The Complete GPSR Guide for PrestaShop Merchants (2026)
GPSRThe General Product Safety Regulation (GPSR) is the single most important product-safety law affecting online sellers in the European Union, and it has applied since 13 December 2024. If you run a PrestaShop store that ships physical consumer goods to buyers in the EU, GPSR almost certainly applies to you — whether you are established inside the Union or outside it, whether you sell through your own shop or through a marketplace, and whether your products are brand new, used, repaired or reconditioned. This guide explains, in plain British English, exactly what the regulation requires and how to translate those requirements into concrete configuration on a PrestaShop catalogue.
We have written this as a practical pillar reference rather than a legal treatise. You will find worked examples, mapping tables that connect each obligation to a specific field on a PrestaShop product page, a step-by-step readiness checklist, and a set of common mistakes we repeatedly see merchants make. For the underlying legal text, our companion overview at https://prestashopcompliance.com/eu-laws/gpsr/ links straight to the official regulation.
Why GPSR matters to PrestaShop merchants
Before GPSR, the baseline safety rules for everyday consumer products sat in a directive — the General Product Safety Directive 2001/95/EC — that each Member State transposed slightly differently. A regulation is different in kind: it applies directly and uniformly across all 27 Member States without national transposition. That means a much more consistent set of duties across the EU, but also fewer places to hide. The rules were written with e-commerce squarely in mind, so distance selling, online marketplaces and cross-border shipping are addressed head-on rather than as an afterthought.
For a PrestaShop merchant, three practical consequences follow. First, your product listings must now display a specific set of safety and traceability information at the point of offer — not buried in an attachment, but visible before the customer buys. Second, there must be an accountable business established in the EU (a “responsible person”) behind every product coming from outside the Union. Third, you need real documentation — risk assessments and technical files — that you can produce if a market surveillance authority asks. None of this is optional, and much of it maps neatly onto fields PrestaShop already gives you.
Timeline and what GPSR replaced
Regulation (EU) 2023/988 — the General Product Safety Regulation — was adopted on 10 May 2023 and has applied since 13 December 2024. From that application date it repealed and replaced two older instruments:
- the General Product Safety Directive 2001/95/EC, the previous horizontal safety baseline for consumer products; and
- Directive 87/357/EEC, which dealt with products imitating foodstuffs and other items that could be mistaken for food and endanger consumers (for example, health, that could lead them to be put in the mouth).
The key dates to remember are simple: adopted 10 May 2023, applies from 13 December 2024. There is no ongoing grace period beyond that application date, so any stock you place on the EU market now is expected to comply. Products lawfully placed on the market under the old directive before 13 December 2024 were generally allowed to remain, but anything you make available today should meet the GPSR standard.
Scope — is your store in scope?
GPSR is deliberately broad. It covers virtually all non-food consumer products placed or made available on the EU market. That includes products that are new, used, repaired, reconditioned or refurbished. The regulation applies regardless of the sales channel — physical shop, your own PrestaShop store, or a third-party marketplace — and regardless of where the trader is established. If a product reaches an EU consumer, the fact that your company is registered outside the Union does not exempt you.
What is not directly covered
GPSR is a horizontal safety net. Where a product is governed by more specific EU safety legislation — toys, cosmetics, electrical equipment, personal protective equipment, machinery, medical devices and similar — that sector-specific law takes precedence for the aspects it regulates. But GPSR does not simply switch off: it backstops those regimes, filling gaps for risks the sector law does not address. So even a CE-marked toy still benefits from, and can fall under, GPSR’s general safety expectations for anything the Toy Safety Directive does not specifically cover. Food, feed, living plants and animals, medicinal products and a few other categories sit outside the regulation entirely because they have their own dedicated frameworks.
Used and refurbished goods
A common misconception is that second-hand or refurbished items escape the rules. They do not. GPSR explicitly extends to used, repaired and reconditioned products. If you sell refurbished electronics, restored furniture or pre-owned equipment, you carry safety and information duties in respect of those goods. The practical difficulty is often that original manufacturer documentation is missing — which is exactly why your own risk assessment and record-keeping matter so much for this category.
Non-EU sellers and dropshipping
If your business is established outside the EU but you sell into it, you are in scope. Critically, a product from outside the Union may only be placed on the market if there is an economic operator established in the EU who is accountable for compliance — the “responsible person”. Dropshipping models deserve particular caution here, because the person who imports or first makes the product available in the EU can find themselves treated as the importer with the full weight of producer-style obligations. We have written a dedicated explainer on this at https://prestashopcompliance.com/faqs/gpsr-for-dropshipping/, and if you are unsure whether the rules reach you at all, https://prestashopcompliance.com/faqs/who-needs-gpsr/ walks through the tests.
