental rights, including life, physical integrity and in respect to non-discrimination and equal treatment. Regulation (EU) …/… of the European Parliament and of the Council [the AI Act] 31 provides for requirements intended to reduce risks to safety and fundamental rights, while other Union law instruments regulate general 32 and sectoral product safety rules applicable also to AI-enabled machinery products 33 and radio equipment. 34 While such requirements intended to reduce risks to safety and fundamental rights are meant to prevent, monitor and address risks and thus address societal concerns, they do not provide individual relief to those that have suffered damage caused by AI. Existing requirements provide in particular for authorisations, checks, monitoring and administrative sanctions in relation to AI systems in order to prevent damage. They do not provide for compensation of the injured person for damage caused by an output or the failure to produce an output by an AI system.

(3)When an injured person seeks compensation for damage suffered, Member States’ general fault-based liability rules usually require that person to prove a negligent or intentionally damaging act or omission (‘fault’) by the person potentially liable for that damage, as well as a causal link between that fault and the relevant damage. However, when AI is interposed between the act or omission of a person and the damage, the specific characteristics of certain AI systems, such as opacity, autonomous behaviour and complexity, may make it excessively difficult, if not impossible, for the injured person to meet this burden of proof. In particular, it may be excessively difficult to prove that a specific input for which the potentially liable person is responsible had caused a specific AI system output that led to the damage at stake.

(4)In such cases, the level of redress afforded by national civil liability rules may be lower than in cases where technologies other than AI are involved in causing damage. Such compensation gaps may contribute to a lower level of societal acceptance of AI and trust in AI-enabled products and services.

(5)To reap the economic and societal benefits of AI and promote the transition to the digital economy, it is necessary to adapt in a targeted manner certain national civil liability rules to those specific characteristics of certain AI systems. Such adaptations should contribute to societal and consumer trust and thereby promote the roll-out of AI. Such adaptations should also maintain trust in the judicial system, by ensuring that victims of damage caused with the involvement of AI have the same effective compensation as victims of damage caused by other technologies.

(6)Interested stakeholders – injured persons suffering damage, potentially liable persons, insurers – face legal uncertainty as to how national courts, when confronted with the specific challenges of AI, might apply the existing liability rules in individual cases in order to achieve just results. In the absence of Union action, at least some Member States are likely to adapt their civil liability rules to address compensation gaps and legal uncertainty linked to the specific characteristics of certain AI systems. This would create legal fragmentation and internal market barriers for businesses that develop or provide innovative AI-enabled products or services. Small and medium-sized enterprises would be particularly affected.

(7)The purpose of this Directive is to contribute to the proper functioning of the internal market by harmonising certain national non-contractual fault-based liability rules, so as to ensure that persons claiming compensation for damage caused to them by an AI system enjoy a level of protection equivalent to that enjoyed by persons claiming compensation for damage caused without the involvement of an AI system. This objective cannot be sufficiently achieved by the Member States because the relevant internal market obstacles are linked to the risk of unilateral and fragmented regulatory measures at national level. Given the digital nature of the products and services falling within the scope of this Directive, the latter is particularly relevant in a cross-border context.

(8)The objective of ensuring legal certainty and preventing compensation gaps in cases where AI systems are involved can thus be better achieved at Union level. Therefore, the Union may adopt measures in accordance with the principle of subsidiarity as set out in Article 5 TEU. In accordance with the principle of proportionality as set out in that Article, this Directive does not go beyond what is necessary in order to achieve that objective.

(9)It is therefore necessary to harmonise in a targeted manner specific aspects of fault-based liability rules at Union level. Such harmonisation should increase legal certainty and create a level playing field for AI systems, thereby improving the functioning of the internal market as regards the production and dissemination of AI-enabled products and services.

(10)To ensure proportionality, it is appropriate to harmonise in a targeted manner only those fault-based liability rules that govern the burden of proof for persons claiming compensation for damage caused by AI systems. This Directive should not harmonise general aspects of civil liability which are regulated in different ways by national civil liability rules, such as the definition of fault or causality, the different types of damage that give rise to claims for damages, the distribution of liability over multiple tortfeasors, contributory conduct, the calculation of damages or limitation periods.

(11)The laws of the Member States concerning the liability of producers for damage caused by the defectiveness of their products are already harmonised at Union level by Council Directive 85/374/EEC 35 . Those laws do not, however, affect Member States’ rules of contractual or non-contractual liability, such as warranty, fault or strict liability, based on other grounds than the defect of the product. While at the same time the revision of Council Directive 85/374/EEC seeks to clarify and ensure that injured person can claim compensation for damages caused by defective AI-enabled products, it should therefore be clarified that the provisions of this Directive do not affect any rights which an injured person may have under national rules implementing Directive 85/374/EEC. In addition, in the field of transport, Union law regulating the liability of transport operators should remain unaffected by this Directive. 

