When app design becomes a liability: The Kaley v. Meta verdict

The $6 million award signals a new frontier in technology liability, including one with relevance to the EU. Features such as infinite scroll, autoplay, push notifications, and beauty filters were deliberately designed to maximize engagement at the expense of user wellbeing. Meta was held liable for $4.2 million and Google for $1.8 million, including punitive damages. The content on those platforms was never the issue; the architecture was. Snap Inc. and TikTok settled prior to trial. Both defendants have appealed, and the case sits within a broader wave of roughly 1,500 pending U.S. lawsuits raising similar claims.

The verdict carries no legal weight outside the United States. But the theory of liability it rests on (i.e., that a technology provider can be held liable for the harmful effects of its product's design) mirrors recent decisions by the EU Commission in its enforcement of the Digital Services Act (see for example decisions versus TikTok and Meta). Furthermore, and importantly, the liability theory also mirrors the framework embedded in EU Product Liability Directive (EU) 2024/2853, which EU member states must transpose into national law by December 9, 2026. The Directive's scope is deliberately wide. Software, including apps, is treated as a product. The following aspects of the new rules are especially worth noting for companies operating in the digital space:
 

• Mental harm counts. The Directive explicitly recognizes medically documented mental health harm as personal injury under Art. 6(1)(a). A user who becomes clinically addicted to a platform's design features could therefore form the basis of a product liability claim in Europe — the same harm theory that succeeded in California.
   
• Discovery works differently under the Directive. Courts will be able to compel companies to hand over technical documentation, and in certain circumstances the burden of proof shifts in the claimant's favor. Failure to comply can trigger a presumption of defect. The internal studies and communications that proved decisive in Kaley v. Meta are exactly the kind of material that could be ordered disclosed in European proceedings.
   
• Young users cannot be treated as incidental. Under Art. 7(2)(h) and Recital 31, the expected safety of a product must be assessed with reference to its foreseeable user group. Given that children and teenagers are well-established, predictable users of social media and many other apps, companies face a correspondingly heightened standard of care.

The court's approach focusing entirely on product architecture and leaving content and free speech questions to one side is fully compatible with how EU law distinguishes between a product and the information it carries. That same analytical separation could be used to frame claims before national courts. Furthermore, the evidence that moved the jury in Los Angeles included internal research, expert witnesses, and candid internal communications about engagement-driven design. Art. 10 of the Directive creates a mechanism for claimants to access comparable material. Companies should assume that what is written internally about product design decisions may one day be subject to disclosure. Therefore, start the compliance review today. Waiting until the transposition deadline is a risk in itself. Companies developing or distributing apps and software should already be asking which features are designed for or disproportionately used by young people, whether existing risk assessments are adequate, and if internal governance and logging practices reflect the obligations that are coming. These questions apply across the software sector.