Reglyr

GPSR, REACH, RoHS, and CE in One System: What Modern Product Compliance Software Must Cover

GPSR, REACH, RoHS, and CE in One System: What Modern Product Compliance Software Must Cover

Summary

  • The recent enforcement of the EU's General Product Safety Regulation (GPSR) converges with REACH and RoHS, creating a complex web of requirements that makes manual compliance management with spreadsheets unsustainable and risky.
  • Effective compliance now requires integrated software that automates critical tasks like generating technical files, screening product materials against the bi-annually updated REACH SVHC list, and producing the EU Declaration of Conformity.
  • A unified platform like Reglyr Physical Goods Compliance automates these interconnected workflows, providing a single source of truth to manage GPSR, REACH, RoHS, and CE marking requirements.

December 13, 2024 came and went — and for many brands selling into the EU, it landed like a thunderclap. The General Product Safety Regulation (GPSR) officially came into force, replacing the old General Product Safety Directive with stricter requirements, broader product scope, and real enforcement teeth. And yet, as one frustrated seller noted on Reddit: "Looking at both big and small online stores, the majority don't seem to include the required GPSR data — vendor, manufacturer, address, email."

The scramble is real. But GPSR isn't arriving in isolation. It's converging with REACH substance restrictions, RoHS hazardous material limits, and CE marking obligations — all simultaneously, for any product sold into the EU. For compliance managers already stretched thin, this isn't just a regulatory update. It's a category shift in how product compliance needs to be managed.

As another practitioner put it bluntly: "After consulting with a compliance expert, every article in the BOM needs to be tested every six months after new SVHCs are added to the list. This is extremely expensive. How do companies keep up with this?"

The honest answer: not with spreadsheets. Not with siloed tools. And definitely not manually. What's needed is a single, integrated system — purpose-built product compliance management software that doesn't just monitor these regulations, but actively generates the proof of compliance each one demands.

This article defines exactly what that system must do, regulation by regulation.

Part 1: What Your Software Must Do for GPSR

The Regulation at a Glance

The GPSR replaces the old General Product Safety Directive with a regulation that extends to a much broader scope: physical products sold online and offline, new or reconditioned, whether manufactured inside or outside the EU. It mandates comprehensive internal risk analysis, technical documentation retained for 10 years, and — critically for non-EU brands — the appointment of an EU Responsible Person.

Manufacturers are now required to label products with contact details, conduct risk assessments that account for cybersecurity and AI risks, and integrate with the EU Safety Gate portal for market surveillance. Non-compliance isn't a theoretical risk — it's a direct path to market withdrawal.

The Software Spec

A system that only stores your GPSR documents isn't compliance software — it's a filing cabinet. Modern product compliance management software must:

  • Generate technical files and risk assessments automatically from product data, not store pre-written PDFs
  • Produce GPSR-compliant labeling with the correct manufacturer details, EU contact point, and traceable identifiers (including QR codes where applicable)
  • Manage EU Responsible Person data — tracking who is appointed, for which products, and ensuring that information is correctly surfaced on product listings and documentation
  • Monitor the Safety Gate portal for alerts relevant to your product categories, flagging risks before they escalate
  • Provide a portfolio-level dashboard so compliance managers can see status across every SKU, not just product by product

The gap between "we have a folder with some PDFs" and "we have a system that generates and updates technical files automatically" is the gap between reactive and defensible compliance.

Part 2: What Your Software Must Do for REACH / SVHC

The Regulation at a Glance

REACH governs the safe use of chemical substances in products sold in the EU. Two articles matter most for compliance managers:

  • Article 33 requires suppliers to disclose any Substance of Very High Concern (SVHC) present above 0.1% by weight in any article — and to provide this information to customers on request within 45 days.
  • Article 67 imposes restrictions across 53 substance categories detailed in Annex XVII.

The brutal reality of REACH is the moving target problem: the SVHC Candidate List is updated every six months. As of early 2022, it contained 223 substances — and it keeps growing. Every update potentially affects products already in your catalogue. Miss one, and you face significant financial and reputational damage, as famously happened when a major electronics brand faced massive recalls after a restricted substance was found in their product cables.