(12)[The Digital Services Act (DSA) 36 ] fully harmonises the rules applicable to providers of intermediary services in the internal market, covering the societal risks stemming from the services offered by those providers, including as regards the AI systems they use. This Directive does not affect the provisions of [the Digital Services Act (DSA)] that provide a comprehensive and fully harmonised framework for due diligence obligations for algorithmic decision-making by hosting service providers, including the exemption from liability for the dissemination of illegal content uploaded by recipients of their services where the conditions of that Regulation are met.

(13)Other than in respect of the presumptions it lays down, this Directive does not harmonise national laws regarding which party has the burden of proof or which degree of certainty is required as regards the standard of proof. 

(14)This Directive should follow a minimum harmonisation approach. Such an approach allows claimants in cases of damage caused by AI systems to invoke more favourable rules of national law. Thus, national laws could, for example, maintain reversals of the burden of proof under national fault-based regimes, or national no-fault liability (referred to as ‘strict liability’) regimes of which there are already a large variety in national laws, possibly applying to damage caused by AI systems.

(15)Consistency with [the AI Act] should also be ensured. It is therefore appropriate for this Directive to use the same definitions in respect of AI systems, providers and users. In addition, this Directive should only cover claims for damages when the damage is caused by an output or the failure to produce an output by an AI system through the fault of a person, for example the provider or the user under [the AI Act]. There is no need to cover liability claims when the damage is caused by a human assessment followed by a human act or omission, while the AI system only provided information or advice which was taken into account by the relevant human actor. In the latter case, it is possible to trace back the damage to a human act or omission, as the AI system output is not interposed between the human act or omission and the damage, and thereby establishing causality is not more difficult than in situations where an AI system is not involved.

(16)Access to information about specific high-risk AI systems that are suspected of having caused damage is an important factor to ascertain whether to claim compensation and to substantiate claims for compensation. Moreover, for high risk AI systems, [the AI Act] provides for specific documentation, information and logging requirements, but does not provide a right to the injured person to access that information. It is therefore appropriate to lay down rules on the disclosure of relevant evidence by those that have it at their disposal, for the purposes of establishing liability. This should also provide an additional incentive to comply with the relevant requirements laid down in [the AI Act] to document or record the relevant information.

(17)The large number of people usually involved in the design, development, deployment and operation of high-risk AI systems, makes it difficult for injured persons to identify the person potentially liable for damage caused and to prove the conditions for a claim for damages. To allow injured persons to ascertain whether a claim for damages is well-founded, it is appropriate to grant potential claimants a right to request a court to order the disclosure of relevant evidence before submitting a claim for damages. Such disclosure should only be ordered where the potential claimant presents facts and information sufficient to support the plausibility of a claim for damages and it has made a prior request to the provider, the person subject to the obligations of a provider or the user to disclose such evidence at their disposal about specific high-risk AI systems that are suspected of having caused damage which has been refused. Ordering disclosure should lead to a reduction of unnecessary litigation and avoid costs for the possible litigants caused by claims which are unjustified or likely to be unsuccessful. The refusal of the provider, the person subject to the obligations of a provider or the user prior to the request to the court to disclose evidence should not trigger the presumption of non-compliance with relevant duties of care by the person who refuses such disclosure.

(18)The limitation of disclosure of evidence as regards high-risk AI systems is consistent with [the AI Act], which provides certain specific documentation, record keeping and information obligations for operators involved in the design, development and deployment of high-risk AI systems. Such consistency also ensures the necessary proportionality by avoiding that operators of AI systems posing lower or no risk would be expected to document information to a level similar to that required for high-risk AI systems under [the AI Act]. 

(19)National courts should be able, in the course of civil proceedings, to order the disclosure or preservation of relevant evidence related to the damage caused by high-risk AI systems from persons who are already under an obligation to document or record information pursuant to [the AI Act], be they providers, persons under the same obligations as providers, or users of an AI system, either as defendants or third parties to the claim. There could be situations where the evidence relevant for the case is held by entities that would not be parties to the claim for damages but which are under an obligation to document or record such evidence pursuant to [the AI Act]. It is thus necessary to provide for the conditions under which such third parties to the claim can be ordered to disclose the relevant evidence.

