Compliance Changes and Updates 2026

by

Brief summary of compliance changes that could impact manufacturers in 2026.

manufacturers, compliance checks, port of entry checks.

We understand how potentially daunting and time-consuming staying up-to-date on regulatory compliance changes can be, so to help, we have summarised some of the relevant key changes coming into force in 2026:

 

Ecodesign & Energy Labelling (Product Sustainability)

Ecodesign for Sustainable Products Regulation 2024/1781 (ESPR) replaces the old Ecodesign Directive 2009/125/EC with broader sustainability criteria (durability, repairability, recyclability).

The Regulation has been in place since July 2024 and full implementation is phased from December 2026 through to 2030. By July 2026 set up for the Digital Product Passport registry will be in place and from July 2026 the destruction of unsold consumer products listed in Annex VII shall be prohibited.

Impact: Manufacturers of electrical equipment and white goods (defined in Article 79) will need to consider the new changes and requirements with the transition period ending in December 2026.

Ecodesign Regulation (EU) 2024/1781, read more.

Battery Regulation 

This Regulation (EU 2023/1542) came into force in February 2024 with aims to minimise the carbon footprint and harmful substances and are collected, reused and recycled to a high degree.

This Regulation amends the old Directive 2009/98/EC on waste management and Regulation EU 2019/1020 on market surveillance. Repealing Directive 2006/66/EC on battery disposal.

Impact: For manufacturers of batteries, or products containing batteries, designing to the new obligations is recommended before it is applicable in Feb 2027. From August 2026, understanding the new labelling and marking requirements.

Battery Regulation (EU) 2023/1542, read more.

Cyber Resilience Act (CRA)

This Regulation (EU 2024/2847) came into force in 2024 with aims to ensure digital products and services are secure by design, resilient against cyber threats and are capable to providing continuing protection throughout their lifecycle. It affects the majority of products embedded with digital elements (hardware /+ software).

The Regulation applies fully from 11 Dec 2027, however conformity assessments, the use of Notified Bodies and Notification requirements (Articles 35-50) apply from 11 June 2026. And reporting obligations of manufacturers (Article 14) applies from September 2026.

Impact: Manufacturers with new products should already be following design requirements and will be required to conduct and keep updated comprehensive risk assessments and must exercise due diligence when integrating any third-party components/ services.

Cyber Resilience Act (EU) 2024/2847, read more here.

Cosmetic Products Regulation

In January 2026, the Cosmetic Products Regulation (EC) 1223/2009) has adopted measures, which details changes to Annex II, III, IV and V.

These measures focus on ingredient safety and stricter thresholds for labelling and banning 4-MBC UV filters, which shall apply from July 2026, with other changes such as CMR-related restrictions coming into force in August 2026 and formaldehyde related rules transitioning period ending in 2027.

Impact: Cosmetic manufacturers must update labels, safety assessments, and technical documentation (such as, Product Information Files) to meet new labelling and ingredient disclosure timelines. Keeping up to date on the restricted substances and allergen labelling requirements is key.

Fragrance Allergens in cosmetic products, read here for amending Regulation (2023/1545).
Use of Certain Substances in cosmetic products amending Regulation (2026/78).

Machinery Directive to Regulation Transition

Machinery Regulation (EU 2023/1230) replaces the old Machinery Directive (2006/42/EC) and modernises safety requirements.
The new Regulation takes full effect in January 2027, but conformity assessment and implementation activities in 2026 will be significant as the Regulation phase-in accelerates.

Impact: Manufacturers should be ready for shifting requirements such as the new references and procedures for old 2006/42/EC Annex IV machines (new EU 2023/1230 Annex 1 machines), substantial modifications and with increased considerations to Digital and Software technology incoming.

Machinery Regulation (EU) 2023/1230, read here. 

Toy Directive to Regulation Transition

The new Toy Safety Regulation (EU 2025/2509) was adopted in November 2025. The new Regulation will take full affect in August 2030, understanding the key changes and starting compliance preparation now is advised.

