Compliance Anchor for “Low-Risk” AI: Understanding the New General Product Safety Regulation - GPSR Guidelines

Breaking News: The European Commission has just released the official Guidelines for the General Product Safety Regulation (GPSR), clarifying a massive shift for the tech industry.

For months, the compliance world has been fixated on the EU AI Act and its strict rules for "High-Risk" systems (like biometric scanning or critical infrastructure). This created a dangerous misconception that: "if your AI product is Low-Risk, it is effectively unregulated".

That assumption is now dead.

The new Guidelines confirm that the GPSR functions as a formal regulatory safety net. If your AI product falls outside the specific scope of the AI Act, it falls inside the rigorous scope of the GPSR.

Consuflix helps clients with Legal and Compliance matters, and we can help you to audit your "low-risk" AI products against these new safety standards to prevent market bans. Contact your Team of EU Compliance experts via info@consuflix.com or contact form.

The "Safety Net" Mechanism: No More Gaps

The European regulator has closed the loop. The logic is simple: A product must be safe. If the specific AI law doesn't cover it, the General law does.

This means consumer-facing AI-previously thought to be "safe" from heavy paperwork is now subject to strict scrutiny starting December 13, 2024 (with these new guidelines clarifying exactly how).

What is a "Safe Product" Now? (The Definition Has Changed)

The most critical update in the Guidelines is the redefinition of "safety." It is no longer just about physical harm (like a battery exploding). The definition has expanded to include:

1. Psychological Health: Does your AI cause anxiety, dependency, or cognitive harm?

2. Cybersecurity: Does a lack of security features create a safety risk?

3. Evolving Capabilities: Is the product safe after a software update or machine learning evolution?

3 "Low-Risk" AI Products That Are Now Compliance Targets

To understand the impact, look at these common products that are not "High-Risk" under the AI Act but are heavily regulated under the GPSR's new interpretation.

1. Smart Wearables & Sleep Trackers

2. AI Companions & Chatbots (Non-Medical)

3. Connected Toys

The GPSR Risk: The products above can be hacked (Cybersecurity risk) or its interactive patterns may encourage dangerous behavior (Psychological risk), thus if there is no risk assessment and documented compliance work, it is deemed as non-compliant. EU decides to make a clear statement: Cybersecurity is no longer just an IT issue; it is a product safety condition for market entry.

The "Responsible Person" Trap

Perhaps the most immediate hurdle is the Article 16 requirement.

You cannot sell these products in the EU without a designated Responsible Person established within the Union. This person/entity is legally liable for the safety of the product.

• If you are a US or UK tech company selling "harmless" AI gadgets directly to EU consumers via a website, and you do not have this representative, your sales are illegal.

What You Must Do Now

The "wait and see" period is over. The release of these Guidelines signals that Market Surveillance Authorities have their rulebook ready.

1. Re-evaluate "Low-Risk": Stop using the AI Act as your only benchmark. Audit your product against the GPSR.

2. Update Technical Files: Your risk assessments must now explicitly mention mental health, cybersecurity, and software updates. Hurry up and update your assessment template!

3. Secure Representation: Ensure you have a valid Responsible Person in the EU.

Conclusion

The GPSR is not a suggestion; it is a Regulation with the power to force recalls and impose fines. The "Low-Risk" label on your AI product is not a shield—it's a sign that you need to look at the General Product Safety Regulation instead.

Consuflix helps clients with Legal and Compliance matters, and we can help you to conduct a "GPSR Gap Analysis" for your AI products, ensuring your technical documentation proves safety across physical, cyber, and psychological risks.