Europe AI & Data Rules Hub

Responsibility Chains in Robotics: Manufacturer to Operator

UpdatedOctober 16, 2025

ByIuliia Gorshkova

European robotics deployments operate within a complex, layered responsibility architecture where liability is not a single point of failure but a distributed chain of obligations spanning design, integration, and operation. The legal analysis begins with the observation that EU legislation does not always assign responsibility in a single, linear fashion; rather, it creates overlapping regimes that interact depending on the nature of the product, the presence of AI components, and the context of use. A manufacturer of a robotic platform, an integrator who mounts a vision system and safety controller, a deployer who installs the system in a factory, and an operator who supervises its daily function each face distinct duties under the product liability, machinery safety, AI governance, and data protection frameworks. Understanding how these roles interlock—and where national tort law fills the gaps—is essential for risk management, compliance engineering, and operational governance.

Foundational EU Frameworks Defining Responsibility

Responsibility chains in robotics are shaped by several EU instruments that allocate duties and evidentiary burdens across the lifecycle of a system. The Product Liability Directive (PLD 85/374/EEC), currently undergoing a transition to the new Product Liability Directive (PLD 2024/…), establishes strict liability for defective products, covering physical harm and property damage, with evolving coverage for data loss and psychological harm. The AI Liability Directive (AILD) complements this by addressing the evidentiary challenges of fault-based claims for damages caused by AI systems, harmonizing rules on the disclosure of evidence and presumptions of causality where a fault in the AI system’s development or monitoring can be shown. The AI Act (Regulation (EU) 2024/…) introduces a risk-based regulatory regime for AI, imposing obligations on providers, deployers, importers, and distributors, with specific requirements for high-risk AI systems used in robotics contexts such as safety components of machinery or biometric identification.

Alongside these, the Machinery Regulation (2023/1230) and the existing Machinery Directive (2006/42/EC) govern the essential health and safety requirements for machinery, including robotic cells and cobots, with CE marking and conformity assessment procedures that delineate manufacturer responsibilities. The General Product Safety Regulation (GPSR 2023/988) reinforces general safety obligations for consumer products and, in some cases, professional equipment when placed on the market. For data-driven robotics, the GDPR imposes obligations on controllers and processors, with potential impacts on liability where personal data processing contributes to unsafe behavior. Sectoral regulations—such as the Medical Devices Regulation (MDR) for surgical robots or the Machinery Regulation for industrial robots—further refine responsibilities. National civil liability regimes, including tort law and contract law, govern non-harmonized areas such as pure economic loss and pain and suffering, leading to cross-border divergence that organizations must anticipate.

EU-Level Harmonization vs National Implementation

EU instruments harmonize key aspects of liability and safety, but significant gaps remain under national law. The PLD sets a baseline for strict liability and defect-based claims, yet it does not harmonize non-material damage or pure economic loss, leaving these to Member States. The AILD harmonizes procedural rules for evidence and presumptions in AI-related claims but does not set substantive liability rules; national courts will still apply domestic tort principles to determine fault and damages. The AI Act is directly applicable, but its enforcement architecture relies on national market surveillance authorities and notified bodies, leading to differences in oversight intensity, guidance, and penalty application across jurisdictions. The Machinery Regulation is also directly applicable, but its transition from the Directive means that some national implementing acts and conformity assessment practices may still vary during the overlap period.

Practically, this means that a robotics deployment spanning Germany, France, and Italy must comply with the same essential safety requirements and AI obligations, but the interpretation of “defect,” the thresholds for “foreseeable misuse,” and the handling of damages for psychological harm or data loss can differ. Organizations should therefore adopt a compliance strategy that meets the strictest common denominator while preparing for jurisdiction-specific litigation risks and regulatory expectations.

Roles and Definitions in the Responsibility Chain

Responsibility in robotics is distributed across roles that may be legally distinct or overlap depending on the commercial model and technical architecture. The manufacturer is the entity that designs and places the robotic system on the market under its name and brand; this includes OEMs of robot arms, mobile platforms, and integrated safety controllers. The integrator modifies or combines robotic components into a functional system, often adding sensors, AI vision, or end-effectors; under the Machinery Regulation, an integrator that completes assembly and places the system on the market under its own name is considered a manufacturer with full obligations. The deployer is the entity that puts the system into operation in a specific environment, typically an industrial or service user; under the AI Act, deployers of high-risk AI systems have operational duties such as human oversight, monitoring, and incident reporting. The operator is the person who supervises or controls the system during use, including technicians and line workers; operators have duties under occupational safety laws and the instructions provided by the manufacturer or integrator.

