The EU’s General Product Safety Regulation has been enforceable since 13 December 2024. Eighteen months in, customs authorities and online-marketplace operators are now actively rejecting product listings that don’t carry the required information — and small WooCommerce and Shopify exporters are the easiest targets, because most of them never updated their product templates.
Who this is for: any non-EU seller shipping physical goods into the EU or Northern Ireland through a WooCommerce or Shopify store, or via a marketplace integration that resells your catalog into the EU.
What GPSR actually requires on the product page
Article 19 of the regulation requires that every product offered to EU consumers display, before purchase, four blocks of information: the manufacturer’s name and EU contact details, the EU-based Responsible Person’s name and contact details, identification of the product (model, batch, type), and any warnings or safety instructions in the language of the destination country.
None of this lives in WooCommerce’s default product schema. None of it lives in Shopify’s, either. You have to add it — and if you sync your catalog from NetSuite, you have to add it there too, so the data round-trips through your ERP.
The minimum WooCommerce data model
Four custom fields per product, surfaced on the single-product page above the add-to-cart button. The “Responsible Person” field is the one most stores forget — it must be an entity established in the EU, not your non-EU brand.
// Register the four GPSR meta fields on WooCommerce products
add_action('woocommerce_product_options_general_product_data', function() {
woocommerce_wp_text_input(['id' => '_gpsr_manufacturer', 'label' => 'Manufacturer (name + EU address)']);
woocommerce_wp_text_input(['id' => '_gpsr_responsible_person', 'label' => 'EU Responsible Person']);
woocommerce_wp_text_input(['id' => '_gpsr_identifiers', 'label' => 'Model / batch / type']);
woocommerce_wp_textarea_input(['id' => '_gpsr_warnings', 'label' => 'Warnings (per language)']);
});
add_action('save_post_product', function($id) {
foreach (['_gpsr_manufacturer','_gpsr_responsible_person','_gpsr_identifiers','_gpsr_warnings'] as $k) {
if (isset($_POST[$k])) update_post_meta($id, $k, sanitize_text_field($_POST[$k]));
}
});Surfacing the data correctly
The regulation is specific that the information must be visible before purchase — burying it in a PDF linked from the footer fails the test. The cleanest pattern is a block that renders above the add-to-cart button and collapses to a “Safety & compliance” accordion on mobile, so it doesn’t crush conversion on the half of your traffic that doesn’t care.
- Always render the Responsible Person name and email in plain text — not as an image or a JavaScript-rendered string. Customs portals scrape your product page.
- If a warning applies, render it in all destination languages you ship to, not just English. The market-surveillance authority is the one in the buyer’s country, not yours.
- Set a “GPSR ready” boolean on each product so your sync code can refuse to push a product to the EU storefront if it’s not complete.
The NetSuite side
If WooCommerce is the storefront and NetSuite is the source of truth, the four fields have to be modeled in NetSuite as custom item fields — otherwise the next inventory push from NetSuite will overwrite a manually-typed value in WordPress. We model them as custitem_gpsr_* fields on the Item record and map them in the sync as part of the same payload that already carries title, SKU, and price.
If you’re running our NetSuite Integration for WooCommerce, the field-mapping tab lets you add these in without touching code.
Penalty exposure
Member states set their own fines under GPSR; Germany, France, and the Netherlands have been the most active. Reported penalties so far have ranged from €5,000 for a missing Responsible Person field to €40,000 for repeated non-compliance after warning. More common than fines, in our visibility, is the soft penalty: marketplaces and EU payment processors quietly delisting non-compliant SKUs without notice. You find out when sales for one product drop to zero overnight.
FAQ
Do I need an EU Responsible Person if I only sell digital goods?
No. GPSR covers physical consumer goods. Software licences, downloadable PDFs, and SaaS subscriptions are out of scope. Mixed catalogs need the data on the physical SKUs only.
Can I use a fulfillment provider as my Responsible Person?
Only if they explicitly accept the role in writing — most 3PLs will not. The cleaner route is to contract with a dedicated EU authorised-representative service, which typically costs €25–€80 per month per brand.
Does GPSR apply to UK customers?
Not to Great Britain — the UK has its own product-safety regime. It does apply to Northern Ireland, which under the Windsor Framework still follows EU product-safety rules. If your store ships to NI, you’re in scope.
What if my product has no warnings?
You can omit the warnings block, but you still need the other three: manufacturer, Responsible Person, and identification. “Not applicable” is acceptable phrasing for the warnings field if your product genuinely has none — but most products do (choking hazard, electrical, allergen, etc.).
Where to start this week
- Audit your 20 best-selling SKUs. Most stores find that fewer than five of them carry the required information today.
- Pick a Responsible Person service before you write a single line of integration code. The legal step is the bottleneck, not the technical one.
- Add the four fields to your product source of truth (NetSuite, Shopify metafields, or WooCommerce postmeta) and write the sync once, in one direction.
If you’d like us to handle the integration side end-to-end, we run fixed-scope WooCommerce + NetSuite implementations that include GPSR mapping as a standard line item.