(20)To maintain the balance between the interests of the parties involved in the claim for damages and of third parties concerned, the courts should order the disclosure of evidence only where this is necessary and proportionate for supporting the claim or potential claim for damages. In this respect, disclosure should only concern evidence that is necessary for a decision on the respective claim for damages, for example only the parts of the relevant records or data sets required to prove non-compliance with a requirement laid down by [the AI Act]. To ensure the proportionality of such disclosure or preservation measures, national courts should have effective means to safeguard the legitimate interests of all parties involved, for instance the protection of trade secrets within the meaning of Directive (EU) 2016/943 of the European Parliament and of the Council 37 and of confidential information, such as information related to public or national security. In respect of trade secrets or alleged trade secrets which the court has identified as confidential within the meaning of Directive (EU) 2016/943, national courts should be empowered to take specific measures to ensure the confidentiality of trade secrets during and after the proceedings, while achieving a fair and proportionate balance between the trade-secret holder's interest in maintaining secrecy and the interest of the injured person. This should include measures to restrict access to documents containing trade secrets and access to hearings or documents and transcripts thereof to a limited number of people. When deciding on such measures, national courts should take into account the need to ensure the right to an effective remedy and to a fair trial, the legitimate interests of the parties and, where appropriate, of third parties, and any potential harm to either party or, where appropriate, to third parties, resulting from the granting or rejection of such measures. Moreover, to ensure a proportionate application of a disclosure measure towards third parties in claims for damages, the national courts should order disclosure from third parties only if the evidence cannot be obtained from the defendant.

(21)While national courts have the means of enforcing their orders for disclosure through various measures, any such enforcement measures could delay claims for damages and thus potentially create additional expenses for the litigants. For injured persons, such delays and additional expenses may make their recourse to an effective judicial remedy more difficult. Therefore, where a defendant in a claim for damages fails to disclose evidence at its disposal ordered by a court, it is appropriate to lay down a presumption of non-compliance with those duties of care which that evidence was intended to prove. This rebuttable presumption will reduce the duration of litigation and facilitate more efficient court proceedings. The defendant should be able to rebut that presumption by submitting evidence to the contrary. 

(22)In order to address the difficulties to prove that a specific input for which the potentially liable person is responsible had caused a specific AI system output that led to the damage at stake, it is appropriate to provide, under certain conditions, for a presumption of causality. While in a fault-based claim the claimant usually has to prove the damage, the human act or omission constituting fault of the defendant and the causality link between the two, this Directive does not harmonise the conditions under which national courts establish fault. They remain governed by the applicable national law and, where harmonised, by applicable Union law. Similarly, this Directive does not harmonise the conditions related to the damage, for instance what damages are compensable, which are also regulated by applicable national and Union law. For the presumption of causality under this Directive to apply, the fault of the defendant should be established as a human act or omission which does not meet a duty of care under Union law or national law that is directly intended to protect against the damage that occurred. Thus, this presumption can apply, for example, in a claim for damages for physical injury when the court establishes the fault of the defendant for non-complying with the instructions of use which are meant to prevent harm to natural persons. Non-compliance with duties of care that were not directly intended to protect against the damage that occurred do not lead to the application of the presumption, for example a provider’s failure to file required documentation with competent authorities would not lead to the application of the presumption in claims for damages due to physical injury. It should also be necessary to establish that it can be considered reasonably likely, based on the circumstances of the case, that the fault has influenced the output produced by the AI system or the failure of the AI system to produce an output. Finally, the claimant should still be required to prove that the output or failure to produce an output gave rise to the damage.

(23)Such a fault can be established in respect of non-compliance with Union rules which specifically regulate high-risk AI systems like the requirements introduced for certain high-risk AI systems by [the AI Act], requirements which may be introduced by future sectoral legislation for other high-risk AI systems according to [Article 2(2) of the AI Act], or duties of care which are linked to certain activities and which are applicable irrespective whether AI is used for that activity. At the same time, this Directive neither creates nor harmonises the requirements or the liability of entities whose activity is regulated under those legal acts, and therefore does not create new liability claims. Establishing a breach of such a requirement that amounts to fault will be done according to the provisions of those applicable rules of Union Law, since this Directive neither introduces new requirements nor affects existing requirements. For example, the exemption of liability for providers of intermediary services and the due diligence obligations to which they are subject pursuant to [the Digital Services Act] are not affected by this Directive. Similarly, the compliance with requirements imposed on online platforms to avoid unauthorised communication to the public of copyright protected works is to be established under Directive (EU) 2019/790 on copyright and related rights in the Digital Single Market and other relevant Union copyright law

(24)In areas not harmonised by Union law, national law continues to apply and fault is established under the applicable national law. All national liability regimes have duties of care, taking as a standard of conduct different expressions of the principle how a reasonable person should act, which also ensure the safe operation of AI systems in order to prevent damage to recognised legal interests. Such duties of care could for instance require users of AI systems to choose for certain tasks a particular AI system with concrete characteristics or to exclude certain segments of a population from being exposed to a particular AI system. National law can also introduce specific obligations meant to prevent risks for certain activities, which are applicable irrespective whether AI is used for that activity, for example traffic rules or obligations specifically designed for AI systems, such as additional national requirements for users of high-risk AI systems pursuant to Article 29 (2) of [the AI Act]. This Directive neither introduces such requirements nor affects the conditions for establishing fault in case of breach of such requirements.

