GPSR for Shopify Merchants: The 2026 EU Product Safety Compliance Guide
GPSR for Shopify Merchants: The 2026 EU Product Safety Compliance Guide
The EU General Product Safety Regulation (GPSR) has applied since 13 December 2024. For Shopify merchants, it turns product safety into a storefront-data requirement as well as a product and supply-chain requirement. A product offered online to EU customers must show specific identification, contact, and safety information before the customer buys it.
This guide turns the regulation into a practical Shopify workflow. It focuses on ordinary consumer products; category-specific laws may add requirements or take priority for particular safety risks.

GPSR in one minute: identify your legal role, confirm the product is safe, maintain its risk and technical file, put traceability information on the physical product or permitted alternative, appoint an EU Responsible Person when required, show Article 19 information clearly in the online offer, and operate a process for complaints, accidents, recalls, and authority requests.
Does GPSR Apply to Your Shopify Store?
GPSR generally covers consumer products placed or made available on the EU market, whether they are new, used, repaired, or reconditioned. An online offer can fall within scope when it targets consumers in the EU, even if the merchant is established elsewhere.
It is not the only product law. Food, feed, medicinal products, living plants and animals, plant protection products, antiques, and several other defined categories are excluded. Products such as toys, cosmetics, electrical equipment, and personal protective equipment also have sector-specific rules. Where EU harmonisation law already regulates a particular safety aspect, GPSR does not duplicate that same aspect; it continues to cover risks and obligations not addressed by the sector law.
Do not use a customer's shipping country as your only compliance trigger. EU targeting can also be indicated by the countries you market to, currencies, languages, delivery options, and other features of the offer.
First, Identify Your Economic-Operator Role
Your obligations depend on what you do in the supply chain, not the label you use internally.
| Your commercial setup | Likely GPSR role | Why it matters |
|---|---|---|
| You design a product or sell it under your own name or trademark | Manufacturer | GPSR treats a business that has a product made and markets it under its own name or trademark as the manufacturer |
| You first place a product from a non-EU manufacturer on the EU market | Importer | You must verify key manufacturer duties and your own traceability information |
| You resell an EU-sourced product without becoming the manufacturer or importer | Distributor | You must act with due care, verify required markings and information, and respond to safety issues |
| You sell private-label goods made by a third-party factory | Usually manufacturer | Outsourcing production does not outsource the brand owner's manufacturer obligations |
| You dropship directly from a non-EU supplier | Depends on the chain | The supplier, importer, authorised representative, fulfilment provider, marketplace, and merchant relationships must be mapped rather than assumed |
A business can hold more than one role. Document the role for each product family and record the evidence behind the decision.
The Seven GPSR Workstreams a Merchant Needs
1. Product safety and risk documentation
Manufacturers must perform an internal risk analysis and prepare technical documentation. At minimum, the file needs a general product description and the characteristics relevant to assessing safety. Where appropriate, it should also describe identified risks, measures used to eliminate or mitigate them, applicable standards or other methods, and test evidence.
The file must be kept current and available to market-surveillance authorities for 10 years after the product is placed on the market. A certificate from a supplier can be evidence, but it is not a substitute for understanding the product, its intended and reasonably foreseeable use, and its risks.
For a step-by-step method, use our GPSR risk assessment and technical file guide.
2. Identification and physical traceability
The product needs a type, batch, serial number, or another identifier that enables it to be traced. Manufacturer contact details and, where applicable, importer and EU Responsible Person details must also be provided as required by the relevant provisions.
These are physical-product obligations. Depending on the specific rule and what the product's size or nature allows, information may be placed on the product, packaging, parcel, or an accompanying document. A QR code or Digital Product Passport can make information easier to access, but digital information does not automatically replace information that the law requires physically.
3. An EU Responsible Person when the manufacturer is outside the EU
A covered product cannot be placed on the EU market without an EU-established economic operator responsible for the Article 4 tasks. That operator may be an EU manufacturer, an importer, an authorised representative with a written mandate, or—in the limited fallback described by the law—a fulfilment service provider.
The responsible operator's name and postal and electronic address must appear with the product as required and in the online offer. Read our focused EU Responsible Person guide for GPSR before selecting a provider.
4. Product-page information under Article 19
When a product is offered online, the offer must clearly and visibly display:
- the manufacturer's name, registered trade name or trademark, plus postal and electronic address;
- when the manufacturer is outside the EU, the EU Responsible Person's name plus postal and electronic address;
- information that identifies the product, including its picture, type, and another product identifier; and
- warnings or safety information required by GPSR or other applicable EU law, in a language consumers can easily understand as determined by the relevant Member State.
Do not hide this information behind an account login, after checkout, or only inside a downloadable manual that the shopper is unlikely to see. The requirement concerns the offer itself and applies before purchase.
5. Instructions and language coverage
Where safe use requires instructions or safety information, provide them in language that consumers in the destination market can easily understand. The Member State determines the language requirement. Translating marketing copy while leaving the warnings in English is not a safe localisation strategy.
