Since December 13, 2024, the EU General Product Safety Regulation (GPSR) has applied directly to every online shop selling to consumers in the EU (European Commission). It requires retailers to provide four clearly defined mandatory details in every product listing: manufacturer information, an EU responsible person, unambiguous product identifiers, and warnings. Anyone who fails to show these details directly in the listing risks costly warning letters from competitors and associations. This guide explains what Article 19 of the GPSR requires in practice, how high the real warning-letter risk is, and how to maintain the mandatory details cleanly and automatically in a Shopware shop.

What Is the GPSR and Since When Does It Apply?

The GPSR is Regulation (EU) 2023/988 on general product safety, adopted on May 10, 2023 (EUR-Lex). As a regulation - unlike a directive - it applies directly in all 27 EU member states, without needing national implementation. It has replaced the previous Product Safety Directive 2001/95/EC and modernizes product safety law, especially for online retail and distance selling (European Commission).

The deadline has already passed

The GPSR has been mandatory since December 13, 2024 (European Commission). There is no longer any transition period. Products that do not meet the requirements may no longer be offered in the EU - and listings without the mandatory details have been subject to warning letters since that date.

The scope is deliberately broad: the GPSR covers almost all consumer products for which no more specific product rules exist - from household items and furniture to textiles and leisure goods. For e-commerce, the decisive article is Article 19, which governs the information duties in distance selling. This is exactly where most warning letters strike, because the details must be visible directly on the product page.

Beyond the information duties, the GPSR brings further changes: it defines the roles of the economic actors - manufacturer, importer, distributor, and fulfillment service provider - each with their own obligations, and demands seamless traceability along the supply chain. If a safety problem occurs, clearly defined reporting and recall obligations apply. For online retailers, this means: the four mandatory details from Article 19 are the visible part, but behind them stands a broader framework of obligations that touches procurement, documentation, and customer communication.

The Four Mandatory Details Under Article 19 at a Glance

Article 19 of the GPSR requires a distance-selling product listing to contain four blocks of information (EUR-Lex). These details must be clearly visible to consumers before they make a purchase decision. A reference in the terms and conditions or on a separate subpage does not suffice according to the chambers of commerce (IHK).

1. Manufacturer details

Name, registered trade name or registered trademark, plus postal address and electronic address of the manufacturer (EUR-Lex).

2. EU responsible person

For manufacturers outside the EU, additionally a responsible person established in the EU with contact details (EUR-Lex).

3. Product identifiers

At least a product image, the product type, and further identifiers such as type, batch, or model number (EUR-Lex).

4. Warnings

Warnings and safety information in a language easily understood by consumers - in the German market, that means German (EUR-Lex).

These four building blocks are the core of any GPSR check. We structure them in Shopware as dedicated, reusable product data fields - so they can be maintained uniformly and delivered consistently across all channels. How that looks technically is covered in the section on implementation in the Shopware shop.

Detail 1: Manufacturer Information

Every listing must identify the manufacturer clearly. The GPSR explicitly allows the name, registered trade name, or registered trademark (EUR-Lex) - a pure brand name is sufficient, provided it is registered. In addition, a valid postal address and an electronic means of contact are required.

  • Name or brand: full name, registered trade name, or registered trademark of the manufacturer
  • Postal address: a single point of contact where the manufacturer can be reached
  • Electronic address: usually an e-mail address or a link to a contact form
  • Placement: visible directly in the listing, not only in the imprint or terms
Who counts as a manufacturer?

A manufacturer is also anyone who markets a product under their own name or brand, or modifies it in a way that affects safety. Private-label and own-brand retailers therefore quickly become manufacturers in the sense of the GPSR and must provide the full manufacturer details.

In practice, the importer is the pivotal point. If an EU importer places goods from a non-EU manufacturer on the market, they face extended obligations - and can at the same time fill the role of the EU responsible person. Retailers who source exclusively from EU suppliers with complete manufacturer details have it easier: then the data supplied by the upstream supplier only needs to appear correctly and visibly in the listing. If it is missing, it is up to the retailer to request it from the supplier or not to offer the product.

Detail 2: Responsible Person in the EU

If the manufacturer is based outside the EU, the product may only be offered if there is a responsible person established in the EU (EUR-Lex). This role can be filled by an importer based in the EU, an authorized representative of the manufacturer, or a fulfillment service provider in the EU. The EU responsible person must also be named in the listing with name, address, and electronic address.

This point is particularly tricky for retailers who source goods directly from non-EU countries: without a named EU responsible person, the listing is not compliant. This especially affects products from non-EU sources - according to the Safety Gate annual report, 40 percent of all reported dangerous products in 2024 originated from China, and even 61 percent when cosmetics are excluded (European Commission). Naming an EU responsible person is therefore not a mere formality but a central control mechanism.

No EU responsible person, no sale

If the EU responsible person is missing for non-EU goods, placing them on the market is not permitted. Clarify the role before importing - in case of doubt, the EU importer takes on this function and must appear accordingly in the listing.

