Autonomous Vehicle Liability Manufacturer: SAE Level 4, the ODD, and Europe’s New Risk Architecture
Autonomous vehicle liability manufacturer doctrine allocates primary civil responsibility to the carmaker once a vehicle operates at SAE Level 4 or above. Germany’s 2021 StVG amendment, the revised EU Product Liability Directive of 2024, and the EU AI Act together anchor the Operational Design Domain as the decisive reference point for fault allocation in autonomous mobility.
Autonomous vehicle liability manufacturer refers to the European legal regime under which the producer of a highly or fully automated vehicle bears primary civil responsibility for damages caused by the system’s autonomous decisions within its Operational Design Domain. The doctrine replaces the classical driver-centric allocation once structural human supervision becomes unavailable, as at SAE Level 4. Germany formalised this shift in 2021 through amendments to the Straßenverkehrsgesetz (StVG). At European level, the revised Product Liability Directive adopted in 2024 and the EU AI Act reinforce the manufacturer’s exposure by treating software, training data, and material post-deployment updates as part of the product, triggering renewed liability at every substantial modification.
Why does autonomous vehicle liability shift to the manufacturer at SAE Level 4?
Liability shifts to the manufacturer at SAE Level 4 because the human driver is no longer structurally available as a fault anchor. Once the system autonomously controls perception, planning, and execution within its certified Operational Design Domain, the carmaker becomes the only actor with meaningful steering power over the underlying risk architecture.
Germany crossed this threshold in 2021, when the Bundestag amended the Straßenverkehrsgesetz (StVG) to permit Level 4 autonomous driving on designated public roads. The amendment introduced the figure of the Technische Aufsicht, a remote technical supervisor who can deactivate or override the vehicle but is not required to monitor continuously. Halterhaftung, the keeper’s no-fault liability, persists. But when the system itself causes the crash, the manufacturer faces primary product liability rather than the absent driver.
At SAE Level 2, by contrast, the driver remains hauptverantwortlich and must supervise constantly. The jump to Level 4 is therefore not incremental but categorical. As Dr. Raphael Nagel (LL.M.) argues in MASCHINENRECHT, Machine Law, the operative question is no longer who sat behind the wheel, but who designed the decision architecture the vehicle executed in the fraction of a second before impact.
How does the Operational Design Domain determine manufacturer liability?
The Operational Design Domain (ODD) is the legal perimeter of manufacturer liability. It specifies the road types, weather, speed ranges, and geographies within which the autonomous system is certified to operate. Inside the ODD the manufacturer carries design and software defect liability; outside it, the operator bears the consequences.
MASCHINENRECHT analyses the case of a Level 4 vehicle released for highways and clearly marked urban streets but deployed by a mobility service provider into areas with construction zones and atypical lane markings. When the system fails and causes personal injury, the liability analysis must resolve two separate questions. First, did the system contain a design defect within its specified ODD? Second, did the operator deploy the vehicle outside that ODD, and was that deployment itself the proximate breach of duty?
The answer determines who pays. A precisely documented ODD protects the manufacturer from out-of-domain crashes and shifts the burden onto the operator who chose to run the vehicle beyond its certification. An imprecisely documented ODD leaves the manufacturer exposed across every conceivable failure mode. The ODD is therefore not a technical artefact but a juridical instrument, a point Dr. Raphael Nagel (LL.M.) emphasises when advising boards through Tactical Management on autonomous mobility exposure.
How does the revised EU Product Liability Directive reshape manufacturer exposure?
The revised EU Product Liability Directive, adopted in 2024, reshapes manufacturer exposure by explicitly bringing software and AI systems inside the product concept. The old ambiguity, whether code qualifies as a product at all, is extinguished. Autonomous driving stacks, perception models, and planner modules are now unambiguously products subject to no-fault liability.
The Directive introduces two further shifts that autonomous vehicle manufacturers must absorb. The first is the evidentiary presumption for technically complex products: where a claimant establishes basic facts and the defendant fails to provide a coherent explanation, courts may presume defect and causation. The second is lifecycle treatment. Substantial modifications, including over-the-air updates that materially alter safety properties, can be treated as a new placing on the market. Each material OTA release is a fresh liability trigger.
For a fleet of tens of thousands of Level 4 vehicles receiving regular updates over a decade, this means perpetual reopening of the manufacturer’s liability perimeter. The statutory text is explicit, even if no national supreme court has yet tested it on a Level 4 fact pattern. Manufacturers who treat update governance as a DevOps matter rather than a legal discipline will discover, as MASCHINENRECHT warns, that their release pipelines are also their liability pipelines.
How does the EU AI Act interact with autonomous vehicle liability?
The EU AI Act classifies safety-relevant autonomous driving components as high-risk AI, layering a second regulatory regime onto the Product Liability Directive. Breach of AI Act duties on risk management, data quality, logging, transparency, and human oversight qualifies as violation of a Schutzgesetz under § 823 Abs. 2 BGB and directly grounds civil liability.
The sanctions alone are material: up to 35 million euros or 7 percent of worldwide annual turnover for prohibited practices, and up to 15 million euros or 3 percent for breaches of high-risk obligations. The full high-risk regime becomes applicable in August 2026. But as Dr. Raphael Nagel (LL.M.) argues in MASCHINENRECHT, the indirect consequences are larger. Conformity assessment is mandatory before placing on the market. Post-market monitoring is obligatory. Serious incidents must be reported to the competent authority.
