This blog was originally published in Insurance Day, February 2023.
The EU's proposed General Product Safety Regulations aim to bring product safety regulation into the modern age but will introduce a more onerous and broader range of compliance obligations on insured businesses.
The rapid development of innovative technologies and modern supply mechanisms in recent years has, among other things, led EU and UK legislators and policy makers to review and modernise product safety laws so they are fit for the 21st century.
While these developments are thought to represent a significant strengthening of consumer protection, the burden of new, extensive and seemingly complex regulatory obligations on product manufacturers, importers and other actors throughout the supply chain and related risks of non-compliance result in
increased sanctions for insured businesses and increased liability risks for insurers.
On 29 November 2022, the EU Parliament and EU Council reached provisional agreement on the proposed General Product Safety Regulations (GPSR), which will replace the current mainstay general product safety framework provided for by the General Product Safety Directive 2001. It is expected to apply to EU Member States in 2024.
The GPSR aims to bring product safety regulation into the modern age, protecting consumers throughout the European bloc with expanded, uniform rules that account for the risks and challenges involving digital technologies and the increasing dominance of online marketplaces as the go-to for consumer purchases.
Key changes include an expanded definition of 'product' and 'safety': this now includes 'interconnected' products and sets new criteria for assessing product safety, including cyber security. Makers of products with interconnected or cyber features will now be required to ensure the cyber integrity of the product itself and the effect it will have on any products connected to it.
There are also changes to online marketplaces (the GPSR introduces stringent requirements and deadlines for the removal of dangerous products from online marketplaces); as well as to direct notifications to consumers. Aimed at the apparent trend of online publication of product recall notices going unnoticed, manufacturers and vendors will be required to notify consumers directly if a product they have purchased has been subject to a recall.
Other changes affect the market surveillance regime: the GPSR introduces a single market surveillance regime covering all types of products, obliging online marketplaces to co-operate with market surveillance authorities if dangerous products are discovered and removal is requested.
Finally, it includes modernising the EU Rapid Alert system. The new revised version of the Safety Gate system (formerly Rapex), will introduce more robust measures to improve the detection and awareness of unsafe products through the faster circulation of information and a notification system.
The GPSD was implemented into UK law in 2005 through the UK General Product Safety Regulations (UK GPSR). In a post-Brexit era, while the proposed EU GPSR will not apply to the UK, the UK is also seeking to reform and modernise the UK GPSR, having consulted on its long-term aims in 2021.
In November 2021, the Office for Product Safety and Standards published an analysis of the responses to its consultation, followed by a product regulation strategy in August 2022, although draft regulation is yet to be published, with delays said to be because of political uncertainty and the cost of living crisis taking up parliamentary time.
As it stands, there are already significant differences between the EU GPSR and the UK’s law, which is the retained version of the older EU law (UK GPSR). With the UK set to disregard certain key EU product safety laws and standards through the Retained EU Law (Reform & Revocation) Bill unless active steps are taken,
there is potential for significant divergence of product safety laws and disruption to the UK framework as it stands, giving rise to uncertainty as to the applicable laws and regulations, further risking non-compliance and consequential liability risks.
The proposed reforms provided by the EU GPSR are significant and wide-reaching. With similar changes expected to be made to the UK regime, insurers of businesses that manufacture and supply consumer products should be alive to a number of implications. These will include a more onerous and broader range of compliance obligations on insured businesses, which are likely to require expanded levels of cover, particularly for product liability policies.
Insurers will also need to pay special attention to the drafting of warranties contained in insurance policies to ensure insureds have robust mechanisms for upholding product safety. Such mechanisms should stand up to scrutiny from product regulators and reassure consumers.
The inclusion of cyber security considerations is a fundamental update in the EU GPSR. Insurers should ensure policies require insureds to follow an accepted cyber security standard (for example, ETSI EN 303 645 for internet of things products) to demonstrate their products are compliant with cyber security rules.
Connected and software products are higher-risk category products also generally for insurance purposes.
Finally, it is important to bear in mind the anticipated impact of the EU-wide directive on representative actions for the protection of the collective interests of consumers, which is due to take effect in June 2023.
The directive provides a mechanism by which consumers affected by breaches of EU law can bring cross-border collective (group) actions for redress and/or injunctive relief. The interaction of the directive with product safety laws, including the current GPSD, coupled with a wider, increased focus on regulatory compliance, is likely to give rise to group actions in this area.