.webp)
.webp)
.jpg?width=300&name=ND%20REGULATION_General%20Product%20Safety%20Regulation%20(GSPR).jpg)
General Product Safety Regulation (GPSR)
What every business selling in the EU needs to know about the regulation reshaping product safety and how to turn compliance into competitive advantage.
This regulation is more than a compliance update; it is a strategic reset for the digital age and a major shift in EU consumer protection law. It directly addresses risks from connected devices, new technologies, and online sales channels, demanding greater accountability from every economic operator (including non-eu manufacturers selling into the EU). Businesses must understand the regulation’s structure, provisions, conditions and scope. This is the first step to turning compliance into a competitive advantage. It also lays the foundation for sustained growth.
Figure 1: From adoption to enforcement — key milestones in the GPSR's regulatory lifecycle, from its adoption in May 2023 through the intensification of enforcement across EU Member States in 2026.
Core Requirements Under the General Product Safety Regulation
The GPSR expands and clarifies the obligations for manufacturer(s), importers, distributors, and now, online marketplaces. Its goal is to ensure a consistent safety net for consumers, regardless of how or where they purchase a product, and to reduce inconsistencies across nations. The regulation’s scope is vast, covering new, used, and refurbished goods, and it introduces several non-negotiable duties for businesses, including product specific obligations and certain obligations linked to traceability, conformity, and recalls.
One of the most significant changes is the requirement for a responsible person based in the EU to be designated for every product. This closes a critical accountability gap, particularly for goods sold from outside the Union. This entity serves as the primary contact for market surveillance authorities and consumers, ensuring a clear line of responsibility, especially under increasingly complex market surveillance rules.
For many organizations, the operational starting point is an internal risk analysis (an internal risk analysis in practice often becomes the backbone of the technical file), supported by a documented assessment that covers foreseeable use, misuse, and evolving digital threats. The GPSR also reinforces attention to specific hazard categories (including dangerous products and, where relevant, food imitating products) that can create heightened risks to consumer health.
| Key Obligation | What Businesses Must Do |
|---|---|
| Risk Assessment & Technical Documentation | Conduct and document a thorough risk analysis (internal risk analysis) before market placement, considering cybersecurity and AI-related risks. This technical file must be maintained for 10 years, supported by appropriate accompanying document(s) where required. |
| Enhanced Traceability | Ensure products and their packaging are clearly labeled with manufacturer and responsible person details, supporting conformity claims. This same information must be displayed on online product listings. |
| Accident Reporting | Report any accidents caused by a product that result in death or serious adverse health effects to the authorities via the central Safety Business Gateway portal. |
| Online Marketplace Duties | Providers must create dedicated channels for authorities, cooperate in removing dangerous products, and ensure sellers can provide the required safety and traceability information to consumers (including swift action on recalls). |
Figure 2: Enforcement is real — a snapshot of the penalty tiers proposed under Italy's 2026 draft decree, ranging from administrative fines for formal violations to criminal sanctions for placing dangerous products on the market.
These duties intersect with other major EU regulations and adjacent legal areas in relation to product governance. For instance, the risk assessments under GPSR must account for the evolving nature of AI, a field also governed by the EU AI Act. This regulatory ecosystem demands a holistic approach to compliance, especially for businesses developing AI embedded in products, and can also touch on competition law considerations (e.g., information-sharing in recalls) depending on the market context.
The 2026 Enforcement Landscape
While the GPSR has been applicable since late 2024, 2026 marks a pivotal year for enforcement. Market surveillance authorities across the EU (and, where relevant, EEC-aligned regimes) are expected to intensify their activities, armed with new powers and the enhanced Safety Gate rapid alert system for sharing information on dangerous products. In addition to the main framework, businesses should monitor Official Journal publications and safeguard actions, as these can affect conformity expectations and enforcement priorities.
Recent developments underscore this trend:
- National Penalties: Member states are actively finalizing their national penalty frameworks. Italy's draft penalty decree, nearing final approval in early 2026, proposes fines up to €150,000 and potential criminal sanctions for the most severe violations 1. Bulgaria likewise amended its Consumer Protection Act in February 2026 to align with the GPSR's enforcement mandates 2.
- Commission Guidance: In late 2025, the European Commission published its official guidelines to clarify key aspects of the regulation, such as the high threshold for accident reporting and the process for creating technical documentation 3.
- Broader enforcement toolbox: Businesses should also anticipate scrutiny related to protected disclosures, coordinated action under Directive 2020/1828, and cross-sector compliance touchpoints (including business alternative dispute resolution pawnbrokers credit intermediaries platform), which can influence how consumer complaints, enforcement signals, and remediation actions (including recalls) are handled.
This clear enforcement trajectory means that a reactive approach to compliance is no longer viable. Businesses must proactively integrate GPSR requirements into their governance and product development lifecycles, ensuring documentation, ad-hoc incident response (ad), and continuous verification/validation practices (cvd) are aligned and auditable. For some organizations, this may also coincide with other regulatory events such as merger notifications that can trigger additional compliance due diligence.
Navigate GPSR Compliance with Confidence
The GPSR reshapes what it means to place a product on the EU market. It demands a new level of diligence, particularly concerning digital risks and supply chain transparency, and it tightens expectations around conformity, accompanying document control, and effective safeguards when risks emerge. While the obligations are significant, they also offer a clear path for building consumer trust and demonstrating a commitment to safety and health. Framing compliance as a strategic investment rather than a cost center is crucial. By embedding these principles into your operations, you not only mitigate risk but also build a resilient, future-ready business. A robust governance model is essential for navigating the complexities of EU regulations shaping AI-embedded products and achieving sustainable market access across nations. At the same time managing practical inconsistencies that can arise in enforcement and interpretation.
Nemko Digital provides expert guidance on AI regulatory compliance, helping organizations translate complex legal frameworks into actionable, evidence-based strategies. We empower you to build trust, ensure safety, and turn governance into a competitive advantage.