How to build a GPSR-ready product record from scratch: a practical setup guide for online sellers

You run a webshop or sell on marketplaces. You've read the regulation. You understand, broadly, what GPSR requires. Now you need to actually build the records. Not for one product, but for your entire catalog. In a format that holds up under scrutiny. That stays current as suppliers update their documents. That your team can work with consistently over time.

This guide is about that operational reality: what a GPSR-ready product record actually contains, how to assemble it in practice, and how to structure the process so it scales beyond the first few SKUs.

This is not legal advice. It is operational guidance for teams doing the work. For product-category-specific requirements and jurisdictional edge cases, consult a qualified compliance professional.

What a GPSR-ready product record contains

Before you can build records, you need to know what goes in them. A complete GPSR product record has four layers:

Not every product requires every item. Product categories that fall under specific EU directives (Toy Safety, Low Voltage, Radio Equipment, etc.) have additional documentation requirements. But this four-layer model covers the baseline for most general consumer products sold in the EU under GPSR.

Step 1: Inventory what you already have

Before you start requesting documents from suppliers, take stock of what you already have. Most sellers are surprised to discover they're further along than they thought, and also that some documents they believed they had are either missing or no longer current.

Go through every SKU in your catalog and ask:

• Do I know who manufactured this product?
• Do I have a current Declaration of Conformity for it?
• Do I have a test report from an accredited lab?
• Do I know who the responsible person in the EU is?
• Are the product warnings I'm currently publishing correct and complete?

The goal isn't perfection at this stage, it's visibility. A spreadsheet works fine for this initial inventory phase. Capture what you have, what you're missing, and what you're uncertain about per SKU.

Step 2: Organize your existing documentation

Supplier documents tend to accumulate chaotically. You may have certificates in email attachments, PDFs in a shared drive, WeChat screenshots from suppliers, and documents in languages you can't read. Before requesting more documents, create order out of what you have.

Practical steps:

1. Consolidate into one location. Pull all supplier documents into a single place, a cloud folder per supplier, or per product, depending on your catalog structure. The exact structure matters less than the consolidation itself.
2. Name documents consistently. Use a naming convention that includes the SKU or product identifier, the document type, and the date of the document (not the date you received it). Example: EL-1155_DoC_2025-11.pdf rather than lamp_CE_v2_FINAL_FINAL.pdf.
3. Note the issue date and any expiry. Some test reports and Declarations of Conformity reference product versions, manufacturing periods, or regulatory editions that may have since changed. A document from 2021 may no longer cover your current batch or the updated directive requirements.
4. Flag documents of uncertain scope.If you're not sure whether a document covers the specific SKU you sell (versus a related model or earlier variant), flag it for supplier confirmation rather than assuming it applies.

Step 3: Identify and request what's missing

Once you have clarity on what you have, you can identify the gaps. For each SKU where documentation is incomplete, you need to request the missing items from your supplier.

When requesting documents from suppliers:

• Be specific.Don't just ask for “compliance documents.” Request the specific document type, for the specific product model and variant you sell, confirming that it covers the relevant EU directive(s).
• Request the actual document, not a summary.Many suppliers will offer to send a “compliance letter” or a summary sheet. These are not Declarations of Conformity. Request the actual DoC signed by the manufacturer.
• Ask about the test standard and lab accreditation. A test report is only useful if the lab was accredited and the relevant standard was applied. Ask which EN standards the test covers and whether the lab holds ILAC accreditation.
• Set a clear deadline.Suppliers without a deadline will deprioritize your request. Be specific about when you need the document and why (e.g., “Our marketplace has requested documentation for this product by [date]”).

Step 4: Structure the record per SKU

This is where most sellers lose the operational thread. Having the documents is not the same as having a record. A record is the structured extraction of facts from those documents, linked back to the source, in a format that supports review and publishing.

For each SKU, you need:

This extraction step, taking facts from unstructured PDFs and placing them into a structured record linked to the source, is the hardest part of building GPSR records at scale. It's also the part that AI extraction tools can meaningfully accelerate, since most of these fields appear consistently across Declarations of Conformity and test reports.

Step 5: Review and approve each record

A record that hasn't been reviewed is not a compliance record. It's a draft. The review step is what establishes that a qualified person has looked at the information, confirmed it's accurate and complete, and accepted responsibility for its correctness.

A minimal review process for GPSR records should include:

• Completeness check: Does the record have all required fields for this product category? Are there missing documents?
• Consistency check: Does the entity data on the DoC match the entity data on the product label? Does the test report scope cover the current batch?
• Currency check: Is the Declaration of Conformity current? Is the test report based on the current applicable standards?
• Publishing check: Are the warnings and instructions in the correct language(s) for the destination markets?

Once reviewed and approved, the record should be locked against uncontrolled edits. Any subsequent change, a supplier sends an updated certificate, the responsible person changes, should go through the same review cycle, not silently overwrite the approved record.

Step 6: Publish and maintain

GPSR compliance is not a one-time project. It's an ongoing operational discipline. After you've built and reviewed your initial records, the maintenance process starts:

• Supplier document updates: When suppliers send new certificates, update the linked document, flag the record for re-review, and re-approve before publishing updated information.
• Responsible person changes: If you change your responsible person arrangement, update every affected product record, not just the new products.
• New channel requirements: When a new marketplace requires product safety data in a specific format, generate the output from your approved record, not from a parallel copy.
• Product variant additions:When you add a new variant or color of an existing product, confirm that the existing documentation covers the variant, or request additional documents. Don't assume.
• Regulatory updates: EU directives and harmonized standards are updated periodically. Maintain awareness of transitions (e.g., withdrawal of superseded EN standards) and flag products that may require re-certification.

Common mistakes to avoid

These are the patterns that create compliance risk even when teams are genuinely trying to do this properly:

1. Confusing the declaration with the evidence.A Declaration of Conformity is the manufacturer's attestation that they have the evidence. It is not the evidence itself. You also need the test reports and technical file that the DoC refers to.
2. Assuming documents cover all variants. A DoC issued for model number X may not cover model X-Blue or X-Large. Confirm scope explicitly with the supplier.
3. Using documents from one market for another. A DoC issued for the UK market after Brexit may not cover EU requirements. A CE declaration does not automatically cover UKCA requirements.
4. Not reviewing translated warnings. If your supplier provides warnings in German and you sell in France, Polish, and Dutch markets, you need to verify the translations are accurate and complete, not just present.
5. Forgetting the 10-year retention requirement.GPSR requires that technical documentation be retained for 10 years after the last product was placed on the market. Document deletion or drive reorganization can inadvertently destroy evidence you're legally required to keep.
6. Treating approval as a one-time event. An approved record can become non-compliant when circumstances change, supplier update, standard revision, responsible person change. Approval is valid for a point in time. The maintenance process keeps it current.

What “ready” actually looks like

A GPSR-ready product record, genuinely ready, not just nominally checked, means:

• If a market surveillance authority requests your documentation tomorrow, you can provide a complete package for any SKU within the hour.
• If a marketplace asks you to confirm responsible person data for a specific product, you have a single, reviewed source of truth to work from.
• If a supplier sends an updated certificate, you have a clear process to update the affected records, re-review, and re-approve before publishing updated information.
• If a new team member joins, they can navigate the compliance records without a personal handoff from the person who built them.

None of these conditions require a sophisticated tool. They require discipline, structure, and a consistent process. What a dedicated tool does is reduce the friction of maintaining that discipline at scale, so the compliance record stays current without becoming a full-time manual job.