If you develop software, run an online marketplace, or manufacture anything with a digital component, the regulatory landscape just shifted. The Product Regulation and Metrology Act 2025 (the "Act") has received Royal Assent, and for the first time, UK product safety law explicitly covers "intangible components"—including software.

This is a key piece of framework legislation that gives government sweeping new powers to regulate products in ways that could fundamentally change how tech companies, online platforms, and digital-physical product manufacturers operate. The immediate question for many businesses isn't whether this will affect them, but when and how.

What does this act require my business to do right now?

This is enabling legislation that creates powers rather than immediate obligations. The Act itself doesn't impose new compliance requirements on businesses today. Instead, it grants the Secretary of State broad authority to introduce specific regulations through secondary legislation, which will require parliamentary approval.

This framework approach allows for responsive, targeted regulation that can adapt to emerging technologies and evolving safety challenges without requiring primary legislation for each new development.

The Act establishes several key capabilities:

Framework powers: Secretary of State can now make product regulations covering physical products AND digital/software components. This marks a significant departure from traditional product safety frameworks that focused primarily on physical characteristics.

Enforcement toolkit: When specific regulations are made, they are able to incorporate substantial enforcement tools including:

  • Criminal sanctions up to two years imprisonment
  • Product seizure and mandatory recall powers
  • Civil penalties and fines
  • Premises search and inspection rights

UK-wide structure: The unified framework with devolved consent mechanisms ensures consistent approaches across England, Wales, Scotland, and Northern Ireland.

What does this mean for different types of products?

The Act's definitions signal its modern scope. "Products" explicitly include items with intangible components, while "production" encompasses manufacturing, assembly, design, engineering, packaging, and labelling. This broad interpretation ensures the framework can address complex modern products that blend physical hardware with sophisticated software systems.

Is my business sector likely to be affected?

  • Technology Companies and Software Developers - Software as a Service (SaaS) providers, app developers, and technology firms should prepare for possible safety obligations that extend throughout their products' lifecycles.

    The concept of "intangible components" being subject to product regulations means that software updates, artificial intelligence (AI) algorithms, and digital services may soon face the same scrutiny as physical products.
  • Online Marketplaces - Platforms facilitating product sales face imminent regulatory attention. Recent EU developments have demonstrated particular regulatory focus on children's products sold online, as evidenced by the European Commission's first product safety sweep under the EU General Product Safety Regulation, which specifically targeted childcare products such as baby carriers and pacifiers. The government's commitment to introduce marketplace obligations "at the earliest opportunity" suggests these businesses should prepare for:
    • Enhanced due diligence requirements for sellers
    • Product safety verification obligations
    • Improved cooperation with enforcement authorities
    • Potential liability for products sold through their platforms
  • Traditional Manufacturers - Physical product manufacturers will find familiar territory but with expanded scope. The framework's emphasis on lifecycle safety means ongoing obligations rather than point-of-sale compliance. This is particularly relevant for products with software components or internet connectivity.
  • E-Mobility and Battery Sectors - Given the specific mention of e-bike and e-scooter safety concerns, these sectors should expect detailed regulatory attention. The 211 fires reported in 2024 have clearly focused government attention on lithium-ion battery safety.

How does this fit with EU developments?

This development aligns closely with parallel evolution in EU product liability law. The EU's new Product Liability Directive 2024/2853, which we analysed in depth in a recent article, similarly expands liability frameworks to encompass digital products and AI systems.

For UK businesses trading with the EU, this creates a complex compliance landscape. While the UK and EU are moving in similar directions, their specific approaches may diverge. Companies may need:

  • Separate safety documentation for UK and EU markets
  • Different risk assessment procedures for each jurisdiction
  • Distinct labelling and information requirements

What's the bottom line for businesses?

Whether physical or digital, traditional or AI-powered, businesses should start preparing for enhanced safety standards that will apply throughout product lifecycles - not just at the point of sale.

While no new compliance obligations are yet in force, prudent businesses should:

  • Monitor Secondary Legislation: The real regulatory impact will come through forthcoming regulations. Businesses should establish processes to track and respond to consultations and draft regulations.
  • Assess Digital Exposure: Companies with software components in their products should evaluate potential exposure to new digital product safety requirements.
  • Review Supply Chains: The framework's broad scope may affect supplier relationships and contractual arrangements, particularly for complex products with multiple components.

For any questions or concerns regarding the implementation of these regulatory requirements, please contact Andrew Litchfield or Natalie Barton-Howes.