Compliance is Capital: A Maltese Business Owner's Guide to Navigating the EU's New Product Safety Era

The headlines are stark and unforgiving. In recent years, Dutch conglomerate Philips has been engulfed in a product recall crisis involving millions of its sleep apnea devices. The financial fallout has been staggering, with legal settlements soaring past €1.2 billion and a stock price that has plummeted by over 18% in the last year alone, erasing billions in shareholder value. While this may seem like a distant problem for a global giant, a recent and alarming local report brings the issue directly to Malta's shores. An EU-wide product safety sweep revealed that a staggering 44% of everyday products sampled by the Malta Competition and Consumer Affairs Authority (MCCAA) failed to meet safety standards. Products inspected ranged from children’s toys to lighting fixtures to disposable e-cigarettes; all found to be non-compliant.

This convergence of global financial disaster and local enforcement reality signals a profound shift. In the post-2024 European Single Market, product safety compliance has transcended its traditional role as a legal checkbox. It is now a primary determinant of a company's financial viability, directly influencing its access to trade finance, its insurance coverage, its market valuation, and ultimately, its survival. For Maltese importers and manufacturers, understanding and mastering this new paradigm is not optional; it is fundamental to securing capital, protecting the bottom line, and competing effectively in a more demanding and unforgiving marketplace.

At the heart of this new era is the General Product Safety Regulation (EU) 2023/988 (GPSR), which officially replaces the two-decade-old General Product Safety Directive (GPSD). This change carries significant weight for businesses across the Union.

The previous GPSD was a directive, meaning it set out goals that each member state, including Malta, had to transpose into their own national laws. This allowed for slight variations in interpretation and enforcement. The GPSR, however, is a regulation. It is a binding legislative act that applies "as is" and uniformly across the entire EU, creating a single, harmonised, and stricter standard for all.

Perhaps the most critical operational change is the requirement for a designated "Responsible Person". For nearly all consumer products placed on the EU market, there must be an economic operator established within the EU who is legally responsible for ensuring and verifying compliance. This role can be filled by an EU-based manufacturer, an importer, an authorised representative, or even a fulfilment service provider. The implications for Malta are profound. For any Maltese business importing goods from non-EU hubs like China, the UK, or Turkey, that business automatically becomes the designated "importer" and thus the "Responsible Person" by default. The full weight of legal liability for product safety now rests squarely on their shoulders.

The GPSR clearly defines the duties for every actor in the supply chain—manufacturers, importers, and distributors. These obligations now include actively verifying that technical documentation has been drawn up, ensuring correct product and packaging labels, cooperating fully with market surveillance authorities like the MCCAA, and reporting any accidents or serious risks through the EU's "Safety Gate" portal (the successor to the RAPEX system).

The regulation explicitly closes a long-standing loophole by bringing online marketplaces into the regulatory fold. These platforms are now legally obligated to establish a single point of contact for authorities, act swiftly to remove listings of dangerous products when notified, and ensure that product listings clearly display all required manufacturer, "Responsible Person," and safety information. This creates a level playing field between online and traditional brick-and-mortar retail.

The very concept of "product safety" has been modernised. The assessment of a product's safety must now consider risks associated with new technologies, including its cybersecurity, potential vulnerabilities of embedded Artificial Intelligence (AI), and its interconnectivity with other devices. Furthermore, risk assessments must specifically evaluate potential harm to vulnerable consumer groups, such as children, the elderly, and persons with disabilities, and even consider how a product's appearance, such as mimicking foodstuffs, could lead to foreseeable misuse.

The GPSR is not an isolated event but part of a broader, systemic tightening of EU regulations. Businesses must be aware of other significant changes on the horizon.

Another critical piece of legislation is the REACH. The EU's foundational chemical safety law, REACH, is undergoing a massive overhaul known as the "REACH Recast". This will fundamentally change chemical compliance management. Key expected changes include the introduction of mandatory 10-year validity periods for REACH registrations (requiring renewal to maintain market access), the inclusion of certain polymers and low-tonnage substances that were previously exempt, and a move towards Digital Product Passports (DPPs). DPPs will embed compliance data directly with the product, creating a transparent, machine-readable record that travels down the supply chain, a significant technological and data management challenge for businesses of all sizes.

These EU-level rules are not abstract concepts; they are being actively enforced on the ground in Malta. The Malta Competition and Consumer Affairs Authority (MCCAA) is the designated national authority responsible for market surveillance and enforcement of these product safety regulations. Recent data showcases the authority's high level of activity, with its teams conducting over 13,000 product inspections in a single year! The MCCAA has publicly stated its commitment to implementing the new GPSR, with a clear focus on enhancing product traceability and leveraging its strengthened enforcement powers. For local businesses, the message is indisputable: the era of lax enforcement is over, and scrutiny will be robust.