The economic operators explained
GPSR allocates duties by role. Understanding which role or roles your business plays is the foundation of everything else, because the same company can wear more than one hat. The five economic operators are the manufacturer, the importer, the distributor, the authorised representative and the fulfilment service provider. A concise reference lives in our glossary at https://prestashopcompliance.com/glossary/economic-operator/.
| Economic operator | Who they are | Core GPSR duties (high level) |
|---|---|---|
| Manufacturer / producer | The business that makes the product, or has it made and markets it under its own name or trademark. | Internal risk analysis, technical documentation, ensure warnings and instructions, product bears identifiers and contact details, corrective action, notify authorities of risks. |
| Importer | Any business established in the EU that places a product from a third country on the EU market. | Verify the manufacturer has met its duties, ensure documentation exists, add own name and contact, monitor safety, cooperate with authorities. |
| Distributor | Any operator in the supply chain, other than manufacturer or importer, that makes a product available. | Act with due care, check required labelling and documentation are present, do not supply products known or presumed dangerous, assist traceability. |
| Authorised representative | A person in the EU appointed in writing by the manufacturer to perform specified tasks on its behalf. | Carry out the tasks in the written mandate, typically documentation and cooperation with market surveillance. |
| Fulfilment service provider | A business offering warehousing, packing, addressing or dispatching of goods it does not own (excluding pure postal or parcel services). | Can be treated as the responsible person where no manufacturer, importer or authorised representative is established in the EU. |
The single most important practical point: if you buy stock from outside the EU and are the first to bring it into the Union, you are very likely the importer, and importers shoulder producer-like obligations. Merchants routinely underestimate this, assuming their overseas supplier remains responsible. Under GPSR, the accountability follows the product into the EU market.
The EU responsible person
The concept of a “responsible person” comes from Article 4 of the market surveillance framework, Regulation (EU) 2019/1020, which GPSR incorporates. The rule is straightforward in principle: a product from outside the EU may only be placed on the market if there is an economic operator established in the Union who is accountable for a defined set of compliance tasks. Without such a person, the product should not be sold into the EU at all. Our glossary entry at https://prestashopcompliance.com/glossary/responsible-person/ covers this in more depth.
Who can act as the responsible person
The role can be filled by a manufacturer established in the EU; an importer, where the manufacturer is not established in the EU; an authorised representative appointed in writing by the manufacturer; or a fulfilment service provider established in the EU, where none of the previous three exists. The order matters: you cannot simply nominate a fulfilment provider if you yourself, as importer, already sit in the EU.
What the responsible person must do
- Keep the declaration of conformity or technical documentation (as applicable) available for the authorities for the required period.
- Provide authorities, on a reasoned request, with all information and documentation needed to demonstrate the product’s safety, in a language they can understand.
- Cooperate with market surveillance authorities and take corrective action to remedy non-compliance or, where that is not possible, mitigate the risks.
- Inform the relevant authorities where there is reason to believe a product presents a risk.
How to appoint one
If you are an EU-based importer, you are usually the responsible person by default — no appointment step is needed, but you must be ready to perform the tasks. If you are a non-EU manufacturer, you appoint an authorised representative through a written mandate that clearly lists the tasks delegated. Many merchants use a specialised responsible-person service; whichever route you take, capture the entity’s legal name, registered address and both a postal and electronic contact, because that information has to appear on your listings and often on the product itself.
Product information your listings must show (Article 19)
Article 19 sets the distance-selling transparency rules, and this is where most PrestaShop configuration work happens. When you offer a product online, the offer itself must clearly show a defined set of information before the consumer completes the purchase. It is not enough to have it somewhere on the site; it needs to be associated with the specific product offer.
The Article 19 checklist
- The manufacturer’s name, registered trade name or registered trademark.
- The manufacturer’s postal address and electronic address (e.g. an email) at which it can be contacted.
- Where the manufacturer is not established in the EU, the name, postal address, electronic address and other contact details of the responsible person.
- Information allowing the product to be identified — its type, batch or serial number, or another element enabling identification (this can include a product picture).
- Any warning or safety information that must, by law, be affixed to the product or accompany it, in a language easily understood by consumers as determined by the Member State where the product is made available.
