The continued impact of new technologies and increasing product connectivity continue to give rise to new issues and challenges in the area of product safety. The draft EU General Product Safety Regulation (GPSR) aims to address these emerging issues and challenges. It follows an assessment of the General Product Safety Directive 2001/95/EC (GPSD) by the European Commission (the Commission) in which gaps were identified in the current regulatory framework governing the safety of consumer products non-food.
In addition to challenges related to traceability, market surveillance and product recalls, new technologies present challenges, particularly due to the increasing digitization of retail and the connectivity of electrical and electronic consumer products. GPSR’s new definition of a ‘product‘ to include interconnectivity reflects the profound change in the range of products now available to consumers, compared to when the GPSD came into force nearly two decades ago. Not only does the GPSR seek to respond to digital challenges for product security, but it also seeks to respond to new security risks induced by connected products.
The GPSR is also looking to move from regulation only’static‘ safe products when they are placed on the market vis-à-vis the ‘continuous security‘ of products that will be regularly updated and improved throughout their lifespan.
The GPSR provides a new regulatory framework that is in line with more recent EU legislative and policy objectives, such as the EU Circular Economy Action Plan, the EU Digital Services Act, the EU Chemicals Strategy for Sustainability and its proposed Artificial Intelligence Bill. In addition, the GPSR will also repeal the current EU Food Imitation Products Directive (Directive 87/357/EEC) and integrate its provisions so that they are applied in a more harmonized way by Member States.
Application and scope
It is proposed that the GPSR apply to all products defined in Article 3(1) as “…any property, whether or not related to other property, provided or made available, whether or not for consideration, in the context of a commercial activity, including in the context of the provision of a service – which is intended for consumers or which can, under reasonably foreseeable conditions, be used by consumers even if it is not intended for them”.
As the line between goods and services becomes increasingly blurred, the GPSR seeks to revise the existing general “safety net” for EU products to take account of today’s products, which now regularly contain software features that:
- Can be used to access online services
- May collect and process personal and non-personal data
- Can be updated remotely after release
- May consist of AI algorithms
- Can communicate with other software installed on third-party products and devices as well as with software located in the cloud
Although previously limited to smartphones, smartwatches, and other types of wearable technology, software is now finding its way into a growing range of consumer products from home appliances to cars and more. However, when software is part of a product, it comes with a host of risks and security considerations that must be actively managed and mitigated.
The GPSR is not proposed to apply to products regulated by separate EU legislation, such as medical devices, medicines and foodstuffs. The definition of “product” includes used, refurbished, reused and recycled products. The recitals of the GPSR also specify that the specific cybersecurity risks presented by interconnected products should be addressed in separate sectoral legislation.
The GPSR proposes to introduce a new broad legal definition of “online marketplace” to reflect the digitization of the retail sector, which will mean “…a provider of an intermediary service using software, including a website, part of a website or an application, operated by or on behalf of a trader, which enables consumers to conclude distance contracts with other professionals or consumers for the sale of the products covered by [the GPSR]”. Similarly, the GPSD explicitly treats distance sales separately in Article 4. This contrasts with the inclusion of online and electronic sales in the scope of recital 7 of the GPSD.
In order to determine whether the GPSR will apply to a particular online transaction, economic operators should take into account non-exhaustive criteria concerning (i) the use of an official language or currency of the Member States, (ii) the use of a domain name registered in one of the Member States, and (iii) the geographical areas to which the products may be shipped.
