UK product liability: the Law Commission reviews the Consumer Protection Act 1987

The Law Commission has launched a review of the UK's product liability regime under Part 1 of the Consumer Protection Act 1987 (CPA). Its aim is to determine whether, and to what extent, reform is required to ensure the regime is fit for purpose in light of technological change (notably the growth of software, AI-enabled products and online platforms). The review examines core aspects of the current regime, including the scope of covered products, potential defendants and the burden of proof.

The review is sponsored by the Department for Business and Trade and follows the Law Commission's 2021 consultation on its 14th Programme of Law Reform, as well as separate consultations by the Office for Product Safety and Standards, both of which indicated support for CPA reform.

As part of its review, the Commission invited stakeholders to complete an Initial Scoping Questionnaire. Although the December 2025 deadline to respond has passed, stakeholders who wish to share their views, or provide materials to assist the Commission's work, can do so by email at productliability@lawcommission.gov.uk.

A further consultation paper is anticipated in October 2026, with a final report and recommendations expected to be published in October 2027.

Background

The CPA was enacted in 1987 to implement the 1985 EU Product Liability Directive (the 1985 directive) and imposes strict liability (sometimes called "no fault" liability) for loss and/or damage caused by defective products.

Technological developments since then have prompted widespread concern across stakeholder groups that the regime no longer adequately addresses the unique risks posed to consumers by digital and AI-enabled products and services, nor that it provides sufficient legal clarity to support innovation.

The review is being conducted in close collaboration with the Department for Business and Trade and the Department for Science, Innovation and Technology, reflecting the centrality of emerging technologies to the project. Although formally for England and Wales, the Commission intends to consult stakeholders in Scotland and Northern Ireland and to liaise with devolved administrations to capture relevant differences.

A core focus of the review is maintaining the appropriate balance between consumer and third-party protection and support for innovation and growth – one of the main objectives of the 1985 directive and the CPA.

Scope of the review 

The review sits against the backdrop of the EU's new Product Liability Directive (the new PLD), effective from 9 December 2026. It has made far-reaching reforms to its predecessor (Directive 85/374/EEC) to address the risks posed by new technologies, including digital products, software and AI as well as modern supply chains including online marketplaces and circular business models.

Many industry stakeholders have voiced concerns that the new PLD has tilted the balance between consumer protection and innovation more in favour of the consumer, with implications around litigation risk and the affordability and availability of insurance cover.

The terms of reference supporting the review are framed around the reforms introduced by the new PLD and identify several questions that go to the fundamental architecture of the CPA, with potentially significant ramifications for manufacturers, distributors and software providers operating in the UK market. While the UK is not bound by the EU regime post-Brexit, some stakeholders (including international manufacturers that sell products across the UK and Europe) see the benefits of international alignment.

The key areas under consideration by the Commission are as follows:

Definition of "product": Whether the definition of “product” should be reformed to accommodate the intangibility of digital technologies, including whether software qualifies as a product when supplied in an intangible format (for example, downloads over the internet), and how to treat products that are modified by the producer or a third party after they have been made available to users.

CPA definition of "defect": Whether the definition of “defect” should be subject to reform, to account for reported difficulties for claimants to establish that a “product” is defective.

CPA definition of "producer" and liability of economic operators: Whether the purposes of the product liability regime can be better achieved by reforming (i) the CPA’s definition of “producer” and (ii) the range of economic operators which may be held liable under the CPA. This could possibly include online marketplaces and software developers and other intermediaries that are party to complex and modern global supply chains.

The CPA’s ten-year “long-stop” period: This long-stop period places a bar on claims that are brought more than ten years after a product is supplied. The review will assess whether the period should be extended for latent harms, and how the long stop should operate where products or software are iteratively updated, which potentially complicates the identification of a single moment of “supply.”

The "State of the Art" defence: Whether this defence, which considers the issue of defectiveness in the context of the state of scientific knowledge at the time the product was supplied, requires further consideration in light of the features of new technologies. For example, for software that is subject to automated updates, there may be a need to recalibrate how this defence applies as knowledge and functionality evolve post-supply.

Burden of proof: Whether the burden on claimants is too onerous under the current regime, particularly in the context of AI-enabled technologies where opacity and adaptiveness may make it challenging to prove defect and causation, and where latent defects may arise in emerging technologies for which no claims are available. 

Definition of "damage": Whether the definition of damage should be expanded to include harms characteristic of the digital environment, such as data destruction or corruption. Such a change could materially widen exposure for technology-driven products without corresponding bodily injury or traditional property damage. 

Osborne Clarke comment

CPA reform appears increasingly likely in light of earlier indications in the Office for Product Safety and Standards' consultations on product regulatory reform, and the enactment of the Product Regulation and Metrology Act 2025 (PRAMA) — the enabling legislation designed to modernise the UK's product safety regulatory framework.

PRAMA empowers lawmakers to introduce new rules to reduce or mitigate product risks, including updating product safety requirements in response to emerging risks and new business models, creating a more flexible regime under which obligations relating to software-dependent products can be adapted to support innovation.

Whether the Commission will recommend reforms to the CPA to align with the new PLD remains to be seen, though any changes that expand the existing regime would mark a potentially significant shift in the UK product liability landscape. In particular, software developers and technology vendors that have not traditionally regarded themselves as "manufacturers" may find themselves exposed to wider liability where their code or digital services are integral to a product's safety.

Organisations should proactively assess how their products might be characterised under an expanded liability framework, strengthen their risk management practices, and consider engaging with the consultation processes shaping these reforms.

In particular, manufacturers should consider auditing the extent to which their products and services rely on supplied software, iterative updates and AI components, and map how potential changes to the existing CPA regime could affect risk allocation and existing insurance arrangements. Organisations that are aligned across their legal, engineering, product and compliance teams should be better able to adapt efficiently to any future reforms once the Commission's recommendations are published.