Security Robot Liability: Guide for Plant Managers

Anyone who sends an autonomous patrol robot across a plant site carries responsibility for every movement, every image and every false signal. The legal position has become clearer in 2025. Insurance coverage has not. This text orders liability, insurance and documentation for plant managers and insurance officers in industrial companies.

Security robot liability: the starting position

Autonomous patrol robots are machines within the meaning of the new EU Machinery Regulation. From January 2027, the requirements of Regulation (EU) 2023/1230 apply bindingly, with extended risk assessment for autonomous functions and AI components. Anyone procuring today already procures under this regime.

Civil liability is split in two. The operator is primarily liable under §823 BGB for damage that the deployed device causes to third parties. The manufacturer is liable in parallel under the Product Liability Act for design, manufacturing and instruction defects. For classical machines this separation works. For autonomous systems mixed responsibility arises: did the robot decide wrongly, or did the operator deploy the system wrongly? Exactly this question produces coverage gaps in classical policies.

In the Quarero RaaS model, keeper liability and product liability remain contractually with the manufacturer. The operator carries operational responsibility within documented deployment limits. More in the section on the RaaS model without CapEx.

Legal framework: Machinery Regulation, ProdHaftG, ISO 13482

The EU Machinery Regulation 2023/1230 replaces the old Machinery Directive 2006/42/EC. For autonomous systems it requires an extended risk assessment that captures learning behaviour and software changes. Without a documented risk assessment, no CE declaration of conformity is possible.

EN ISO 13482 governs safety requirements for personal care and service robots. Mobile patrol robots do not fall directly within the scope, but the standard is applied by analogy in practice because no specific norm for autonomous security robots exists. Test bodies such as TÜV and DEKRA work on this basis.

The ProdHaftG is strict liability, not fault liability. The manufacturer is liable up to 85 million euros per loss event for personal injury, regardless of fault. The new EU Product Liability Directive from 2024 explicitly extends the product concept to software, software updates and AI-driven decisions. This is relevant: many standard policies do not yet reflect this extension because they reference the old product concept of Directive 85/374/EEC. Insurance officers should have their policies reviewed against the new definition.

The operator must keep CE declaration of conformity, risk assessment and maintenance records on file. If one of these documents is missing, the burden of proof flips in the event of a claim.

Next step: review the KRITIS requirements overview for relevant detection and documentation duties.

Typical loss scenarios in perimeter deployment

Five scenarios dominate practice.

Collision with plant traffic. Property damage ranges between 5,000 and 50,000 euros per event. The general liability policy usually only settles if the robot was documented as operated and maintained. Without a deployment log, coverage is frequently denied.

Personal injury caused by robot movement. Keeper liability under §7 StVG does not apply because the robot is not a motor vehicle. General tort law under §823 BGB applies. The injured party must prove fault, which is difficult with autonomous systems and in practice leads to a reversal of the burden of proof.

False alarm with police deployment. Cost recovery is governed by the police cost ordinances of the federal states. In Bavaria and Baden-Württemberg, four-digit amounts per deployment apply for repeated false alarms.

Data protection violation through the camera system. For GDPR breaches, fines of up to 4 percent of group turnover apply. The competent supervisory authorities mainly check the data protection impact assessment under Art. 35 GDPR.

Cyberattack on the robot fleet. From October 2024, NIS-2 applies with reporting obligation within 24 hours and personal board liability. Anyone who delays the incident risks fines and individual claims against members of management. Details in our article on NIS-2 board liability 2026.

Coverage gaps in classical general liability policies

The general liability policy (BHV) of German industrial insurers excludes autonomous systems in many sets of conditions explicitly, or requires a special agreement with separate risk assessment. Plant managers who want to insure a robot via the existing policy regularly hit this proviso.

Machinery breakdown insurance covers the robot itself against breakage, operating errors and internal damage. It does not cover third-party damage. Anyone trying to report personal injury via the machinery breakdown policy is turned away.

Cyber policies cover data breaches, extortion and business interruption from IT incidents. They usually do not cover physical consequential damage from a manipulated robot. If the patrol unit is steered into an employee through a cyberattack, the personal injury falls under the BHV, not the cyber policy. The interface is legally unclear.

D&O policies protect board members for breaches of duty, but only to a limited extent. For NIS-2 violations with gross negligence, coverage is reduced significantly. A documented compliance process is a precondition for claims.

Practical note: before any robotics rollout, check three points. Sum insured per loss event, deductible per incident, and exclusion clauses for autonomous or AI-supported systems. Get the answers in writing.

