Is Artificial Intelligence a product or a service?

The EU has recently taken legislative actions for the governance of Artificial Intelligence (AI), mainly through the AI Act and liability proposals. With these legislative proposals, the EU takes the legal doctrinal position of classifying AI as a product. This short article discusses the implications and possible incoherencies of this choice by EU regulators, by exploring the practical and legal doctrinal effects of categorising AI systems within the product-service dichotomy.

An article by Kostina Prifti

The EU has recently proposed two legislative initiatives about AI. The first is the AI Act, which specifies the requirements that AI systems must have in place before they are allowed into the EU market. The second set of proposals relates to liability, comprised of a proposal to revise the Product Liability Directive (PLD) and a new legislative proposal on negligence liability of AI.

These legislative initiatives approach AI systems as products. The AI Act is designed similar to other product safety requirements legislation, such as the MDR. Specific requirements on AI systems are based on their level of risk. Producers of AI systems may be allowed to place their product in the market only after their compliance with these requirements is certified and they have received the CE marking. In this regard, software is included as part of the product liability regime, introducing strict liability rules for damages caused by an AI system. AI systems are, for liability purposes, regulated like a surgeon’s scalpel or a mechanic’s wrench. To account for causality problems that may arise due to the unforeseeability of AI systems, the revised PLD proposal assumes perfect causation between the actions of the producer and the behaviour of the AI system.

The product/service dichotomy in liability law

EU legislative bodies are forced to decide whether AI is a product or a service, due to the role that the product-service dichotomy plays in EU law. A particular example of this dichotomy in liability law may help to explain and disentangle it.

EU liability laws are either contractual or extra-contractual. Contractual liability is constituted in a contract by at least two parties, whereas extra-contractual liability is constituted by law. This article takes its focus on extra-contractual liability and its two elements: strict liability and negligence liability.

Strict liability rules in the EU are harmonized by the PLD, which is applicable to manufactured products. The liability regime in the PLD is straightforward: when the product is defective, there is harm caused to the consumer, and there is a causal link between the defect and the harm, the manufacturer is liable to compensate the harm caused to the individual. This liability regime is called “strict” because it does not allow any exceptions, even if the manufacturer can prove they exerted proper care and diligence. For all products sold in the EU market, the existence of these three criteria equal liability.

Whereas strict liability applies to the manufacturing of products, supply of services are covered under negligence liability. Negligence laws are not harmonised in EU. However, while there are some variations between Member States, they share a level of similarity. Negligence liability rules are characterised by one extra criterion compared to strict liability: the existence of fault or the breach of the duty of care. The extra criterion for the existence of negligence liability means that the supplier of services is not held liable unless it is shown that they did not follow the appropriate standard of care. If harm is caused but the appropriate standard of care is shown to be upheld, there is no liability for the supplier of services.

The background of the product/service dichotomy

The dichotomy between a product and a service is manifested in the distinction between strict and negligence liability. The PLD does not offer reasons why products, as opposed to services, must be regulated under strict liability, other than simply referring to industrialisation and technologization of manufacturing. If we turn our attention to case law, the ECJ reiterates that strict liability applies to industrial products and that the activity of service providers is different than that of manufacturers, thence emphasising that the distinction between products and services is important (Krone Verlag case ECJ).

On a more practical approach, strict liability rules, firstly developed in the US and later imported in the EU, were a response to developments in mass production. Mass production afforded not only the possibility of producing high quantities, but (re)producing the same product, with the same quality, in high quantities. When products were mainly made by hand, the result depended on the particular skills of the individual maker, so there was less uniformity. With developments in mass production, results came with a more standardised level. Mass production required better infrastructure and resources, but it relied less on individual’s skills and abilities. This feature of mass production enabled liability laws to focus on the result rather than the process. Hence, strict liability rules were introduced whereby unless one achieved the standard result, they would be in default. Strict liability laws may be understood as an affordance of mass production.

The provision of services relies still on a level of difficulty of individual skills and abilities. Consider service provision in the healthcare sector. The skills and abilities of the medical professional, the surgeon or a diagnostician, are crucial to the service provision, despite possible standardisations of the process. “Getting a second opinion” is a feature of service provision, but a bug for product manufacturing. The same applies for many other examples of service provisions, such as services provided by lawyers to their clients. As a consequence, liability of services remains process-oriented and negligence liability bears the extra criterion of having to prove a breach of duty from the side of the professional, a requirement missing in product liability. The distinction between product manufacturing and service provision can be viewed in relation to the distinction between complexity and difficulty, found in information sciences (Floridi 2019). Complexity is characterised by uniformity, hence a result-oriented approach to manufacturing of products is justified. On the other hand, service provision is characterised by difficulty and requires a process-oriented approach, due to its inability to guarantee the same result over numerous attempts.

AI between the product/service dichotomy

Bringing this analysis back to the case of AI, the question whether AI is a product or a service may be reformulated, aided by the analysis hitherto provided, to the question: are AI systems outputs of complex but uniform processes that lead to the same results over numerous attempts, or are AI systems outputs of difficult and skilful processes that may not guarantee the same results over numerous attempts?

Firstly, AI systems exhibit a vast array of characteristics, including but not limited to their scope, applications, methodologies, degrees of autonomy, and impacts. Moreover, the fallibility of an AI system should not be confused with its risk levels. An AI system may be used with low risks and be highly fallible (using ChatGPT to do homework) or used with a high risk and have low fallibility (using Google Maps to go to the hospital emergency room).

Furthermore, in parts of the stages during the making of an AI system, the process requires particular skills and abilities that have not yet been fully standardised. That means the resulting AI system would heavily depend on how good its makers, that is its programmers, designers, etc., are, connecting closely to the logic of service provision. Consider, for instance, tasks like model building and evaluation, as well as testing and validation. These tasks require a specific set of skills and abilities from the makers of AI systems, and different professionals may approach the tasks differently based on their expertise and experience. At the same time, some tasks and processes may be increasingly standardised to the extent that little skill or ability is required from the makers of the systems, for instance many tools and techniques provide assistance in the stage of data cleaning and transformation.

In conclusion, there are three relevant takeaways from this article, which started out questioning whether AI is a product or a service. The first is that we ought not to treat, from a governance perspective, all types of AI systems in the same way; they pose different challenges and effects depending on the type of use. Secondly, AI systems seem to resemble more the processes of service provisions than the processes of product manufacturing, due to the level of skill and abilities required. Thirdly, this categorisation should be understood as dynamic rather than stagnant: increasing standardisation of these processes will likely enable a shift of AI systems-making from service provision to product manufacturing.

Published under licence CC BY-NC-ND.

This Blogpost was written by


  • Kostina Prifti

    Kostina Prifti is a PhD candidate at Erasmus School of Law. His research focuses on the role of regulation by design for legal and governance purposes in the context of AI and digital technologies. Kostina holds an LLM in Law and Technology and is a Junior Fellow at the Jean Monnet Centre of Excellence in Digital Governance. Prior to his PhD, he worked as a legal counsel and attorney at law in Intellectual Property and Data Protection.

Kostina Prifti Written by:

Kostina Prifti is a PhD candidate at Erasmus School of Law. His research focuses on the role of regulation by design for legal and governance purposes in the context of AI and digital technologies. Kostina holds an LLM in Law and Technology and is a Junior Fellow at the Jean Monnet Centre of Excellence in Digital Governance. Prior to his PhD, he worked as a legal counsel and attorney at law in Intellectual Property and Data Protection.