(25)Even when fault consisting of a non-compliance with a duty of care directly intended to protect against the damage that occurred is established, not every fault should lead to the application of the rebuttable presumption linking it to the output of the AI. Such a presumption should only apply when it can be considered reasonably likely, from the circumstances in which the damage occurred, that such fault has influenced the output produced by the AI system or the failure of the AI system to produce an output that gave rise to the damage. It can be for example considered reasonably likely that the fault has influenced the output or failure to produce an output, when that fault consists in breaching a duty of care in respect of limiting the perimeter of operation of the AI system and the damage occurred outside the perimeter of operation. On the contrary, a breach of a requirement to file certain documents or to register with a given authority, even though this might be foreseen for that particular activity or even be applicable expressly to the operation of an AI system, could not be considered as reasonably likely to have influenced the output produced by the AI system or the failure of the AI system to produce an output.

(26)This Directive covers the fault constituting non-compliance with certain listed requirements laid down in Chapters 2 and 3 of [the AI Act] for providers and users of high-risk AI systems, the non-compliance with which can lead, under certain conditions, to a presumption of causality. The AI Act provides for full harmonisation of requirements for AI systems, unless otherwise explicitly laid down therein. It harmonises the specific requirements for high-risk AI systems. Hence, for the purposes of claims for damages in which a presumption of causality according to this Directive is applied, the potential fault of providers or persons subject to the obligations of a provider pursuant to [the AI Act] is established only through a non-compliance with such requirements. Given that in practice it may be difficult for the claimant to prove such non-compliance when the defendant is a provider of the AI system, and in full consistency with the logic of [the AI Act], this Directive should also provide that the steps undertaken by the provider within the risk management system and the results of the risk management system, i.e. the decision to adopt or not to adopt certain risk management measures, should be taken into account in the determination of whether the provider has complied with the relevant requirements under the AI Act referred to in this Directive. The risk management system put in place by the provider pursuant to [the AI Act] is a continuous iterative process run throughout the lifecycle of the high-risk AI system, whereby the provider ensures compliance with mandatory requirements meant to mitigate risks and can, therefore, be a useful element for the purpose of the assessment of this compliance. This Directive also covers the cases of users’ fault, when this fault consists in non-compliance with certain specific requirements set by [the AI Act]. In addition, the fault of users of high-risk AI systems may be established following non-compliance with other duties of care laid down in Union or national law, in light of Article 29 (2) of [the AI Act].

(27)While the specific characteristics of certain AI systems, like autonomy and opacity, could make it excessively difficult for the claimant to meet the burden of proof, there could be situations where such difficulties do not exist because there could be sufficient evidence and expertise available to the complainant to prove the causal link. This could be the case, for example, in respect of high-risk AI systems where the claimant could reasonably access sufficient evidence and expertise through documentation and logging requirements pursuant to [the AI Act]. In such situations, the court should not apply the presumption.

(28)The presumption of causality could also apply to AI systems that are not high-risk AI systems because there could be excessive difficulties of proof for the claimant. For example, such difficulties could be assessed in light of the characteristics of certain AI systems, such as autonomy and opacity, which render the explanation of the inner functioning of the AI system very difficult in practice, negatively affecting the ability of the claimant to prove the causal link between the fault of the defendant and the AI output. A national court should apply the presumption where the claimant is in an excessively difficult position to prove causation, since it is required to explain how the AI system was led by the human act or omission that constitutes fault to produce the output or the failure to produce an output which gave rise to the damage. However, the claimant should neither be required to explain the characteristics of the AI system concerned nor how these characteristics make it harder to establish the causal link.

(29)The application of the presumption of causality is meant to ensure for the injured person a similar level of protection as for situations where AI is not involved and where causality may therefore be easier to prove. Nevertheless, alleviating the burden of proving causation is not always appropriate under this Directive where the defendant is not a professional user but rather a person using the AI system for its private activities. In such circumstances, in order to balance interests between the injured person and the non-professional user, it needs to be taken into account whether such non-professional users can add to the risk of an AI system causing damage through their behaviour. If the provider of an AI system has complied with all its obligations and, in consequence, that system was deemed sufficiently safe to be put on the market for a given use by non-professional users and it is then used for that task, a presumption of causality should not apply for the simple launch of the operation of such a system by such non-professional users. A non-professional user that buys an AI system and simply launches it according to its purpose, without interfering materially with the conditions of operations, should not be covered by the causality presumption laid down by this Directive. However, if a national court determines that a non-professional user materially interfered with the conditions of operation of an AI system or was required and able to determine the conditions of operation of the AI system and failed to do so, then the presumption of causality should apply, where all the other conditions are fulfilled. This could be the case, for example, when the non-professional user does not comply with the instructions of use or with other applicable duties of care when choosing the area of operation or when setting performance conditions of the AI system. This is without prejudice to the fact that the provider should determine the intended purpose of an AI system, including the specific context and conditions of use, and eliminate or minimise the risks of that system as appropriate at the time of the design and development, taking into account the knowledge and expertise of the intended user.

