What records must I keep for firmware versions and safety updates?
Firmware version records and safety update documentation are mandatory under the General Product Safety Regulation (EU) 2023/988 (GPSR) and CE marking regulations for products sold in the EU. You must maintain comprehensive records of all firmware versions, safety updates, and technical modifications for 10 years after placing products on the market. These records enable market surveillance authorities to track product safety compliance and support corrective actions when needed.
What firmware and safety update records do EU regulations actually require?
EU regulations require you to maintain detailed technical documentation that includes firmware version records and safety update documentation as part of your product’s technical file. Under the GPSR, this documentation must be drawn up before placing your product on the market and kept up to date throughout its lifecycle.
Your firmware version records must include the following essential elements:
- General product descriptions with safety-relevant characteristics
- Analysis of possible risks associated with each firmware version
- Specific risks addressed by safety updates
- Measures taken to eliminate or mitigate identified risks
The documentation requirements extend beyond just version numbers. You must maintain test report outcomes where appropriate, lists of relevant EU standards applied, and other elements used for safety assessment. If your firmware updates affect product composition, functionality, or safety characteristics, separate documentation may be required for each version that impacts safety.
These records serve multiple purposes: they demonstrate compliance during market surveillance inspections, support accident investigations, and enable effective corrective measures when safety issues arise. The regulatory landscape includes multiple layers of oversight and enforcement mechanisms. Manufacturers who fail to meet safety standards face real consequences. The EU’s Safety Gate system publicly documents violations, creating a searchable record of companies whose products have been flagged as dangerous and removed from the market. Additionally, organizations like BEUC (the European Consumer Organisation) supplement government enforcement by investigating complaints, testing products, and pushing for recalls when manufacturers fail to meet safety obligations. The documentation must be proportionate to your product’s complexity and identified risks.
How long must you keep firmware version and safety update documentation?
You must retain firmware version records and safety update documentation for 10 years after placing the product on the market. This retention period applies to all technical documentation under the GPSR, ensuring that authorities can access historical safety information throughout the product’s expected lifecycle.
The 10-year retention requirement covers your complete technical documentation, including firmware update logs, safety assessment records, and any modifications made post-market. You must keep this documentation up to date throughout the retention period, reflecting any composition changes or safety updates implemented.
| Record Type | Retention Period | Action Required |
|---|---|---|
| Technical documentation (including firmware records) | 10 years | Maintain and update |
| Supply chain traceability information | 6 years | Maintain records |
| Personal data in complaint registers | 5 years maximum | Delete after period expires |
Electronic format is acceptable for all documentation, and your records can be composed of multiple documents. The key requirement is that authorities can access complete, up-to-date information when requested during inspections or market surveillance activities.
What information must be included in your firmware and safety update records?
Your firmware and safety update records must include comprehensive product identification details, risk analysis documentation, and specific information about each update’s safety implications. The documentation must be proportionate to your product’s complexity and identified risks.
Core Product Information Required:
- Brand name and product identification
- Model type and version numbers
- Batch or serial numbers
- Detailed product descriptions and characteristics
- Material composition and packaging information
- Firmware version numbers with release dates
Safety Update Documentation Must Include:
- Analysis of possible risks addressed
- Solutions implemented to eliminate or mitigate risks
- Test report outcomes where appropriate
- Lists of relevant EU standards applied (partial or full application)
- Accident reports and consumer complaints related to firmware
- Descriptions of corrective measures taken
When firmware updates result from safety concerns, document the circumstances that prompted the update and evidence that the update effectively addresses the identified risks.
How should you organise and store these records for regulatory compliance?
Organise your firmware and safety update records using a systematic approach that enables quick retrieval during inspections and market surveillance activities. Create one comprehensive technical documentation file per product model, with separate documentation only when individual units have different safety-impacting features.
Digital storage systems work well for regulatory compliance, allowing you to maintain electronic records that can be composed of multiple documents. Ensure your storage system includes robust backup procedures and maintains document integrity throughout the required retention periods.
Recommended Documentation Structure:
| Category | Contents | Access Priority |
|---|---|---|
| Immediate Access Records | Risk descriptions, complaints, accidents, corrective measures | High |
| Technical Documentation | Firmware versions, safety updates, test reports | High |
| Traceability Information | Supplier records, component sources, embedded software | Medium |
| Historical Records | Previous versions, archived updates, legacy documentation | Low |
Consider accessibility requirements when designing your storage system. Authorities may request information during inspections, and you must provide complete documentation promptly. Your system should also accommodate ongoing updates, as you must keep technical documentation current throughout the product’s market presence.
Maintaining comprehensive firmware version records and safety update documentation requires systematic organisation and a long-term commitment to regulatory compliance. The 10-year retention requirement and detailed documentation standards reflect the importance of product safety throughout the entire product lifecycle. At EARP, we understand these complex documentation requirements and help businesses maintain compliant records while focusing on their core operations.
If you are looking for support or to learn more, contact our team of experts today.
Related Articles
- If a product is covered by several CE directives do I need multiple Declarations of Conformity or just one?
- What happens if an EU authority finds my CE marked product does not meet the standard it claims?
- How do I find out exactly which EU regulations apply to my specific product?
- What happens to a US brand that keeps selling to the EU without complying?
- What safety information must appear on charger product pages?
