New Regulations Reshape the Product Safety Landscape

*This article was first published in the 2025 Product Safety and Regulation Recall Index Report by Sedgwick and is used here with the publisher's permission.

Across the European product safety sphere, 2024 was a year of far-reaching changes. As a result, we will see a restructured compliance and liability landscape in the years to come. The most relevant change was the EU General Product Safety Regulation (GPSR), which will bring more obligations and responsibilities for several market players.

Whilst the GPSR focuses on regulatory product compliance and remediation measures and procedures, the new Product Liability Directive (PLD) establishes stricter liability for market players. Both acts will definitely strengthen consumer protection and rights and create a more focused and level playing field. In response, manufacturers and the downstream supply chain will have to adjust their systems and product compliance management processes to meet these new requirements. They should also review their risk profile in light of expanded liability.

 

Product safety and compliance

On 13 December 2024, the GPSR became directly applicable in all EU Member States, replacing the existing 20-year-old General Product Safety Directive. Businesses should not be misled into thinking their industry will be unaffected by the GPSR. The scope of the regulation includes all non-food consumer products, dual-use products, and B2B products that have migrated to the consumer market.

In addition, the GPSR serves as a wide safety net for CE-marked products not fully covered by sector-specific legislation. For example, it applies to risks around appropriate cybersecurity features necessary to protect products against external influences. Although the GPSR makes it clear that software embedded into a physical product is in scope, there is some ambiguity on whether the new rules also apply to standalone software.

In addition to the label in paper format, the GPSR introduces the possibility of a digital label for all consumer products. E-labels are at the forefront of product laws for toys, batteries, detergents, and other products. Although e-labelling will help manufacturers keep compliance information updated, considerable efforts are required until globally viable technical concepts are in place for 100% paperless product documentation.

To ensure effective market surveillance, the GPSR expands the “Responsible Person” concept to all non-food consumer products. The Responsible Person must check that the product complies with the technical documentation and other labelling requirements. This new requirement is expected to come with additional financial burden for traders and it is still unclear whether available providers will be able to satisfy the increased need for Responsible Person services. Existing service providers will also have to update their offerings to reflect new liabilities and obligations under the GPSR and PLD.

Considering that online sales in the EU have hardly been regulated over the last 25 years, the GPSR brings drastic changes for both online marketplaces and every business that sells products online to EU customers, even if the company is based outside the EU.

One important change when selling online is that certain traceability information now needs to be displayed in the online offer and not just on the physical product itself. Economic operators must list the manufacturer’s postal and electronic contact details, as well as potentially the Responsible Person’s contact information. In addition, the online listing must provide product identifiers, including a picture of the product and warning or safety information in the correct language. The aim is to give consumers a similar experience irrelevant of whether they are shopping online or in a brick-and-mortar store.

Further, manufacturers will have to use the Safety Business Gateway (formerly RAPEX) to notify the competent market surveillance authorities without undue delay about dangerous products and any accidents caused by a product. It is unclear if the term “accidents” applies only to those occurrences resulting in death or serious adverse health effects or more broadly. Regardless, this reporting will undoubtedly come with an increased burden for businesses to submit a significant number of accident notifications. Entities will need to establish a thorough system for submitting notifications since the decision of whether to notify will have significant impact not only for consumer safety, but also the reputation and liability of a product or manufacturer.

For any industry, implementing a recall is always complex. It calls for well-balanced and strategic communication with the competent authorities and consumers to reduce recall costs and mitigate reputational damage. Oftentimes, internal investigations of what happened can take weeks or even months. However, the GPSR institutes onerous and unheard-of recall obligations. To increase overall recall effectiveness, economic operators and online marketplaces are now legally required to directly notify all affected consumers without undue delay. The European Commission published a template for recall notices that instructs companies to avoid downplaying phrases such as “voluntary,” “precautionary,” or “in rare situations,” which have been used frequently in the past in recall notices.

Recalls also come with strict consumer remedy rights. In both compulsory and voluntary recalls, the economic operator responsible for the recall must offer consumers the choice between at least two effective, cost-free, and timely remedies: repair, replacement, and/or refund at least equal to the initial price.