The cumulative effect of these changes marks the end of "set-and-forget" compliance. The old model, where a business might obtain a certificate and file it away, is obsolete. The shift from a flexible Directive to a rigid Regulation, combined with the dynamic nature of the upcoming REACH Recast, transforms compliance from a static, periodic task into a continuous, data-driven management function that must be embedded into the core operations of the business.

The following is a table highlighting the defined obligations by the GPSR, the respective effort required, and to whom the definition applies to.

Obligation Category

Key Requirement

Who is Primarily Affected?

Responsible Person

Appoint an EU-based entity (importer, authorised representative, etc.) legally responsible for compliance for products from non-EU countries.

Importers from non-EU countries, Non-EU manufacturers selling directly to EU consumers.

Technical Documentation

Carry out an internal risk analysis and draw up a technical file containing this analysis, a general product description, and essential characteristics. This file must be kept for 10 years and be available to authorities upon request.

All manufacturers and importers placing products on the market.

Labelling & Traceability

Affix a type, batch, or serial number to the product for identification. Clearly display the name, postal address, and electronic address of both the manufacturer and the EU Responsible Person on the product, its packaging, or an accompanying document.

All economic operators in the supply chain.

Online Sales

Ensure online listings clearly display the same Responsible Person and manufacturer information, a picture of the product, and any required safety warnings.

Online sellers and providers of online marketplaces.

Accident Reporting

Immediately inform the relevant authorities via the "Safety Business Gateway" portal if there is reason to believe a product presents a risk or has caused an accident.

All economic operators, including online marketplaces.

Product Recalls

If a recall is necessary, directly notify all identifiable affected consumers. Offer consumers a choice of at least two remedies: repair, replacement with a safe product of the same value, or an adequate refund.

All economic operators responsible for a recall.

The new product safety regime's impact extends far beyond the factory floor and warehouse. It is fundamentally reshaping the landscape of trade finance, introducing a new layer of risk that banks, insurers, and other financial partners can no longer ignore. For Maltese businesses, understanding this connection is crucial to maintaining the flow of capital that underpins international trade.

Traditionally, a bank's due diligence for trade finance focused on financial crime compliance. This is no longer sufficient. The new regulations force a profound shift in the scope of due diligence, compelling a convergence of financial crime compliance and product compliance. A financier’s risk assessment can no longer stop at the creditworthiness of the importer; it must now extend to the market-worthiness of the goods themselves. A new set of questions is being added to the lender's checklist:

• Does this product have a designated EU "Responsible Person"?

• Can the importer provide a complete and valid technical file upon request?

• Does the product carry the correct CE marking and is it backed by a valid Declaration of Conformity?

• Has the product been screened against the EU Safety Gate for prior alerts or recalls?

A "no" to any of these questions is a major red flag. It signals a significant risk that the financed goods could be seized by customs, blocked from the market by the MCCAA, or any other European market surveillance authority, or be subject to a costly recall. Any of these outcomes directly jeopardises the underlying asset of the trade finance deal and threatens the buyer's ability to repay the seller.

The cumulative effect of these heightened risks; regulatory, operational, and financial, is that a demonstrable, robust product compliance system is rapidly moving from a "nice-to-have" to a non-negotiable prerequisite for securing trade finance. Businesses that can proactively present their financiers with a comprehensive compliance dossier are signalling a significantly lower risk profile. Being able to furnish a complete technical file, provide evidence of a state-of-the-art traceability system, and demonstrate a clear understanding of all applicable regulations builds confidence. This proactive stance can translate directly into tangible financial benefits, including better lending terms, higher credit limits, and a more resilient, trust-based relationship with financial partners.

The failure to invest in product safety compliance is not a theoretical risk; it has immediate, quantifiable, and often devastating consequences for a company's bottom line and market value. The evidence from recent major recalls demonstrates that the costs extend far beyond the simple expense of replacing a faulty product.

A product recall triggers a cascade of financial haemorrhaging that can cripple a business. The visible, direct costs are merely the tip of the iceberg.

For Philips, the costs of its CPAP machine recall spiralled into a vortex of litigation. The company has now agreed to settlements for economic loss and personal injury claims exceeding €1.2 billion. Related costs include legal fees, regulatory fines, soaring insurance premiums, and irreparable reputational damage, which almost invariably dwarf the direct costs of the recall itself.

