Product Liability and Biotech: When Manufacturing Deviations Become Legal Claims

PostedMay 16, 2025

ByIuliia Gorshkova

Biotechnology products, particularly those involving living cells or complex molecular structures, introduce a fundamental challenge to traditional product liability frameworks. Unlike a mechanical device that fails due to a broken gear, a biologic may deviate due to microscopic, invisible variations in the manufacturing process that alter its biological function. In the European regulatory landscape, the intersection of strict liability, product safety directives, and the technical intricacies of bioprocessing creates a high-stakes environment where a manufacturing deviation can rapidly escalate into a legal claim, a regulatory recall, or a suspension of a marketing authorization. For professionals managing these products, understanding the transition from a process deviation to a legal liability requires a grasp of both the Good Manufacturing Practices (GMP) that prevent errors and the liability directives that define recourse when errors occur.

The Regulatory Architecture of Biotech Liability

European product liability for biotech is anchored primarily in the Product Liability Directive (PLD) 85/374/EEC, which establishes a regime of strict liability for defective products. Under this framework, the injured party does not need to prove negligence on the part of the manufacturer; they need only prove that the product was defective, that the defect caused the damage, and that the product was placed on the market. For biotech, this is a critical distinction. A “defect” in this context is not necessarily a failure of safety, but a failure to provide the “level of safety which a person is entitled to expect.”

However, biotech products are subject to a dual layer of regulation. While the PLD covers the civil liability aspect, the General Product Safety Directive (GPSD) 2001/95/EC and sector-specific regulations like the Advanced Therapy Medicinal Products (ATMP) Regulation or the In Vitro Diagnostic Medical Devices (IVDR) Regulation impose strict market surveillance and safety obligations. When a manufacturing deviation occurs, it triggers a cascade of obligations under these sector-specific regulations, which in turn serve as evidence in civil liability proceedings.

The Definition of “Defect” in Biological Contexts

Applying the concept of “defect” to biotech requires moving beyond simple mechanical failure. The European Court of Justice (CJEU) has interpreted the “expectations of safety” test to include the product’s intended use and the presentation of the product. In biotech, a crucial factor is the state of the art at the time the product was put into circulation.

Consider a gene therapy product where a manufacturing deviation leads to a lower viral vector titer than specified. The product might not be inherently dangerous, but it fails to deliver the therapeutic effect. Under the PLD, this is a defect because it fails to meet the expectations of safety (which includes efficacy for medicinal products). Conversely, if a novel cell therapy exhibits a rare side effect that was scientifically undetectable at the time of release, the manufacturer might invoke the “development risk defense” (Article 7(e) of the PLD). However, this defense is increasingly difficult to sustain in biotech due to the rapid evolution of analytical capabilities. What was undetectable in 2015 might be standard testing in 2020, and courts may view the “state of the art” dynamically.

The “development risk defense” is harmonized at the EU level but remains subject to national procedural variations. In some jurisdictions, the burden of proof for the defense lies heavily on the manufacturer, requiring extensive documentation of the scientific limits prevailing at the time of market entry.

Quality Defects vs. Safety Defects

In the daily operations of a biotech firm, the distinction between a “quality defect” and a “safety defect” is often blurred. A deviation in a chromatography step might result in impurities that are not acutely toxic but could trigger immunogenicity over time. Regulatory frameworks, particularly the EU Good Manufacturing Practice (GMP) Guidelines, focus on consistency and control. From a liability perspective, a deviation from the approved manufacturing process (the “Control Strategy”) is prima facie evidence of a defect, regardless of immediate clinical harm.

It is vital to recognize that Article 6(1) of the PLD specifically lists the lack of information giving rise to the expectation of safety as a defect. Therefore, a biotech product that deviates in quality but is released without a field safety corrective action (FSCA) creates a compounded liability: the defect in the product and the failure to warn.

Manufacturing Deviations and the Trigger of Liability

Manufacturing deviations in biotech are rarely binary (pass/fail). They exist on a spectrum of risk. The legal claim usually arises when a series of minor deviations (drift) or a single major deviation (excursion) results in a product that is either sub-potent, super-potent, or contaminated.

The Chain of Causation

Establishing causation is the most contentious aspect of biotech litigation. If a patient suffers an adverse event following treatment with a cell therapy, proving that the event was caused by a specific manufacturing deviation requires sophisticated expert analysis. The manufacturer’s defense often relies on the complexity of the biological system, arguing that the patient’s underlying condition or concomitant medications were the cause.

However, the IVDR (Regulation (EU) 2017/746) and the MDR (Regulation (EU) 2017/745) have tightened the requirements for clinical evidence and post-market surveillance. If a manufacturer fails to conduct a proper investigation into a manufacturing deviation (e.g., failing to retain batch samples or failing to perform root cause analysis), courts may infer causation based on the breach of regulatory duty. This is a shift from the traditional burden of proof, where the claimant must prove the defect caused the harm. In practice, if the manufacturer cannot prove the product was not defective, liability often follows.