Impact: Manufacturers will need to undertake more comprehensive assessments with attention to stricter rules regarding chemical risks and ‘connected’ toys, clearer compliance roles and responsibilities on economic operators and mandatory traceability with the use of Digital Product Passports (DPP).

Toy Regulation (EU) 2025/2509, read here.

New Toy Regulation

by

Proposed New EU Toy Safety Regulation

 

In July 2023 the EU published a draft regulation on the safety of toys, to replace the existing Toy Safety Directive 2009/48/EC.   On June 11th, 2025, the draft Regulation was approved by the Council Committee of Permanent Representatives (COREPER); the final step prior to it being adopted by the European Parliament and then entering into force in EU.  Whilst a date for final adoption has not yet been confirmed, we can realistically expect the new Regulation to enter into force before the end of Q1, 2026.

Kids playing with toys, and surrounded by toys in a playroom.

The intended aim of the new Regulation is to bring the EU requirements for toy safety up to date with market developments such as digitally connected toys, and the growth in sales via online marketplaces. The implementation of the Regulation is intended to contribute to the strengthening of the EU’s internal market and improve its functioning while providing for a high level of consumer protection.

The new Regulation will introduce a number of changes.   They include updated safety assessment requirements with, for example, manufacturers being required to consider potential health risks posed by digitally connected toys, including any potential risks to mental health.   The rules regarding the presence of various types of chemicals in toys are also extensively revised, with some being entirely prohibited and current restrictions on others being expanded to cover toys for children of all ages.

The most significant change however, from an administrative standpoint, is the introduction of Digital Product Passports (DPPs) for all toys made available on the market in the EU.  DPPs are digital product information records that must be established and maintained by Manufacturers for each type of toy they supply.  Each DPP will need to be publicly accessible and maintained for a period of at least 10 years after a toy leaves the market.  Each DPP will also need to be recorded on a registry maintained by the EU and provided with a unique reference number.   Without that reference number it will not be legal to place a toy on the market in the EU.

A DPP will be accessed via a ‘data carrier’ (e.g. a QR or barcode) on the Toy itself or on packaging for the Toy.   Data Carriers will also need to be displayed by online marketplaces and website marketing Toys to EU consumers.

Once the new Toy Safety Regulation comes into force there will be a period of 54 months (4.5 years) before the current EU Toy Safety Directive 2009/48/EC is fully repealed.   During that time Manufacturers will have a choice over which piece of legislation to apply to their products, and a long lead-time to ensure that they fully comply with the new Regulation.

A draft version of the new Toy Safety Regulation can be downloaded here (external link).

More information about DPPs and their implementation will become available once the separate EU legislation allowing for their implementation has been published.

What is a PRRC?

by

A Person Responsible for Regulatory Compliance: FAQ's

2203975713

What is a PRRC?

The Person Responsible for Regulatory Compliance (PRRC) is a pivotal role within the Quality Management System (QMS) structure of any product manufacturing company, but in particular for regulated industries such as medical devices / in-vitro diagnostic devices.

Is it a legal requirement to have one?

Appointing a PRRC is a requirement of the European Union’s Medical Device Regulation (MDR 2017/745) and In Vitro Diagnostic Device Regulation (IVDR 2017/746).

Manufacturers shall have available within their organisation at least one person responsible for regulatory compliance who possesses the requisite expertise in the field of medical devices.”

The PRRC ensures that products meet all regulatory requirements throughout their lifecycle; from design and manufacturing, through to post-market surveillance and associated vigilance and reporting activities.

Who can be a PRRC?

One area that is often overlooked for the PRRC is the matter of competence. To fulfil the responsibilities of the PRRC as specified in the Regulations, the individual must possess specific qualifications and/or expertise:

  • Educational Background: “a diploma, certificate or other evidence of formal qualification, awarded on completion of a university degree or of a course of study recognised as equivalent by the Member State concerned, in law, medicine, pharmacy, engineering or another relevant scientific discipline, and at least one year of professional experience in regulatory affairs or in quality management systems relating to medical devices”
  • Professional Experience: “four years of professional experience in regulatory affairs or in quality management systems relating to medical devices.

