GPSR: The EU Responsible Person Requirement for Non-EU Sellers

Regulation (EU) 2023/988 — the General Product Safety Regulation, commonly referenced as GPSR — replaced the General Product Safety Directive of 2001 on 13 December 2024. Unlike its predecessor, GPSR is directly applicable across all EU member states; no national transposition is required, and the mechanics are uniform across the Single Market.

For the substantial majority of UK and US enterprises selling consumer products to EU consumers, the operationally consequential provision is Article 16. No product covered by the Regulation may be placed on the EU market unless there is an economic operator established in the Union responsible for defined market-surveillance and compliance tasks. The obligation is enforced by national market surveillance authorities and the penalties — set by each member state under Article 44 — are real.

This is what GPSR Article 16 actually requires, who qualifies as a Responsible Person, what the structural answer looks like for a UK or US enterprise with its own EU entity, and what enforcement has looked like in practice through the first year of GPSR application.

What GPSR Article 16 actually requires

Article 16(1) of GPSR provides that "a product covered by this Regulation shall not be placed on the market unless there is an economic operator established in the Union who is responsible for the tasks set out in Article 4(3) of Regulation (EU) 2019/1020 in respect to that product."

The cross-reference is structurally important. GPSR Article 16 does not stand alone — it extends the existing Responsible Person framework from Regulation (EU) 2019/1020 on market surveillance and compliance of products. The 2019/1020 framework has applied since 16 July 2021 to defined categories of harmonised products (toys, electrical equipment, machinery, personal protective equipment, and others). GPSR Article 16 extends that framework to all non-food consumer products not otherwise covered by sector-specific Union harmonisation legislation.

The substantive consequence: from 13 December 2024, the Responsible Person requirement applies to almost every consumer product on the EU market.

The tasks set out in Article 4(3) of Regulation (EU) 2019/1020, as extended by GPSR Article 16, include verifying that the manufacturer has prepared the technical documentation under Article 9(2) of GPSR and made it available for ten years, ensuring the product carries the manufacturer identification and safety information required under Article 9, cooperating with national market surveillance authorities including providing information and documentation on request, and taking corrective action where a product presents a risk including informing the relevant authorities.

The Responsible Person's contact details (name, postal address, electronic address) must be indicated on the product itself, on the packaging, or in accompanying documentation, and must be included in the online product listing under GPSR Article 19(b).

Who can be the Responsible Person

Article 4(2) of Regulation (EU) 2019/1020 defines the four categories of economic operator who can perform the Responsible Person role:

A manufacturer established in the Union is by default the Responsible Person for products it manufactures.

An importer is the Responsible Person where the manufacturer is established outside the Union and the importer is the first economic operator placing the product on the EU market.

An authorised representative can be the Responsible Person where it holds a written mandate from a non-EU manufacturer to act in that capacity.

A fulfilment service provider is the Responsible Person where there is no operator established in the Union in any of the preceding categories.

For a UK or US enterprise importing its own products into the EU through its own EU subsidiary, the structural answer is straightforward: the subsidiary acts as the importer under Article 4(2)(b), and is therefore the Responsible Person for the products it places on the market. This is the cleanest and most defensible architecture, requires no separate authorised-representative arrangement, and avoids the ongoing contractual and operational layer that third-party Responsible Person services introduce.

The two structural options — and why one is better

Two structural options are commonly presented to UK and US sellers without an EU establishment.

The first is a third-party Responsible Person service — typically a specialist firm that contracts to act as authorised representative for a non-EU manufacturer's products, performing the Article 4(3) tasks under a written mandate. This model is straightforward to implement and is genuinely useful for sellers who do not have, and do not intend to establish, an EU entity.

The second is the seller's own EU subsidiary acting as Responsible Person for the products it imports and places on the EU market. This is the model available to any UK or US enterprise that has established a Polish spółka z ograniczoną odpowiedzialnością (Sp. z o.o.), Dutch BV, Irish limited company, or other EU entity through which it operates its European supply chain.

For sellers with an EU entity, the in-house model is materially more defensible. The Responsible Person obligations sit within an entity the seller controls; the technical documentation, market surveillance correspondence, and corrective-action mechanics all operate through the same operational infrastructure that handles the seller's other EU compliance work. There is no contractual layer, no mandate to maintain or renew, no potential for misalignment between the Responsible Person's records and the seller's own. For a seller intending to build a sustained EU operation, the in-house Responsible Person model is the architecturally coherent answer.

The third-party service is appropriate for sellers without an EU entity, for sellers in transitional arrangements, or for narrow categories of product where a specialist Responsible Person service offers domain-specific expertise. For sellers who have already incorporated an EU subsidiary, the in-house model is generally preferable.

What the Responsible Person actually does

The day-to-day operational reality of acting as Responsible Person breaks down into four work streams.

Verifying technical documentation. Under GPSR Article 9(2), manufacturers must prepare technical documentation including a general description of the product, risk analysis, references to relevant EU standards or other elements used to assess product safety, and instructions and labels information. The Responsible Person verifies that this documentation has been prepared and is available; the documentation must be retained for ten years under Article 18.

Verifying labelling and safety information. Products must carry the type, batch or serial number, the manufacturer's identification, and instructions and safety information in a language understood by consumers in each member state where the product is made available. The Responsible Person verifies that these requirements have been met.

Cooperating with market surveillance authorities. National market surveillance authorities — Germany's BAuA, France's DGCCRF, Poland's UOKiK, and equivalent bodies across the Single Market — can request information and documentation, and the Responsible Person is the contact point for those requests. Responses are typically required within defined timescales.

Notifying corrective action. Where a product presents a risk to consumers, the Responsible Person ensures corrective measures (withdrawal, recall, public warning) are taken and notifies the relevant authorities through the EU Safety Gate portal. Article 9(8) sets the notification framework.

The work is real but bounded. For a UK or US enterprise with a defined product range and stable supply chain, the ongoing Responsible Person workload sits within normal operational capacity.

Enforcement and penalties

Article 44 of GPSR provides that member states shall set effective, proportionate, and dissuasive penalties for infringements of the Regulation. Penalties are set at national level, and the architecture varies — several member states have adopted enabling legislation providing for administrative fines up to €100,000 for serious infringements; some have provided for higher fines tied to turnover.

The Commission is required under Article 44(5) to publish an evaluation report on the implementation of Article 44 by 13 December 2029, assessing the effectiveness and deterrent effect of the penalties imposed. The 2029 review is a meaningful checkpoint — enforcement practice through 2025 and 2026 will inform how member states calibrate their penalty regimes.

In practice through the first year of GPSR application, enforcement has concentrated on listing-level removal of non-compliant products from online marketplaces under Article 22, rather than on financial penalties against the underlying sellers. Amazon, eBay, and the major European marketplaces have implemented Responsible Person verification at listing stage; products without valid Responsible Person details are routinely delisted. The operational risk for sellers without proper GPSR compliance is therefore principally a marketplace-access risk in the near term, with the financial-penalty risk maturing as national authorities build enforcement capacity.