News

European Commission: Stand-Alone Software, Including Games and Apps, in Scope of GPSR as of December 13, 2024

Cooley alert

November 27, 2024

The European Commission has provided its strongest indication yet that its new rules on product safety, the General Product Safety Regulation (GPSR), will apply to stand-alone software – even though this is not expressly stated in the relevant laws – which is a controversial position with significant potential implications for companies that develop and market apps, games and other software products. As the new legislation will be enforced from December 13, 2024, companies in this space (which includes anyone supplying apps to consumers or operating an app store) need to consider what might need to be done in order to comply with the new rules if the commission’s current position is maintained.

Cooley first became aware of the position due to oral statements made over the past few months. The commission has just published a Q&A document which made written reference to software being in scope – this is the clearest indication we have had from the commission, and its position may become even clearer over the next three weeks when the hotly anticipated GPSR guidance is published.

Background

On December 13, 2024, the GPSR comes into force. In the works more than eight years, the GPSR represents a major overhaul of the EU regime for consumer product safety.

A significant focus of the reforms is new digital technologies, with the concept of “safety” being expanded to take into account the Internet of Things (IoT), artificial intelligence (AI) and mental health risks.

Whilst the definition of “product” in the GPSR does not expressly refer to software, it is generally well accepted that, to the extent software is a component of a tangible device (i.e., embedded), which can impact the safety performance of that device, it falls within scope of the rules. But to date, it has not been considered that stand-alone software itself is in scope.

Commission makes statements suggesting stand-alone software is in scope of GPSR

But now the commission has made a number of statements which suggest that the commission considers stand-alone software itself is subject to the GPSR, if that software is intended for consumers. This is the clearest indication yet that the commission considers stand-alone software in scope, as its Q&A document states that the GPSR “applies to all types of products (physical or digital products too, including software) that are placed or made available on the EU Single Market, as long as there are no specific provisions with the same objective under Union law which regulate the safety of the products concerned.”

Cooley understands that, by extension, the commission also considers that app stores could qualify as “providers of online marketplaces” or “economic operators,” depending on their involvement in the supply of apps to consumers.

Implications

This has important implications for businesses involved in the supply of stand-alone software to consumers in the EU, such as software developers, games publishers, app stores and companies with a companion app for hardware products. For example, the GPSR includes the following requirements which software companies appear to have to grapple with:

There must be a “responsible person” established in the EU before the product is made available to EU consumers.
Products must be labelled with details of the manufacturer/importer and the responsible person.
All instructions and safety information must be made available to consumers prior to purchase when offering products for sale online.
Manufacturers must have publicly available communication channels for consumers to submit safety complaints and concerns.
Manufacturers must report to the authorities if they receive information about serious injury alleged to be caused by the product (with mental health injuries specifically referenced as part of the safety criteria).

Next steps

We are awaiting publication of the commission’s guidance on the new GPSR rules, which we hope will shed some light on how these issues are expected to be dealt with in practice. That guidance is currently expected somewhere close to the date the legislation comes into effect on December 13, 2024.

We will provide further insight into these requirements as and when we learn more, but in the meantime, if you have any questions about potential impact or strategies to mitigate risk to your business, please reach out to your Cooley contact or one of the lawyers listed below.

Related contacts

Partner
Claire Temple
Partner

London
Partner
Rod Freeman
Partner

London
Special Counsel
Emma Bichet
Special Counsel

Brussels

This content is provided for general informational purposes only, and your access or use of the content does not create an attorney-client relationship between you or your organization and Cooley LLP, Cooley (UK) LLP, or any other affiliated practice or entity (collectively referred to as “Cooley”). By accessing this content, you agree that the information provided does not constitute legal or other professional advice. This content is not a substitute for obtaining legal advice from a qualified attorney licensed in your jurisdiction and you should not act or refrain from acting based on this content. This content may be changed without notice. It is not guaranteed to be complete, correct or up to date, and it may not reflect the most current legal developments. Prior results do not guarantee a similar outcome. Do not send any confidential information to Cooley, as we do not have any duty to keep any information you provide to us confidential. This content may be considered Attorney Advertising and is subject to our legal notices.