(30)Since this Directive introduces a rebuttable presumption, the defendant should be able to rebut it, in particular by showing that its fault could not have caused the damage.

(31)It is necessary to provide for a review of this Directive [five years] after the end of the transposition period. In particular, that review should examine whether there is a need to create no-fault liability rules for claims against the operator, as long as not already covered by other Union liability rules in particular Directive 85/374/EEC, combined with a mandatory insurance for the operation of certain AI systems, as suggested by the European Parliament. 38 In accordance with the principle of proportionality, it is appropriate to assess such a need in the light of relevant technological and regulatory developments in the coming years, taking into account the effect and impact on the roll-out and uptake of AI systems, especially for SMEs. Such a review should consider, among others, risks involving damage to important legal values like life, health and property of unwitting third parties through the operation of AI-enabled products or services. That review should also analyse the effectiveness of the measures provided for in this Directive in dealing with such risks, as well as the development of appropriate solutions by the insurance market. To ensure the availability of the information necessary to conduct such a review, it is necessary to collect data and other necessary evidence covering the relevant matters.

(32)Given the need to make adaptations to national civil liability and procedural rules to foster the rolling-out of AI-enabled products and services under beneficial internal market conditions, societal acceptance and consumer trust in AI technology and the justice system, it is appropriate to set a deadline of not later than [two years after the entry into force] of this Directive for Member States to adopt the necessary transposition measures.

(33)In accordance with the Joint Political Declaration of 28 September 2011 of Member States and the Commission on explanatory documents 39 , Member States have undertaken to accompany, in justified cases, the notification of their transposition measures with one or more documents explaining the relationship between the components of a directive and the corresponding parts of national transposition instruments. With regard to this Directive, the legislator considers the transmission of such documents to be justified,

HAVE ADOPTED THIS DIRECTIVE:

Article 1

Subject matter and scope

1.This Directive lays down common rules on:

(a)the disclosure of evidence on high-risk artificial intelligence (AI) systems to enable a claimant to substantiate a non-contractual fault-based civil law claim for damages;

(b)the burden of proof in the case of non-contractual fault-based civil law claims brought before national courts for damages caused by an AI system.

2.This Directive applies to non-contractual fault-based civil law claims for damages, in cases where the damage caused by an AI system occurs after [the end of the transposition period].  

This Directive does not apply to criminal liability.

3.This Directive shall not affect:

(a)rules of Union law regulating conditions of liability in the field of transport;

(b)any rights which an injured person may have under national rules implementing Directive 85/374/EEC;

(c)the exemptions from liability and the due diligence obligations as laid down in [the Digital Services Act] and

(d)national rules determining which party has the burden of proof, which degree of certainty is required as regards the standard of proof, or how fault is defined, other than in respect of what is provided for in Articles 3 and 4.

4.Member States may adopt or maintain national rules that are more favourable for claimants to substantiate a non-contractual civil law claim for damages caused by an AI system, provided such rules are compatible with Union law.

Article 2

Definitions

For the purposes of this Directive, the following definitions shall apply:

(1)‘AI system’ means an AI system as defined in [Article 3 (1) of the AI Act];

(2)‘high-risk AI system’ means an AI system referred to in [Article 6 of the AI Act];

(3)‘provider’ means a provider as defined in [Article 3 (2) of the AI Act];

(4)‘user’ means a user as defined in [Article 3 (4) of the AI Act];

(5)‘claim for damages’ means a non-contractual fault-based civil law claim for compensation of the damage caused by an output of an AI system or the failure of such a system to produce an output where such an output should have been produced;

(6)‘claimant’ means a person bringing a claim for damages that:

(a)has been injured by an output of an AI system or by the failure of such a system to produce an output where such an output should have been produced;

(b) has succeeded to or has been subrogated to the right of an injured person by virtue of law or contract; or

(c)is acting on behalf of one or more injured persons, in accordance with Union or national law.

(7)    ‘potential claimant’ means a natural or legal person who is considering but has not yet brought a claim for damages;

(8)    ‘defendant’ means the person against whom a claim for damages is brought;

(9)    ‘duty of care’ means a required standard of conduct, set by national or Union law, in order to avoid damage to legal interests recognised at national or Union law level, including life, physical integrity, property and the protection of fundamental rights.

Article 3

Disclosure of evidence and rebuttable presumption of non-compliance

 

1.Member States shall ensure that national courts are empowered, either upon the request of a potential claimant who has previously asked a provider, a person subject to the obligations of a provider pursuant to [Article 24 or Article 28(1) of the AI Act] or a user to disclose relevant evidence at its disposal about a specific high-risk AI system that is suspected of having caused damage, but was refused, or a claimant, to order the disclosure of such evidence from those persons.