Detail 3: Product Identifiers

The product must be clearly identifiable in the listing. This includes at least a product image or graphic representation, the product type, and further identifiers that allow clear allocation (EUR-Lex). In practice, these are type, model, serial, or batch numbers - depending on the product category.

  • Meaningful product image or graphic representation
  • Clear designation of the product type
  • Type, model, or serial designation
  • Batch number where relevant for traceability

These identifiers are closely tied to product data quality. Anyone maintaining their assortment via a PIM system usually already has the identifiers structured and can transfer them automatically into the shop's GPSR fields. If they are missing, targeted data enrichment helps to close gaps in the catalog systematically.

Detail 4: Warnings and Safety Information

If a product requires warnings or safety information, these must appear already in the listing - in a language easily understood by consumers (EUR-Lex). In the German market, that means German. It is not sufficient to enclose the information only with the goods or to provide it only as a download. Consumers should know the risks before they buy.

Maintain warnings in a structured way

Store warnings as a separate, multilingual data field instead of writing them into the product description. This way they can be updated centrally, translated correctly, and delivered separately. For internationally oriented shops with a multilingual catalog, separating languages is crucial, because the warnings must be available in the respective national language for each target market.

Typical examples are age ratings for toys, notes on small parts that can be swallowed, warnings for electrical appliances, or chemical hazard notices. Not every product needs warnings - but where they are required and missing, that is a violation just as actionable as a missing manufacturer detail. When in doubt, checking which notices a product requires belongs in procurement and product data maintenance, not only in shipping.

Why the Details Must Appear Directly in the Listing

The most common mistake is not the complete absence of the details, but their incorrect placement. Many shops link to a collective page, store manufacturer data in the imprint, or deliver warnings only with the parcel. That is not enough: Article 19 requires the details in the respective listing, that is, on the individual product page (EUR-Lex). The chambers of commerce emphasize that a mere link to external pages does not meet the requirements (IHK).

ImplementationGPSR-compliant?Warning risk
Details directly on the product pageYesLow
Only a reference in the imprintNoHigh
Only stated in the termsNoHigh
Warnings only enclosed with the goodsNoHigh
Collective page with all manufacturersNoHigh

For operators of large catalogs, the consequence is clear: the mandatory details must be available per product and output automatically on every detail page. This can be achieved reliably with a clean data structure and adapted storefront programming, without having to maintain every product page manually.

Output on marketplaces and in mobile views is especially critical. On small screens, mandatory details quickly disappear behind tabs or collapsible sections - yet legally they must be findable without detours. Article 19 also applies unchanged to sales via marketplace listings, price portals, or social commerce. Anyone distributing their offers to several channels via feeds should therefore carry the mandatory details in the data source itself, so that they are delivered automatically on every channel.

The Wave of Warning Letters: Real Figures and Risks

That the GPSR is not just a paper exercise is clearly shown by market monitoring. The Safety Gate annual report 2024 records 4,137 alerts on dangerous products - the highest figure since the system was introduced in 2003 (European Commission). For comparison: in 2022 there were 2,117 alerts, and in 2023 already 3,412 (European Commission). The density of controls is rising continuously.

Online offerings are also targeted specifically: the EU's eSurveillance web crawler analyzed around 1.6 million web pages in 2024 and identified more than 5,300 potentially non-compliant online shops (European Commission). Among the product categories, cosmetics led with 36 percent, followed by toys with 15 percent and electrical appliances with 10 percent (European Commission).

In no previous year have as many dangerous products been reported as in 2024 - a signal that market surveillance and online controls continue to grow in importance.

European Commission, Safety Gate Annual Report 2024

In parallel, warning letters have developed into a real cost risk. In May 2025 alone, the Händlerbund documented at least twelve GPSR warning cases; a driving force is, among others, the Association for Fair Competition, which systematically checks online offers (Händlerbund). Depending on the party issuing them, warning costs range between 357 and over 1,600 euros per violation (Händlerbund). For retailers with hundreds of items, this quickly adds up to five-figure amounts.

Why the risk is structural

A missing mandatory detail rarely affects only one product - usually the same error runs through the entire catalog. If one listing is warned, hundreds of others are vulnerable. That is why a one-time, data-driven solution is more economical than manually fixing individual pages.

If a warning letter does arrive, staying calm is the first step: cease-and-desist declarations signed too hastily can trigger long-term contractual penalties. It makes sense to have the accusation reviewed by an expert, correct the objected item immediately, and at the same time examine the entire catalog for the same error. Since a penalty-backed cease-and-desist declaration applies to every further violation, the correction must truly be comprehensive - another argument for a data-based rather than page-by-page solution.

Who Enforces It? Market Surveillance and Safety Gate

In Germany, enforcement of the GPSR lies with the market surveillance authorities of the federal states, coordinated at the federal level. The Federal Institute for Occupational Safety and Health assumes an interface function here and is the national contact point for the EU rapid alert system Safety Gate (Bundesanstalt für Arbeitsschutz und Arbeitsmedizin). Through this system, the authorities exchange information on dangerous products.