Product Safety Evaluation Criteria
In terms of safety, when a product complies with European standards, the GPSR provides a presumption of conformity with the general safety requirements or, in the absence of such standards, with the health and safety requirements prescribed by state legislation. members. Article 6(3) of the GPSR, however, clarifies that such compliance will not prevent market surveillance authorities from intervening when a product is considered unsafe. Where the presumption of conformity does not apply, determining whether a product is safe involves evaluating nine detailed criteria:
- The characteristics of the product, including its design, technical characteristics, composition, packaging, assembly and installation and maintenance instructions (if applicable)
- Its effect on other products, when it is reasonably foreseeable that it will be used with them
- The effect that other products may have on the product
- The presentation of the product, its labeling, any warnings and instructions for its safe use and disposal, and any other indication or information
- The categories of consumers at risk when using the product, in particular vulnerable consumers
- The appearance of the product and, in particular, where a product, although not a foodstuff, resembles a foodstuff and is likely to be mistaken for a foodstuff
- The fact that, although not designed or intended for use by children, the product resembles an object commonly recognized as attractive or intended for use by children
- Cybersecurity features needed to protect the product from outside influences, which could impact its security
- The scalable, learning and predictive features of a product
The GPSR proposes to apply stricter traceability requirements, to be adopted by a separate delegated act, for products which may pose a serious risk to the health and safety of persons.
General obligations of economic operators
Economic operators are subject to general obligations under the GPSR to ensure product safety. In particular, the GPSR proposes the introduction of a new requirement on substantial modifications so that the responsibility for the safety of a product rests with the person carrying out the modification. The GPSR also extends the concept of a “responsibleas in other EU legislation, to non-harmonised products. This aims to deal with direct imports from third countries.
Security door notification system
While the GPSR lifts and adapts sections of the Market Surveillance Regulation (EU) 2019/1020 (the MSR) to create a single surveillance regime for harmonized and non-harmonised products, another important development in the new legislation proposed is the rebranding of the RAPEX Product Safety Notification System to ‘Safety Gate’. Although the structure of the notification system is unchanged, Member States will have two working days to notify corrective measures via Safety Gate, while the obligation to notify these measures via RAPEX has expired.immediately‘. Consumers will also be able to view warnings and recall information issued by economic operators on the Safety Gate system.
The Commission’s proposal for the GPSR is currently being discussed by the European Parliament and the Council. The GPSR was referred to the Internal Market Committee of the European Parliament, and in December 2021 the committee’s rapporteur published a draft report with proposed amendments to the draft regulation. According to the website of the European Parliament:
“The draft report restructures the proposal to give it greater clarity. It proposes requiring a responsible person only for non-harmonised products which pose the greatest risk. It would introduce additional obligations for online marketplaces; strengthen the exchange of information between platforms, traders and market surveillance authorities; introduce a possibility of additional voluntary commitments from online marketplaces in the form of memorandums of understanding, which could become mandatory for Very Large Online Platforms as defined by the Digital Services Act; and strengthen the consumer safety network. It would extend the date of application to 12 months after the entry into force of the regulation”.
On 16 June 2022, the Internal Market Committee adopted its position in favor of the amended proposal.
In the Council, work has started within the working group on consumer protection and information. In November 2021, the Slovenian presidency published a progress report, which showed that discussions in the Council focused on the general architecture and clarity of the proposal; include end users and not just consumers in the scope; ensuring consistency with the law on digital services and the law on artificial intelligence; extend the obligations of the “responsible person” to non-harmonised products; and the introduction of new obligations for online marketplaces, for example, regarding recalls.
Once the Council has adopted its negotiating mandate, the interinstitutional talks can begin. Once an agreement is reached, the proposed draft text of the GPSR will have to be approved by the Parliament and the Council before its publication and its entry into force.
The GPSR represents a new era in product safety law. Retail is no longer limited to bricks and mortar, or even distance selling, but has expanded to include a global online consumer experience and embrace new technologies as they continue to develop. and evolve. Although many of its requirements are similar to those of the GPSD, the new legislation contains improved and detailed requirements. As indicated above, the Commission’s proposal for the GPSR is now subject to legislative scrutiny in both the European Parliament and the Council. It may be subject to significant modifications before its final adoption and application. While all of this remains to be seen, companies are advised to monitor its progress and identify their obligations under the proposed legislation well in advance of its application.