This regulation ensures that whoever sells the software to the consumer is responsible, and that's the way it should be. The creator of a library doesn't know how his library will be used in the wild, he can't anticipate all possible problems, the product maker can. It is the product maker's responsibility to integrate external components properly, having validated that they are up to standard.
If you're a manufacturer, you can't just pick components at random and then say it's not your fault if your product doesn't work. That's why manufacturers have whole teams of people working to ensure that what they receive from a supplier is up to spec.
1 - This regulation only concerns commercial activity. So you could only sue the company I work for, and only if you've bought their products. Also by definition that excludes my personal projects.
2 - You can only sue for defects (in this legal context it means unsafe to use) or damage (physical or material). You can't sue for simple bugs.
These kinds of liabilities already exist for all the objects in your life and yet you don't spend your time suing people every time something does not work as expected I imagine
Hypothetical:
I write a nifty alarm clock app. To cover some costs I charge a nominal fee. Some unknown condition occurs a user misses a flight and loses their job.
According to your position I should be sued.
Why should I be held liable?
Daniel Stenberg has a blog post somewhere about all the hate mail he gets over the fact that curl is bundled in some software. You don't think some litigious person won't attempt to go after him over it?
My family has personally impacted by a dumb lawyer trying to subpoena information incorrectly. Dealing with this was 7k in lawyer fees, covered by an insurance policy. Technically he could legally held for this terrible usage of the courts but it would have been an even bigger mess.
This is about the EU, not the US.
As someone who used to practice law in the EU before moving into software development, I can tell you that your hypothetical will never lead to a suit nor judgment in the EU, nor is your personal experience concerning a subpoena a thing that happens in the EU, if only because the concept of discovery doesn’t exist in civil law systems.
To put it differently and respectfully, you’re applying your knowledge of and experience with the US legal system to a completely different legal system that rarely produces outcomes similar to those in the US system.
Even the order of magnitude of judgments is leagues apart.
€1m judgments lead to coverage in legal outlets there if not regular mainstream media. In contrast, in the US, that money is thrown across the table to make an unviable but annoying class action disappear just because it’s cheaper than litigating it.
I’m bringing that up because, even in the unlikely instance of your hypothetical leading to a case that makes it to a hearing in the EU, the judgment against you will be close to, if not outright be, the nominal fee you charged the user (+ court fees) due to how the chain of causation works in the EU. The connection with losing your job is just too remote for any judge to consider liability.
Even if this would be about a car breaking down on the way to work, which already has strict liability under the current PLD, loss of job is just not going to be part of the equation, ever.
As you said reaction is based on my personal experience in the US. However at times the US does pickup ideas and concepts from the EU, specifically California.