General Product Safety Regulation: France proposes to regulate standalone software

The obsolescence of the current General Product Safety Regulation makes it unsuitable for digital products developed in recent years, including autonomous software. Cybersecurity issues remain notably absent from the original directive dating from 2001, i.e. before the emergence of these systems. Therefore, a new Regulation is under discussion between the EU members.

On 14 January 2022, France has formulated amendments to the regulation, inspired in particular by its recent Ordinance on the legal guarantee of conformity for goods, digital content and digital services, which relates to the scope of application of the future regulation. Standalone software was not covered by the previous provisions, which is problematic in particular where it provides safety functions in intelligent products and systems.

The proposal is to define ‘product’ as "any tangible or non-tangible item, placed or made available on the market, whether for consideration or not, including in the context of providing a service - which is intended for consumers or can, under reasonable foreseeable conditions, be used by consumers even if not intended for them”. The definition is deliberately generic in order to include a wide range of products.

Companies commercialising standalone software or standalone software integrated into other products must be particularly vigilant since - if the text is not amended - from the moment products are placed on the market, they will be subject to the entire set of obligations relating to general product safety that will potentially expose them to liability claims by consumers. Obligations will not only concern the manufacturers but also the distributors of these products who will have to verify that the manufacturers and importers comply with the requirements relating to the general safety obligation on the market.

Companies must establish mechanisms for monitoring, detection and traceability, including reporting a defect and organising a recall. Other specific additions relate to the definition of a consumer, which is defined as follows "consumer means any natural person who acts for purposes which are outside that person's trade, business, craft or profession.

This notion of ‘consumer’ is essential since the future regulation indicates that the evaluation of the product must necessarily include an analysis of "the appearance of the product where it encourages consumers to use it in a way which is different from what it was designed for".

The major challenge for this future regulation is to integrate a system that could demonstrate product failure, as it is known to be complex for a system such as software that develops autonomously.

The impact of updates on product safety should be particularly considered since the product has an autonomous behaviour that can create new risks that were not assessed when it was first introduced on the market.

Previously, only the safety risks associated with software embedded in products at the time of their release were regulated. However, the Commission has proposed regulating "high-risk" artificial intelligence through an assessment that will be made accordingly with the field and use of the technology with regards to its consequences.

The European Commission is continuing to build a normative system around the digital environment and to make up for a certain delay in European law to regulate artificial intelligence. The proposal needs to be seen in context with the proposal for an Artificial Intelligence Act, also discussed in this edition of Connected.

Next steps

Following these amendments by the Presidency of the Council of the European Union, the European Parliament’s Committee on Internal Market and Consumer Protection (IMCO) tabled new amendments on 19 January 2022. The next step in the legislative process is adoption in the European Parliament and then interinstitutional negotiations between Parliament, Council and the Commission.

Sign up for our Connected newsletter for a monthly round-up from our Regulatory & Public Affairs team.