Such recall events are also called for SME, which the implications can be financially devastating. WATT Mobility, a trendy Dutch startup, was rapidly gaining traction in the competitive e-bike market across the Benelux region and Germany. Their sleek, minimalist urban e-bikes, were popular for their design and affordability. However, in late 2023, the company's momentum was brought to a sudden and severe halt. The Dutch market surveillance authority identified a serious fire risk originating from the battery located in the bike's carrier. A recall was mandated for over 7,000 bikes. For a young, growing company like WATT, this was a devastating blow. The cost of retrieving thousands of high-value products and replacing entire battery systems, estimated to be in the millions of euros, represented an immense financial liability that directly threatened the company's survival and shattered its expansion plans.

This risk is not abstract. Data shows that European product recalls are at an all-time high, reaching a record 14,484 events in 2024. This marks a 16% increase over the previous year's record, with the most affected sectors being consumer products, completely relevant to Malta's import and manufacturing landscape.

The financial risk of non-compliance is dangerously asymmetrical. While large corporations like Philips can, with great pain, absorb multi-billion-dollar losses and eventually begin to recover, a smaller Maltese importer or manufacturer cannot. For an SME, a single container of goods seized by customs, a recall of one key product line, or the voiding of a critical trade credit insurance policy is not just a setback—it can be an extinction-level event.

Navigating this complex new environment requires a strategic and proactive approach. Simply reacting to problems as they arise is a recipe for failure. Maltese importers and manufacturers must build a robust compliance framework into the very fabric of their operations. The following is a practical blueprint to guide this transformation.

Step 1: Conduct a Gap Analysis & Appoint Your "Responsible Person"

The first and most urgent step is to understand your exposure. Businesses should immediately conduct a thorough gap analysis, mapping their entire product portfolio against the new requirements of the GPSR and looking ahead to the upcoming changes in regulations like REACH.

Step 2: Build Your Technical File & Risk Assessment

This is the foundational pillar of modern compliance and is non-negotiable. Every product placed on the market must have a corresponding technical file. This dossier is the core evidence of your due diligence and will be the first thing demanded by the MCCAA or a financial partner in the event of an inquiry. This file must be maintained for 10 years after the product is placed on the market

Step 3: Leverage Technology for Traceability and Reporting

The sheer volume of data required for compliance today means that manual systems based on spreadsheets and email are no longer viable; they are inefficient, prone to error, and impossible to audit effectively. Technology is the great equaliser that can bridge the capability gap for SMEs. Implementing systems like QR codes to track products throughout the supply chain and provide proof of origin and compliance.

Step 4: Engage Your Ecosystem & Seek Support

Compliance cannot be achieved in a vacuum. It requires active engagement with all stakeholders.

Proactively communicate the new, stricter EU requirements to your non-EU suppliers. They are a critical source of the data needed for your technical files. It is essential to make the provision of this data a non-negotiable condition in your purchasing contracts and supplier agreements.

Do not wait for your bank or insurer to raise the issue. Be proactive. During financing or insurance renewal discussions, present your compliance framework as a key strength. Walk them through your traceability systems, show them your technical file procedures, and demonstrate your understanding of the regulations. This builds confidence and positions your business as a lower-risk, more attractive partner.

Businesses should explore the support mechanisms available locally. Find product compliance expertise to ensure that the key steps are adhered to according to the legislation. A critical step in this process involves actively seeking out and engaging with experts in product compliance. These specialists possess in-depth knowledge of both EU and national legislation, which is crucial for navigating the complexities of product development, manufacturing, and distribution. Their expertise can help businesses ensure that every key step, from initial design to final market placement, is meticulously aligned with all relevant legal requirements. This not only mitigates the risk of costly penalties and recalls but also fosters a reputation for quality and reliability, which is invaluable in today's competitive landscape.

The era of treating product safety as a peripheral, box-ticking exercise is definitively over. The European Union’s ambitious new regulatory framework has irrevocably fused compliance with capital. For Maltese manufacturers and importers, the risks of inaction are existential: blocked shipments, voided insurance, inaccessible finance, and catastrophic reputational damage. The path forward, though challenging, is clear. It requires a strategic, top-down commitment to building a robust, transparent, and technology-enabled compliance system. This is no longer a mere cost of doing business. In the new reality of the Single Market, this investment in compliance is the capital that will fund future growth, secure market access, and build a resilient enterprise capable of thriving in the more demanding, yet opportunity-rich, decades to come.