Quick Guide to Risk Assessments in the EU: GPSR & CE Marking

Posted on by Fredrik Gronkvist 1 Comment

Risk assessments are required for a wide range of products sold in the EU, including consumer products, toys, electronics, PPE, and medical devices. That said, it can be difficult to understand what steps you must actually take to carry out a risk assessment, and how this should be documented.

Covered products

This guide explains risk assessment requirements for consumer products covered by the GPSR and products that require CE marking:

  • Toys
  • Electronics
  • Batteries
  • Machinery
  • PPE
  • Medical Devices
  • Construction Products
  • Gas Appliances

You will also find examples, templates, and methodologies that you can implement.

Terminology

Risk assessments are sometimes referred to as:

  • Risk analysis
  • Internal risk analysis
  • Assessment of risk

In this guide, I primarily use the term risk assessment.

(USA & EU)


FREE CONSULTATION CALL (30 MIN)

  • Ask questions about compliance requirements
  • Countries/markets:
    US EU UK Canada Australia
  • Learn how we can help your business

REQUEST A CALL

You will speak with:Ivan Malloci

What is a risk assessment?

A risk assessment generally consists of two components:

1. A list of potential risks

Write down anything that could theoretically go wrong with your product

  • Could it break apart?
  • Could it injure someone?
  • Could it contain harmful chemicals?
  • Could it be a suffocation risk?
  • Could it be a choking hazard?
  • What happens if it is used incorrectly?
  • What else could go wrong?

You must consider both “correct” use and foreseeable incorrect use.

2. Provide solutions to eliminate or reduce risks

Next, you need to identify ways to eliminate or at least reduce the impact of each identified risk.

This can be found in many ways:

  • Identify safety standards (and implement these into your design)
  • Arrange safety testing
  • Provide detailed user instructions
  • Provide warnings

In short, you identify risks and then attach solutions to eliminate and reduce these. This process must then be documented (i.e., as a PDF file) and included in the technical documentation.

Risk Assessments in the EU

Risk Assessment Template / Example (Simplified)

File Information
A Risk Assessment (Simplified) template based on the page GPSR: what obligations for businesses? Source: European Commission – GPSR: what obligations for businesses?

Version: Information available on 2026-03-10 (more recent versions may be available)

When is a risk assessment required?

For starters, risk assessments are required by various EU regulations and directives and are thus mandatory. Failing to provide documentation demonstrating that you have carried out a risk assessment could potentially result in recalls and fines.

That said, a risk assessment is not just a performative exercise. It’s also a matter of self-interest.

Products sold in the EU must be safe, and a risk assessment serves as a starting point from which we can then implement practical solutions that minimise the identified risks.

GPSR Risk Assessment

The General Product Safety Regulation (GPSR) mandates that all consumer products sold in the EU meet certain safety criteria. As part of this, manufacturers are required to draw up technical documentation, which includes a risk assessment.

The GPSR does not provide an exact risk assessment methodology. However, a guidance document issued by the EU provides a technical documentation template that can be used to structure a GPSR risk assessment:

GPSR Technical Documentation

Source: European Commission – GPSR: what obligations for businesses

Start by identifying potential risks related to the aspects listed in Article 6. Here are a few examples:

  • Product design and composition
  • Materials and components
  • Packaging

Next, you must describe the measures you have taken to mitigate the risks. In practice, this may involve the following steps:

  • Identify relevant EN standards
  • Ensure that your product design is adjusted to meet applicable EN standards
  • Arrange testing to verify compliance with applicable EN standards

You may also need to ensure that certain risks are addressed by providing sufficient:

  • Instructions
  • Labelling

Risk Assessment Example: Baby carrier

Let’s say that we’re planning to sell baby carriers. Here are a few risks I think, without doing any deeper analysis:

Risks Description
Risk 1: Mechanical risk We certainly don’t want the baby carrier to fall apart or be a suffocation hazard
Risk 2: Chemicals Fabrics, zippers and plastic buckles could potentially contain phthalates, lead and other restricted substances
Risk 3: Instructions and warnings Even the best baby carrier can break apart if the child is too heavy. Parents must know the maximum weight and height.
Risk 4: Packaging The baby carrier will be packed in a plastic bag that could pose a suffocation hazard (as we must assume that there will be children around when the baby carrier is opened).

Now that I have identified these risks, I can apply the GPSR technical documentation template:

Risk 1: Mechanical safety

1. We have searched the list of harmonised standards for and identified EN 13209-2 for soft carriers

2. We adjust the product specification and drawings based on EN 13209-2

3. We book third-party testing to verify compliance with EN 13209-2

Risk 2: Chemicals

1. We obtained test reports and other documentation indicating that the zippers and plastic buckles are compliant with Annex XVII of the REACH Regulation 1907/2006

2. We arrange third-party lab testing to verify compliance with the REACH Regulation 1907/2006 for the fabric and other parts

Risk 3: Instructions and warnings

1. We write user instructions that clearly explain how to correctly use the baby carrier. We also provide information about the max weight and height of the child.