The GPSR also obliges economic actors to maintain internal product safety processes and to react to safety problems (EUR-Lex). For retailers, this means: not only maintaining the mandatory details, but also documenting how recalls, complaints, and safety notices are handled. Anyone implementing further EU requirements in parallel - such as the NIS2 cybersecurity rules or the EU Packaging Regulation PPWR - can bundle compliance processes instead of treating them in isolation.

Implementing the GPSR Cleanly and Automatically in Shopware

Technically, the GPSR is manageable - provided the mandatory details are treated as structured product data and not as free text in the description. In a Shopware shop, we set up the four detail types as dedicated custom fields and bind them firmly into the product page template. This way, each detail appears automatically in the right place in the listing.

Dedicated data fields

Manufacturer, EU responsible person, product identifier, and warnings as reusable custom fields - centrally maintainable, consistently delivered.

Automated population

Bulk editing via import and AI-supported processes fill the fields across the entire catalog, instead of editing every page individually.

PIM integration

Via a PIM system, manufacturer data and identifiers flow into the shop in a structured way and stay up to date.

Cross-channel

The same fields also feed marketplace feeds, so the mandatory details appear uniformly on all sales channels.

The typical procedure in an existing shop: first we check the catalog for gaps in the four detail types, then set up the appropriate data fields and fill missing values via a structured import. Next, we bind the fields into the template so they appear in a uniform, clearly visible spot on the product page. If a shop relaunch or migration is planned anyway, the GPSR structure can be included directly - saving duplicate work and establishing consistency from the start.

The approach transfers to other systems: the same logic of structured data fields applies in a WooCommerce shop or in marketplace listings. For operators who connect their catalog via AI agents and interfaces anyway, it is worth looking at linking AI agents to shop data via the Model Context Protocol - this allows data maintenance and compliance checks to be automated even further.

Understand compliance as data quality

GPSR compliance is essentially a data quality topic. Anyone who cleanly structures manufacturer details, identifiers, and warnings not only meets the regulation but also improves filtering, search, and product presentation across the entire shop.

Checklist: GPSR-Compliant Product Listing

  • Manufacturer details (name/brand, postal address, electronic address) directly in the listing
  • EU responsible person named with full contact details for non-EU goods
  • Product identifiers (image, product type, type/model/batch number) stored
  • Warnings in an understandable language visible on the product page
  • All details on the detail page, not only in the imprint or terms
  • Mandatory details maintained as structured data fields rather than free text
  • Details consistent across channels (shop, marketplaces, feeds)
  • Internal processes for recalls and safety notices documented
Sources and Studies

This article draws on Regulation (EU) 2023/988 (GPSR) and the Safety Gate Annual Report 2024 of the European Commission, the official regulation text on EUR-Lex, information from the Federal Institute for Occupational Safety and Health (BAuA), guidance from the German chambers of commerce (IHK), market figures from the German Retail Federation (HDE) and the bevh, and the warning-letter documentation of the Händlerbund. Figures cited may change over time. This article does not constitute legal advice. As of: July 2026.

The GPSR (Regulation (EU) 2023/988) has been directly applicable since December 13, 2024 (European Commission). There is no longer any transition period - so the mandatory details should already be implemented.

Required are manufacturer details (name/brand, address, electronic address), an EU responsible person for non-EU goods, product identifiers (image, product type, type/model number), and warnings in an understandable language (EUR-Lex). All four must appear directly in the listing.

Usually not. The details must be visible in the respective product listing; a mere link to external pages typically does not suffice according to the chambers of commerce (IHK). The safest approach is output directly on the product detail page.

The mandatory details under Article 19 generally apply to anyone offering products to consumers via distance selling - regardless of size. Anyone dealing with further size-dependent exemptions can find orientation in the article on BFSG exemptions for micro-enterprises.

In May 2025 alone, the Händlerbund documented at least twelve GPSR warning cases; costs ranged between 357 and over 1,600 euros per violation depending on the party (Händlerbund). Since the same error often runs through the entire catalog, the risk can grow quickly.

In our experience, the most stable approach is to set up the four detail types as dedicated, reusable data fields and bind them firmly into the product page template. Via bulk editing, PIM integration, and automated processes, the fields can be populated across the entire catalog instead of editing every page manually (project experience).

Reduce the Warning-Letter Risk Structurally Now

The GPSR has been applicable law since December 13, 2024, the density of controls is rising, and warning letters are a reality. The most economically sensible path is not to fix individual pages, but a one-time, clean data structure that outputs the four mandatory details automatically and across channels. Given online retail that grew in 2025 to 83.1 billion euros in B2C goods alone (bevh) and a net 92.3 billion euros overall (German Retail Federation), it is worth understanding compliance not as a burden but as part of professional product data. Those who proceed in a structured way here reduce the warning-letter risk permanently - and at the same time lay the foundation for a better catalog, filtering, and search.