In support of that request, the potential claimant must present facts and evidence sufficient to support the plausibility of a claim for damages

2.In the context of a claim for damages, the national court shall only order the disclosure of the evidence by one of the persons listed in paragraph 1, if the claimant has undertaken all proportionate attempts at gathering the relevant evidence from the defendant.

3.Member States shall ensure that national courts, upon the request of a claimant, are empowered to order specific measures to preserve the evidence mentioned in paragraph 1.

4.National courts shall limit the disclosure of evidence to that which is necessary and proportionate to support a potential claim or a claim for damages and the preservation to that which is necessary and proportionate to support such a claim for damages.

In determining whether an order for the disclosure or preservation of evidence is proportionate, national courts shall consider the legitimate interests of all parties, including third parties concerned, in particular in relation to the protection of trade secrets within the meaning of Article 2(1) of Directive (EU) 2016/943 and of confidential information, such as information related to public or national security.

Member States shall ensure that, where the disclosure of a trade secret or alleged trade secret which the court has identified as confidential within the meaning of Article 9(1) of Directive (EU) 2016/943 is ordered, national courts are empowered, upon a duly reasoned request of a party or on their own initiative, to take specific measures necessary to preserve confidentiality when that evidence is used or referred to in legal proceedings.

Member States shall also ensure that the person ordered to disclose or to preserve the evidence mentioned in paragraphs 1 or 2 has appropriate procedural remedies in response to such orders.

5.Where a defendant fails to comply with an order by a national court in a claim for damages to disclose or to preserve evidence at its disposal pursuant to paragraphs 1 or 2, a national court shall presume the defendant’s non-compliance with a relevant duty of care, in particular in the circumstances referred to in Article 4(2) or (3), that the evidence requested was intended to prove for the purposes of the relevant claim for damages.

The defendant shall have the right to rebut that presumption.

Article 4

Rebuttable presumption of a causal link in the case of fault

1.Subject to the requirements laid down in this Article, national courts shall presume, for the purposes of applying liability rules to a claim for damages, the causal link between the fault of the defendant and the output produced by the AI system or the failure of the AI system to produce an output, where all of the following conditions are met:

(a) the claimant has demonstrated or the court has presumed pursuant to Article 3(5), the fault of the defendant, or of a person for whose behaviour the defendant is responsible, consisting in the non-compliance with a duty of care laid down in Union or national law directly intended to protect against the damage that occurred;

(b)it can be considered reasonably likely, based on the circumstances of the case, that the fault has influenced the output produced by the AI system or the failure of the AI system to produce an output;  

(c)the claimant has demonstrated that the output produced by the AI system or the failure of the AI system to produce an output gave rise to the damage.

2.In the case of a claim for damages against a provider of a high-risk AI system subject to the requirements laid down in chapters 2 and 3 of Title III of [the AI Act] or a person subject to the provider’s obligations pursuant to [Article 24 or Article 28(1) of the AI Act], the condition of paragraph 1 letter (a) shall be met only where the complainant has demonstrated that the provider or, where relevant, the person subject to the provider’s obligations, failed to comply with any of the following requirements laid down in those chapters, taking into account the steps undertaken in and the results of the risk management system pursuant to [Article 9 and Article 16 point (a) of the AI Act]:

(a) the AI system is a system which makes use of techniques involving the training of models with data and which was not developed on the basis of training, validation and testing data sets that meet the quality criteria referred to in [Article 10(2) to (4) of the AI Act];

(b) the AI system was not designed and developed in a way that meets the transparency requirements laid down in [Article 13 of the AI Act];

(c)the AI system was not designed and developed in a way that allows for an effective oversight by natural persons during the period in which the AI system is in use pursuant to [Article 14 of the AI Act];

(d)the AI system was not designed and developed so as to achieve, in the light of its intended purpose, an appropriate level of accuracy, robustness and cybersecurity pursuant to [Article 15 and Article 16, point (a), of the AI Act]; or

(e)the necessary corrective actions were not immediately taken to bring the AI system in conformity with the obligations laid down in [Title III, Chapter 2 of the AI Act] or to withdraw or recall the system, as appropriate, pursuant to [Article 16, point (g), and Article 21 of the AI Act].

3.In the case of a claim for damages against a user of a high-risk AI system subject to the requirements laid down in chapters 2 and 3 of Title III of [the AI Act], the condition of paragraph 1 letter (a) shall be met where the claimant proves that the user:

(a)did not comply with its obligations to use or monitor the AI system in accordance with the accompanying instructions of use or, where appropriate, suspend or interrupt its use pursuant to [Article 29 of the AI Act]; or

(b)exposed the AI system to input data under its control which is not relevant in view of the system’s intended purpose pursuant to [Article 29(3) of the Act].

