GPSR for online marketplaces: Article 22 and the DSA overlap

Article 22 of Regulation (EU) 2023/988 is the provision that radically reshaped how marketplaces operate in the EU from December 2024. It does not turn the marketplace into the product manufacturer, but it does make the platform a first-line enforcement partner for product safety, with concrete duties and short deadlines. The practical effect on sellers — fields they must populate, evidence they must provide, and listings that get suppressed — is now the dominant compliance pressure for marketplace-first brands.

What Article 22 requires of marketplaces

GPSR Article 22 layers five concrete duties on top of the existing Digital Services Act framework:

1. Register with the Safety Gate Portal and designate a single point of contact in the EU for product-safety authorities (Art. 22(1)–(2)). Authorities must be able to reach a named human within two working days.
2. Have internal processes to receive and act on Safety Gate notifications within two working days (Art. 22(4)). This is faster than the DSA's general "expeditious" standard for illegal content.
3. Cooperate with authority requests for trader identification and traceability information (Art. 22(8)–(10)). Refusal can escalate to DSA fines of up to 6% of annual turnover.
4. Collect and verify trader information before allowing them to offer products to EU consumers (Art. 22(7)). This includes self-certified evidence that each trader complies with Article 19.
5. Inform consumers and authorities promptly when an unsafe product they helped sell is identified, including by notifying past buyers where reasonably possible (Art. 22(12)).

The deadlines are aggressive on purpose. The Commission's view, set out in Recital 84, is that the marketplace is the first signal of an unsafe product reaching consumers and must act faster than a paper-based supply chain would.

What sellers should expect from each marketplace

Every major EU marketplace rolled out Article 22 onboarding flows between Q4 2024 and Q1 2025. The patterns differ but the substance converges:

• Amazon EU. GPSR fields embedded in the Manage Inventory flow since November 2024. Mandatory fields: manufacturer name and contact, EU Responsible Person, product identifier, warnings (per language), safe-use instructions. Missing fields trigger soft suppression after a grace period that ended in mid-2025.
• Etsy. Compliance Hub launched January 2025; per-shop GPSR profile required. EU-resident sellers and non-EU sellers shipping into the EU are both in scope. Etsy treats missing data as a per-listing block.
• eBay. Article 22 module live since Q1 2025. eBay validates the Responsible Person against the European Commission's economic-operator registry and rejects appointments to entities not registered.
• Zalando, About You, OTTO Market. Onboarding-time gates that block new SKU activation without the full compliance dataset. Existing inventory was migrated over a 90-day window.
• Cdiscount, Allegro, Manomano. Compliance dashboards with field-level validation; some accept bulk CSV upload of the compliance dataset.
• Vinted. Implemented Q2 2025 for B2C "Pro" sellers; C2C sellers exempt under Recital 89.

The implication for sellers: a single compliance data model populated once and pushed to every channel beats per-marketplace data entry. The fields are largely the same; the API shapes differ.

What sellers should provide proactively

The marketplaces have to ask. Sellers do not have to wait to be asked. Proactively providing a clean compliance dataset reduces listing-suppression risk and is the cleanest path through Amazon's and Zalando's automated enforcement systems.

A defensible minimum:

• Manufacturer block — legal name, registered postal address, monitored electronic address.
• Responsible Person block (non-EU sellers) — legal name, EU postal address, monitored electronic address, appointment letter on file.
• Product identifier — type, batch or serial reference per SKU.
• Warnings — affixed product warnings transcribed, localised for each destination market.
• Safe-use instructions — link to a downloadable PDF in each destination market language.
• Technical file pointer — internal reference to where the file is held, with the 10-year retention date.

The DSA overlap

Article 22 sits on top of the Digital Services Act. The marketplace is also a "hosting service" or "online platform" under the DSA, with separate duties:

• DSA Art. 30 — trader traceability. The marketplace must verify and store the seller's name, address, contact, payment account, registry number and ID document; provide it to authorities on request.
• DSA Art. 31 — compliance by design. Listing interfaces must be built to allow traders to comply with EU consumer law, including GPSR Article 19.
• DSA Art. 35–37 — risk assessment (for VLOPs only; affects Amazon, eBay, Zalando, Allegro, AliExpress, Temu and similar). Product safety is now a named systemic risk in the Commission's risk-assessment template.

The combined effect: a marketplace that fails on GPSR Art. 22 also fails on DSA Art. 30–31, and the DSA penalty regime (up to 6% of global turnover) creates strong incentives to enforce on sellers aggressively.

How Regonance helps

Regonance generates a single compliance dataset per SKU that maps cleanly onto each marketplace's required fields, and tracks per-channel coverage so sellers can see which listings are at risk before the marketplace's automated systems suppress them. Run a free scan to see your per-channel coverage.

What to do this week

• Confirm that each marketplace you sell on has your Responsible Person on file.
• Audit your top 20 EU-selling SKUs against the marketplace's GPSR field requirements.
• For non-EU sellers: confirm your Responsible Person is registered in the EU economic-operator database (eBay validates against it).
• Localise warnings for every EU destination market in which you ship.

Glossary

Article 22. The provision of GPSR that imposes due-diligence and cooperation duties on online marketplaces.

Single point of contact. A named human contact at the marketplace, registered in the Safety Gate Portal, who can be reached within two working days by authorities.

VLOP. Very Large Online Platform — a DSA designation triggered at 45 million monthly EU users, with additional risk-assessment duties.

Trader traceability. The DSA Art. 30 requirement for online platforms to verify and retain identifying information about sellers using the platform.

---

Educational information, not legal advice. Consult the consolidated text of Regulation (EU) 2023/988 and Regulation (EU) 2022/2065 on EUR-Lex for the authoritative legal sources.