Mapping Article 19 to your PrestaShop product page
| Article 19 requirement | Where it can live in PrestaShop |
|---|---|
| Manufacturer name / trade name / trademark | The Manufacturer (Brand) object, associated to the product; surface it in the product template and, ideally, a dedicated Features/Feature value. |
| Manufacturer postal and electronic address | Manufacturer (Brand) address fields, plus a reusable CMS block or product Feature so the contact is visible on the offer itself. |
| Responsible person details (non-EU manufacturer) | A custom product Feature set (“Responsible person”), or a shared CMS page linked from every relevant product; store the entity in Suppliers/Manufacturers for consistency. |
| Product identifiers (type / batch / serial / other) | Reference code, EAN13/UPC/MPN fields, combination references for variants, and a visible product image. |
| Warnings and safety information (correct language) | Localised product description or a dedicated multi-language Feature/attachment; use PrestaShop’s per-language fields for each shop language. |
The recurring theme is visibility on the offer. A downloadable PDF that a customer would only open after buying does not satisfy Article 19 on its own. Build the information into the product page so it is present at the moment of the offer, in the language of the market you are selling into.
Technical documentation and risk assessment
Behind the customer-facing information sits the paperwork that proves your product is safe. Producers must carry out an internal risk analysis and compile technical documentation. This does not need to be a thousand-page dossier for a simple product, but it must be genuine and proportionate to the risks.
What a proportionate technical file typically contains
- A general description of the product and its intended and foreseeable use.
- The essential characteristics relevant to assessing safety, including, where useful, drawings, photographs, materials and specifications.
- The internal risk analysis: hazards identified, the categories of consumer who might use the product (including vulnerable users such as children), and how each risk is controlled or reduced.
- Any standards applied, test reports, or certificates that support the safety claim.
- Copies of the warnings, instructions and labelling supplied with the product.
Keep this documentation available so you can produce it on a reasoned request from an authority. For refurbished and used goods, where original files are unavailable, your own documented assessment of the item’s condition and safety becomes the core of the file.
Traceability, labelling, warnings and instructions
GPSR requires traceability throughout the supply chain, so that a dangerous product can be identified and located quickly. In practice this means the product itself should bear identifiers — a type, batch or serial number, or another identifying element — together with the manufacturer’s name and contact details, and, where relevant, the importer’s or responsible person’s details. Where the size or nature of the product makes on-product marking impractical, the information may go on the packaging or an accompanying document.
Language of warnings and instructions
Warnings, safety information and instructions must be provided in a language that is easily understood by consumers, as determined by the Member State in which the product is made available. If you sell into Germany, that means German; into France, French; and so on. A PrestaShop store selling across several markets therefore needs its safety content localised per language, not just its marketing copy. Our country pages at https://prestashopcompliance.com/countries/germany/ and https://prestashopcompliance.com/countries/france/ summarise the specific language expectations for those two major markets.
Corrective action, recalls and the Safety Business Gateway
When you learn that a product you have placed on the market presents a risk, GPSR requires you to act. That means taking immediate corrective action — which may be withdrawing the product from the market or recalling it from consumers — and notifying the authorities.
Notifying via the Safety Business Gateway
The Safety Business Gateway is the EU portal through which businesses notify authorities about products that present a risk, and about accidents. If a product you are responsible for is found to be dangerous, you use this channel to alert the relevant authorities without undue delay, describing the risk and the corrective measures you are taking.
What a recall must offer consumers
A recall notice must be clear and easy to understand, and it must set out the specific information consumers need: what the product is, how to identify it, the nature of the risk, and what to do. Crucially, a recall must offer an effective remedy. GPSR expects consumers to be offered at least a choice between an appropriate repair, a replacement, or a refund — and the remedy should be free of charge and not create significant inconvenience.
| Remedy | When it fits | Notes |
|---|---|---|
| Repair | The hazard can be reliably removed by fixing or modifying the product. | Must genuinely eliminate the risk; free to the consumer. |
| Replacement | A safe equivalent product is available. | The replacement must itself be compliant and safe. |
| Refund | Repair and replacement are not feasible or the consumer prefers it. | Should reflect the value paid; avoid significant inconvenience. |
The EU Safety Gate alert system
The Safety Gate — formerly known as RAPEX — is the EU’s rapid alert system for dangerous non-food consumer products. When a Member State authority takes action against an unsafe product, it can raise an alert through Safety Gate so that authorities across the EU are informed and can act in parallel. A public-facing Safety Gate Portal lets consumers browse recent alerts and recalls, which means a product safety issue is not a private matter between you and one regulator; it can become visible EU-wide.
For merchants, the practical takeaway is to monitor Safety Gate for products in your own categories. If a component or product similar to yours is flagged, that is an early warning to review your own stock and documentation before an authority contacts you.
