Skip to main content

GPSR for marketplace sellers: what 18 months of enforcement has taught us

Eighteen months into EU GPSR (Regulation 2023/988) enforcement, marketplaces have moved from soft prompts to hard pre-activation gates. This piece unpacks the Responsible Person requirement, what Amazon, Bol.com, eBay, Zalando and Kaufland actually verify before activating a listing in 2026, the documentation gaps brands keep tripping over — technical files, declarations of conformity and per-batch traceability — and the operational cost of getting caught, from ASIN suspensions to Safety Gate recalls.

By Operator One Editorial — 2026-06-14

The General Product Safety Regulation — EU Regulation 2023/988, known universally as GPSR — became enforceable on 13 December 2024. We are now roughly eighteen months into a regime that has quietly reshaped what it means to sell physical goods into the European Union. The headlines were short-lived; the operational consequences were not. Brands that treated GPSR as a paperwork exercise have spent 2025 and the first half of 2026 watching listings disappear from Amazon, Bol.com, eBay, Zalando and Kaufland with little warning and less recourse.

This piece is a practical look at where GPSR enforcement actually bites in 2026, what marketplaces are checking before they let a product go live, and the specific gaps we see brands stumble over when their first suspension notice lands.

The Responsible Person requirement, in plain terms

GPSR's central operational demand is Article 16: every consumer product placed on the EU market must have a Responsible Person — a single, named, contactable economic operator established inside the European Union. Without one, the product is, in regulatory terms, not legally placed on the market. Marketplaces have interpreted this strictly: no Responsible Person on file, no live listing.

The role is not symbolic. The Responsible Person:

  • Must be physically established in an EU Member State, with a real address that authorities and consumers can reach.
  • Holds the technical file and declaration of conformity, and must be able to produce them on request within working days, not weeks.
  • Verifies that the product carries the required CE marking and labelling.
  • Cooperates with market surveillance authorities — typically the national consumer-safety body — on corrective actions, recalls and information requests.
  • Is listed on the product itself, the packaging, the parcel or the accompanying documentation, with a name and a contact channel a consumer can actually use.

Crucially, the Responsible Person is one of four specific entities: the EU manufacturer, an EU importer, an EU-established authorised representative appointed in writing, or a fulfilment service provider that has explicitly accepted the role. A freight forwarder is not a Responsible Person. A 3PL warehouse is not a Responsible Person. A pan-EU VAT representative is not a Responsible Person. The contractual mandate, in writing, is what creates the function.

What marketplaces are actually verifying in 2026

The major marketplaces moved from "soft prompts" in early 2025 to hard pre-activation gates by mid-2025, and the gates have only tightened. As of mid-2026, the operative picture across the platforms looks like this:

  • Amazon requires Responsible Person details captured per ASIN through Manage Your Compliance, with name, EU address, email and phone number visible on the product detail page. Non-compliant ASINs are blocked from buy-box eligibility and, in many categories, are pulled from search entirely.
  • Bol.com requires GPSR contact data at the article level for every offer shipped into NL/BE, with structured fields that feed into the consumer-facing listing. Missing fields trigger an offer-level deactivation rather than a warning cycle.
  • eBay has built Responsible Person fields directly into the listing flow for EU-facing sites and pulls the data through to the public listing. Bulk listings that were imported pre-2025 have been progressively force-migrated.
  • Zalando applies it across apparel, footwear, accessories and beauty, with technical file expectations layered on top in regulated subcategories (PPE, children's products, cosmetics).
  • Kaufland verifies Responsible Person data at onboarding and applies category-level controls for toys, electricals and chemicals before activating the offer.

The pattern across all five is the same: the platform is no longer treating GPSR as the seller's private regulatory problem. Under the Digital Services Act, the marketplaces themselves carry exposure if they knowingly host non-compliant goods, and they are pricing that exposure into their onboarding flows.

What brands typically miss

The Responsible Person on the listing is the visible half of GPSR. The half that catches brands out is the underlying documentation — the file that has to exist behind the contact name and be producible on demand. After eighteen months of cleanup work across our portfolio, the recurring gaps fall into three buckets.

1. The technical file. For most non-food consumer goods this means a structured dossier covering product description, design and manufacturing drawings, applied harmonised standards, test reports from accredited labs, risk assessment, and traceability of components. A mid-market apparel brand we onboarded in early 2026 had CE-style labels printed on its packaging but no underlying REACH or textile-labelling test reports — the labels were aspirational. That distinction is exactly what a market surveillance authority looks for.

2. The Declaration of Conformity (DoC). The DoC is a one-to-three page document, signed by the manufacturer or authorised representative, naming the product, the directives and regulations it complies with, the standards applied and the responsible signatory. It must exist before the product is placed on the market — not drafted retroactively when Amazon asks. A common failure is a single generic DoC covering a wide product family that does not name individual SKUs or model numbers, which surveillance authorities reject on inspection.

3. Traceability. GPSR requires that each product be traceable to a specific batch, serial number or equivalent identifier on the product or its packaging. For brands that historically only printed an EAN, this means a labelling change and a backend change to how lot data is recorded. An EU-headquartered consumer-electronics seller in our book spent three months in 2025 retro-labelling stock in a Dutch bonded warehouse because the original cartons carried only the SKU.

Related shortfalls we see regularly: instructions and safety information not provided in the language of every Member State of sale (not just English); warning pictograms missing on packaging; importer details on the product that point to a non-EU group entity post-Brexit; and "Responsible Person" entries that name a UK address — which, in 2026, no longer counts.

The cost of getting caught

Enforcement in 2026 is no longer theoretical. The consequences brands have actually absorbed in the last year include:

  • ASIN and offer suspensions on Amazon and Bol.com, with reinstatement requiring full documentation review — typically two to six weeks of lost sales per affected SKU.
  • Inventory removals from Amazon's European fulfilment network when products are flagged as non-compliant, with the brand bearing the cost of return-to-vendor or destruction.
  • Account-level holds when the rate of non-compliant listings crosses a platform threshold, freezing disbursements until the brand can demonstrate corrective action.
  • National-authority fines issued directly by consumer-safety bodies — Germany's BAuA, France's DGCCRF and the Netherlands' NVWA have all become noticeably more active in 2025 and 2026, with penalties scaling with company size and the seriousness of the safety risk.
  • Mandatory consumer-facing recalls coordinated through the Safety Gate (formerly RAPEX) system, which then propagate across every Member State a product was sold in.

The reputational cost of a Safety Gate listing is durable. Even after a corrective action closes a file, the public record persists.

What "good" looks like

The brands that have come through the first eighteen months of GPSR cleanly tend to share a small number of operational habits. They appointed a single EU-established Responsible Person and put the appointment in writing before listing. They built — or had built for them — a per-SKU technical file with named harmonised standards and dated test reports. Their DoCs reference specific model numbers, not product families. Their labels and instructions cover every Member State language they actually ship to. And they maintain a vigilance log of complaints, incidents and corrective actions, so that when an authority asks "what did you know and when did you act", there is a written answer.

Where Operator One fits

Operator One acts as the EU-established Responsible Person and Merchant of Record across 27 EU Member States and the UK, for brands selling on over 100 marketplaces including all of those discussed above. We hold the Responsible Person mandate in writing, maintain the technical-file and DoC infrastructure alongside the brand's quality team, and coordinate directly with marketplace compliance desks and national authorities when an issue arises — so the brand stays focused on the product and the customer rather than the paperwork. See our Merchant of Record service and compliance glossary for the underlying mechanics.