Product Liability Directive 2024/2853 in Belgium

The law of 25 February 1991 on product liability, which transposes Directive 85/374/EEC of 1985 into Belgian law, will be replaced on 9 December 2026 by a new framework treating software and AI systems as products in the EU strict-liability sense. This article describes the consequences for a Belgian SMB whose AI tool causes harm to a natural person, or which itself places a digital product on the market from an establishment in Flanders, Brussels or Wallonia.

Belgian specifics worth knowing separately from the Dutch situation: the law of 25 February 1991 (BS 22 March 1991) sits separately from Book XVII of the Code of Economic Law. Book XVII governs the procedural aspects of consumer claims and the collective action that Test-Achats can bring on behalf of a group of victims. For product-liability cases specifically the action typically runs before the court of first instance or the business court, with the Gegevensbeschermingsautoriteit (GBA) possibly involved once personal data is at stake.

Enforcement of the General Data Protection Regulation stays fully with the GBA. The PLD adds a second claim track next to the GDPR: while the GBA can impose fines up to 4 percent of annual turnover on controllers on your site, the PLD provides a direct civil action against producers of defective software or AI. These are two non-overlapping systems. The Belgian FOD Economie held a first consultation round on 15 January 2026 on the Belgian transposition law; the preliminary draft is expected in autumn 2026, well after the European deadline of 9 December 2026, leaving an interpretation period in which Belgian courts will look straight at the directive.

For small operators delivering from Belgium to Flemish, Walloon or Brussels customers, one more specific point. The Crossroads Bank for Enterprises (KBO/BCE) registration and display on your website are mandatory under Book III WER and continue to apply. Belgian courts factor the visible display of the KBO number on the sales channel or webshop into their assessment of producer status in product-liability cases. That is a typically Belgian evidentiary rule that does not exist in the Netherlands.

The short version under Belgian law

Directive (EU) 2024/2853 repeals the Product Liability Directive of 1985 and replaces it with a regime that treats software and AI systems as products. Member states must transpose the directive by 9 December 2026. From that transition date it applies to products placed on the EU market after that date. In Belgium the old regime is hung on the law of 25 February 1991 on product liability, which transposed Directive 85/374/EEC and which in turn is integrated into Book XVII of the Code of Economic Law via the codification law of 28 February 2013. Products placed on the market before 9 December 2026 stay under the 1991 law.

The core of the change once the Belgian transposition takes effect: a victim who is a natural person can sue the producer of a defective software or AI product without having to prove fault. The plaintiff still needs to show defectiveness, harm and causal link, but the burden of proof is lightened through evidence disclosure and rebuttable presumptions. Open-source software developed and supplied outside a commercial activity falls under Article 2(2) outside the regime.

Most Belgian SMBs come into the picture as potential plaintiff when a defective AI tool causes harm to themselves, an employee or a customer. A smaller group, which places digital products on the market such as a paid WordPress plug-in, a SaaS subscription or an AI-powered service, can itself be a producer under the regime. The hub article on who is liable when AI builds your website under Belgian law covers the practical SMB scenario for which this article forms the deep-dive.

What actually changes in Belgium on 9 December 2026

Software becomes a "product" under Book XVII WER (Article 4)

Article 4 of the directive expands the concept of "product" to all movable property, electricity, digital production files, raw materials and software. Recital 13 confirms that software is a product regardless of how it is supplied, whether by download, embedding, SaaS or cloud. AI systems as defined in the AI Regulation are explicitly within scope. The new regime directly addresses software in Belgium, while the old 1991 regime was in practice mainly applied to physical goods by Belgian courts of first instance.

Strict liability for the victim (Article 6)

A victim who is a natural person can sue the producer without proving fault. Three elements remain necessary: defectiveness, harm and causal link. Article 10 introduces rebuttable presumptions in certain cases, which is a real lightening for plaintiffs facing opaque AI systems. For Belgian civil procedure this means the plaintiff can rely less on Article 1382 of the old Civil Code (extracontractual liability, since 2023 integrated into Book 6 of the new Civil Code).