Marketplace obligations and selling via Amazon
Article 22 sets specific duties for providers of online marketplaces. These are distinct from the seller’s own duties and, importantly, do not remove them. If you sell through a marketplace, you remain the economic operator for your products; the marketplace has its own overlay of obligations.
What marketplaces must do
- Register with the Safety Gate and provide the information needed for that registration.
- Designate a single contact point for communication with authorities on product safety matters, and a point for consumers.
- Act on takedown notices from authorities without undue delay — generally within two working days of receiving an order to remove or disable access to a dangerous product listing.
- Put in place internal processes for product safety, including handling notices and cooperating with authorities and economic operators.
How marketplace selling differs from your own PrestaShop store
On your own PrestaShop store you control the whole offer, so you can lay out the Article 19 information exactly as you wish and you carry full responsibility for it. On a marketplace such as Amazon, the platform will typically enforce its own fields for GPSR data — manufacturer contact, responsible person, safety attachments — and may block or remove listings that do not supply them. The information duty is fundamentally the same; the difference is that the marketplace acts as a gatekeeper and can suspend your listings if the data is missing, whereas on your own site the responsibility for getting it right rests entirely with you.
GPSR versus CE marking
A frequent source of confusion is the relationship between GPSR and CE marking. They are not the same thing and they are not interchangeable. CE marking is a manufacturer’s declaration that a product meets the requirements of the specific EU directives or regulations that apply to it — for example the Toy Safety Directive, the Low Voltage Directive or the Radio Equipment Directive. GPSR, by contrast, is a general safety obligation that applies to consumer products broadly and backstops the sector-specific regimes.
Some products need CE marking and are also subject to GPSR’s general net; some products are not CE-marked at all (because no CE regime applies) but are still fully within GPSR. In other words, GPSR compliance does not remove a CE obligation, and a CE mark does not by itself discharge every GPSR duty such as Article 19 listing transparency or traceability. Our FAQ at https://prestashopcompliance.com/faqs/gpsr-vs-ce/ untangles this in more detail, and the glossary entry at https://prestashopcompliance.com/glossary/ce-marking/ defines the mark itself.
Penalties and enforcement
GPSR does not set a single EU-wide penalty figure. Instead, it requires each Member State to lay down penalties that are effective, proportionate and dissuasive, and to enforce them. That means the specific consequences — fines, sales bans, mandatory recalls, seizure of stock — vary by country, and are decided at national level. Because there is no harmonised number, you should be sceptical of any source quoting a single “GPSR fine amount” as if it applied everywhere; it does not.
Enforcement is carried out by national market surveillance authorities, which can inspect products, demand documentation, order corrective action, remove listings and, through Safety Gate, coordinate across borders. For a country-by-country sense of how enforcement is shaped, see https://prestashopcompliance.com/faqs/gpsr-penalties/. The reputational cost of a public recall can outweigh any fine, which is another reason to get compliance right up front.
Country nuances
Although GPSR is a directly applicable regulation, several practical details are set nationally — most obviously the language of warnings and instructions, and the enforcement approach and penalties. If you sell substantially into one or two markets, it is worth understanding their specifics.
- Germany expects safety information and instructions in German and has active market surveillance; our detailed guide is at https://prestashopcompliance.com/guides/gpsr-germany/ with market context at https://prestashopcompliance.com/countries/germany/.
- France requires French-language safety content and has its own consumer-protection enforcement culture; see https://prestashopcompliance.com/guides/gpsr-france/ and https://prestashopcompliance.com/countries/france/.
Your step-by-step GPSR readiness checklist
Use the following checklist as a working plan. Run through it per product family rather than trying to fix everything at once, and keep evidence of each step for your records.
- Confirm which economic operator role(s) you play for each product line (manufacturer, importer, distributor).
- Identify the EU responsible person for every product sourced from outside the EU, and record their legal name, postal and electronic address.
- Gather manufacturer contact details (name, trade name or trademark, postal and electronic address) for every product.
- Compile or obtain a proportionate technical file and internal risk assessment for each product family, including used and refurbished stock.
- Ensure each product carries type, batch or serial identifiers, on the product, packaging or accompanying documents as appropriate.
- Localise warnings, safety information and instructions into the language(s) of every market you sell into.
- Update every product listing so the Article 19 information is visible on the offer itself, before purchase.
- Document your recall and corrective-action procedure, including how you would notify via the Safety Business Gateway.
- Set up monitoring of the Safety Gate portal for your product categories.
- If you sell on marketplaces, complete their GPSR data fields and keep them in sync with your own store.
