11th edition – May 2021

Here’s the next edition of our monthly bite-sized digest, Productwise 3-2-1 where each month, we bring to the top of your inbox (and your agenda):

  • 3 key takeaways from the past month
  • 2 hotbed issues you should keep your eye on
  • 1 practice tip to keep you at the top of your game

This month it’s all about the EU’s proposed regulation on AI, plans to introduce new laws on the cyber security of consumer IoT devices in the UK, CPSC’s Mid-Year Two plan, upcoming revisions to key pieces of chemicals legislation in the EU, a bill to repeal section 6(b) of the US Consumer Product Safety Act and preparing for new EU laws on consumer guarantees and software updates that apply from 1 January 2022.

3 top things from the month just gone

  • European Commission published its proposed AI Regulation. In a world-first, the European Commission published its much-anticipated proposal for a broad regulation to cover the deployment and use of artificial intelligence in the EU on 21 April 2021. The proposal takes a risk-based approach, with a pyramid of requirements depending on the level of risk the AI system poses (unacceptable risk, high-risk, limited risk and minimal risk). The proposed regulation follows the format of EU product safety regulations, with the primary obligations owed by the party placing the system on the EU market (in this case called the “provider”). Lesser but still onerous obligations are owed by “importers”, “distributors” and “users” of AI systems. The European Commission is seeking feedback on its proposed AI regulation and has just extended the period until 5 July 2021. Read more about the proposed AI regulation in our blog here and find out how you can provide feedback here.
  • UK government confirmed plans to introduce new laws on the cyber security of certain consumer IoT devices. The UK government published its response to the call for views on proposed legislation for the cyber security of consumer connected products, confirming plans to bring in new laws laying down mandatory cyber security requirements for products sold “across the whole of the UK” on 21 April 2021. Under the proposed new rules, certain connected consumer devices sold in the UK will need to comply with three requirements setting a “minimum baseline level of cyber security”: 1) passwords must be unique and not resettable to any universal factory setting; 2) manufacturers must provide a public point of contact so anyone can report a vulnerability; and 3) customers must be informed at the point of sale on how long a device will receive security software updates. The UK Government is currently drawing up the draft legislation, which will be introduced into parliament “when parliamentary time allows”. To find out more, read our blog here.
  • CPSC’s 2021 Mid-Year Two plan passed. The second part of a two-part 2021 mid-year spending plan was passed by the CPSC on 14 April 2021. Mid-Year Two includes plans put forward by CPSC staffers on various projects that the CPSC has been directed to focus on under recently passed legislation including (among others) establishing an e-commerce team, improving the safety of imports, upholstered furniture, portable fuel containers, carbon monoxide detectors and product risks arising from the COVID-19 pandemic. This follows approval of the Mid-Year One plan earlier in March this year (see our previous blog here).

2 things to look out for  

  • Upcoming revisions of the EU REACH and CLP Regulations. The EU’s Chemicals Strategy for Sustainability contains a number of actions to implement the European Green Deal, including revising the rules governing the registration, evaluation, authorisation and restriction of chemicals in the EU (the REACH Regulation) and a targeted revision of the Regulation on the classification, labelling and packaging of chemical substances and mixtures (CLP Regulation).  The European Commission has just published further details about its plans to revise these two key pieces of legislation (contained in Inception Impact Assessments) on its website for each initiative here and here. Feedback on the Inception Impact Assessments closes on 1 June 2021.
  • Bill to repeal section 6(b) of the US Consumer Product Safety Act introduced into Congress.  A Bill known as the “Sunshine in Product Safety Act” that seeks to repeal section 6(b) of the Consumer Product Safety Act was introduced into Congress by Democratic Senator Richard Blumenthal along with Democratic Representatives Jan Schakowsky and Bobby L. Rush. Section 6(b) requires the CPSC to take reasonable steps to assure that information it publicly discloses about a product, manufacturer or private labeler is accurate, fair in the circumstances and reasonably related to effectuating the purposes of the Consumer Product Safety Act, and sets out a process to be followed.

1 top practice tip

  • Prepare for new EU laws on consumer guarantees and software updates that apply from 1 January 2022. Legislation containing new EU rules on the sale of goods (including digital content that is “incorporated in or inter-connected with goods”) comes into effect on 1 January 2022, which lays down principles of the implied legal guarantee and requirements for commercial guarantees in the EU. A big change under the rules is the introduction of requirements to provide certain software updates and the extension of the implied legal guarantee to digital content. Now is a good time to understand the requirements and plan a review of your T&Cs, commercial guarantees, as well as policies to provide software updates and end-of-life products. Similar rules dealing with digital content or digital services not “incorporated in or inter-connected with goods” also comes into effect on 1 January 2022. Get in touch if you’d like to know more.

Any comments or feedback, then please feel free to contact the authors, or any of your usual contacts within the team, who would love to hear from you.

Best wishes,

The Cooley Products Team


Posted by Claire Temple