4.In the case of a claim for damages concerning a high-risk AI system, a national court shall not apply the presumption laid down in paragraph 1 where the defendant demonstrates that sufficient evidence and expertise is reasonably accessible for the claimant to prove the causal link mentioned in paragraph 1.

5.In the case of a claim for damages concerning an AI system that is not a high-risk AI system, the presumption laid down in paragraph 1 shall only apply where the national court considers it excessively difficult for the claimant to prove the causal link mentioned in paragraph 1.

6.In the case of a claim for damages against a defendant who used the AI system in the course of a personal, non-professional activity, the presumption laid down in paragraph 1 shall apply only where the defendant materially interfered with the conditions of the operation of the AI system or if the defendant was required and able to determine the conditions of operation of the AI system and failed to do so.

7.The defendant shall have the right to rebut the presumption laid down in paragraph 1.

Article 5

Evaluation and targeted review

1.By [DATE five years after the end of the transposition period], the Commission shall review the application of this Directive and present a report to the European Parliament, to the Council and to the European Economic and Social Committee, accompanied, where appropriate, by a legislative proposal.

2.The report shall examine the effects of Articles 3 and 4 on achieving the objectives pursued by this Directive. In particular, it should evaluate the appropriateness of no-fault liability rules for claims against the operators of certain AI systems, as long as not already covered by other Union liability rules, and the need for insurance coverage, while taking into account the effect and impact on the roll-out and uptake of AI systems, especially for SMEs.

3.The Commission shall establish a monitoring programme for preparing the report pursuant to paragraphs 1 and 2, setting out how and at what intervals the data and other necessary evidence will be collected. The programme shall specify the action to be taken by the Commission and by the Member States in collecting and analysing the data and other evidence. For the purposes of that programme, Member States communicate the relevant data and evidence to the Commission, by [31 December of the second full year following the end of the transposition period] and by the end of each subsequent year.

Article 6

Amendment to Directive (EU) 2020/1828

In Annex I to Directive (EU) 2020/1828 40 , the following point (67) is added:

"(67) Directive (EU) …/… of the European Parliament and of the Council of … on adapting non contractual civil liability rules to artificial intelligence (AI Liability Directive) (OJ L …, …, p. …).".

Article 7

Transposition

1.Member States shall bring into force the laws, regulations and administrative provisions necessary to comply with this Directive by [two years after the entry into force] at the latest. They shall forthwith communicate to the Commission the text of those provisions.

When Member States adopt those provisions, they shall contain a reference to this Directive or be accompanied by such a reference on the occasion of their official publication. Member States shall determine how such reference is to be made.

2.Member States shall communicate to the Commission the text of the main provisions of national law which they adopt in the field covered by this Directive.

Article 8

Entry into force

This Directive shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.

Article 9

Addressees

This Directive is addressed to the Member States.

