New guidance on the General Product Safety Regulation: a snapshot of key clarifications

The European Commission has finally published long-awaited guidance on the application of the EU General Product Safety Regulation (the GPSR) which came into effect on 13 December 2024 replacing the General Product Safety Directive. 

The new GPSR is directly applicable in all EU Member States (including Northern Ireland). This means it does not have to be transposed into national law. The new rules complement other EU sector specific safety legislation, such as the rules on medical devices, toys, electronics and machinery and updates the product safety regime to cater for emerging technologies such as AI systems and IoT devices, circular economy practices, and the globalisation of supply chains. The aim of the GPSR is to eliminate dangerous products from the market and provide an adequate remedy for the consumer. Businesses that do not comply with their obligations under the GPSR can be subject to fines. Our article here sets out further details on the GPSR. The guidance, which can be found here, provides welcome clarification on certain aspects of the GSPR relating to scope, technical documentation and recalls and also contains helpful compliance checklists for businesses.

A summary of the key points of clarification contained in the guidance is set out below.

Clarifications to definitions

• Meaning of 'product': the guidance makes clear that the definition of 'product' under the GPSR is wide enough to cover 'any item', regardless of whether it is physical, digital (including apps, software and chatbots) or a combination of both (see section 2.1, page 7). This broad definition is designed to be future proof, ensuring the GPSR can apply to new, innovative types of products that may emerge.
• Meaning and effect of 'substantial modification': the guidance emphasises that 'substantial modifications' would include any changes to a product by physical or digital means that affects its nature and characteristics in a way not foreseen in the initial risk assessment (see section 3.4.4, page 49). The person carrying out a substantial modification is considered the manufacturer, but only in respect to the modified part of the product (provided the modification does not affect the product as a whole). The guidance also clarifies that where an entity rebrands products and places them on the market under their name, they are considered a manufacturer of that product and bear the associated responsibilities. 
• Meaning of 'provider of an online marketplace': the guidance makes clear that a provider of an online marketplace means a provider of an intermediary service who uses an online interface which allows consumers to conclude distance contracts with traders for the sale of products. These businesses only provide online intermediation services for a given product and are generally established under the Digital Services Act (DSA). The obligations for these businesses linked to product safety under the GPSR compliment and further specify some of their obligations under the DSA.  Best practice contained in the guidance includes (1) online marketplaces joining relevant Memorandums of Understanding such as the Product Safety Pledge and (2) checking products with the Safety Gate Portal before listing them on their marketplace.  
• Meaning of 'responsible person': a product covered by the GPSR cannot be placed on the market without an economic operator established in the EU, known as the 'responsible person'. The responsible person can be any of (a) a manufacturer established in the EU, (b) an importer, if the manufacturer is not established in the EU, (c) an authorised representative, or (d) a fulfilment service provider established in the EU if no other economic operator is established in the EU. 
• Meaning of 'health' and risks to mental health: the guidance also clarifies that the definition of 'health' includes risks to mental health (section 1.2, page 5) and as such, the risk of products that either impact consumers' cognitive abilities, result in poor sleep quality, cause depression or cause anxiety must be considered in assessing the overall safety of a product. This will be particularly relevant to in-scope digital products, gaming devices and products that have potentially addictive design features. This also correlates with the expanded definition of damage in the EU's revised Product Liability Directive which includes medically recognised damage to psychological health. 

Relationship with EU harmonisation legislation

The guidance explains that where products are subject to other specific EU law provisions with the same objective, the GPSR will apply only to the extent that any elements of the product and risks are not addressed by that sector-specific legislation, effectively acting as a 'safety net'. The guidance provides the following helpful examples (see section 2.2, page 9):

• Childcare articles, gymnastic equipment and furniture are fully subject to the GPSR (as no sector-specific regulations apply).
• Low voltage devices would be subject to the GPSR to the extent there are new technology-related aspects, such as self-learning capabilities, where they are not covered by the sector-specific EU Low Voltage Directive.
• AI products would be subject to the GPSR to the extent they are low risk, and would therefore not be covered by the EU AI Act (which applies to high-risk products). 