GPSR Readiness Checker
Answer 6 quick questions to gauge how ready your store is for the General Product Safety Regulation. Nothing you enter leaves your browser.
Looking for a PrestaShop implementation? A dedicated module can automate manufacturer data, labelling and traceability. See our GPSR implementation guide.
Once you have worked through the checker above, keep a copy of the outcome with your compliance records so you can show what you assessed and when.
PrestaShop implementation notes
PrestaShop gives you most of the structures you need; the work is in using them deliberately for compliance rather than only for merchandising.
Product fields and identifiers
Use the Reference, EAN-13/UPC/MPN and combination reference fields to hold your traceability identifiers. For variant-heavy catalogues, remember that batch or serial identification often belongs at the combination level, not just the parent product. Make sure at least one clear product image is present, since a picture can serve as an identifying element.
Features, attributes and supplier data
Create dedicated Features such as “Manufacturer contact”, “Responsible person” and “Safety warnings” so the Article 19 data renders consistently on every product page and is easy to audit. Use the Manufacturers (Brands) and Suppliers objects to store the underlying entities once and associate them to products, rather than retyping contact details product by product. This also makes bulk updates feasible when a responsible-person provider changes.
CMS pages for responsible-person information
A shared CMS page describing your responsible person and safety contact can support the per-product data, but it must not replace it — the specific information still needs to appear on the offer. Link the CMS page from the product template so consumers can reach the full detail easily.
Multi-language configuration
PrestaShop’s per-language fields are the mechanism for meeting the language requirement. Ensure that for every shop language you enable, the safety-relevant fields (warnings, instructions, feature values) are genuinely translated — not left in the default language. If you operate multistore, verify each store’s language set against the markets it serves.
Getting all of this in place across a large catalogue is fiddly by hand. Our downloadable, PrestaShop-oriented GPSR checklist at https://prestashopcompliance.com/resources/gpsr-checklist/ breaks the work into per-product steps you can delegate and track, so nothing is missed on the way to launch.
Common mistakes to avoid
- Assuming a non-EU supplier remains responsible once you import — as the EU importer, the obligations follow the product to you.
- Hiding Article 19 information in a downloadable PDF instead of showing it on the offer before purchase.
- Treating used or refurbished goods as out of scope — they are covered.
- Believing a CE mark discharges every GPSR duty — it does not cover Article 19 transparency or traceability.
- Localising marketing copy but leaving safety warnings only in the default language.
- Having no documented recall procedure or knowledge of the Safety Business Gateway until an incident forces the issue.
- Quoting a single “EU GPSR fine” figure — penalties are set nationally and vary.
Mini-FAQ
Does GPSR apply if my company is outside the EU?
Yes. GPSR applies whenever products are made available on the EU market, regardless of where the trader is established. A product from outside the EU may only be placed on the market if there is an EU-based responsible person accountable for compliance. A fuller explanation is at https://prestashopcompliance.com/faqs/who-needs-gpsr/.
What exactly is the “responsible person”?
It is an economic operator established in the EU who is accountable for defined compliance tasks — keeping documentation available, cooperating with authorities and taking corrective action. It can be an EU manufacturer, an importer, an authorised representative or, in some cases, a fulfilment service provider. See https://prestashopcompliance.com/glossary/responsible-person/.
Is CE marking enough for GPSR?
No. CE marking addresses the specific directives that apply to a product; GPSR adds general safety, traceability and listing-transparency duties that CE does not necessarily cover. Both can apply at once. See https://prestashopcompliance.com/faqs/gpsr-vs-ce/.
What are the penalties for non-compliance?
There is no single EU-wide figure. Each Member State sets penalties that are effective, proportionate and dissuasive, so the consequences vary by country and can include fines, sales bans and mandatory recalls. See https://prestashopcompliance.com/faqs/gpsr-penalties/.
How does GPSR affect dropshipping?
Dropshipping does not exempt you. Depending on the flow of goods, you may be treated as the importer with producer-style duties, and there must still be an EU responsible person for products coming from outside the Union. See https://prestashopcompliance.com/faqs/gpsr-for-dropshipping/.
Ready to put this into practice? Work methodically through our PrestaShop-specific GPSR checklist at https://prestashopcompliance.com/resources/gpsr-checklist/, which turns every obligation above into a concrete, trackable task for your catalogue so your store is demonstrably ready.
This guide is educational and does not constitute legal advice. GPSR obligations depend on your specific products, roles and markets, and enforcement details are set nationally. For a definitive assessment of your situation, consult a qualified legal professional and refer to the official regulation text.
Official reference: https://eur-lex.europa.eu/eli/reg/2023/988/oj