The harsh reality of modern software development and delivery is that many organizations compromise on software quality to prioritize speed.
We’ve witnessed the disastrous consequences of poor quality assurance time after time. Last year’s $5.5bn CrowdStrike outage demonstrated just how crippling the effect that failing to prioritize testing can have. And with the European Union preparing to enforce its updated Product Liability Directive (PLD) in late 2026, there are many new rules and responsibilities that software makers need to be aware of in order to minimize any associated liability risks.
The PLD update introduces major changes for software producers that emphasize safety and accountability in the face of complex software systems. Designed to protect consumers in a world increasingly dependent on software, it means that software makers will automatically be responsible if their product has safety issues.
They will be on the hook for problems and defects that show up post-release, as well as issues caused by third-party add-ons and even changes made by AI that make the software unsafe. There is no need to prove negligence; the fact that the software caused harm is enough to hold them liable. In this new world, testing will play an even more critical role in identifying safety threats and taking preventative measures.
Head of UK & Ireland at Tricentis.
A broader liability net
Under the new directive, software producers will be held liable for safety defects leading to personal injury, property damage, or material loss, regardless of negligence or intent. This applies whether the software is embedded in hardware, provided as a cloud service, or installed on a device. Injured parties will have to demonstrate harm and a causal link to a defect but are not required to prove misconduct by the producer.
Liability isn’t just limited to software production, either. Post-release updates introduce an added layer of accountability, with defects emerging from authorized software updates, evolving AI behavior, or the failure to provide necessary security patches all representing areas of responsibility. An everyday example could be a GPS navigation app providing incorrect and potentially unsafe directions due to a faulty update. This type of error highlights how seemingly minor software updates, if left unchecked, can pose safety risks, reinforcing the need for rigorous testing and quality control in software development and maintenance.
Software providers are also responsible if third-party components have safety issues, so due diligence must be given to the integration of external elements. For example, if third-party software integrated by a medical device manufacturer for a heart rate monitor has a bug that causes inaccurate readings, patients could be misdiagnosed or not receive critical medical attention. Even though the defect originated in an external component, the heart rate monitor manufacturer could still be held accountable under the updated PLD. Thorough supplier oversight and integration testing are, therefore, key.
One further key inclusion to the update is liability for digital manufacturing files - software that provides instructions for automated production. If a faulty design file causes the production of unsafe physical products, the software provider could face legal consequences. These provisions emphasize the need for meticulous oversight in software deployment, updates, and integrations.
Steps to help minimize liability risks
With compliance taking full effect in December 2026, organizations have a critical window to align their processes and products with the new PLD requirements to minimize potential liability exposure. Software producers must prioritize safety at every stage of development and maintenance, acknowledging that an effective product is not necessarily a safe product.
They must go beyond functional testing to evaluate safety risks comprehensively. While testing for every foreseeable use and misuse scenario may not be feasible, they can continuously reassess and reprioritize risks based on current knowledge and emerging threats as their products evolve.
Implementing continuous safety-focused risk assessments and testing throughout the product lifecycle will be crucial in detecting and addressing potential hazards before they escalate. Designing software to perform safely even when users act negligently is essential, and incorporating diverse perspectives in development teams can help identify overlooked risks.
Conducting safety-related regression testing and benchmarking will help detect the introduction of unsafe behavior over time, while interactive, problem-seeking exploratory testing will be essential in uncovering previously unknown safety issues. Frequent safety assessments are also necessary to ensure that evolving software remains within safety parameters, particularly as AI-driven adaptations and post-release updates introduce new variables.
AI tools and machine learning systems must be continuously tested and monitored to detect and prevent unsafe behaviors evolving from learning processes. Safeguards and benchmarks should be in place to detect and correct these risks before they pose harm, with rapid response protocols developed to restore systems if safety is compromised.
Managing third-party components is another key consideration. Thorough integration testing and robust oversight of external software elements can reduce liability exposure. Establishing clear contractual agreements with third-party providers will help define safety responsibilities.
Ensuring effective updates and cybersecurity measures is also critical. Regular patches should enhance safety without introducing new vulnerabilities, and cybersecurity strategies must proactively counter emerging threats. Users should also be educated on the importance of updates to maintain security and compliance.
Last but not least, companies need to be prepared for regulatory scrutiny. Comprehensive documentation of safety measures and testing will be required to demonstrate compliance while balancing transparency with intellectual property protection.
Planning ahead
The EU’s updated Product Liability Directive signals a new era of accountability for software producers. The heightened focus on consumer protection demands proactive safety measures, thorough risk assessment, and continuous monitoring.
Software producers can mitigate liability risks and build trust in an increasingly software-driven world by prioritizing safety, reinforcing cybersecurity, and adopting rigorous testing methodologies. The evolving regulatory landscape underscores that software safety and accountability are no longer optional but an obligation that must be integrated into every stage of software development and deployment.
We've compiled a list of the best patch management software.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.