AI Liability EU Directive

The AI Liability Directive is a legislative proposal (COM(2022) 496 final) by the European Commission, designed to complement the EU AI Act. It aims to adapt non-contractual civil liability rules for damages caused by AI systems. Its core objective is to ensure victims of AI-related harm receive the same level of protection as those harmed by traditional products. The directive introduces two key mechanisms: a rebuttable 'presumption of causality,' which eases the victim's burden of proof under certain conditions, and a right to 'disclosure of evidence,' allowing courts to order providers of high-risk AI systems to release relevant data. In enterprise risk management, it acts as an ex-post regulation, compelling companies to implement robust AI governance frameworks, such as ISO/IEC 42001, to maintain comprehensive documentation and records throughout the AI lifecycle to defend against potential liability claims.

Enterprises can integrate the AI Liability Directive into their risk management practices through three key steps. First, conduct an AI system inventory and risk classification, aligning with the EU AI Act's risk tiers to focus resources on high-risk systems. Second, implement Explainable AI (XAI) and robust logging mechanisms from the design phase. This practice, consistent with the NIST AI Risk Management Framework (AI RMF), provides crucial evidence to rebut the 'presumption of causality' in litigation. Third, clearly define liability within the supply chain through contractual agreements and secure adequate AI-specific liability insurance. For instance, a global electronics manufacturer can require its AI algorithm suppliers to provide indemnification clauses and detailed technical documentation, effectively transferring a portion of the risk and ensuring a higher audit pass rate for its compliance controls.

Taiwanese enterprises face three primary challenges. First, the extraterritorial scope of the directive means any company placing AI-enabled products on the EU market must comply, yet many lack the necessary EU legal expertise. Second, there is a technical burden to meet the high standards for data logging and explainability, especially for complex 'black-box' models, which is necessary to produce evidence in legal disputes. Third, allocating liability is complex within multi-vendor AI supply chains, making it difficult to pinpoint responsibility when a failure occurs. To overcome these, firms should form a dedicated compliance task force, adopt a 'Trustworthy AI by Design' approach by embedding explainability tools, and enforce clear contractual liability and indemnification clauses with all AI component suppliers. A priority is to conduct a gap analysis against the directive's requirements within three months.

Winners Consulting specializes in AI Liability EU Directive for Taiwan enterprises, delivering compliant management systems within 90 days. Free consultation: https://winners.com.tw/contact