For manufacturers of custom-made devices, the PRRC must have at least two years of professional experience within a relevant field of manufacturing.

What are the core responsibilities for the PRRC?

The person responsible for regulatory compliance shall at least be responsible for ensuring that:

(a) the conformity of the devices is appropriately checked, in accordance with the quality management system under which the devices are manufactured, before a device is released;

(b) the Technical Documentation / File and the EU declaration of conformity are drawn up and kept up-to-date;

(c) the post-market surveillance obligations are complied with;

(d) the reporting obligations are fulfilled.

What are the business or personal risks if the PRRC does not meet requirements?

Not having a person with the sufficient knowledge and experience in the role of the PRRC can create wasted time and money during activities relating to a company’s medical devices, such as product development and if occurring, compliant resolution with the relevant authorities. In the worse-case situation, it could also lead to dangerous devices being placed on the market.

Failure to comply with reporting obligations can lead to regulatory sanctions and damage to the company’s reputation.

Can I outsource the PRRC role?

Small and micro-enterprises may outsource the PRRC role to an external expert, provided the individual meets the necessary qualifications and is permanently and continuously available to the manufacturer. An agreement must be in place between both parties, and the outsourced PRRC must be listed as a critical supplier in the manufacturer’s quality system. 

Why choosing the right PRRC for your company is so important:

The PRRC is integral to ensuring that products not only meet regulatory requirements but also uphold safety and quality standards throughout their lifecycle. By overseeing conformity assessments, maintaining technical documentation, managing post-market surveillance, and ensuring compliance with reporting obligations, the PRRC plays a crucial role in safeguarding public health in relation to their medical devices and maintaining the manufacturer’s ongoing credibility in the marketplace. 

Author: Andrew Bellman, our dedicated Technical Manager at Eurolink Europe.

GPSD vs GPSR

by

General Product Safety Regulation (Regulation (EU) 2023/988)

What is the General Product Safety Regulation? 

The new General Product Safety Regulation (Regulation (EU) 2023/988), aka the GPSR, was published by the European Commission on 12th May 2023. The GPRS replaces the previous General Product Safety Directive 2001/95/EC (aka the GPSD). The aim of the GPSR is to bring the regulatory requirements for consumer products in-line with wider EU regulatory structures, and to address changes in the way such products are marketed and distributed via the likes of on-line retailers and marketplaces. 

The new GPSR came into full effect on 13th December 2024, with the GPSD repealed on the same date.

Card, Stationary. GPSR consumer product

What products come under the scope of the GPSR? 

Most non-food Consumer Products that are offered for sale in the EU are in scope of the GPSR, including used, repaired and reconditioned products.

Under EU rules, ‘Consumer Products’ are goods that are specifically intended for use outside of a professional setting, or which could foreseeably be expected to be used for both professional and non-professional purposes.  Product types specifically excluded from the GPSR include food and drink, plants and animals, antiques, aircraft, animal by-products, animal food and medicinal products.

How does the GPSR differ to the former GPSD? 

The GPSR differs significantly and in a wide variety of ways from the GPSD that it replaces.  The main key differences are listed below:

    • The GPSR introduces the ‘Precautionary Principle’, requiring Manufacturers and other actors involved in the supply of consumer products to the EU market to take proactive steps to ensure the continuing safety of those products.
    • Manufacturers are required to complete documented Risk Assessments of the products they will be placing on the market in the EU, and where necessary to actively address any risks to consumer safety the assessments may identify.
    • Evidence of a product’s safety must be held by the Manufacturer in the form of written ‘Technical Documentation’.
    • The GPSR adopts the concept of ‘Economic Operators’ as found in the EU’s Market Surveillance Regulation (EU) 2019/1020. It also introduces a mandatory requirement that an Economic Operator, legally established in the EU, is identified for any product within the scope of the GPSR that is placed on the European market.  This Economic Operator is known as the ‘Responsible Person’.
    • The GPSR introduces specific obligations for Providers of On-Line Marketplaces regarding compliance with the Regulations. ‘Provider of an online marketplace’ is defined as ‘a provider of an intermediary service using an online interface which allows consumers to conclude distance contracts with traders for the sale of products’.  Examples of such Providers would include Ebay, Not On The High Street and ETSI.