The Software Spec

Manual BOM screening against a bi-annually updated substance list is not sustainable at scale. Your system must:

  • Automate BOM-to-SVHC mapping — ingesting your Bill of Materials and screening every component against the current REACH Candidate List and Annex XVII restrictions without manual intervention
  • Calculate concentrations by weight and flag any SVHC exceeding the 0.1% threshold automatically
  • Run a supplier portal to request, collect, and validate REACH compliance declarations from your supply chain — so the data flows in, rather than being chased manually
  • Update continuously — when ECHA adds new substances to the Candidate List, your existing products should be re-screened automatically, with alerts raised for newly exposed SKUs

If your team is reminded of the SVHC list update by a consultant's invoice rather than by your software, your system is behind.

Drowning in REACH & GPSR? Reglyr auto-screens your BOM, generates technical files, and keeps pace with every ECHA update. Get Free Consultation.

Part 3: What Your Software Must Do for RoHS

The Regulation at a Glance

The Restriction of Hazardous Substances Directive (RoHS 2, Directive 2011/65/EU, and RoHS 3, Directive 2015/863) restricts the use of specific hazardous materials in electrical and electronic equipment (EEE). Restricted substances include Lead, Mercury, Cadmium, Hexavalent Chromium, PBB, PBDE, and — added by RoHS 3 from July 2019 — four phthalates: DEHP, BBP, DBP, and DIBP.

RoHS and REACH often intersect. Several REACH SVHCs are also RoHS-restricted substances. Treating them as separate compliance workstreams creates duplication, gaps, and the risk of passing one check while failing the other.

The Software Spec

  • Verify material composition against RoHS substance thresholds, cross-referencing supplier test data and declarations against maximum concentration values
  • Link RoHS checks directly into the CE marking workflow — because RoHS compliance is a prerequisite for affixing a CE mark on most EEE, not a parallel process
  • Compile RoHS technical documentation as part of the complete product technical file, as required under standard EN 50581
  • Surface overlaps with REACH — if a substance appears on both the RoHS restricted list and the SVHC Candidate List, the system should flag it once, not generate duplicate alerts across disconnected modules

Part 4: What Your Software Must Do for CE Marking

The Regulation at a Glance

The CE mark is a manufacturer's declaration that a product meets all applicable EU safety, health, and environmental requirements. It is not a quality seal — it is a legally mandatory passport to the EU market for a wide range of product categories. Getting it wrong isn't just a documentation problem; it's grounds for product withdrawal by market surveillance authorities.

The Software Spec

CE marking compliance is where the other three regulations converge. Everything — your GPSR technical file, your REACH substance declarations, your RoHS test reports — feeds into the CE conformity assessment. Your system must not merely store all of this; it must orchestrate it:

  • Classify applicable directives and standards for each product, so teams know from the start which conformity assessment route applies
  • Auto-assemble the technical file by pulling GPSR risk assessments, REACH/RoHS substance data, test reports, and manufacturer details into a single, inspection-ready package
  • Auto-generate the EU Declaration of Conformity (DoC) — populated with correct product information, applied standards, and responsible party details. This is a legal document; software that makes managers draft it manually is software that creates liability
  • Serve as the single source of truth for all CE-related documentation, with version control and audit trails that hold up to scrutiny from market surveillance authorities

Putting It Together: Reglyr Physical Goods Compliance

Managing GPSR, REACH, RoHS, and CE in separate systems doesn't just create inefficiency — it creates risk. Gaps live at the intersections between tools. Manual handoffs between modules introduce errors. And when a regulator asks for your complete technical file, "it's spread across three platforms" is not a defensible answer.

Reglyr Physical Goods Compliance is built on a unified regulatory knowledge graph that treats all four of these regulations as a single connected domain — not four separate modules bolted together.