Recalls and the “Field Safety Corrective Action”

When a deviation is detected, the manufacturer must decide whether to initiate a recall. This decision is not merely operational; it is a legal admission that carries weight in liability proceedings. A voluntary recall is often viewed as a mitigating factor, demonstrating that the manufacturer acted responsibly. However, a delayed recall or a “silent” withdrawal (stopping production without notifying the regulator) can be catastrophic for the defense.

The FSCA (Field Safety Corrective Action) reporting process under the vigilance system requires manufacturers to report serious incidents and corrective actions to the national competent authorities (NCAs) via the EUDAMED database. This creates a public record. If a plaintiff’s lawyer can demonstrate that the manufacturer knew of a deviation trend but delayed an FSCA, the “development risk defense” evaporates, and punitive damages (available in certain national jurisdictions) may become relevant.

Documentation as a Shield: The Audit Trail

In the context of biotech liability, documentation is not just a regulatory requirement; it is the primary evidence of diligence. The burden of proof regarding the non-existence of a defect often falls on the manufacturer. This requires a robust “defense file” that goes beyond the batch record.

The “State of the Art” Defense File

To successfully argue the development risk defense, a manufacturer must be able to reconstruct the scientific landscape of the time. This involves:

Technical Standards: Documenting which ISO standards or pharmacopoeial monographs were applicable and how the product met them.
Scientific Literature: Maintaining a library of the literature available at the time of design, showing that the risks were not known or knowable.
Design History Files (DHF): For devices, or the “Design Dossier” for ATMPs, showing the rationale for the chosen manufacturing process and the risk analysis performed.

If a manufacturing deviation occurs later in the product lifecycle (e.g., due to a change in a raw material supplier), the liability shifts. The “state of the art” defense does not apply to changes made after market entry. Therefore, the documentation of change controls becomes critical.

Batch Records and the “Chain of Custody”

The Annex 16 of the EU GMP Guide (Certification by a Qualified Person) emphasizes the need for the QP to verify that the manufacturing process has been carried out in accordance with GMP. The batch record is the legal document that supports this.

In a liability claim, the plaintiff will request the “entire batch record.” Holes in this record—missing signatures, unexplained data gaps, or lack of audit trails from electronic systems (compliance with 21 CFR Part 11 equivalents in EU GMP)—are fatal. The legal presumption is that if it wasn’t documented, it didn’t happen. In biotech, where process parameters (pH, temperature, duration) directly influence the biological activity, a missing data point regarding a deviation can lead to a presumption of liability.

Comparative Approaches: National Implementations

While the PLD provides a harmonized framework, its implementation varies across Member States, particularly regarding procedural rules and damages. This creates a “forum shopping” risk for manufacturers.

Germany vs. France vs. The Netherlands

Germany: The German implementation (ProdHaftG) is strict. German courts are highly technical and often rely on expert witnesses appointed by the court. The concept of Verkehrssicherungspflicht (duty to ensure safety) is interpreted broadly. If a biotech company fails to update its safety information based on new post-market data, German courts are quick to find a defect. Documentation must be meticulous.

France: French law incorporates the PLD but retains a strong consumer protection bias. The French courts are generally more willing to accept causation based on probability (“loss of chance”) in medical contexts. For biotech, this means that even if the link between a manufacturing deviation and a patient’s harm is not 100% proven, a court may award damages based on the probability that the defect caused the harm.

The Netherlands: Dutch law is often seen as a middle ground. It places a significant emphasis on the “reasonableness” of the expectations. In the Netherlands, the “development risk” defense is interpreted strictly; the manufacturer must prove that the state of scientific knowledge at the time made the risk unavoidable. This requires very strong documentation of the scientific limitations known at the time.

For a pan-European biotech firm, the strategy must be to meet the highest standard of documentation across all jurisdictions, effectively creating a “global standard” that satisfies the strictest national interpretations.

Practical Steps for Mitigating Liability Risks

To navigate this complex landscape, organizations must integrate legal risk management into their Quality Management Systems (QMS).

1. The “Right First Time” Principle and Deviation Management

It is a misconception that a deviation is only a problem if it impacts the patient. In the eyes of the regulator and the court, a deviation is a breach of the validated process. The legal strategy should focus on how the deviation was handled.

Immediate Impact Assessment: When a deviation occurs, the assessment must be scientific and rigorous. It must address not only the immediate batch but the potential cumulative effect on the product quality profile.
Legal Privilege: In some jurisdictions, involving legal counsel early in the investigation can protect the findings under legal privilege (attorney-client privilege). This is particularly important if the deviation suggests systemic issues that could lead to litigation.

2. Post-Market Surveillance (PMS) as a Liability Monitor

The MDR and IVDR mandate proactive PMS. This is not just a regulatory hoop; it is a liability shield. By actively collecting real-world data and comparing it to the manufacturing specifications, a company can detect “silent” deviations.

If a trend of adverse events is detected that correlates with a specific manufacturing period, the company has a legal duty to investigate. Documenting this investigation—even if it concludes there is no link—is evidence of diligence. Conversely, ignoring such signals can be construed as gross negligence.

