The ongoing impact of new technologies and the increasing connectivity of products continues to give rise to new issues and challenges in the area of product safety. The EU’s draft Regulation on General Product Safety (GPSR) seeks to address these emerging issues and challenges. It follows an evaluation of the General Product Safety Directive 2001/95/EC (GPSD) by the European Commission (the Commission) in which deficiencies were identified in the current regulatory framework governing the safety of non-food consumer products.
In addition to challenges relating to traceability, market surveillance and product recalls, new technologies present difficulties, particularly due to the increasing digitalisation of retail and connectivity of electrical and electronic consumer products. The GPSR’s new definition of a ‘product’ to include interconnectivity reflects the profound shift in the scope of products now available to consumers, compared to when the GPSD came into effect almost twenty years ago. Not only does the GPSR seek to address the digital challenges for product safety, it also seeks to address the new safety risks brought about by connected products.
The GPSR also seeks to move from regulating only ‘static’ products that are safe at the time they are placed on the market towards the ‘continued safety’ of products that will be regularly updated and upgraded during the course of their lifespan.
The GPSR provides a new regulatory framework that is consistent with more recent EU legislative and policy goals, such as the EU Circular Economy Action Plan, the EU Digital Services Act, the EU Chemicals Strategy for Sustainability and its proposal for an Artificial Intelligence Act. Additionally, the GPSR will also repeal the current EU Directive on food-imitating products (Directive 87/357/EEC) and integrate its provisions so that they will be enforced in a more harmonised way by the Member States.
Application & scope
The GPSR is proposed to apply to all products defined in Article 3(1) as being “…any item, interconnected or not to other items, supplied or made available, whether for consideration or not, in the course of a commercial activity including in the context of providing a service – which is intended for consumers or can, under reasonably foreseeable conditions, be used by consumers even if not intended for them”.
As the line between goods and services becomes more and more indistinct, the GPSR seeks to revise the existing EU general product ‘safety net’ to account for today’s products, which now regularly contain software features that:
- Can be used to access online services
- Can collect and process personal and non-personal data
- Can be updated remotely after being placed on the market
- Can consist of AI algorithms
- Can communicate with other software installed on third-party products and devices as well as software located in the Cloud
Although previously limited to smartphones, smartwatches and other types of wearable tech, software is now taking up residence in a growing array of consumer products from household appliances to cars and much more. However, when software becomes part of a product, it brings with it a host of safety risks and considerations that need to be actively managed and mitigated.
The GPSR is not proposed to apply to products that are regulated by separate EU legislation, such as medical devices, medicines and food. The definition of ‘product’ is inclusive of second-hand, refurbished, reused and recycled products. The recitals to the GPSR also make clear that specific cybersecurity risks presented by interconnected products should be dealt with in separate, sectoral legislation.
The GPSR proposes to introduce a new and broad legal definition of ‘online marketplace’ to reflect the digitalisation of the retail sector, which will mean “…a provider of an intermediary service using software, including a website, part of a website or an application, operated by or on behalf of a trader, which allows consumers to conclude distance contracts with other traders or consumers for the sale of products covered by [the GPSR]”. Similarly, the GPSR explicitly addresses distance sales separately in Article 4. This is in contrast to the inclusion of online and electronic selling within the scope of recital 7 in the GPSD.
In order to determine whether the GPSR will apply to a particular online transaction, economic operators should take non-exhaustive criteria into account on (i) the use of an official language or currency of the Member States, (ii) the use of a domain name registered in one of the Member States, and (iii) the geographical areas to which the products can be dispatched.