2. We affix visual pictograms directly to the baby carrier and clear indications of max weight and height

Risk 4: Packaging

1. To reduce the risk of suffocation, we affix warnings on the plastic bags.

2. We only use plastic bags that have air holes

CE Marking Risk Assessment

CE mark

Risk assessments are often required for products covered by CE marking regulations and directives. The risk assessment is often part of the technical documentation.

This section compares risk assessment requirements for the following product categories:

  • Machinery
  • Electronics
  • PPE

Decision No 768/2008

The requirement to conduct a risk assessment is established in Decision No 768/2008, which sort of serves as a blueprint for CE marking regulations and directives.

The manufacturer shall establish the technical documentation. The documentation shall make it possible to assess the product’s conformity to the relevant requirements, and shall include an adequate analysis and assessment of the risk(s). The technical documentation shall specify the applicable requirements and cover, as far as relevant for the assessment, the design, manufacture and operation of the product.

Machinery Regulation

Machinery risk assessment

The Machinery Regulation states that a risk assessment shall be carried out by the manufacturer covering the following areas:

  • Identify which essential health and safety requirements apply to the machinery
  • Ensure that the machine is designed and constructed to eliminate hazards
  • Minimise the risks that remain

This regulation is relatively unique in the sense that it actually provides a risk assessment methodology:

Step A: Determine the limits of the machinery

  • Consider intended use
  • Consider reasonably foreseeable misuse

Step B: Identify potential machinery hazards and hazardous situations

Step C: Risk estimation

  • Estimate the risk label
  • Consider the severity of possible injury or health damages
  • Consider the probability

Step D: Risk evaluation

  • Does the Machinery Regulation require that the specific risk is reduced?
  • Is the risk in violation of the essential requirements outlined in the regulation?
  • Are there standards addressing the risk that can be implemented?

Step E: Eliminate hazards or reduce risks

  • Implement harmonised standards
  • Arrange testing
  • Caclulations
  • Affix warnings and instructions

Low Voltage Directive

LVD risk analysis

The Low Voltage Directive requires that a risk assessment is conducted by the manufacturer as part of the technical documentation.

The manufacturer shall establish the technical documentation. The documentation shall make it possible to assess the electrical equipment’s conformity to the relevant requirements, and shall include an adequate analysis and assessment of the risk(s). The technical documentation shall specify the applicable requirements and cover, as far as relevant for the assessment, the design, manufacture and operation of the electrical equipment.

However, the Low Voltage Directive does not provide an exact methodology or template to base the risk assessment on.

PPE Regulation

PPE risk analysis

The PPE Regulation also requires manufacturers to carry out a risk assessment, which is to be included in the technical documentation.

The manufacturer shall carry out a risk assessment in order to identify the risks which apply to his PPE. He shall then design and manufacture it taking into account that assessment.

This is another example of a regulation which does not provide a clear risk assessment methodology or template. However, the principle appears to be the same as in other EU regulations:

a. Manufacturers must identify the risks applicable to their products

b. The product must be designed to eliminate or reduce the identified risks

Harmonised standards

Product standards can also provide frameworks and methods for risk assessments. This is one example of such a standard:

EN ISO 12100:2010 Safety of machinery – General principles for design – Risk assessment and risk reduction

Decision (EU) 2019/417

Decision (EU) 2019/417 establishes rules for how authorities in EU member states can manage recalls and submit information about unsafe products via RAPEX. The Decision also provides risk assessment guidelines for said authorities, which can potentially also be used to some extent by manufacturers when carrying out their own internal risk assessments.

2.2. A risk assessment in three steps

The following text provides a summary of the three-step risk assessment process detailed in Decision (EU) 2019/417:

1. Anticipate an injury scenario

  • Based on intrinsic product hazard harms
  • Assess how severe the injury is

2. Determine the probability of the consumer being injured

3. Calculate the risk by combining the hazard (in terms of the severity of the injury) with the probability (in terms of a fraction)

Conclusion

Bear in mind that Decision (EU) 2019/417 is primarily concerned with assessing risk levels to decide if a recall is necessary. This is not sufficient for manufacturers who must also find ways to eliminate and reduce risks.

Nonetheless, the Decision can still be useful when assessing what the authorities take into consideration, which can serve as a starting point for your own risk assessment.

Regulation 2024/3173

Regulation 2024/3173, which is more recent than Decision (EU) 2019/417, provides a more detailed methodology for risk assessment when EU member states submit information via RAPEX.

Most relevant information can be found under Annex II.

Note that Regulation 2024/3173 is primarily concerned with providing risk assessment methodologies from the perspetive if EU member states, not manufacturers. That said, the risk level calculation methods can still be useful.

