Are digital products and ebooks covered by the GPSR?
Purely digital products like e-books are generally not the main target of the General Product Safety Regulation (EU) 2023/988 (GPSR), because the GPSR is designed around the safety of “products” placed on the EU market—typically tangible consumer goods. However, software, apps, firmware, and digital instructions can fall under the GPSR when they affect the safety of a physical consumer product. Below are practical rules of thumb and what to check next.
Are e-books and other purely digital products covered by the GPSR?
Usually not. An e-book, downloadable template, music file, or other purely digital content is not typically treated as a “consumer product” in the GPSR sense, because the GPSR focuses on product safety risks arising from products placed on or made available on the EU market—most often physical goods.
That said, the GPSR explicitly considers modern safety factors such as cybersecurity features, evolving or learning functionalities, and predictive capabilities when assessing product safety. This matters when digital elements are connected to a product that consumers can use in real life.
If you sell only digital content, your EU obligations may instead arise under other frameworks (for example, consumer protection and digital services rules), depending on what you provide and how you market it. If you sell a physical product that includes digital elements, the GPSR is much more likely to apply.
When does software or digital content fall under the GPSR because it affects safety?
Software and digital content can fall under the GPSR when they influence the safe use of a physical consumer product. If a digital element can create a hazard, prevent a hazard, or change how a product behaves under normal or reasonably foreseeable use, it becomes part of the product safety assessment.
Common GPSR-relevant scenarios include:
- Firmware or app updates that change operating limits (for example, temperature, speed, charging behavior, locking, or child safety controls).
- AI-driven or adaptive features that learn from user behavior and can change outputs in ways that affect safety.
- Digital instructions (in-app setup, QR-code manuals) that are necessary to assemble, install, or use the product safely.
- Connectivity and cybersecurity where loss of integrity or control could lead to unsafe operation (for example, unauthorized remote control of a device).
When the GPSR applies, the manufacturer should treat these digital elements as part of ongoing safety management, including risk assessment, monitoring safety information after placing the product on the market, and taking corrective action when needed (for example, safety updates, warnings, withdrawal, or recall communications). The GPSR also applies regardless of sales channel, including distance selling and online marketplaces.
What should sellers of digital products do to assess EU compliance obligations?
Start by separating “digital-only content” from “digital elements tied to a physical product.” This quick decision flow helps you determine whether the GPSR is likely to be in scope and whether you will need an EU-based responsible person (an economic operator established in the Union) for consumer products.
- Is there a physical product? If not, the GPSR is usually not the primary framework.
- Is the physical product intended for consumers, or likely to be used by consumers? If yes, the GPSR is likely relevant.
- Is the digital element integral to safe functioning? If the product relies on an app, firmware, cloud feature, or digital instructions to be used safely, treat it as part of the safety assessment.
- Does sector-specific EU legislation apply? Some products are governed by more specific rules (for example, certain CE-marked categories). The GPSR can still apply as a safety “backstop” where risks are not fully covered.
- Document your reasoning. Keep a clear internal record of why you concluded the GPSR does or does not apply, and what safety controls you use for digital elements (version control, update policy, user warnings).
- Prepare for marketplace checks. Online marketplaces often request traceability and safety documentation, and listings can be blocked if required EU economic operator details are missing for products.
| What you sell | GPSR likely applies? | Why it matters |
|---|---|---|
| E-book only | Usually not | Not a physical consumer product safety risk |
| Smart device + app | Often yes | App behavior can affect safe use |
| Product with QR-code manual only | Often yes | Instructions are part of safe use information |
How does EARP help with GPSR compliance for products with digital elements?
We help non-EU businesses selling consumer products with software, apps, firmware, or digital instructions meet GPSR requirements and stay ready for market surveillance requests under the Market Surveillance Regulation (EU) 2019/1020 (MSR). Our work is practical and documentation-focused, so you can keep selling without guessing.
- Confirming whether the GPSR applies to your product and its digital elements
- Acting as your EU responsible person (economic operator) where required
- Checking for the presence and completeness of required product safety documentation, then storing it and making it available to authorities upon request
- Supporting marketplace documentation workflows and traceability expectations
- Liaising with national market surveillance authorities as needed, and ensuring MSR Article 4 risk notifications are passed to the manufacturer
See our services, or contact us to discuss your product, your digital features, and what you need in place for EU market access.
Related Articles
- What is a European Authorized Representative for US businesses?
- Do I need a European Authorized Representative to sell in Europe?
- How much does European Authorized Representative service cost in 2025?
- What is the difference between EU Authorized Representative and Responsible Person?
- How to become GPSR compliant for EU market entry?