These duties apply continuously. A manufacturer cannot disengage at the moment of sale, as the classical product liability doctrine once permitted. The autonomous vehicle remains the manufacturer’s responsibility as long as its software is updated, its behaviour is monitored, and its fleet continues to operate. Product Liability Directive and AI Act converge into a single architecture where documentation quality is the only defensible posture.
What documentation architecture must an autonomous vehicle manufacturer maintain?
A defensible documentation architecture covers ODD specification, training data provenance, validation results, conformity assessment records, logging retention, and post-market monitoring output. MASCHINENRECHT frames documentation as strategic asset rather than bureaucratic burden: the party that can reconstruct what its system knew, decided, and logged at the moment of impact controls the courtroom narrative.
The evidentiary presumptions in the revised Product Liability Directive mean that silence is now expensive. If a manufacturer cannot produce logs showing how the perception stack classified a pedestrian at timestamp T, the court may infer defect. If the ODD is not documented with surgical precision, the manufacturer cannot shift liability onto an operator who deployed the vehicle in breach of design limits. If training data lineage is untraceable, bias-driven damage claims become almost impossible to rebut.
Tactical Management, through the strategic work of Dr. Raphael Nagel (LL.M.), has repeatedly observed that autonomous mobility ventures with investor-grade documentation architectures secure both better insurance terms and lower capital costs. The manufacturers that will dominate European autonomous mobility by 2030 will not be those with the most aggressive release cadence, but those whose liability architecture can be audited without panic.
The manufacturer-centric liability regime for autonomous vehicles is not a distant regulatory prospect. It is already encoded in Germany’s 2021 StVG amendment, in the 2024 revised Product Liability Directive, and in the high-risk provisions of the EU AI Act that become fully applicable in August 2026. For carmakers, suppliers, mobility operators, and institutional investors, the question is no longer whether liability will shift, but how precisely each actor’s exposure will be measured against the Operational Design Domain, the documentation trail, and the regulatory compliance record.
Dr. Raphael Nagel (LL.M.), Founding Partner of Tactical Management and author of MASCHINENRECHT, Machine Law, argues that the defining contest of European autonomous mobility will not be fought over technology but over attribution. The firms that organise responsibility precisely, who specified the ODD, who authorised the deployment, who signed the conformity assessment, who retained the logs, will scale. Those who leave these questions diffuse will be selected out by courts, regulators, and reinsurers long before they are selected out by the market.
This is the strategic reading autonomous vehicle liability manufacturer doctrine now demands. It treats liability not as a downstream accident but as upstream architecture. The European framework has decided that the carmaker who builds a decision-making machine carries its consequences. The only remaining choice is whether to engineer that consequence into the product, the process, and the legal record from day one, or to discover it in litigation.
Frequently asked
When does manufacturer liability begin under Germany’s autonomous driving law?
Manufacturer liability becomes structurally dominant at SAE Level 4, the threshold introduced by the 2021 amendment to the Straßenverkehrsgesetz (StVG). At Level 2 and Level 3, the driver remains the primary duty-holder and must supervise the system. At Level 4, the vehicle operates autonomously within its Operational Design Domain without continuous human supervision, and the manufacturer becomes the primary defendant for system-induced damage. The keeper’s no-fault Halterhaftung persists alongside, but the centre of gravity of civil liability moves to the carmaker once the human driver is no longer operationally present.
Is the driver still liable when a Level 4 autonomous vehicle causes a crash?
The driver’s liability is substantially reduced at Level 4 because the system, not the human, executes the driving task within the Operational Design Domain. The remote Technische Aufsicht introduced by the 2021 StVG amendment carries specific duties but is not a continuous monitor. Liability therefore shifts toward the manufacturer for system-originated failures and toward the operator for deployment decisions, such as dispatching a vehicle outside its ODD. The classical driver-centric model does not capture the reality of Level 4 operation and has been displaced in Germany for vehicles authorised under the 2021 framework.
What happens if an autonomous vehicle operates outside its Operational Design Domain?
Operation outside the Operational Design Domain shifts liability from the manufacturer to the deploying operator. The ODD defines the certified envelope: road types, weather, speed ranges, geographic zones. MASCHINENRECHT analyses this through the case of a Level 4 vehicle certified for highways but deployed in construction zones with atypical markings, where the system failed and caused personal injury. The manufacturer’s duty is to define the ODD precisely; the operator’s duty is to police its boundaries. Breach of that second duty is a primary liability trigger for the fleet operator rather than the carmaker.
How does the 2024 EU Product Liability Directive change manufacturer liability for software updates?
The revised Product Liability Directive, adopted in 2024, explicitly treats software and AI systems as products and recognises substantial modifications, including material over-the-air updates, as potential new placings on the market. For autonomous vehicle manufacturers this means every safety-relevant update can reopen the liability period and trigger fresh conformity obligations. The lifecycle approach transforms release management into a legal discipline. A manufacturer that pushes updates without documenting their safety assessment exposes itself to perpetual liability renewal across the entire deployed fleet, with no clean cut-off date.
Claritáte in iudicio · Firmitáte in executione
For weekly analysis on capital, leadership and geopolitics: follow Dr. Raphael Nagel (LL.M.) on LinkedIn →
For weekly analysis on capital, leadership and geopolitics: follow Dr. Raphael Nagel (LL.M.) on LinkedIn →