These roles are not always neatly separated. In many European countries, a leasing model may leave the legal manufacturer as the entity responsible for conformity, while the operator retains duties under workplace safety law. In other cases, a systems integrator may assume both design and conformity assessment responsibilities, effectively becoming the legal manufacturer. The AI Act introduces the concept of the “provider” of a high-risk AI system, which can be the manufacturer of the robot or a third party supplying the AI component; the deployer is the entity using the AI system in a professional capacity. These definitions interact with the PLD’s “producer” concept and the Machinery Regulation’s “manufacturer,” creating a layered responsibility map that must be navigated carefully.

Product Liability and Defect Reasoning in Robotics

Under the PLD, liability is strict: a producer is liable for damage caused by a defective product without the need to prove negligence. Defectiveness is assessed by what the public is reasonably entitled to expect, considering the presentation of the product, the reasonably expected use, and the time it was put into circulation. For robotics, this means that safety features, warnings, and the foreseeable integration environment are all relevant to the defect analysis. A robot that lacks adequate safety-rated monitoring or fails to provide clear instructions for integration with third-party sensors may be considered defective even if it meets technical specifications. The new PLD expands the scope of compensable damage and introduces rules on software updates and AI components, clarifying that defectiveness can arise from post-market updates or failures in learning algorithms.

Defect reasoning in robotics often hinges on the interplay between hardware reliability and AI behavior. A robot arm may be mechanically sound, but if its AI vision module misclassifies objects under certain lighting conditions, the system as a whole may be defective. The manufacturer’s duty to anticipate reasonably foreseeable misuse is critical; cobots operating near humans must be designed with appropriate safety functions and clear instructions for risk assessment. The PLD’s focus on the “state of the art” at the time of placing on the market is particularly relevant for AI components, where rapid evolution can create expectations for robustness and transparency that exceed earlier norms.

Distinctions Between Product Defect and Fault-Based Liability

The PLD’s strict liability contrasts with fault-based liability regimes that may apply under national law for non-harmonized damages or where the AI Liability Directive introduces presumptions. The AILD creates a presumption of causality where a claimant can show that the AI system’s output was influenced by a failure to comply with obligations (e.g., data quality, transparency, human oversight) and that this failure likely caused the damage. This shifts the burden of proof to the defendant, incentivizing robust documentation and compliance with the AI Act’s requirements. For robotics, this means that a deployer who fails to maintain the AI system in accordance with the provider’s instructions may face presumptions of fault if the robot’s behavior causes harm.

Importantly, the AILD does not replace the PLD; it complements it. A defective product claim can proceed under strict liability, while a separate fault-based claim may target the AI system’s development or monitoring. In practice, claimants may pursue both avenues, and defendants must coordinate defenses across product liability, AI governance, and contractual frameworks.

State of the Art, Foreseeable Misuse, and Integration Risks

For robotics, “state of the art” encompasses both mechanical safety and AI robustness. The Machinery Regulation sets essential safety requirements that include risk assessment, safeguarding, and the integration of safety-related control systems. A manufacturer that relies on third-party AI vision for obstacle detection must ensure that the integration meets safety performance levels and that instructions for validation are provided. Foreseeable misuse includes operating outside specified environmental conditions, bypassing safety interlocks, or integrating incompatible components. The manufacturer’s warnings and instructions are part of the product’s presentation and can influence defect analysis; inadequate guidance on integration can render a product defective.

Integrators and deployers share responsibility for ensuring that the system as a whole is safe. If an integrator modifies a robot in ways that affect safety functions without revalidating the system, they may become the legal manufacturer and assume full liability. Deployers must ensure that the operational environment matches the assumptions in the risk assessment and that operators are trained. Operators, in turn, must follow procedures and report anomalies; failure to do so can affect the apportionment of liability under national contributory negligence rules.

AI Act Obligations and Their Impact on Responsibility

The AI Act imposes obligations on providers and deployers of high-risk AI systems, which include many robotics applications where safety is critical or where the system is used in sensitive contexts such as healthcare or biometric identification. Providers must establish a risk management system, ensure data quality and governance, maintain technical documentation, implement logging for traceability, and ensure human oversight. They must also undergo conformity assessment procedures, either self-assessment or third-party evaluation depending on the specific high-risk category, and register the system in the EU database. Deployers must use the system in accordance with instructions, ensure human oversight, monitor operation, and report incidents or serious risks to the market surveillance authorities.

For robotics, the AI Act’s obligations interact with the Machinery Regulation’s safety requirements. A robot that incorporates a high-risk AI component (e.g., autonomous navigation in dynamic environments) must satisfy both sets of obligations. The provider must demonstrate that the AI system’s risk management addresses foreseeable misuse and that data sets are sufficiently representative and free from bias that could impact safety. The deployer must ensure that operators are adequately trained and that the operational context does not deviate from the intended purpose without re-assessment. Failures in these areas can trigger both regulatory sanctions and liability presumptions under the AILD.