Risk Assessment Checklist

This checklist serves as a starting point. That said, you must ultimately act based on the risk assessment requirements in the applicable EU regulations and directives.

✅ List all potential risks (product, packaging, other)

✅ Assess how the product could be used incorrectly (and resulting risks)

✅ Describe potential risks

✅ Identify ways to eliminate risks

✅ Identify ways to reduce remaining risks (that cannot be eliminated)

✅ Identify product standards addressing the identified risks

✅ Arrange product safety testing to verify the safety of your product

✅ Write user instructions

✅ Create written and visual warnings

FAQ

Is it mandatory to conduct a risk assessment?

Yes, carrying out a risk assessment is practically mandatory for manufacturers of:

a. Consumer products covered by the GPSR

b. Products that require CE marking

That said, a risk assessment does not have to be complex. In fact, it can be quite trivial for low-risk products.

Which products require risk assessments?

Esssentially any product covered by the GPSR or a CE marking regulation or directive must undergo a risk assessment to some extent. This includes the following:

Consumer products

  • Children’s products
  • Furniture
  • Training equipment
  • Bicycles

CE marked products

  • Toys
  • Electronics
  • Batteries
  • PPE
  • Medical devices
  • Machinery
  • Gas appliances
  • Construction products

Do we need to get our risk assessment approved?

Yes, that can be necessary for medical devices, PPE and other products that require certification by a notified body. This procedure can include a review of the risk assessment.

That said, no approval of a risk assessment is required for most products sold in the EU. While it may have happened, I have personally not heard of any instance in which an EU market surveillance authority has even requested a documented risk assessment.

This does not take away from its importance, though. The risk assessment’s true purpose is to help you, as a manufacturer, identify risks and implement practical solutions. Failing to do a proper risk assessment means that you may fail to deliver a safe product, and that can and will have consequences.

Who is responsible for carrying out the risk assessment?

The manufacturer is generally responsible for carrying out a risk assessment. Note that many EU regulations and directives define the following as manufacturers:

1. Factories

2. Companies selling products based on their design

3. Companies selling products under their brand

As such, a company does not have to actually operate a production facility to be defined as a manufacturer (and thus, responsible for the risk assessment).

Are EU importers responsible for carrying out risk assessments?

Yes, but only if you are ordering products based on your design or brand, as this likely results in the importer being defined as the manufacturer.

Is there a risk assessment template?

We are not aware of a uniform risk assessment template that can be used for any product. That said, you can use the GPSR technical documentation template as a starting point.

Some regulations also provide risk assessment methodologies.

  • [FREE] COMPLIANCE CHECKLIST

    Step-by-step product compliance checklists for the US, EU, UK, Canada & Australia. Updated with new requirements coming in 2026.

     2026

    Download here

    Disclaimer: The Site cannot and does not contain legal advice. The legal information is provided for general informational and educational purposes only and is not a substitute for professional advice. Accordingly, before taking any actions based upon such information, we encourage you to consult with the appropriate professionals. We do not provide any kind of legal advice. THE USE OR RELIANCE OF ANY INFORMATION CONTAINED ON THE SITE IS SOLELY AT YOUR OWN RISK.

    Full Disclaimer: Link

    Sources: Our articles are written in part based on publicly available information, and our own practical experience relating to product compliance. These are some of the primary sources we use:

    • European Commission - europa.eu
    • EUR-Lex - eur-lex.europa.eu
    • European Chemicals Agency - echa.europa.eu
    • eCFR - ecfr.gov
    • U.S. Consumer Product Safety Commission - cpsc.gov
    • U.S. Federal Trade Commission - ftc.gov
    • U.S. Federal Communications Commission - fcc.gov
    • GOV.UK
    • Legislation.gov.uk
    • Laws-lois.justice.gc.ca
    • Legislation.gov.au

    Licenses

    EU: Creative Commons Attribution 4.0 International (CC BY 4.0) licence

    UK: Contains public sector information licensed under the Open Government Licence v3.0.

    AU: Contains information licensed under the Creative Commons Attribution 4.0 International (the CC BY 4.0 licence)

    • 1 Responses to “Quick Guide to Risk Assessments in the EU: GPSR & CE Marking

    1. Fredrik Gronkvist at 10:16 pm

      Feel free to ask questioins about EU risk assessments in the comment section!

      Reply
    Leave a Reply

    Your email address will not be published. Required fields are marked *

    US, EU & UK Compliance Courses: 50% Off Until Friday

    Close the CTA

    Free Webinar

    Close the CTA

    Product Compliance in 2026

    ✓ How to find requirements for your product

    ✓ New product requirements in 2026

    US, EU, UK, Canada & Australia

    Close the CTA

    Presenter: Fredrik Gronkvist, Co-founder of Compliancegate.com

     

    Fredrik has a background in manufacturing and quality assurance and has contributed to Bloomberg, BBC, SCMP, and others.