How long must I retain product safety records under GPSR?

Under the General Product Safety Regulation (EU) 2023/988 (GPSR), you generally must keep relevant product safety technical documentation and information for 10 years after the product is placed on the EU market. You may also need to keep certain traceability records for a different period, and product-specific EU rules can set longer retention periods. Below are the practical retention rules, what to keep, and how to store records so you can respond to market surveillance requests quickly.

How long do you need to keep product safety records under the GPSR?

The GPSR baseline rule is to retain relevant technical documentation and safety information for 10 years after the product has been placed on the market. “Placed on the market” means the first time a specific product unit is made available on the EU market. The 10-year clock is typically managed by product type or model, but the legal concept is tied to the first EU supply of each unit.

Also plan for other retention periods that run alongside the 10-year rule:

Traceability information on suppliers and customers in the supply chain is generally kept for 6 years by economic operators.
Personal data in internal complaint registers must be deleted within a maximum of 5 years of entry.
Sector-specific EU harmonisation legislation (for example, CE-marking frameworks) can require different or longer retention periods for certain documents, so you should check the rules that apply to your product category.

What product safety records should you retain to comply with the GPSR?

To comply with the GPSR, retain records that allow you to demonstrate product safety and traceability and that can be provided promptly to authorities on request. This usually includes product identification, safety assessment evidence, and post-market information such as complaints and corrective actions. Keep records consistent across your product, packaging, and online listing identifiers.

Core record categories to keep

Product identification: model, type, batch or serial identifiers, photos of markings and labels, and listing identifiers used online.
Manufacturer and economic operator details: name, address, contact points, and the EU economic operator details required for the product to be offered in the EU.
Risk assessment and safety rationale: identified hazards, foreseeable use and misuse, vulnerable user groups, and risk control measures.
Test reports and certificates (where applicable): laboratory reports, material declarations, and other evidence used to support safety claims (keep the full report, not only a summary).
Instructions and safety information: user instructions, warnings, translations, and any updates over time.
Complaints and accident records: complaint logs, accident descriptions, and your evaluation of whether the information indicates a safety issue.
Corrective actions and recalls: investigation notes, corrective action decisions, recall notices used, and effectiveness checks.
Supply chain traceability data: who supplied the product, parts, components, or embedded software, and to whom you supplied the product.
Communications with authorities: requests received, information provided, and timelines for responses.

How should you store GPSR records so you can respond to market surveillance requests?

Store GPSR records in a controlled system that supports fast retrieval and a clear version history. Market surveillance authorities can request documentation and expect timely, complete responses, so your goal is to locate the correct file set for a specific model and time period without rebuilding it. Make sure records remain accessible even if you change marketplaces, fulfilment partners, or internal staff.

Centralize: use one repository per brand, with a folder structure by product model and version.
Use version control: keep dated revisions of labels, instructions, and risk assessments, and link each revision to the production period or listing change.
Apply a retention schedule: tag records for the 10-year, 6-year, and 5-year rules so deletion does not happen too early.
Control access: limit editing rights, log changes, and keep read-only “authority response” exports.
Plan language readiness: store the master file plus the EU-language versions you actually provide to consumers.
Ensure EU availability: keep records accessible for the EU-based economic operator role and for responding to authority requests without delay.
Document your response process: define who receives authority requests, who compiles the pack, and how you verify completeness before sending.

How does EARP help with GPSR product safety record retention and documentation readiness?

We help non-EU businesses stay ready for GPSR documentation requests by providing independent EU regulatory representation and structured documentation control, aligned with the Market Surveillance Regulation (EU) 2019/1020 (MSR) role requirements.

Acting as your EU Responsible Person (and Authorized Representative where applicable) for covered products.
Checking documentation presence and completeness against GPSR expectations, including risk assessment, warnings, and traceability elements.
Secure documentation storage and fast retrieval, so you can respond promptly when a marketplace or authority asks.
Documentation readiness reviews, including consistency checks between product identifiers, labels, and listings.
Liaison support with national market surveillance authorities, including structured handling of information requests.

See our GPSR compliance services, or contact us to set up a record-retention and documentation readiness process that supports uninterrupted EU market access.