Provider vs Deployer Duties in Practice

Provider duties are design-oriented and documentation-heavy. The provider must specify the intended purpose, performance metrics, and limitations; this shapes the scope of liability under the PLD and the AI Act. If the provider’s instructions restrict use to certain environments, a deployer who uses the system outside those parameters may bear responsibility for resulting harm. Deployers, however, have ongoing operational duties. They must ensure that the AI system is used only for its intended purpose, that human operators are empowered to intervene, and that logs are retained for incident analysis. In sectors like manufacturing, deployers may need to integrate the AI system with existing safety management systems and conduct periodic re-validation.

Where the AI system is embedded in a larger robotic platform, the provider of the AI component and the manufacturer of the robot may be distinct. The AI Act allows for the possibility that the AI component provider is the “provider” of the high-risk AI system, while the robot manufacturer is the “provider” of the machinery. Coordination is essential: technical documentation must cover the integrated system, and conformity assessments must address both AI and machinery requirements. Contractual arrangements should clarify who maintains the technical documentation, who handles updates, and who is responsible for incident reporting.

High-Risk Classification and Conformity Pathways

Not all robotics are high-risk under the AI Act. Classification depends on the intended purpose and the specific annex listing high-risk uses. Industrial robots used in safety-critical applications, medical robots, and certain biometric systems are likely high-risk. The conformity pathway for high-risk AI systems involves a combination of internal risk management and, in many cases, third-party assessment by a notified body. The Machinery Regulation also requires conformity assessment, often involving a notified body for complex machinery. The interplay means that a single robotic system may require dual assessment, and the technical documentation must demonstrate compliance with both regimes.

For deployers, the key operational requirement is human oversight. The AI Act emphasizes that deployers must ensure that human operators can understand the system’s outputs and intervene effectively. In robotics, this translates to clear interfaces, understandable alerts, and procedures that empower operators to override autonomous behavior. Failure to provide such oversight can be a regulatory breach and a factor in liability determinations.

Integrator as Legal Manufacturer: Practical Implications

Under the Machinery Regulation, an entity that assembles machinery from components and places it on the market under its own name becomes the legal manufacturer, assuming full conformity obligations. Integrators who combine robot arms, grippers, vision systems, and safety controllers must therefore ensure that the final system meets essential safety requirements, prepare a declaration of conformity, and affix the CE mark. This includes conducting a comprehensive risk assessment, integrating safety-related control systems to the required performance level, and validating that the AI components do not compromise safety. If the integrator modifies a system after it has been placed on the market by the original manufacturer, the integrator may become responsible for the updated conformity.

Integrators often rely on third-party subsystems. The AI Act’s data quality and risk management obligations apply to the AI component provider, but the integrator must ensure that the integrated system as a whole complies. This includes verifying that the AI component’s intended purpose aligns with the robotic system’s use and that instructions for integration and validation are provided. Contractual agreements should specify responsibilities for updates, incident reporting, and maintenance. In practice, integrators should maintain a technical file that includes the risk assessment, test results, and documentation for all subsystems, demonstrating traceability and conformity.

Integration Risks and Liability Allocation

Integration introduces risks that are not present in standalone components. Mismatched safety performance levels, inadequate sensor fusion, or poor environmental adaptation can create defects. The PLD’s defect analysis will consider the integrated system’s presentation and expected use; if the integrator markets the system for use in uncontrolled environments without appropriate safeguards, the system may be deemed defective. The AI Act’s obligations on data quality and robustness also apply to the integrated AI component; if the integrator fails to ensure that training data is representative of the operational environment, the AI system may be non-compliant and potentially unsafe.

Liability allocation depends on the contractual framework and the legal role of the integrator. If the integrator is the legal manufacturer, it bears primary responsibility under the PLD and the Machinery Regulation. The original component manufacturers remain liable for defects in their products, but the integrator must demonstrate that integration did not introduce new defects. Deployers and operators must follow the integrator’s instructions; deviations may shift liability to the user. Clear documentation and training are therefore critical to maintaining a defensible responsibility chain.

Operator Duties Under Occupational Safety and National Law

Operators of robotic systems have duties under national occupational safety laws and the instructions provided by the manufacturer or integrator. In many European countries, employers must ensure that work equipment is used safely, that operators are trained, and that risk assessments are updated as necessary. The operator’s role is distinct from the legal manufacturer’s obligations but can influence liability apportionment. If an operator bypasses safety interlocks or fails to follow procedures, national tort law may reduce damages based on contributory negligence. Conversely, if the operator lacked adequate training or the system failed to provide clear instructions, liability may remain with the manufacturer or integrator.