Here's where it meets the spec:

  • For GPSR: Reglyr automatically maps products to GPSR requirements, generates technical files and risk assessments, and manages labeling output with the correct manufacturer contact data. Its consultancy arm also provides EU Responsible Person services for non-EU brands — closing one of the most common practical gaps for international sellers.
  • For REACH: The platform ingests your BOM and continuously screens components against the latest SVHC Candidate List and Annex XVII restrictions. Its built-in supplier portal automates declaration collection, and the monitoring layer re-screens your catalogue automatically with every ECHA update.
  • For RoHS: Reglyr verifies material composition against RoHS substance thresholds and embeds those checks into the CE workflow — so a material flagged for RoHS also surfaces in the CE conformity assessment automatically.
  • For CE Marking: The platform auto-generates the EU Declaration of Conformity and assembles the complete technical file for authority inspection — transforming what is typically weeks of manual work into an automated output.

Looking ahead, Reglyr is also built with ESPR / Digital Product Passport readiness, ensuring your compliance infrastructure is positioned for the next wave of EU requirements — not scrambling to catch up when the next deadline lands.

The underlying knowledge graph is continuously enriched by Reglyr's in-house regulatory consultancy, meaning its interpretations are battle-tested against real products in real markets — not theoretical rulebook readings.

Stop Chasing Compliance. Start Managing It.

The convergence of GPSR, REACH, RoHS, and CE has permanently raised the bar for product compliance in the EU. The brands that navigate it well won't be the ones with the most diligent compliance managers manually cross-checking spreadsheets — they'll be the ones with systems that generate the technical file, map the BOM to the SVHC list, flag new substance risks automatically, and produce the DoC on demand.

The spec is clear. The question is whether your current tools meet it.

Frequently Asked Questions

What is the EU General Product Safety Regulation (GPSR)?

The EU General Product Safety Regulation (GPSR) is a legal framework that establishes essential safety requirements for the vast majority of non-food consumer products sold in the European Union market. It applies to products sold online and offline, whether new or reconditioned. GPSR mandates that businesses conduct thorough internal risk analyses, create and maintain a technical file for 10 years, ensure clear product and manufacturer labeling, and appoint an EU Responsible Person if based outside the EU.

Who needs to comply with GPSR?

Any business or individual placing a product on the EU market needs to comply with GPSR. This includes manufacturers, importers, distributors, and online sellers, regardless of whether they are based inside or outside the EU. For non-EU businesses, a key requirement is appointing an EU-based "Responsible Person" who acts as the point of contact for compliance matters and authorities.

How are REACH, RoHS, and CE Marking connected?

REACH, RoHS, and CE Marking are interconnected EU regulations that form a comprehensive product compliance framework. Compliance with substance restrictions under REACH and RoHS is often a prerequisite for legally applying the CE Mark to a product. REACH governs the safe use of chemical substances in general, while RoHS specifically restricts hazardous materials in electrical and electronic equipment. The CE Mark is a manufacturer's declaration that their product meets all applicable EU regulations, and the technical file supporting it must include evidence of compliance with these underlying regulations.

Why is managing REACH compliance so challenging for businesses?

The primary challenge in managing REACH compliance is that the list of Substances of Very High Concern (SVHCs) is updated twice a year by the European Chemicals Agency (ECHA). This "moving target" means that a product that was compliant yesterday might become non-compliant tomorrow if a substance in its Bill of Materials (BOM) is added to the list. Businesses must continuously screen their entire product portfolio against every update, a task that is practically impossible to manage at scale using manual methods.

What is an EU Declaration of Conformity (DoC)?

An EU Declaration of Conformity (DoC) is a mandatory legal document signed by the manufacturer, stating that a product meets all relevant EU health, safety, and environmental protection requirements. It is a key part of the CE marking process and must be supported by a comprehensive technical file containing all the evidence of conformity, such as test reports and risk assessments for GPSR, REACH, and RoHS.

What are the consequences of non-compliance with these EU regulations?

Non-compliance with regulations like GPSR, REACH, or RoHS can lead to severe consequences, including mandatory product recalls, sales bans, significant fines, and reputational damage. EU market surveillance authorities have the power to withdraw unsafe or non-compliant products from the market and issue public alerts through the Safety Gate portal, which can severely damage a brand's trust with customers.

Feeling overwhelmed by the GPSR deadline? Download our free GPSR Readiness Checklist to assess your gaps and build a clear action plan — before your next market surveillance encounter.

SHARE THIS ARTICLE
Tags:
Published on April 11, 2026