Criteria for assessing product safety
On the issue of safety, where a product conforms to European standards, the GPSR offers a presumption of conformity with the general safety requirements or, in the absence of such standards, to health and safety requirements prescribed by Member State law. Article 6(3) of the GPSR, however, makes clear that such conformity will not prevent market surveillance authorities from taking action where a product is considered dangerous. Where the presumption of conformity does not apply, the determination of whether or not a product is safe involves the assessment of nine detailed criteria:
- The characteristics of the product, including its design, technical features, composition, packaging, instructions for assembly and installation and maintenance (where applicable)
- Its effect on other products, where reasonably foreseeable that it will be used with them
- The effect that other products might have on the product
- The presentation of the product, its labelling, any warnings and instructions for its safe use and disposal, and any other indication or information
- The categories of consumers at risk when using the product, particularly vulnerable consumers
- The appearance of the product and in particular, where a product, although not foodstuff, resembles foodstuff and is likely to be confused for food
- The fact that, although not designed or intended for use by children, the product resembles an object commonly recognised as appealing to or intended for use by children
- The cybersecurity features necessary to protect the product against external influences, which might impact its safety
- The evolving, learning and predictive functionalities of a product
The GPSR proposes to apply stricter traceability requirements, to be adopted by a separate delegated act, for products that are likely to pose a serious risk to people’s health and safety.
General obligations of economic operators
Economic operators are subject to general obligations under the GPSR to ensure the safety of products. Notably, the GPSR proposes the introduction of a new requirement on substantial modifications so that responsibility for the safety of a product will lie with the person making the modification. The GPSR also extends the concept of an EU-based ‘responsible person’, as seen in other EU legislation, to non-harmonised products. This aims to address direct imports from third countries.
Safety gate notification system
While the GPSR lifts and adapts sections of the Market Surveillance Regulation (EU) 2019/1020 (the MSR) to create a single surveillance regime for both harmonised and non-harmonised products, another significant development in the proposed new legislation is the rebranding of the RAPEX product safety notification system to ‘Safety Gate’. Although the structure of the notification system is unchanged, Member States will have two working days to notify corrective measures via Safety Gate, whereas the obligation to notify such measures via RAPEX fell due ‘immediately’. Consumers will also be able to review warnings and recall information issued by economic operators on the Safety Gate system.
The Commission’s proposal for the GPSR is now being considered by both the European Parliament and Council. The GPSR was referred to the EU Parliament’s Internal Market Committee and, in December 2021, the Committee’s Rapporteur published a draft report with proposed amendments to the draft Regulation. According to the website of the EU Parliament:
“The draft report restructures the proposal to give it better clarity. It proposes requiring a responsible person only for those non-harmonised products that present the most risk. It would introduce additional obligations for online marketplaces; strengthen exchange of information between platforms, traders and market surveillance authorities; introduce a possibility of additional voluntary commitments from online marketplaces in the form of memoranda of understanding, which could become mandatory for Very Large Online Platforms as defined by the Digital Services Act; and strengthen Consumer Safety Network. It would extend the date of application to 12 months after entry into force of the regulation”.
On 16 June 2022, the Internal Market Committee adopted its position in favour of the amended proposal.
In the Council, work has started in the Working party on Consumer Protection and Information. In November 2021, the Slovenian Presidency published a progress report, which showed that discussions in the Council focused on the general architecture and clarity of the proposal; including end-users and not only consumers in the scope; ensuring consistency with the Digital Services Act and the Artificial Intelligence Act; extending the obligations of the ‘responsible person’ to non-harmonised products; and introducing new obligations for online marketplaces, for instance, concerning recalls.
Once the Council adopts its negotiating mandate, interinstitutional talks can commence. Once an agreement is reached, the draft text of the proposed GPSR will have to be endorsed by both the Parliament and Council before its publication and entry into force.
The GPSR represents a new era in product safety law. Retail is no longer confined to bricks and mortar, or even distance selling, but has expanded to include a global online consumer experience, and embracing new technologies as they continue to develop and evolve. Although many of its requirements are similar to those under the GPSD, the new legislation contains enhanced and detailed requirements. As mentioned above, the Commission’s proposal for the GPSR is now the subject of legislative scrutiny in both the European Parliament and Council. It may be subject to significant change before its ultimate adoption and enforcement. While all of this remains to be seen, it is recommended that companies keep an eye on its progress and identify their obligations under the proposed legislation well in advance of its application.