The Quarero RaaS liability model

Quarero remains civil-law owner of the deployed units QR-1, QR-2 and QR-3. This is the legal basis for the liability model. Ownership means keeper status. Keeper status means keeper liability.

Specifically, three liability positions remain with the manufacturer. First, product liability under ProdHaftG and the new EU Product Liability Directive 2024, including software updates and AI decisions. Second, keeper liability for the general operating condition. Third, maintenance liability for regular inspection and software care by Quarero Field Service.

The operator therefore does not need an extended BHV. What he needs are documented deployment limits: defined patrol routes, defined escalation paths, defined intervention rights for control room personnel. These deployment limits are part of the Service Level Agreement.

The SLA defines response times, availability, maintenance intervals and claims handling in writing. In loss events, the initial report runs via the Quarero hotline, the loss assessment is carried out jointly, and settlement towards third parties is handled by Quarero under its own product liability coverage.

Pilot operation starts within 48 hours. No CapEx burden, no additional insurance premium on the operator side. Enquiry via request pilot operation.

Documentation duties for the operator

Even in the RaaS model the operator carries documentation duties. Five documents are mandatory.

Deployment log per shift. Routes, anomalies, manual interventions, handovers. Captured automatically in the system, but must be countersigned by the control room.

Maintenance record quarterly. Prepared by Quarero Field Service, countersigned and archived by the operator.

Risk assessment under EU Regulation 2023/1230 before initial commissioning. Quarero supplies the base document, the operator adds site-specific risks (plant traffic, public traffic, ATEX zones).

Data protection impact assessment under Art. 35 GDPR. Required when cameras are used, applies to QR-1, QR-2 and QR-3. The operational data protection officer is to be involved.

Training records for operational intervention staff and control room personnel. Anyone who stops or operates the robot manually in an emergency must be trained. Quarero provides training material, the operator documents participation.

These five documents withstand review by the trade association, the supervisory authority or the insurer. If one is missing, the burden of proof flips in the event of a claim.

Next step: request training materials via request pilot operation.

KRITIS special case: elevated requirements

For KRITIS operators, requirements tighten. They are additionally subject to the BSI Act and the BSI-KritisV, which defines sectors and thresholds. The reporting obligation for IT security incidents is tightened, the evidence obligations towards the BSI are higher quantitatively and qualitatively.

NIS-2 extends board liability from October 2024 to physical security measures. This is new: NIS-1 focused almost exclusively on IT security. With NIS-2, perimeter surveillance, access control and physical detection fall within the responsibility of management. Anyone with gaps here risks personal liability.

The planned KRITIS Umbrella Act (KRITIS-Dachgesetz), documented in Bundestag-Drucksache 20/9262, requires demonstrable physical and organisational resilience measures. Robotics counts as a recognised measure because it delivers 24/7 detection without shift gaps.

The QR-3 with LiDAR and drone detection meets the elevated detection requirements for KRITIS perimeters. Details under QR-3 for KRITIS perimeters. The liability documentation must withstand a BBK review, meaning: deployment logs, maintenance records and training documents must be retrievable at any time.

Decision matrix for plant managers

Three procurement models, three liability allocations.

Purchase of a robot. The operator becomes owner and carries full keeper and product use liability. The manufacturer's product liability remains, but is limited to design and manufacturing defects. Maintenance errors, operating errors and software updates lie with the operator. CapEx ranges between 80,000 and 180,000 euros per unit.

Classical leasing. Keeper liability with the lessee, because the lessee uses and deploys the robot commercially. Product liability with the manufacturer. Insurance is taken out by the lessee, monthly rate plus insurance premium. Maintenance is commissioned separately.

RaaS Quarero. Manufacturer carries keeper and product liability. Operator only carries operational responsibility within documented deployment limits. Maintenance and software care included in the service price. No separate insurance required, because Quarero settles under its own product liability coverage.

TCO comparison. A QR-2 costs 3,500 euros per month in the RaaS model, all inclusive. A 24/7 guard post costs between 15,000 and 25,000 euros per month depending on tariff area and Manteltarifvertrag, without holiday and sickness cover. Details in the TCO comparison guard service and robotics. The QR-2 for 24/7 outdoor deployment does not replace the Posten, it takes over routine patrols and relieves the Streife for qualified tasks.

Before contract signing: request the written liability clause and the full SLA. Have the clause reviewed by legal and insurance. Compare the sum insured of the Quarero product liability cover with your own risk profile. At KRITIS sites, additional coordination with the CISO is required.

Plant managers who want liability clarity before procurement start with pilot operation under the RaaS model without CapEx. The legal review runs in parallel with operation, the risk remains with the manufacturer during the pilot phase.