Guide
EU GPSR 2023/988: The New Safety Net for Every Non-Harmonised Consumer Product
Regulation (EU) 2023/988 — the General Product Safety Regulation (GPSR) — applies since 13 December 2024 and replaces the General Product Safety Directive 2001/95/EC. It is the EU's safety net regime for every consumer product NOT covered by sector-specific harmonised legislation (toys, cosmetics, medical devices, machinery, RED, etc., remain under their own directives/regulations). GPSR introduced the EU 'responsible economic operator' requirement, mandatory risk assessment, technical documentation, the Safety Business Gateway for incident reporting, and independent obligations on online marketplaces under Article 22. Non-EU brands selling into the EU directly or via marketplaces are the population most affected. This guide is written for QA, regulatory and compliance leads at non-EU consumer-goods brands, EU importers and online marketplace sellers.
Start free trial Free trial, no credit card, onboard in days, not months.
Article 4: the responsible economic operator block
Article 4 of GPSR 2023/988 (read with Regulation (EU) 2019/1020 on market surveillance) requires every product placed on the EU market to have a responsible economic operator established in the EU: the manufacturer (if EU-based), an importer, an authorised representative under written mandate, or a fulfilment service provider where no other operator exists. The operator's name, registered trade name or trade mark, and contact details (postal and electronic) must be on the product, on its packaging, on the parcel or in an accompanying document. Without this block, the product cannot lawfully be placed on the EU market; marketplaces (Amazon, eBay, Etsy, AliExpress) have been delisting non-compliant SKUs in waves since December 2024. The single recurring failure is a non-EU brand assuming an EU distributor counts — a distributor is not by default a responsible operator.
Article 9: technical documentation and risk assessment
Article 9 requires the manufacturer to perform a risk assessment and prepare technical documentation for every product, including: a general description, essential design and manufacturing data, list of harmonised standards or other technical specifications applied, results of risk analysis and any tests carried out, and a description of how the product meets the general safety requirement of Article 5. The technical documentation must be retained for ten years after placement on the market and produced to a market surveillance authority on request. The risk assessment must cover reasonably foreseeable use, vulnerable consumers (children, elderly, disabled), interaction with other products, and cybersecurity for connected products. Audit findings cluster where a manufacturer has a CE-marked technical file under another directive but no GPSR-specific risk assessment for the non-harmonised aspects.
Article 5: the general safety requirement
Article 5 prohibits placing on the EU market any product that is not 'safe' — meaning, under normal or reasonably foreseeable conditions of use, it presents no risk or only the minimum risks compatible with the product's use considered acceptable and consistent with a high level of protection of consumer health and safety. Conformity with harmonised standards listed in the Official Journal gives presumption of conformity. Where no harmonised standard exists, the manufacturer must demonstrate conformity through other means: international standards (ISO, IEC), Commission recommendations, national standards of the Member State where placed, codes of good practice, or the state of the art. The recurring failure is treating Article 5 as 'if it passed at the lab, it's safe' — the regulation expects a documented chain from intended use to identified hazards to mitigation to residual risk.
Article 20: incident reporting via the Safety Business Gateway
Article 20 requires economic operators (manufacturer, importer, distributor) to inform market surveillance authorities via the Safety Business Gateway when they become aware that a product they placed on the market has caused an accident. Reportable accidents include death and serious injury (treatment in hospital, lasting consequence). Reporting is required without undue delay and at the latest within two working days of knowledge. The Safety Gate portal (formerly RAPEX) lists weekly notifications of dangerous consumer products withdrawn or recalled across the EU; Safety Gate appearance is the leading indicator of retailer delisting and class-action exposure. Cross-border coordination is automatic — a notification in one Member State propagates to all 27 within hours.
Article 22: online marketplace duties
Article 22 places independent obligations on online marketplaces under GPSR, building on the Digital Services Act framework. Marketplaces must: cooperate with market surveillance authorities, register on Safety Gate as a single point of contact, design their interfaces so traders can comply with Article 4 (responsible operator block) and Article 19 (consumer information), and act on Safety Gate notifications by removing or restricting content within two working days. Major marketplaces (Amazon, eBay, Etsy, AliExpress, Wayfair) have rolled out 'EU responsible person' enforcement throughout 2025 and continue to delist SKUs without a valid EU operator. Non-EU brands selling via marketplaces remain manufacturers and carry their own GPSR obligations — the marketplace is not a substitute for the responsible operator.
A 60-day GPSR readiness path
Days 1–10: responsible economic operator audit for every SKU placed on the EU market; appoint EU authorised representatives or fulfilment service providers where needed. Days 11–30: technical documentation reconstructability test for the top 30 SKUs; complete Article 9 risk assessments where the legacy GPSD file is thin. Days 31–45: Safety Business Gateway access setup, Article 20 reporting procedure, marketplace responsible-operator block refresh across Amazon EU and other channels. Days 46–60: incident drill against the two-working-day clock; freeze baseline for the next market surveillance sweep.
Where this lives in V5 Ultimate
The clauses above aren't theoretical — every one maps to a shipped module and an industry profile. Jump to the parts of the product that turn this guide into evidence on a Monday morning.
Modules that do the work
Industries this hits hardest
Frequently asked
We sell from the US to EU consumers via our own website. Who is our responsible operator?
If you have no EU establishment, you need to appoint an EU authorised representative under a written mandate (Article 4(1)(c)) or rely on an EU fulfilment service provider acting in that role (Article 4(1)(d)). The mandate must cover, at minimum, holding the EU Declaration of Conformity / technical file and acting as the point of contact for market surveillance authorities. The representative's name and contact must appear on the product or packaging. Specialist EU rep services have proliferated since GPSR entered force; due diligence on their EU establishment and insurance is essential.
Does GPSR apply to products already covered by another EU regulation, like the Toy Safety Directive?
GPSR is the safety net — it applies in full to non-harmonised products and to the safety aspects of harmonised products not covered by the sector legislation. A toy under Directive 2009/48/EC is governed by the directive for safety, but GPSR's Article 4 (responsible operator), Article 22 (marketplace duties) and the post-market provisions still bite where they fill a gap. The practical result: GPSR raises the floor for every product, harmonised or not.
How does GPSR interact with the Digital Services Act (DSA) for marketplaces?
DSA sets horizontal duties on online intermediaries (notice-and-action, transparency, traceability of traders). GPSR Article 22 adds product-safety-specific duties on top: Safety Gate registration, single point of contact, interface design enabling Article 4 compliance, and action on Safety Gate notifications within two working days. Marketplaces operate under both — the DSA framework and GPSR's product-safety overlay. Brands selling on marketplaces should expect both DSA-driven trader verification and GPSR-driven responsible-operator enforcement.
Is there a transitional period for products placed on the market before 13 December 2024?
Article 51 sets the application date as 13 December 2024. Products lawfully placed on the EU market before that date under GPSD 2001/95/EC may continue to be made available — but new placements from 13 December 2024 onward must comply with GPSR 2023/988 in full. There is no general sell-through for the responsible operator block on goods entering the EU after the application date; importers and marketplaces have applied GPSR to all new placements since.
See it on your shop floor.
Free trial, no credit card, onboard in days, not months.
Related reading
Spot something off? .