On 10 June 2025, the WirtschaftsWoche management blog published an insightful interview conducted by the author Claudia Tödtmann with product liability expert Prof. Dr Thomas Klindt. The title: “Three missing words that could soon prove costly for many companies.”
This refers to the revised EU Product Liability Directive – and in particular a formulation that could have far-reaching consequences in the future: the omission of the term “movable” from the product definition. As a result, digital products – such as software, AI systems or platform services – will also be subject to liability in future.
What sounds legally abstract actually affects all companies that manufacture, distribute or are involved in digital processes – whether in industry, retail, services or IT. This is because the new Product Liability Directive brings not only physical products but also their digital components, control systems and associated systems into focus.
Consequently, the question of how risks, warnings or faults were handled internally becomes the central issue of liability. Archiving, backups and comprehensive documentation of all relevant information become indispensable building blocks of a future-proof data and compliance strategy.
What exactly has changed – and why is this so significant?
The EU’s new Product Liability Directive introduces two fundamental changes in particular:
1. No longer a minimum damage threshold
Even the smallest damages – such as those caused by a software error or faulty AI output – can lead to full liability claims in future. The previous €500 threshold no longer applies.
2. Collective redress rights
Consumer organisations are permitted to bring legal action on behalf of customers. This enables class actions in the EU for the first time – particularly in the case of digital incidents affecting many end-users.
The result: even a minor error in a software update, a risky prompt in an AI system or a configuration oversight in the cloud can trigger a wave of liability claims – automated, high-profile and with incalculable damage for the affected company.
Disclosure obligations: When emails become evidence
Another, often overlooked change is particularly explosive:
Under the new directive, claimants can now apply to the courts to require companies to produce internal documents – including emails, chat histories, logs and other business communications.
This so-called “disclosure” rule was previously known only in the Anglo-American legal sphere. Now it is becoming a reality in European law too – with far-reaching consequences:
- Internal warnings or doubts expressed in an email
- Discussions about security concerns in a Teams chat
- Updates on software versions in a SharePoint document
- Escalations in meeting minutes or ticketing systems
All of this can be requested in court in future and used against the company.
Focus on Microsoft 365
Anyone communicating there must archive
Particularly in companies that work with Microsoft 365 – i.e. with Outlook (Exchange), Teams, OneDrive or SharePoint – written communication is ubiquitous today. But what many fail to consider is that whilst these platforms store data temporarily, they do not automatically do so in a way that is audit-proof or admissible in court.
What used to disappear into the inbox or be ‘out of sight, out of mind’ in the cloud could become incriminating evidence in court tomorrow.
Companies must therefore urgently ensure:
- Email communication (Exchange Online) is archived in full and in a tamper-proof manner
- Teams messages – including those in private chats – are backed up and stored in a traceable manner
- Files in OneDrive and SharePoint are versioned, archived unchanged and retrievable
- Access and edits are fully logged
Only in this way can evidence be provided – or risks refuted – in the event of an emergency.
Why backup and archiving providers are now in demand
These changes mark a paradigm shift: from traditional data protection to a comprehensive approach to digital evidence.
Backup and archiving are no longer purely technical routines – they are becoming central elements of corporate liability avoidance. It is no longer enough to simply back up data in some way. Companies need:
- Legally compliant, long-term stable archiving
- Automated traceability and timestamping
- Integrity protection and documentation across lifecycles
- Solutions that actively integrate Microsoft 365 and other cloud services
Archiving is becoming a compliance requirement – and a line of defence in the event of liability.
Those who are liable need evidence. And evidence requires data.
The revised EU Product Liability Directive is putting many companies under pressure. Those who cannot demonstrate how their software or system functioned in a specific case – and how internally they dealt with indications or risks – runs the risk of facing a lack of evidence.
Secure, auditable archiving is therefore no longer an option, but a necessity.
And this applies particularly to Microsoft 365 environments, where the majority of business communication takes place today.