Planned guidelines regarding "AI liability" - cause for contractual regulations?

The AI Act ("KI-VO") regulates (among other things) the requirements for AI systems. They should be safe, transparent, comprehensible, non-discriminatory and environmentally friendly.

But what happens if AI systems violate these requirements and cause damage? Unlawful behaviour is naturally difficult to attribute to AI systems ("black box" effect). In addition, if no human error (e.g., in the context of selection, "training", monitoring or use of the AI system) can be established, but rather a breach of duty of care by "the AI itself" (programme-related failure), the predominant view is that AI misconduct cannot be attributed.

The existing uncertainties and asymmetries with regard to liability in the use of AI systems are intended to be reduced by two new European legal acts accompanying the AI Act: The AI Liability Directive (draft) and an amended Product Liability Directive (draft). In future, there will be changes in tort law (German) and product liability law (German) in particular.

The AI Liability Directive aims to help injured parties by facilitation of proof in the form of a presumption of causality and disclosure claims.

Injured parties shall be relieved of causality issues when asserting claims for damages. Under certain conditions, there is to be a rebuttable presumption in future that there is a causal link between fault about non-compliance with an obligation under the AI Act and the damage caused by the AI result.

If a certain high-risk AI system is suspected of having caused damage, the injured party shall get access to evidence about this AI system. If the opposing party does not cooperate in court, it shall be possible to enforce such disclosure claim in court.

The draft of an amended Product Liability Directive explicitly extends the scope of application of product liability law to software; in addition, the number of potential opponents of product liability claims shall be expanded.

The draft Product Liability Directive now explicitly clarifies that software and digital files are "products" within the scope of the Product Liability Directive. The debate as to whether software can be subsumed under the product concept of "movable property" is therefore no longer necessary.

Currently, only manufacturers, so-called quasi-manufacturers and EEA importers can be held liable for damages for defective products, regardless of fault. The draft of the Product Liability Directive extends the group of potential defendants to include authorised representatives of the manufacturer, fulfilment service providers (i.e., storage, packaging, and shipping service providers) and under strict conditions even retailers and operators of online marketplaces. This is to ensure that a liable party is available to the injured party even if the defective product causing the damage was purchased directly from a non-EU country and there is no (quasi) manufacturer or importer based in the EU.

In addition, companies that "substantially modify" a product outside the control of the original manufacturer within the meaning of product safety law will in future also be liable, regardless of fault, in the same way as a manufacturer if the modified product is defective and causes damage. In line with European product safety law, the substantial modification of a product that has already been put into service is thus treated in the same way as placing a new product on the market. Consequently, a new limitation period should also begin after the product has been significantly modified.

However, the draft directives only focus on non-contractual claims for damages. Contractual claims are therefore subject to the standard (evidence) rules, even after the directives have been implemented, unless the national legislators adopt "excessive" regulations. Anyone wishing to base a contractual claim for damages on "AI errors" will neither be supported by legal presumptions of causality nor by easier access to evidence.

Need for contractual regulations?

The final EU directives and the national implementation laws remain to be seen. It also remains to be seen how courts will apply the new regulations. For example, how will a court deal with a plaintiff who (also) bases his claim on (remote but allegedly) competing tort claims to obtain evidence relevant to him via the "tort-law" disclosure claim? Will the court examine how obvious tort claims are in the specific case and, in case of doubt, reject a duty of disclosure? Or will the court e.g., by "assumimg" a secondary burden of presentation on part of the defendant somewhat provide for  "synchronisation" of the requirements for the assertion of contractual and tortious claims?

Anyone who does not want to leave the answer to these questions and thus the enforceability of any liability claim solely to the (future) decision of legislators and courts is advised to review the liability provisions in their (procurement) contracts for "AI resistance" today and adapt them if necessary.