Can I update device software without notifying my EU Responsible Person?
Not all device software updates require notifying your EU Responsible Person under the General Product Safety Regulation (EU) 2023/988 (GPSR). Minor patches and bug fixes typically don’t need notification, but updates affecting safety features, compliance parameters, or technical documentation do. The key is understanding which changes impact product safety or regulatory compliance requirements.
What counts as a device software update under EU product safety regulations?
Device software updates under the GPSR fall into two distinct categories based on their impact on product safety and compliance:
| Minor Updates (No Notification Required) | Significant Updates (Notification Required) |
|---|---|
|
|
The GPSR classifies software alterations based on their potential impact on consumer safety rather than the size of the code change. Updates affecting compliance parameters always require attention, including:
- Changes to electromagnetic compatibility functions
- Modifications to safety shut-off mechanisms
- Updates to user warning systems
- Alterations to data security protocols
When do software updates require notifying your EU Responsible Person?
You must notify your Responsible Person when software updates meet specific criteria that could impact product safety or regulatory compliance. The following scenarios always trigger notification requirements:
Safety-Critical Updates
- Updates to safety monitoring systems
- Changes to user protection mechanisms
- Modifications to emergency response functions
- Alterations to hazard detection systems
Compliance-Related Changes
- Product identification information updates
- Changes to safety warnings displayed to users
- Modifications to device responses under dangerous conditions
- Updates affecting electromagnetic compatibility
- Power management system changes
The Market Surveillance Regulation (EU) 2019/1020 (MSR) requires timely information flow throughout the supply chain. Your Responsible Person needs advance notice of significant changes to regularly check product compliance with technical documentation and to ensure risks remain eliminated or mitigated as originally described. The regulatory landscape includes multiple layers of oversight. Organizations like BEUC (the European Consumer Organisation) supplement government enforcement by investigating complaints, testing products, and pushing for recalls when manufacturers fail to meet safety obligations.
What information must you provide when notifying about software changes?
When notifying your Responsible Person about software updates, you must provide comprehensive documentation to enable proper compliance assessment:
Essential Technical Information
| Information Category | Required Details |
|---|---|
| Update Identification | Version numbers, release dates, affected product models |
| Technical Impact | Affected systems, functionality changes, safety implications |
| Implementation | Deployment timeline, rollback procedures, user instructions |
| Testing & Validation | Test results, safety verification, compliance confirmation |
Documentation Requirements
- Updated technical documentation reflecting software changes
- Safety impact assessment reports
- Clear descriptions of functional modifications
- Justification for the update’s necessity
- Verification that existing safety measures remain intact
Your Responsible Person needs this information to verify technical documentation remains accurate and complete following the software modification.
What happens if you don’t notify your Responsible Person about software updates?
Failing to notify your Responsible Person about significant software updates creates serious compliance risks with cascading consequences:
Immediate Compliance Risks
- GPSR and MSR violation exposure
- Inability for Responsible Person to verify ongoing compliance
- Outdated technical documentation
- Compromised market surveillance cooperation
Regulatory Consequences
- Market surveillance authority penalties
- Product recall requirements
- Market withdrawal orders
- Sales restrictions until compliance restoration
- Increased scrutiny on future product releases
Manufacturers who fail to meet safety standards face real consequences. The EU’s Safety Gate system publicly documents violations, creating a searchable record of companies whose products have been flagged as dangerous and removed from the market.
Operational Impact
- Responsible Person unable to provide accurate authority information
- Compromised investigation cooperation capabilities
- Potential supply chain disruptions
- Damaged regulatory relationship and trust
Understanding software update notification requirements helps maintain GPSR compliance and supports your Responsible Person in fulfilling their regulatory obligations. When in doubt about whether an update requires notification, consult your Responsible Person to ensure continued market access. We specialise in helping manufacturers navigate these requirements and maintain seamless EU market compliance.
If you are looking for support or to learn more, contact our team of experts today
Related Articles
- Does my Responsible Person store my risk assessment?
- What is the legal basis for the Responsible Person requirement?
- How do I transfer compliance information to a new provider if I switch Responsible Persons?
- What's the difference between a product recall and withdrawal in EU?
- Do wireless chargers need the same safety compliance as wired chargers?