Done at Brussels,

For the European Parliament    For the Council

The President     The President 

(1)    European enterprise survey on the use of technologies based on AI, Ipsos 2020, Final report p. 58
(
https://op.europa.eu/en/publication-detail/-/publication/f089bbae-f0b0-11ea-991b-01aa75ed71a1 )
(2)      https://ec.europa.eu/commission/sites/beta-political/files/political-guidelines-next-commission_en.pdf
(3)    White Paper On Artificial Intelligence – A European approach to excellence and trust, 19.2.2020, COM(2020) 65 final
(4)    Report from the Commission to the European Parliament, the Council and the Economic and Social Committee on the safety and liability implications of artificial intelligence, the internet of things and robotics, 19.2.2020, COM(2020) 64 final
(5)    European Parliament resolution of 20 October 2020 with recommendations to the Commission on a civil liability regime for artificial intelligence (2020/2014(INL))
(6)    European Parliament resolution of 3 May 2022 on artificial intelligence in a digital age (2020/2266(INI)) 
(7)    Proposal for a Regulation of the European Parliament and of the Council laying down harmonised rules on artificial intelligence (Artificial Intelligence Act) (COM(2021 206 final).
(8)    Only a small number of AI use-cases are expressly prohibited by the AI Act.
(9)    Commission SWD(2021) 84 final, Impact assessment accompanying the Artificial Intelligence Act, p. 88.
(10)    Proposal for a Regulation of the European Parliament and of the Council on general product safety (COM/2021/346 final).
(11)    Proposal for a Regulation of the European Parliament and of the Council on machinery products (COM(2021) 202 final).
(12)    Commission Delegated Regulation (EU) 2022/30 supplementing Directive 2014/53/EU of the European Parliament and of the Council with regard to the application of the essential requirements referred to in Article 3(3), points (d), (e) and (f), of that Directive (OJ L 7, 12.1.2022, p. 6).
(13)    Communication from the Commission, Shaping Europe's Digital Future, COM/2020/67 final.
(14)    Proposal for a Regulation of the European Parliament and of the Council on horizontal cybersecurity requirements for products with digital elements - COM(2022) 454 final
(15)    Commission Communication, A European strategy for data COM/2020/66 final.
(16)    Communication from the Commission to the European Parliament, the European Council, the Council, the European economic and social committee and the Committee of the Regions, the European Green Deal (COM(2019) 640 final).
(17)    Deloitte, Study to support the Commission’s IA on liability for artificial intelligence, 2021 (‘economic study’).
(18)    National Artificial Intelligence Strategy of the Czech Republic, 2019: https://www.mpo.cz/assets/en/guidepost/for-the-media/press-releases/2019/5/NAIS_eng_web.pdf ; AI Watch, ‘National strategies on Artificial Intelligence – A European perspective’, 2021 edition – a JRC-OECD report: https://op.europa.eu/en/publication-detail/-/publication/619fd0b5-d3ca-11eb-895a-01aa75ed71a1 , p. 41.
(19)    2025 Strategia per l’innovazione tecnologica e la digitalizzazione del Paese: https://assets.innovazione.gov.it/1610546390-midbook2025.pdf ;.
(20)    Deloitte, Study to support the Commission’s IA on liability for artificial intelligence, 2021, p. 96.
(21)    See Polityka Rozwoju Sztucznej. Inteligencji w Polsce na lata 2019 – 2027 (Policy for the Development of Artificial Intelligence in Poland for 2019-2027) ( www.gov.pl/attachment/0aa51cd5-b934-4bcb-8660-bfecb20ea2a9 ), 102-3.
(22)    AI Portugal 2030: https://www.incode2030.gov.pt/sites/default/files/julho_incode_brochura.pdf ; AI Watch, op. cit., p. 113.
(23)    Primarily strict liability, reversal of the burden of proof or alleviations of the burden of proof in the form of irrebuttable or rebuttable presumptions.
(24)    To be found at < https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/12979-Civil-liability-adapting-liability-rules-to-the-digital-age-and-artificial-intelligence/public-consultation_en >
(25)    Liability for artificial intelligence and other emerging digital technologies, November 2019, https://op.europa.eu/en/publication-detail/-/publication/1c5e30be-1197-11ea-8c1f-01aa75ed71a1/language-en  
(26)    Karner/Koch/Geistfeld, Comparative Law Study on Civil Liability for Artificial Intelligence, 2021, https://op.europa.eu/en/publication-detail/-/publication/8a32ccc3-0f83-11ec-9151-01aa75ed71a1/language-en .
(27)    Kantar, Behavioural Study on the link between challenges of Artificial Intelligence for Member States’ civil liability rules and consumer attitudes towards AI-enabled products and services, Final Report 2021.
(28)    Deloitte, Study to support the Commission’s Impact Assessment on liability for artificial intelligence, 2021.
(29)    OJ C , , p. .
(30)    OJ C , , p. .
(31)    [Proposal for a Regulation laying down harmonised rules on artificial intelligence (Artificial Intelligence Act) - COM(2021) 206 final]
(32)    [Proposal for a Regulation of the European Parliament and of the Council on general product safety (COM(2021) 346 final)]
(33)    [Proposal for a Regulation of the European Parliament and of the Council on machinery products (COM(2021) 202 final)]
(34)    Commission Delegated Regulation (EU) 2022/30 supplementing Directive 2014/53/EU of the European Parliament and of the Council with regard to the application of the essential requirements referred to in Article 3(3), points (d), (e) and (f), of that Directive (OJ L 7, 12.1.2022, p. 6)
(35)    Council Directive 85/374/EEC of 25 July 1985 on the approximation of the laws, regulations and administrative provisions of the Member States concerning liability for defective products (OJ L 210, 7.8.1985, p. 29).
(36)    [Proposal for a Regulation of the European Parliament and of the Council on a Single Market For Digital Services (Digital Services Act) - COM(2020) 825 final]
(37)    Directive (EU) 2016/943 of the European Parliament and of the Council of 8 June 2016 on the protection of undisclosed know-how and business information (trade secrets) against their unlawful acquisition, use and disclosure (OJ L 157, 15.6.2016, p. 1).
(38)    European Parliament resolution of 20 October 2020 with recommendations to the Commission on a civil liability regime for artificial intelligence (2020/2014(INL)) - OJ C 404, 6.10.2021, p. 107.
(39)    OJ C 369, 17.12.2011, p. 14.
(40)    Directive (EU) 2020/1828 of the European Parliament and of the Council of 25 November 2020 on representative actions for the protection of the collective interests of consumers and repealing Directive 2009/22/EC (OJ L 409, 4.12.2020, p. 1).
Top