Covered harm: death, bodily injury including psychological injury, damage to private property and destruction of non-professional data. Pure financial loss and damage to business property stay outside the regime.

Evidence disclosure (Article 9)

Article 9 obliges defendants in technologically complex cases to produce relevant evidence on order of the competent Belgian court, under confidentiality protection. This addresses the fact that proprietary AI models are black boxes the plaintiff cannot inspect. A plaintiff who shows the plausibility of a claim can compel evidence disclosure. The Belgian business court and the court of first instance gain an instrument that their procedural rules of 1967 did not originally contain.

Extended list of liable parties (Article 8)

Liability does not stop at the producer. Importers, authorised representatives in Belgium, fulfilment service providers like bpost and private logistics players, distributors and in certain cases online platforms can also be held liable, especially when no producer established in the EU can be identified. The directive deliberately keeps the claim path open even when the developer sits outside the EU. For a Belgian victim this means a claim against an American AI vendor becomes legally workable via the import or distribution chain on Belgian soil.

When the new rules apply to your Belgian SMB

As plaintiff. If a defective AI tool causes harm to a natural person, the PLD gives that person a no-fault route against the manufacturer. The realistic plaintiffs are employees, customers or third parties affected through your site, not the SMB itself for commercial losses. An AI customer-service bot that harms a customer, an AI medical-information assistant that misclassifies a symptom, a security flaw in an AI coding assistant with security defects leading to natural persons losing private data: these are the scenarios.

As manufacturer. If your Belgian business sells a digital product, you may fall under the manufacturer definition in Article 4(11). Examples: a WordPress plug-in, a SaaS subscription, an online tool, an AI-powered service. You can also become a manufacturer through "substantial modification" (Article 4(18), Article 8(2)) if you heavily adapt a third-party tool. For most Belgian SMBs with an ordinary site this defendant scenario is unlikely.

What is excluded

• Open-source software developed and supplied outside a commercial activity is excluded under Article 2(2). Recital 14 says open source supplied for payment or in exchange for personal data falls back under the regime. A hobby plug-in given away free is out. A "free" plug-in that requires email signup as the price of admission may not be.
• Damage purely to business property used professionally is not covered. The PLD protects private property, not business assets.
• Pure financial loss is not covered. Lost revenue, lost contracts and reputational damage stay outside the regime. Pursue those through contract or Articles 1382 et seq. of the Belgian Civil Code (extracontractual liability).
• Products placed on the market before 9 December 2026 stay under Book XVII WER transposing 85/374/EEC.
• Damage from nuclear accidents covered by international conventions is excluded under Article 2(3).

Transposition in member states: the messy reality

Every member state must transpose before 9 December 2026. As of mid-May 2026, the wave has not crested. Germany published a draft law in September 2025 and is widely expected to transpose on time. France is widely expected to be late. Italy has shown no public progress.

The Belgian status: FOD Economie and FOD Justitie are preparing the transposition, presumably through an amendment to Book XVII WER. As of 15 May 2026 no consultation draft has been published. Recent Belgian experience with EU transpositions points to a real but not guaranteed chance of on-time transposition. Verify the current status via the Commission's Single Market page and the parliamentary-questions tracker before acting on this article.

The practical consequence is uncomfortable. If your jurisdiction has not transposed by 9 December 2026, the old 1985 regime applies there in the meantime and the new strict liability is not yet available.

How it differs from the AI Act and the GDPR

The PLD, the AI Act and the GDPR are three different instruments for three different questions. They run in parallel.

AI Act. Regulation (EU) 2024/1689 governs how AI systems are placed on the EU market: risk classification, transparency, conformity assessment. It does not create civil liability of its own. A breach of Article 50 does not automatically give a PLD claim. The sister article on what the AI Act asks of website owners covers Article 50 transparency, applicable from 2 August 2026, four months before the PLD.