Operators also play a role in the AI Act’s human oversight requirement. Deployers must ensure that operators can interpret system outputs and intervene. In practice, this means that operators need to understand the robot’s behavior, the meaning of alerts, and the conditions under which to stop the system. Training programs should be documented, and records of incidents and interventions should be maintained to support compliance and defend against liability claims.

Human Oversight and Accountability in Practice

Human oversight is not merely a regulatory slogan; it is a concrete operational requirement. The AI Act emphasizes that oversight must be meaningful, meaning that operators have sufficient time and competence to intervene effectively. For robotics, this can involve designing interfaces that present clear state information, providing procedures for escalation, and ensuring that operators are not overloaded by simultaneous tasks. The absence of effective human oversight can be a factor in defect analysis under the PLD and can trigger regulatory sanctions under the AI Act.

Accountability also requires traceability. The AI Act’s logging obligations mean that the system must record key decisions and inputs, enabling post-incident analysis. Deployers must retain these logs and ensure they are accessible to investigators and regulators. In the event of a claim, logs can demonstrate whether the system operated within its intended purpose and whether operators followed procedures, influencing the allocation of liability.

Data Protection and Cybersecurity Considerations

Robotics often involves processing personal data, whether through cameras, sensors, or user interfaces. The GDPR imposes obligations on controllers and processors, including data minimization, purpose limitation, and security safeguards. A data breach that leads to unsafe behavior—such as corrupted training data—can have liability implications under both the GDPR and the PLD. The AI Act reinforces the need for data governance, requiring that data sets be relevant, representative, and free from errors that could compromise safety. Organizations must therefore integrate privacy-by-design and security-by-design into robotic systems.

Cybersecurity is also a safety issue. The NIS2 Directive and the Cyber Resilience Act impose security obligations on manufacturers and operators of connected products, including robotics. A failure to apply security updates or to implement secure development practices can render a product defective and expose the manufacturer or integrator to liability. Deployers must monitor for vulnerabilities and apply patches in accordance with the provider’s instructions; failure to do so can affect the apportionment of liability and may breach regulatory obligations.

GDPR, AI Act, and Product Liability Intersections

Where personal data processing contributes to AI decision-making, the GDPR’s transparency and fairness principles intersect with the AI Act’s data quality requirements. A robot that uses biometric data for identification must comply with the AI Act’s prohibitions and high-risk requirements, as well as GDPR’s conditions for processing special category data. A defect in the data handling—such as biased training data leading to discriminatory behavior—can be a basis for PLD defectiveness and AI Act non-compliance. The AILD’s presumptions may apply if

Table of Contents

AI in Education: Fundamentals & Tools

Understanding AI Basics

Practical AI Tools for Educators

Integrating AI into Teaching

Case Studies & Success Stories

Ethical AI & Inclusive Practices

Ethical & Legal Frameworks for AI Systems

Equity & Inclusion

Transparency & Trust

Algorithmic Bias, Discrimination & Legal Risk

AI Errors, Accountability & Legal Responsibility

Institutional AI Governance & Policy Design

AI, Security & GDPR Compliance

Data Protection & Privacy

Cybersecurity in AI

EU Regulations & Policies

Engaging Parents & Guardians

Data Protection, Privacy & AI Governance

Additional Resources

Glossary of Terms

Templates & Guides

Webinars & Research

AI for Administrative & Pedagogical Support

AI for Time Management

AI in Student Performance Tracking

AI for Automated Communication

AI for Document Management

AI, Robotics & Biotech Regulation in Europe

EU AI Act Explained: Scope, Risk Levels, Obligations

AI-Enabled Products: Robots, Medical Software, Smart Devices

Machinery Regulation & Safety Standards for Intelligent Systems

AI in Healthcare & Biotech: MDR, IVDR, EMA

Liability & Responsibility for AI-Driven Systems

Compliance in Practice: From Risk Assessment to CE Marking

Country-Specific AI Regulation & Enforcement

How EU AI Law Is Applied at National Level

Different Compliance Models

National AI Sandboxes & Regulatory Experiments

Public Sector AI Rules Across Europe

Cross-Border AI Deployment Challenges

When National Law Overrides EU Guidance

Legal Cases, Enforcement & Real-World Precedents

AI Act, GDPR & Algorithmic Decision-Making Cases

Liability Disputes Involving Automated Systems

Robotics Accidents & Legal Responsibility

Medical & Biotech AI Failures: Lessons Learned

What Enforcement Trends Tell Us About Future Regulation