In the second in a series of blogs on the European Union’s new General Product Safety Regulation, the Cooley products team takes a look at the expanded concept of safety under the new rules and why this matters.
Traditionally, the concept of “product safety” has focused on physical risks posed by consumer products – such as lacerations, burns, choking and other physical injuries. As consumer products have evolved, so too have the risks associated with their use.
The new General Product Safety Regulation (EU) 2023/988 (GPSR), applying in the European Union from 13 December 2024, contains a number of updates designed to specifically target new technologies – including the concept of “safety”.
As we consider the new rules under the GPSR, it’s important to keep in mind that these updates are not happening in a vacuum – they sit alongside a number of other key reforms in EU law that together will change the landscape of product safety and compliance and increase liability risks for products placed on the market in the EU.
An expanded concept of safety
The GPSR will broaden the concept of product safety, with a number of updates:
- Covering risks to mental health: The GPSR refers to the World Health Organisation definition of “health” as a “state of complete physical, mental and social well-being and not merely the absence of disease or infirmity” in its recitals. It will be expected that risks to mental health, where applicable, will form part of any pre-market risk assessment, and that companies will take appropriate action (report to the authorities, initiate corrective actions) if warranted by the discovery of a risk to mental health associated with a product. It is noteworthy in this regard that current guidance from the European Commission makes it clear that it considers software to be within scope of the GPSR. This reform sits alongside recent updates to the EU’s Product Liability Directive (PLD) that enable consumers to claim damages under the PLD for medically recognised damage to psychological health caused by defective products.
- Adding new factors targeted at new technologies to the nonexhaustive list of aspects to consider when assessing safety, such as:
- Cybersecurity: To the extent it has an impact on the safety of a product. This update in the GPSR sits alongside a number of other EU reforms targeted at cybersecurity – such as the Delegated Act made under the Radio Equipment Directive, requirements surrounding cybersecurity in the new Artificial Intelligence Act and Machinery Regulation, and new horizontal rules under the new Cyber Resilience Act. Reforms to the PLD
- Software updates/software downloaded: The impact of software updates and software subsequently downloaded – where it is meant to determine, change or complete the way the product to be assessed works – also will need to be taken into consideration when assessing the safety of that product. Other updates have been made under the GPSR to capture where the impact of the software update or download amounts to a substantial modification of a product – in which case additional regulatory requirements will be triggered.
- Artificial intelligence (AI) and machine learning functionalities: A product’s evolving, learning and predictive functionalities also would be relevant to consider, where required by the nature of the product. The addition of this factor to the list sits alongside the new EU AI Act and sector-specific adjustments in the new Machinery Regulation. The recitals to the AI Act explain that the GPSR is intended to act as a safety net – e.g., to ensure the safety of AI systems in consumer products that are not regulated as high-risk under the AI Act.
- Connectivity: The effects on other products, where it is reasonably foreseeable that a product will be used with other products, including the interconnection of those products.
- Cybersecurity: To the extent it has an impact on the safety of a product. This update in the GPSR sits alongside a number of other EU reforms targeted at cybersecurity – such as the Delegated Act made under the Radio Equipment Directive, requirements surrounding cybersecurity in the new Artificial Intelligence Act and Machinery Regulation, and new horizontal rules under the new Cyber Resilience Act. Reforms to the PLD
What does this mean in practice?
These additional factors will need to be considered in a pre-market assessment of safety. They also will need to be considered as part of post-market monitoring and determining whether there is a product safety issue that needs further action. This will impact not only nonharmonised products (non-CE marked) where the GPSR will apply in full, but also harmonised products (CE marked) where the GPSR will act as a safety net, covering gaps in other sector-specific legislation.
Like to know more?
Get in touch with any member of the Cooley products team to find out more about the new rules under the GPSR and how they may impact your products.
This is the second in a blog series where the Cooley products team explores the new rules under the GPSR. See the first post in the series, What’s New?
Key Contacts:
