How do I write a GPSR risk assessment?
The risk assessment is the technical core of the GPSR technical file. Article 9 of Regulation (EU) 2023/988 calls it an «internal risk analysis» — the word «internal» is significant, because it means the manufacturer or their EU Responsible Person can conduct it themselves. There is no requirement to commission an accredited third-party laboratory for most consumer products, although testing evidence from a lab may strengthen the file for higher-risk categories. What matters is that the assessment is systematic, covers all reasonably foreseeable hazards, documents the measures taken, and is recorded in a way that can withstand scrutiny from an EU market surveillance authority.
The Commission's Guidelines C(2025) 7699 recommend a hazard-based approach structured around a severity × probability matrix. The process has four steps. First, identify all potential hazards associated with the product under normal use and reasonably foreseeable misuse — mechanical hazards (sharp edges, choking parts, instability), electrical hazards (shock, overheating, short circuits), thermal hazards (burns, fire), chemical hazards (harmful substances, migration), and ergonomic or age-related hazards as applicable. Second, rate each hazard for severity of potential harm on a scale of 1 (minor, reversible injury) to 4 (death or irreversible injury) and for probability of occurrence on a scale of 1 (very unlikely) to 4 (nearly certain). Third, calculate the risk level by multiplying the two scores. Fourth, document the mitigation measures adopted for every risk above a threshold — design changes, material substitutions, safety warnings, age restrictions — and record the residual risk accepted after mitigation.
The assessment must give special attention to vulnerable users, particularly children, the elderly, and people with disabilities, whenever the product could foreseeably be used by or around them. The risk assessment is not a one-time exercise: it must be updated whenever the product's design, materials, or manufacturing process changes in a way that could affect its safety profile.
What the law says
Article 9.2(b) of Regulation (EU) 2023/988: The technical documentation must include "an analysis of the risks that the product poses or may pose, including an analysis of the possible risks that the product poses for vulnerable users, the methods used to eliminate those risks, and the residual risk." The Commission's Guidelines C(2025) 7699 provide a practical template.
Consequences of non-compliance
A missing or superficial risk assessment renders the technical file incomplete. EU authorities can order product withdrawal even if the product has caused no harm. Fines of up to €100,000. Platforms including Amazon can request the risk assessment at any time and deactivate listings where it cannot be produced.
GPSRCheck generates the GPSR risk assessment automatically using the severity × probability methodology recommended by the Commission — tailored to your specific product. €49, no subscription.
Generate your Technical File → €49