3. Contractual Indemnification and Supply Chain Diligence

Biotech manufacturing often relies on third-party suppliers for raw materials (e.g., media, sera, enzymes). The PLD allows the manufacturer to seek recourse from their suppliers if the defect originated there. However, this requires:

Robust Quality Agreements: These must clearly define liability and the right to audit.
Traceability: Every raw material lot must be traceable to the final product batch. If a supplier changes their process without notification, and this causes a deviation in the final product, the manufacturer is still liable to the patient. The recourse against the supplier depends on the contractual proof of their negligence.

The Role of AI and Advanced Analytics in Liability Defense

As an AI systems practitioner, I observe that the sheer volume of data in modern biotech manufacturing (Process Analytical Technology, PAT) exceeds human capacity for oversight. This introduces a new dimension to liability: the liability of the algorithm.

Algorithmic Deviation Detection

Many facilities now use AI-driven monitoring to detect deviations in real-time. If an AI system fails to flag a deviation that a human operator might have caught, or conversely, flags a false positive leading to the unnecessary destruction of a batch, the legal question becomes: Who is responsible?

Currently, the manufacturer is strictly liable. The use of AI does not absolve this. However, the AI Act (Regulation (EU) 2024/1689) introduces obligations for high-risk AI systems. If the AI system used for quality control is considered a high-risk AI system, the manufacturer must ensure:

Human oversight.
Robustness and accuracy.
Traceability of data.

In a liability defense, the manufacturer must demonstrate that the AI system was validated and that its limitations were understood. If a manufacturing deviation occurs because the AI system was trained on biased data, the “defect” might be attributed to the AI system design. However, under the PLD, the biotech company remains the liable entity. The defense would then rely on proving that the AI system met the “state of the art” and that the error was unforeseeable (development risk).

Electronic Batch Records (EBR) and Audit Trails

The shift from paper to electronic records changes the nature of evidence. An EBR provides an immutable audit trail. From a liability perspective, this is a double-edged sword. It provides irrefutable proof of compliance, but it also provides irrefutable proof of non-compliance if deviations occur. The manipulation of audit trails is a criminal offense under GMP, but even the appearance of data integrity issues can destroy a defense in a civil claim. The legal team must ensure that the IT infrastructure supporting manufacturing is validated to the highest standards, as the “data integrity” of the EBR is the bedrock of the liability defense.

Conclusion on Risk Management

The transition from a manufacturing deviation to a legal claim is governed by the quality of the response and the robustness of the documentation. In the European biotech sector, the “strict liability” regime means that the focus is rarely on if the manufacturer is liable, but on the extent of that liability and the availability of defenses. The “development risk” defense is narrow, and the “state of the art” is a moving target.

Therefore, the most effective legal strategy is embedded in the operational reality of the facility. It is the rigorous adherence to the validated process, the transparent reporting of deviations, and the proactive collection of post-market data. In the eyes of the European judiciary and regulatory bodies, a biotech product is only as safe as the documentation that proves its consistency. When a deviation occurs, that documentation becomes the primary evidence in the legal claim that follows.

AI in Education: Fundamentals & Tools

Understanding AI Basics

Practical AI Tools for Educators

Integrating AI into Teaching

Case Studies & Success Stories

Ethical AI & Inclusive Practices

Ethical & Legal Frameworks for AI Systems

Equity & Inclusion

Transparency & Trust

Algorithmic Bias, Discrimination & Legal Risk

AI Errors, Accountability & Legal Responsibility

Institutional AI Governance & Policy Design

AI, Security & GDPR Compliance

Data Protection & Privacy

Cybersecurity in AI

EU Regulations & Policies

Engaging Parents & Guardians

Data Protection, Privacy & AI Governance

Additional Resources

Glossary of Terms

Templates & Guides

Webinars & Research

AI for Administrative & Pedagogical Support

AI for Time Management

AI in Student Performance Tracking

AI for Automated Communication

AI for Document Management

AI, Robotics & Biotech Regulation in Europe

EU AI Act Explained: Scope, Risk Levels, Obligations

AI-Enabled Products: Robots, Medical Software, Smart Devices

Machinery Regulation & Safety Standards for Intelligent Systems

AI in Healthcare & Biotech: MDR, IVDR, EMA

Liability & Responsibility for AI-Driven Systems

Compliance in Practice: From Risk Assessment to CE Marking

Country-Specific AI Regulation & Enforcement

How EU AI Law Is Applied at National Level

Different Compliance Models

National AI Sandboxes & Regulatory Experiments

Public Sector AI Rules Across Europe

Cross-Border AI Deployment Challenges

When National Law Overrides EU Guidance

Legal Cases, Enforcement & Real-World Precedents

AI Act, GDPR & Algorithmic Decision-Making Cases

Liability Disputes Involving Automated Systems

Robotics Accidents & Legal Responsibility

Medical & Biotech AI Failures: Lessons Learned

What Enforcement Trends Tell Us About Future Regulation