Founders often confuse claims compliance (what you say on TikTok and on-pack) with regulatory compliance (what you can prove to an authority, on demand). They overlap, but they’re not the same sport.
Think of the Cosmetics Product Information File as the cosmetics equivalent of a medical device technical file: a structured evidence pack that demonstrates safety and compliance before anyone asks questions. And regulators can ask for it at any time – if you can’t provide it quickly, that’s when things get spicy.
Unsure whether your cosmetic PIF meets UK and EU requirements?
What is a Cosmetics Product Information File?
A Cosmetics Product Information File (often shortened to “PIF”) is the complete set of documentation that demonstrates your cosmetic product complies with the legal requirements and is safe for use.
Under the EU cosmetics framework, the Product Information File must be kept readily accessible for inspection at the Responsible Person’s address and retained for 10 years after the last batch is placed on the market.
Key point: a PIF is not optional, and it’s not just the safety assessment. It’s the umbrella file that holds the safety assessment plus the supporting compliance evidence.
You can store the PIF electronically, but “it’s in someone’s inbox” does not count as “readily accessible”.
Legal Basis: UK and EU Regulatory Framework
EU Cosmetics Regulation 1223/2009
The EU’s core legal framework is Regulation (EC) No 1223/2009. Two anchors matter most for your PIF build:
- Safety assessment + Cosmetic Product Safety Report (CPSR) requirements sit in Article 10 and Annex I (Part A safety information, Part B safety assessment).
- Product Information File content, availability, retention sits in Article 11.
In plain English: the law expects you to have the safety story (CPSR) and the evidence trail (the wider PIF), held by the Responsible Person and available on request.
UK cosmetics regulation post-Brexit
In Great Britain, cosmetics rules remain closely aligned to the retained EU framework in practice, but the UK operates its own market surveillance and enforcement mechanisms.
The Cosmetic Products Enforcement Regulations 2013 provide enforcement powers and penalties in the UK context.
Operationally, the UK also runs its own notification process and “UK Responsible Person” expectations for placing products on the GB market, meaning brands selling in both the EU and GB must manage dual compliance admin, not just dual labelling.
What must be included in a Cosmetic PIF?
Here’s the practical structure most brands should use. (And yes, you can do this neatly – without generating a documentation swamp.)
1) Product description
Your PIF must clearly identify the product and what it is:
- Product name, variant range (shades, fragrance variants, etc.)
- Intended use and how it’s presented
- Format and packaging configuration(s)
Reality check: “same formula, different shade” can still affect safety inputs, impurities, and exposure assumptions – so treat variants carefully.
2) Cosmetic Product Safety Report (CPSR)
The CPSR is the heart of the file. Legally, it follows a defined structure:
- Part A: Cosmetic product safety information
- Part B: Cosmetic product safety assessment
This is where you demonstrate the product is safe under normal and reasonably foreseeable use, using formula information, toxicology, exposure, impurities, microbiology (where relevant), packaging compatibility, and more.
Also, the safety assessment must be done by a suitably qualified safety assessor (this isn’t a “my supplier said it’s fine” situation).
3) Manufacturing information and GMP
You need evidence that manufacturing is controlled and repeatable.
Most serious brands align their manufacturing controls to ISO 22716 (Cosmetics GMP) as the widely recognised benchmark for cosmetic good manufacturing practices.
In practice, your PIF should contain (or reference) things like:
- Manufacturing method/process overview
- Batch records approach
- Controls for contamination and mix-ups
- Traceability approach for raw materials and packaging components
4) Proof of claimed effects
If you make a claim, you need evidence proportional to the claim.
- “Moisturises” → usually straightforward, but still needs substantiation
- “Treats acne/eczema” → you’re drifting into medicinal territory fast
This section is where many indie brands accidentally implode: they write marketing copy first and try to reverse-engineer evidence later.
5) Animal testing statement
You need a statement addressing compliance with EU animal testing rules and supply chain assurances. Even if you don’t test, you need the chain-of-custody confidence that ingredients and finished product meet requirements.
Where Must the PIF Be Kept and for How Long?
This is one of the easiest things to get right, and an equally easy thing to fail.
- Where: At the address of the Responsible Person, available for inspection.
- How long: 10 years after the last batch of that product is placed on the market.
So yes: even if you discontinue a product, you’re still “living with it” for a decade.
Responsible Person obligations in plain English
The Responsible Person (RP) isn’t a ceremonial title. It’s the legal accountability role.
The RP is responsible for:
- Ensuring the product is compliant before it’s placed on the market
- Ensuring the CPSR exists and is maintained
- Maintaining the Cosmetics Product Information File and making it available on request
- Ensuring the product information (including labelling) is compliant and consistent with the safety assessment
If you sell in both the UK and EU, you may need two Responsible Persons (EU-established RP for EU market; UK-established RP for GB market), depending on your setup and where you’re “placing on the market”.
