SELECT 2025 wrap up 17.03.2025 - Flipbook - Page 9
9
Navigating AI liability: product laws and
data protection in the digital age
Matthew Felwick, Nicola Fulford and Valerie Kenyon surveyed the evolving landscape of artificial intelligence
(AI) law in the EU and UK, from legislative milestones to impacts for businesses – particularly in the product
liability and data protection spaces.
AI governance and liability have been central themes for legislators in 2024 and 2025. The EU introduced its
revised Product Liability Directive (PLD), which aims to make product liability rules fit for the digital age, and
important requirements under the AI Act started coming into force. The PLD updates the framework for
product liability: it classifies software, digital services and AI systems as products, expands the scope of liability,
and creates a claimant-friendly environment, including mechanisms for making it easier for claimants to prove
defect and causation and for seeking disclosure. In February 2025, the first set of key provisions of the AI Act
became applicable – including requirements relating to AI literacy and prohibitions on certain AI practices.
Much of the legislative regime crosses over with GDPR requirements and global privacy principles. Data is the
foundation of all AI systems and data protection requirements need to be considered at all stages: from
assessing the basis for processing training data, transparency obligations about the use of AI and explaining
automated decision-making, to ensuring that appropriate cybersecurity measures are in place.
Many challenges lie ahead in a fastmoving landscape, but there is much that organisations can be doing now to
manage compliance, ensure document retention programs are appropriate and reduce regulatory and litigation
risks.
Access the session recording here and the slides here.
Key contacts
Matthew Felwick
Partner
matthew.felwick@hoganlovells.com
Valerie Kenyon
Partner
valerie.kenyon@hoganlovells.com
Nicola Fulford
Partner
nicola.fulford@hoganlovells.com
