The GPSR compliance iceberg: what webshop owners don’t see until it’s too late

On December 13, 2024, the EU General Product Safety Regulation (GPSR) officially replaced the decades-old General Product Safety Directive. For most webshop owners, the date came and went like a distant rumble of thunder. A few updated their listing templates. A handful added a label or two. Some did nothing at all.

That's the thing about icebergs. The visible part looks manageable.

These are real requirements and they matter. But they represent the visible 10% of what GPSR actually demands. The remaining 90% is structural, operational, and, for a business that hasn't prepared, potentially existential.

Below the waterline: what GPSR actually requires

The regulation isn't just about labels. It's about evidence. Can you prove your products are safe? Not “we believe they are safe.” Can you demonstrate it, with documents, with traceability, with a revision trail that survives scrutiny from a market surveillance authority?

1. Technical documentation you can actually produce

Article 9 of the GPSR requires manufacturers (and, by extension, responsible persons acting on their behalf) to compile technical documentationfor every product placed on the EU market. This isn't optional. This isn't “nice to have.”

For most webshop owners importing products from third-country manufacturers, this means obtaining from your supplier:

• The Declaration of Conformity (DoC) for each relevant directive
• Test reports from accredited laboratories
• Safety data sheets where applicable
• Risk assessments covering foreseeable misuse
• Technical drawings or specifications

Now imagine doing this for 200 SKUs. From 15 different suppliers. In formats ranging from a PDF scan of a fax to a WeChat screenshot.

2. Traceability that goes both ways

GPSR requires that products be traceable throughout the supply chain. Every economic operator must be able to identify who supplied them and who they supplied to. For webshop owners, this means:

• Maintaining records of which supplier provided which product
• Keeping documentation linked to specific batches or product identifiers
• Being able to respond to authority inquiries within a defined timeframe

A shared Google Drive with folders named “Supplier docs 2024” doesn't meet this bar. Neither does an email search for “CE certificate” followed by the prayer that the one you find is still the current version.

3. Internal processes for corrective action

If a product turns out to be non-compliant or poses a risk, GPSR requires you to take corrective action. That means recalls, withdrawals, or notifications to authorities via the Safety Gate system. But it also means having internal processes that detect these issues in the first place.

Who in your organization reviews incoming test reports? What happens when a supplier updates a certificate? How do you know if a product you've been selling for two years had its DoC expire six months ago?

These aren't hypothetical questions. These are the questions a market surveillance authority will ask when they come knocking.

4. The responsible person problem

GPSR introduces the concept of an “economic operator responsible for product safety,” who must be established in the EU for products placed on the EU market. For many webshop owners, especially those importing directly from Asia, this means either:

• Acting as the responsible person themselves (with all the obligations that entails)
• Appointing an authorized representative in the EU
• Relying on the manufacturer to establish a responsible person (which many won't)

The responsible person isn't just a name on a label. They accept legal liability for the product's compliance. They must be able to provide the technical documentation to authorities on request. They must cooperate with corrective actions. This is a structural commitment, not a bureaucratic formality.

Why webshop owners are uniquely exposed

Here's what makes this particularly acute for e-commerce sellers as opposed to traditional retailers:

Volume and variety.A typical webshop might carry hundreds or thousands of SKUs across dozens of product categories. Each category may fall under different EU directives (Toy Safety, Low Voltage, EMC, RoHS, REACH). The compliance requirements are not uniform, they're a matrix.

Supplier distance. When your supplier is a factory in Shenzhen that you communicate with through a trading company, obtaining compliant technical documentation is not a simple request. Suppliers may provide documents that are incomplete, outdated, or for a different product variant entirely.

Multi-channel complexity. You sell on your own shop, on Amazon, on eBay, on Kaufland, maybe on Bol.com. Each channel has its own requirements for product safety data. But the underlying facts should be the same, coming from the same approved source. Right now, most sellers maintain separate copies of safety data per channel, with no single source of truth.

No institutional knowledge.In a large enterprise, there's a compliance department. In a 5-person e-commerce operation, there's whoever drew the short straw. Compliance expertise is often siloed in one person's head, undocumented, and inaccessible to the rest of the team.

What “being compliant” actually looks like in practice

Compliance isn't a status you achieve once. It's an ongoing operational discipline. For each product in your catalog, you need to be able to answer these questions at any time:

1. Who manufactured this product? Who is the responsible person in the EU?
2. What is the product's risk category and which directives apply?
3. Do we have a current, valid Declaration of Conformity?
4. Do we have test reports from an accredited lab covering the relevant standards?
5. Are the product warnings correct, complete, and in the right languages?
6. Can we trace this product back to a specific supplier and batch?
7. When did we last verify this information? Who approved it?

If you can answer all seven for every SKU in your catalog, congratulations. You're ahead of 95% of webshop operators. If you can't, and most can't, then you're sitting on undocumented risk that grows with every product you add.

Moving from firefighting to system

The good news: this is a solvable problem. Not with more spreadsheets, not with a compliance consultant who does a one-time audit, but with a system that creates and maintains structured, evidence-linked records for every product you sell.

That's what we built Telden Product Service Desk to do. Import your catalog. Attach the supplier documents you already have. Let AI extract the structured facts, the entities, the warnings, the CE data, with source provenance. Review what needs attention. Approve what's ready. Publish from a single source of truth.

The iceberg doesn't shrink. But with the right system, you can see the whole thing.