This page outlines ISMS Copilot’s approach to liability in light of the evolving EU legal framework on product and AI liability, including the new EU Product Liability Directive (PLD) (EU) 2024/2853 and the proposed AI Liability Directive (AILD).
The PLD, which applies to products placed on the EU market from 9 December 2026, expands liability concepts to include stand-alone software and AI. It introduces broader disclosure obligations, wider definitions of “product” and “damage,” and extended limitation periods for latent personal injury claims. Although the PLD primarily addresses physical products and high-risk or integrated digital systems, its broadened scope may, in principle, encompass software-based services, including AI-driven advisory tools.
The AILD, still under consideration, proposes a fault-based civil liability regime targeting harm caused by or associated with AI outputs. It intends to facilitate claims by introducing presumptions of causation or disclosure obligations in certain circumstances.
ISMS Copilot provides informational compliance assistance related to information security standards, frameworks, and regulations. Unlike physical or high-risk AI products, this service does not control critical operations or integrate into products capable of causing direct physical harm. The chatbot outputs are advisory in nature and intended for professional use, with users retaining ultimate responsibility for verifying information and seeking qualified professional guidance where necessary.
This distinction reduces the likelihood that ISMS Copilot would be deemed to offer a “defective” product under the PLD or that its outputs would trigger liability under AILD principles. The software does not cause harm autonomously; it provides references and suggestions that users must evaluate and confirm independently.
To further mitigate potential liability risks, ISMS Copilot has implemented the following measures:
ISMS Copilot’s disclaimers and usage terms clearly inform users that the chatbot’s outputs should not be solely relied upon for critical decisions. By setting realistic expectations and encouraging users to consult appropriate professionals, the risk that a user relies uncritically on the tool’s guidance—and subsequently claims harm—diminishes.
In any dispute, showing that the user was repeatedly advised to verify information elsewhere may help refute claims that the service created an unreasonable safety expectation or that the advice was inherently defective.
ISMS Copilot monitors updates in EU liability law, including eventual clarifications of the AILD and evolving interpretations of the PLD. Should future guidance indicate that additional safeguards, disclaimers, or compliance steps are necessary, ISMS Copilot will incorporate them. Regular consultations with legal counsel and review of case law or industry best practices ensure ongoing alignment with legal obligations.
ISMS Copilot’s service model, which provides informational compliance assistance rather than controlling physical products or high-risk processes, inherently limits exposure to liability claims under the new EU liability frameworks. The combination of explicit disclaimers, user instructions to seek professional advice, security and privacy safeguards, documentation of improvements, and careful avoidance of personal or sensitive data in training processes collectively establish a low-risk profile.