The CRA and the Product Liability Directive (PLD) are of a different nature and, while they complement each other, there is no legal overlap.
The PLD sets out liability rules for defective products so that injured persons can claim compensation when a damage has been caused by defective products. It establishes the principle that the manufacturer of a product is liable for damages caused by a defect in their product irrespective of fault or negligence (strict liability).
The defectiveness of the product is assessed based on whether the product provided the safety that one can expect, or that is required under Union or national law. The defectiveness must be assessed taking into consideration all circumstances, including cybersecurity requirements.
For example, the CRA provides for specific obligations for manufacturers regarding security updates for products with digital elements (Annex I).
Whilst the PLD does not impose any substantive obligation for manufacturers to update or upgrade the product, under the PLD the manufacturer remains liable for any defects introduced through an update or upgrade of the product after it has been placed on the market. Or, for any defects that arise after the product has been placed on the market due to the lack of an update or upgrade.
Disclaimer
Disclaimer: This document is prepared by the Commission services and should not be considered as representative of the European Commission’s official position. The replies to the FAQs do not extend in any way the rights and obligations deriving from applicable legislation nor introduce any additional requirement. The expressed views are not authoritative and cannot prejudge any future actions the European Commission may take, including potential positions before the Court of Justice of the European Union, which is competent to authoritatively interpret Union law.