UK vs EU Cosmetic PIF: what’s different?
The core PIF concept is consistent, but operationally, some differences matter for founders:
Requirement | EU | UK (Great Britain) |
Core framework | Regulation (EC) No 1223/2009 | The UK operates enforcement under UK mechanisms (incl. 2013 Regulations) |
Responsible Person | EU-established RP | UK-established RP for the GB market |
Notifications | EU notification portal process | UK notification process and GB market oversight |
Enforcement | EU competent authorities | UK enforcement powers under UK regulations |
Most brands get caught here: they assume “same product” means “same admin”. Often, it means two notification workflows and tighter control over labelling variants and RP addresses.
How to create a cosmetic PIF
Step 1: Appoint the Responsible Person
Decide early where you are placing the product on the market (EU, UK, or both). Your RP structure drives where the PIF must be held and how quickly you can respond if authorities request it.
Step 2: Commission the CPSR
Make sure the safety report follows the required structure and that the assessor has appropriate qualifications.
Step 3: Compile your compliance documentation
Typically includes:
- Full qualitative/quantitative formula (INCI plus % or concentration ranges as needed for assessment)
- Raw material specifications, SDS, allergen info, impurities profile where relevant
- Microbiology and preservative strategy (especially for water-containing products)
- Stability and compatibility evidence
- Packaging specifications and compatibility rationale
Step 4: Confirm labelling compliance
Labelling must match what your safety assessment assumes and what your product actually is. This is where “marketing drift” creates compliance risk.
Make sure the basics are consistently addressed (e.g., RP address, batch/lot identification, precautions, ingredient list, nominal content, function where not obvious, PAO/expiry where applicable). The legal labelling framework sits within Regulation 1223/2009.
Step 5: Submit notifications (EU and/or UK)
Notifications are separate from the PIF, but they are part of your compliance system. Treat notification data as controlled regulatory data – because it is.
Common mistakes in cosmetic PIF preparation
These are the ones that repeatedly show up when brands get challenged:
- CPSR is missing the required structure or sign-off
- Treating supplier summaries as a CPSR (they’re not)
- PIF is not updated after formula, supplier, packaging, or manufacturing changes
- Label claims drifting beyond what the CPSR and the evidence support
- “We’re small” logic (regulators do not care about your Instagram following)
Penalties and consequences of a missing or weak PIF
Under the UK enforcement framework, authorities have powers to take action where products don’t meet legal requirements.
In practice, consequences can include:
- Requests for immediate documentation submission (with short deadlines)
- Corrective actions (label changes, claim changes, product withdrawals)
- Marketplace takedowns (often faster than formal enforcement)
- Reputational damage (which, unlike labels, is annoyingly hard to version-control)
How Patient Guard supports cosmetic compliance
Patient Guard can support brands with:
- Cosmetic PIF preparation and remediation (structure + content completeness)
- RP-aligned documentation control (so the file is actually “inspection ready”)
- Safety assessment coordination (with qualified assessors)
- Labelling and claims review to reduce avoidable enforcement risk
- Dual-market UK/EU strategy support for brands scaling across borders
Contact Patient Guard to review or build your Cosmetics Product Information File.
Wrapping Up
A Cosmetics Product Information File is legal proof of product safety and compliance. It’s not optional admin, and it’s not something you want to assemble in a panic because an authority has asked for it.
If you build it properly, it does more than satisfy regulators: it protects your brand, your customers, and your ability to scale without tripping over your own documentation.
Book Now
FAQ
A product description, the CPSR (Part A and Part B), manufacturing/GMP evidence, proof of claimed effects, and other compliance documentation demonstrating safety and legal conformity.
The Responsible Person, who must keep it available for inspection at their address.
Core expectations are aligned, but the UK and EU operate different notification routes and enforcement systems, and you may need separate Responsible Persons for GB and EU markets.
10 years after the last batch of the product is placed on the market.
Authorities can request it and take action where requirements aren’t met, including corrective actions or removal from sale.
Patient Guard can support UK compliance strategy and documentation readiness; RP service availability depends on your product type and market model (and should be scoped explicitly in your compliance plan).
Patient Guards Recent Posts
Medical Device Regulatory Consulting Services Explained
Explore medical device regulatory consulting services for ISO, FDA, EU, and more. Build compliant systems, pass audits, and scale globally with expert support.
Patient Guard’s QMS Achieves ISO 13485 Certification
A milestone that strengthens our commitment to quality
Regulatory and quality consulting is one thing. Building, implementing, and passing audits on your own Quality Management System is another.
UDI Medical Devices: Types Explained (EU MDR Guide)
UDI medical devices are not just a labelling requirement. They are the backbone of traceability under EU MDR.