Astonishingly, the GPSR does not provide for a time limitation for these recall remedies and goes beyond EU consumer laws where the warranty period is typically limited to two years. This underlines the EU legislators’ intention to ban dangerous products from the EU market and gives the new regulatory recall regime a punitive character to the detriment of manufacturers. However, it remains to be seen how national and EU courts will solve this contradicting situation in unclear cases.

For businesses, it is important to know that GPSR penalties are traditionally subject to national legislation. However, even after an 18-month transitional period, not all EU Member States have adopted penalties yet. For example, the German draft law implementing GPSR penalties received huge backlash in the German Parliament because fines of up to EUR100,000 were considered too high for infractions such as a product not bearing the manufacturer’s contact details. Do not expect this issue to be resolved until a new German government has been formed later in 2025.

All in all, the GPSR will bring several new obligations. Relevant market players not only need to adjust their compliance systems but should also implement clear contractual provisions within the supply chain.

 

Product liability

When building compliance structures and the internal processes for product safety, economic operators and online marketplaces are advised to take into consideration the new EU Product Liability Directive (PLD). From its application on 9 December 2026, the PLD will transfer some of the regulatory rules to the civil product liability regime. It is likely to completely transform the EU’s product liability landscape since the directive serves as the main monetary compensation instrument for damages suffered by natural persons and caused by defective products.

There will be a huge shift from the last 40 years of liability legislation where “product” was narrowly defined as a “physical” product that caused the damage. The PLD expands the definition to cover new and refurbished products, raw materials, and electricity, as well as expressly apply to both embedded and standalone software. This will include, for example, operating systems, firmware, computer programs, apps, and AI systems, as well as software-as-a-service business models. As a logical consequence, software and AI developers are likely to be treated as manufacturers for no-fault liability.

The notion of damage will not only include death, injuries, and property damage, but also the destruction and corruption of private data and mental health. These latter two damage categories are new in EU product laws. The industry has voiced concerns that currently there is not enough science and data available to quantify mental health issues caused by products. We definitely expect this to remain a hot topic for the years to come.

Under the PLD, new criteria will have to be considered when assessing whether a product is defective. Those criteria will include the effects of learning skills or new features after a product is placed on the market, such as software updates; the interconnection with other products; safety-relevant cybersecurity requirements; and any compulsory or voluntary product safety recalls. The latter underlines the importance for products to comply from a regulatory angle to avoid no-fault product liability kicking in.

There is a cascade of new actors in the supply chain who can be held liable for defective products with the revised directive. Liable parties are not only manufacturers, importers, and distributors, but also representatives, fulfilment service providers, or online platforms if they fail to identify their upstream suppliers to the injured party within one month. This proves once more the predominant importance of Know Your Business Customers requirements to avoid liability claims.

Product liability will be triggered more easily as well. The PLD introduces an alleviated burden of proof and disclosure of evidence which is very unusual in EU legal proceedings. Claimants often have difficulties proving that the damage was caused by a defective product because they don’t have access to and an understanding of information on how a product was produced and how it operates. Under the directive, claimants will be able to request disclosure of evidence from the defending manufacturer. In addition, the PLD allows national courts to presume the defectiveness of a product, simply where a defendant fails to provide the requested evidence or where the product is non-compliant with product safety rules. In our view, these procedural changes come with a high risk in litigation cases as they have the potential to completely reverse the burden of proof to the detriment of businesses.

With these stricter liability rules in place under the new PLD, potential risks should always be considered under the aspect of mass products, and potential mass claims, with respective consequences when companies are conducting risk assessments.

 

Next steps for businesses

We predict that non-compliance with product safety laws will increasingly trigger product liability, regulatory penalties, and targeted private enforcement from competitors. This is all the more true as claimants can bring class actions against businesses on the grounds of dangerous or defective products. Therefore, it is vital for all entities along the supply chain to do as much as they can to ensure product compliance.

Where internal processes and a proper compliance program is lacking, businesses should revisit and update their organisational procedures and internal standards. For example, they should incorporate a proper recall template so they are prepared when the worst-case happens.

It is also crucial to have complete compliance documentation readily available for market surveillance authorities and national courts. Any compliance effort is only worth as much as its proper documentation. Hence, a proper product compliance management system needs to be established.

Finally, businesses should ensure that their contracts along the supply chain reflect these new liability regimes and that their product recall and product liability insurance cover the new rules and risks.