No, standalone software isn’t a “product”

Should a piece of software and a fountain pen have to follow the same product safety obligations? Some European policymakers want to include all online standalone items in the scope of the new product safety rules.
The European Commission proposed new rules for the safety of products in mid-2021. The General Product Safety Regulation (GPSR) proposal covers the new technological concerns arising from products that can harm consumers, e.g. cybersecurity, embedded software, or Artificial Intelligence. One could argue that these specific concerns would be better tackled in other dedicated initiatives such as the EU cybersecurity rules or the new EU AI Act
Some European lawmakers in the Council and the Parliament are now considering extending the GPSR proposal much further, to cover intangible or digital items, regardless of their interaction with a physical product. That means that any standalone software would be required to meet the same safety obligations as any product. For example, the same product safety rules would apply to a piece of code and a pair of socks. This is misguided.
This proposition should be properly considered as it goes far beyond the Commission’s original proposal. Two elements for policymakers to consider:
- EU product safety rules are based on the protection of the safety and health of consumers. For example, that notably entails personal injuries or property damage. Standalone software, such as an app, is very unlikely to cause that type of harm to consumers.
- The new product safety proposal was written with tangible products in mind. Its definitions and obligations do not apply to standalone software. Should a software developer be considered a manufacturer? How would the definition of a safe product apply to software? Would software have to comply with EU labelling, appearance, or packaging requirements? Would “software manufacturers” have to write technical documentation or give a batch number to their software? The GPSR is clearly not meant to oversee the safety of software.
Forcing the GPSR to include a host of intangible items would create unnecessary confusion and inconsistencies. European policymakers should rather stick to the proposal’s original scope to ensure that the GPSR can achieve its objectives of modernising the EU product safety framework for both European consumers and businesses.