Maintain a controlled source version of every warning. Have qualified reviewers check safety-critical translations, and ensure the product label, manual, product page, and any digital record stay aligned.
6. Complaints, incidents, and corrective action
Create a product-safety channel that is monitored by people who can act. Link complaints to product identifiers and batches so patterns are visible. Your procedure should define how to:
- triage a report;
- preserve the product and evidence;
- assess whether the product is dangerous;
- stop sales or isolate affected inventory;
- notify the manufacturer, importer, Responsible Person, marketplace, authorities, or consumers as applicable; and
- document the decision and corrective action.
Manufacturers must report accidents caused by a product through the EU Safety Business Gateway without undue delay after becoming aware of them. Importers and distributors have escalation duties too. A normal customer-service inbox without a safety workflow is not enough.
7. Ongoing change control
Safety is not a one-time upload. A material, component, supplier, firmware, warning, manufacturing process, or intended-use change may invalidate the existing assessment. Connect catalogue changes to technical-file review, and preserve which evidence supported each batch or version.
How to Structure GPSR Information in Shopify
Use structured data wherever the same field must appear consistently across themes, markets, exports, and digital product records.
| GPSR information | Practical Shopify location | Implementation note |
|---|---|---|
| Product picture, title, type, model, SKU or other identifier | Product media, title, variants, SKU, and product metafields | Make the identifier visible to shoppers; do not rely only on an internal admin value |
| Manufacturer name and contact details | Structured product or company metafields | Associate the correct manufacturer with each product rather than hard-coding one company globally |
| EU Responsible Person details | Structured product metafields or a referenced metaobject | Store name, postal address, and electronic address as separate fields |
| Warnings and safety information | Shopify's compliance/safety disclosure data, product metafields, or a dedicated content block | Render it clearly on the product page and localise it per target market |
| Instructions and supporting documents | Product files linked from a visible safety section | Use accessible formats and keep version history |
| Technical file and test evidence | Controlled internal repository | Do not publish confidential files merely to satisfy an authority-access obligation |
Shopify's own GPSR guidance recommends structured disclosure data for warnings and safety information. Whichever implementation you choose, test the actual storefront—not only the admin screen. Check a logged-out session, every relevant market and language, mobile layout, variant switching, subscription or quick-buy views, and any sales channel that creates a separate online offer.
A Digital Product Passport can reuse verified manufacturer, identifier, material, and document data, but GPSR and ESPR are separate legal frameworks. A DPP does not by itself prove that the product is safe or that the product page contains everything Article 19 requires.
A 10-Step GPSR Checklist for Shopify Merchants
- List every product offered to EU customers and the countries targeted.
- Map the manufacturer, importer, distributor, and EU Responsible Person for each product family.
- Confirm which sector-specific EU laws also apply.
- Complete and approve the product risk assessment and technical file.
- Assign a traceable type, batch, serial number, or other product identifier.
- Verify physical product, packaging, parcel, and document information.
- Publish all Article 19 information clearly on each product offer.
- Localise required warnings and instructions for each destination market.
- Establish complaint monitoring, accident reporting, recall, and authority-response procedures.
- Recheck the file whenever the product, supplier, evidence, or law changes.
Common GPSR Questions
Does a CE mark prove GPSR compliance?
No. CE marking applies only under EU laws that require it for a particular product. GPSR does not make every consumer product CE-marked, and a CE mark does not replace GPSR traceability, online-offer, complaint, or accident duties.
Can the safety information exist only behind a QR code?
Not when the law requires it on the physical product, packaging, accompanying material, or online offer. GPSR expressly treats digital labelling as additional rather than a replacement for mandatory physical information.
Are small Shopify stores exempt?
GPSR does not provide a blanket exemption simply because a merchant has low revenue or few employees. The product, market, supply-chain role, and applicable sector rules determine the obligations.
Is the marketplace responsible instead of the merchant?
Online marketplaces have their own GPSR duties, but those duties do not erase the obligations of manufacturers, importers, distributors, or responsible economic operators. Marketplace fields should mirror—not replace—your controlled product data.
Build One Reliable Compliance Record
The most efficient approach is to create one controlled source for product identity, economic-operator details, safety content, evidence, and versions, then publish the appropriate subset to Shopify, labels, manuals, marketplaces, and product passports. That reduces contradictory information and gives your team an audit trail when a supplier or authority asks a difficult question.
If ESPR may also affect your catalogue, use the current ESPR category timeline to separate official milestones from speculative deadlines.
Last reviewed: 13 July 2026. This article is general educational information, not legal advice. Product-specific facts, sector legislation, and national enforcement requirements can change the result.
Official Sources
- Regulation (EU) 2023/988 on general product safety — consolidated text
- European Commission guidelines on applying the EU product-safety framework by businesses
- European Commission GPSR questions and answers for businesses
- Regulation (EU) 2019/1020, including Article 4 on the responsible economic operator
- Shopify Help Center: General Product Safety Regulation
Ready to get started?
Create EU-compliant Digital Product Passports for your Shopify store in minutes.
Install PassportPro on Shopify