As a result, careful analysis is required to identify which aspects of products may fall under sector-specific legislation, and which may fall under the broader 'safety net' of the GPSR, particularly where a product has innovative features that may not be contemplated by existing sector-specific legislation. 

Additional guidance for risk assessments

• Individual characteristics: the guidance explains that a holistic approach to product safety assessments should be completed, including consideration of vulnerable individuals, gender and body size (section 3.1.1, page 13). Risk assessments should therefore consider a broad range of individual characteristics to ensure product safety, particularly in relation to wearable products, safety equipment and ergonomic devices. 
• Ongoing cybersecurity features: the guidance underscores that businesses may need to take into account the cybersecurity features necessary to protect the product against external influences and evolving, learning and predictive functionalities (section 3.1.1, page 13). As such, low-risk machine-learning and AI products will require specific risk assessments as to how evolving functionalities may create new safety risks over time. 

Product information and documents 

• Product information: the guidance emphasises that information required when placing a product on the market must be easily seen and read by consumers and be placed either on the product, or on its packaging or a document accompanying the product if that is not possible (section 3.1.1, page 16). The guidance clarifies that in principle, only the size of the product (for example, in the case of a very small product) would justify moving the required information to a product's packaging. The guidance also explains that the electronic address of the responsible person may be an email address or a website contact page, with an easily accessible contact form (section 3.1.1, page 16).
• Technical documents: the guidance explains that technical documents are required for each product model, rather than individual units, unless those units have different features that impact their safety (such as based on having different composition or different functionalities) (section 3.1.1, page 14). In addition, the guidance clarifies that technical documents should be proportionate to the complexity of the product and the potential risks identified during the internal risk analysis. A model (non-compulsory) template for technical documents is provided in the guidance (section 3.1.1, page 15).  
• Loyalty programmes: the guidance confirms that where businesses have registration schemes or customer loyalty programmes in place, and these are a means to identify customers affected by a product safety recall, they must allow consumers to choose to join for safety-related purposes (such as product recalls and safety warnings) only and not any other purpose such as marketing (section 3.1.1, page 17). Customers should therefore have the possibility to provide their contact details only to receive safety information and not for marketing purposes. 

Product recalls and reporting

• Accessibility requirements: the guidance emphasises that product recall information must be accessible to persons with disabilities. When a recall notice is shared online, it should take into account best practices for web accessibility (section 3.4.1, page 45). If important information about the recalled product is contained in a picture, this should also be spelled out in order to be machine-readable. 
• Choice of remedies in product recalls: the guidance highlights that where there is a product recall, consumers must generally be offered a choice of at least two of: (i) repair of the product, (ii) replacement of the product (of the same type, value and quality) or (iii) a refund (section 3.4.2, page 46). However, offering one remedy is permitted where the other remedies would be impossible or offer disproportionate cost, for example, where a product is damaged beyond repair and no replacements of the same type, value and quality are available, a refund alone may be permissible. The guidance underscores that all remedies should be effective, cost free and timely (section 3.4.2, page 46). 
• Practical guidance for using the Safety Business Gateway: the guidance explains that to submit a notification via the Safety Business Gateway, businesses must create an EU Login account or log into an existing EU login account, then encode information to identify the product, detail the product risk or accident, and indicate information about the supply chain (section 3.4.3, page 48). Businesses can then submit information meant to alert consumers through the Safety Business Gateway. The relevant national authority will inspect the submitted information and, if it fulfils the criteria, will create a notification in the Safety Gate Rapid Alert System. However, please note that this does not replace the obligation to directly reach out to consumers and disseminate information widely. 

If you need help navigating the EU's new product safety regime for consumer products, please contact our Product Liability and Product Safety team.