The New EU Battery Regulation (2023/1542)

by

What You Need to Know About The New EU Battery Regulation:

Battery, rechargeable, recycling, battery health, regulations

In July 2023, the new EU Battery Regulation (Regulation 2023/1542) was adopted by the EU and came into force in August 2023. The regulation aims to make batteries sustainable throughout their entire life cycle; from the sourcing of materials to their collection, recycling and repurposing.

The new regulation will replace the Battery Directive 2006/66/EC that regulates the sustainability of batteries in the EU today. The Battery Directive will exist alongside the new Regulation until it is repealed in August 2025.

When the new regulation came into force there was initially no change compared to the previous Battery Directive. However, over a planned time frame additional obligations and requirements are to be introduced. The regulation consists of six parts that affect different stakeholders in the battery supply chain.

1. CE Conformity Assessment of batteries
Requirements associated with a new CE conformity assessment of batteries are introduced in the Regulation. This means that all batteries, regardless of whether they are used in a product or supplied separately, need to be CE marked according to this regulation.

Generally, it is the battery manufacturer’s obligation to take care of the CE conformity assessment. The battery manufacturer needs to consider different requirements depending on how the battery will be used.

The scope of the regulation defines five battery categories, batteries are categorised depending on how their intended use:

  • Portable batteries;
  • Light Means of Transport (LMT) batteries (e.g. E-scooter/E-bikes);
  • Starting, Lighting and Ignition (SLI) batteries;
  • Industrial batteries;
  • Electric Vehicle (EV) batteries.

The CE conformity assessment is a self-certification process for portable batteries and industrial batteries with a capacity of less than 2 kWh. For all other batteries, a Notified Body will need to be involved when the regulation is in full effect.

Manufacturers should begin to consider their Notified Body to be used for the required Conformity Assessment process, as accredited Notified Bodies are expected to get a large influx of enquires from now and into 2025.

2. Battery Passport
The regulation introduces requirements for an individual electronic battery passport for each industrial battery (with a capacity of more than 2 kWh), EV battery and LMT battery. The electronic passport should include, but is not limited to, the general information about the battery (e.g., indication of the battery manufacturer and geographical location of the battery manufacturing facility) and the technical data sheet for the battery.

The aim with the battery passport is to enhance transparency along the supply chains for all stakeholders and to aid the exchange of information regarding each battery. The electronic passport shall be accessible through a QR-code located on the battery itself. The battery manufacturer is responsibility for producing and supplying the battery passport.

The battery passport requirements will start to apply from 18 February 2027.

3. Supply chain due diligence obligations
Supply chain due diligence for companies that first make batteries available on the market (i.e. the battery manufacturer or importer) is introduced in the regulations if the active material in the battery contains cobalt, natural graphite, lithium, or nickel.

It is required that the company should:

  • Adopt and communicate a company due diligence policy for batteries;
  • Establish strong company management systems (to support the due diligence policy);
  • Identify and assess risks in the upstream supply chain; Design and implement a strategy to respond to risks which have been identified.

The regulation requires a verification of the due diligence policies and how they are implemented in the management system by a third-party Notified Body.

4. Extended producer responsibility and registration
Extended producer responsibility for batteries and registration obligations already exists in the current battery Directive. Extended producer responsibility means that companies that first make batteries available on the market in a member state are responsible for the end-of-life collection and treatment of the batteries in that member state. In the new regulation, new updated targets for collection rates and recycling efficiencies are to be introduced.

5. Material recovery targets
The regulation introduces targets for the material recovery of cobalt, copper, lead, lithium and nickel from the recycling and treatment facilities of batteries.

6. Replace-ability of batteries
The regulation introduces requirements in relation to the replacement of batteries, requiring portable batteries to be easily removable and replaceable by the end-user, and LMT batteries and cells in LMT batteries should be easily removable and replaceable by an independent professional.