GDPR. Regulation (EU) 2016/679 governs processing of personal data. The controller determines purpose and means. The GBA enforces against the controller, not the AI tool. None of that changes on 9 December 2026. The GDPR liability framework sits next to the PLD, not below it.

PLD. Directive (EU) 2024/2853 creates a civil claim path for harm caused by defective products. A PLD claim runs between a natural-person victim and a manufacturer or other economic operator. You can have a PLD claim without an AI Act breach. You can have an AI Act breach without a PLD claim.

What the PLD does not do

The PLD creates no claim right for pure financial loss. If a defective AI tool costs you a contract, that is a contract or Article 1382 BW matter, not a PLD claim. The directive does not work retroactively on existing products.

It does not change who the GDPR controller is. The GBA continues to enforce the GDPR against the operator of the site. The GDPR audit of your Belgian website is about the audit rules the GBA and the competent court apply, not about the AI tool. And it does not replace the proposed AI Liability Directive, which was formally withdrawn in October 2025. The PLD is narrower than the withdrawn proposal would have been.

Five practical lessons for your business

1. If you sell digital products, document your safety processes and update mechanisms. Under Article 9 a Belgian court can order inspection of internal evidence. Keep change logs, security test reports and an audit trail.
2. If you use AI tools that could foreseeably cause harm to a natural person, check your supplier contracts for indemnification. Your supplier should bear the risk, not you. A clear indemnification clause is the lever.
3. Keep version logs and prompt logs for critical AI tools. Coding assistants, customer-service bots and automated decision systems leave little trace by default.
4. If you maintain free open-source software, do not assume the commercial-activity exclusion applies to you. The carve-out depends on how you monetise and how you accept data. Dual licensing, paid support and any data-for-service arrangement can pull you back into scope under Recital 14.
5. Old products are not retroactively covered. Products from before 9 December 2026 stay under Book XVII WER and the 1985 regime.

Our free compliance scan checks GDPR, cookies, accessibility and image rights on your live site. The scan does not check PLD compliance directly because the PLD is a liability framework rather than a set of website checks. What the scan does is confirm that the site itself is in order on points that do appear as machine-testable rules.

Frequently asked questions

Does the new Product Liability Directive also apply in the United Kingdom?

No. The United Kingdom is not bound by Directive (EU) 2024/2853. British product liability sits under the Consumer Protection Act 1987 and retained EU law. A Belgian SMB selling to the United Kingdom is not under the new directive for that activity but is for EU sales.

When does the new directive really enter into force in Belgium?

From 9 December 2026, for products placed on the market or put into service after that date, once the Belgian transposition is in force. Book XVII of the Code of Economic Law transposing Directive 85/374/EEC remains applicable to products from before 2026.

I maintain a free open-source plug-in. Does that make me a manufacturer?

If your project sits outside a commercial activity, Article 2(2) excludes you. If you take payment for support, offer dual licensing or accept personal data as consideration, Recital 14 says you may fall back in scope. Seek specific advice before assuming you are out of scope.

Can a Belgian victim sue OpenAI or Anthropic?

Possibly, from 9 December 2026, but only for harm to natural persons such as injury or loss of private data. Pure business loss is not covered. You still need to show defectiveness, harm and causal link.

What changes for my existing GDPR obligations?

Nothing. The Belgian DPA continues to enforce the GDPR against the controller of your website. The PLD adds a new claim path against AI manufacturers for harm to natural persons. It does not replace GBA enforcement against you.

Further reading

• Who is liable when AI builds your website. The hub article. Reads naturally with this piece.
• AI-generated code and copyright. Where AI code defects fit in the PLD framework.
• AI-generated images and copyright. The image side of the cluster.
• AI Act for website owners. Article 50 transparency, four months before the PLD application date.

This article is technical analysis, not legal advice. The author is not your lawyer. For a binding view on a specific claim, speak with counsel.