Cosmetic Product Safety Report (CPSR)

This topic is part of the SG Systems Global regulatory & operations glossary.

Updated November 2025 • EU Cosmetics Regulation 1223/2009 (Annex I), SCCS Notes of Guidance, UK Cosmetics Regulation, ISO 22716, MoCRA • Safety, Regulatory, R&D, Quality, Compliance

The Cosmetic Product Safety Report (CPSR) is the formal, signed expert assessment that states whether a cosmetic product is safe for human health under normal and reasonably foreseeable use. It sits at the core of the Cosmetic Product Information File (PIF) in the EU and UK. Where the PIF is the dossier, the CPSR is the verdict. No CPSR, no lawful product. A generic “safety statement” or a copy‑pasted template does not cut it; authorities expect a product‑specific, data‑driven evaluation performed by a qualified safety assessor, with clear assumptions, calculations and justifications that match the actual product on the shelf.

“The CPSR is where opinion stops and accountable science starts. If the numbers and logic are weak, your product is exposed.”

1) What Is a Cosmetic Product Safety Report?

The CPSR is the structured safety evaluation defined in Annex I of EU Cosmetics Regulation 1223/2009 and mirrored in UK law. It brings together all relevant information about the product—composition, impurities, packaging, exposure, toxicology, user groups and foreseeable misuse—and documents the expert’s conclusion on safety, including any conditions of use and warning statements. It is not a one‑page sign‑off or a marketing claim; it is a technical, evidence‑based opinion that regulators, customers and courts may scrutinise in detail if something goes wrong.

In operational terms, the CPSR is the anchor for downstream controls. Your labelling, warnings, SOPs, manufacturing instructions, MMRs, MES workflows and eBR settings should all be consistent with what the CPSR assumes. If the report says one thing and the factory or label does another, your “safety” is theoretical at best and indefensible at worst.

2) Structure: Part A vs Part B

The CPSR has two mandatory sections:

• Part A – Cosmetic product safety information: structured data about the product (composition, physical/chemical properties, microbiology, impurities, packaging, exposure, toxicology, etc.). This is the evidence base.
• Part B – Cosmetic product safety assessment: the expert’s evaluation and conclusion. This includes discussion of hazards and margins of safety, identification of critical assumptions, and the final judgment “is the product safe?” with conditions and warnings.

Many companies treat Part A as a form‑filling exercise and Part B as boilerplate text. Regulators do not. They expect Part A to be accurate and complete, and Part B to demonstrate that the assessor actually engaged with the data: where are the uncertainties, where are the tight margins, and what controls or warnings are used to manage them?

3) Who Can Sign a CPSR?

By law, the safety assessment must be carried out by a suitably qualified person. Typically this means a university degree in pharmacy, toxicology, medicine or a related discipline, plus demonstrable experience in cosmetic safety assessment. Some organisations use internal safety assessors; others outsource to specialist consultancies. Either way, you need to be able to prove competence—CVs, training records and experience—not just a name on a page.

Using an external assessor does not remove the Responsible Person’s accountability. If the CPSR is blatantly generic, clearly out of date or inconsistent with the product, “our consultant did it” is not a defence. Mature organisations treat safety assessors as part of the governance system: they are given complete and current data, they participate in change‑control reviews, and they are formally re‑engaged when something material changes.

4) Part A: Product Composition & Physical/Chemical Profile

Part A begins with the basics: what is in the product, how much, and in what physical form. The composition section must list all ingredients with their INCI names, functions and typical concentrations or concentration ranges. It also needs to consider impurities, traces from raw materials, catalysts, processing aids, residual solvents and packaging migrants. Ignoring impurities is one of the fastest ways to have your CPSR dismissed as superficial.

The physical/chemical profile covers parameters such as pH, viscosity, particle size for powders or sprays, volatility, flammability, and stability under reasonable storage conditions. These are not academic details; they drive exposure routes (inhalation risk from aerosols, for example) and potential for irritation or sensitisation. If your CPSR uses generic assumptions that ignore the real physical form on the shelf, you have a gap that will surface during inspections or incidents.

5) Part A: Microbiology, Preservation & Stability

Cosmetics are often used repeatedly over weeks or months and stored in bathrooms, handbags and cars. Microbiological quality and preservative performance matter. Part A therefore includes information on microbiological specifications, preservative systems, challenge tests and sterility (for products claimed or designed to be sterile). For water‑rich products or those used around eyes, infants or compromised skin, this section is critical.

Stability data—real‑time, accelerated, in‑use—must support the claimed shelf life, storage conditions and expiry or PAO. Packaging compatibility, including leachables and sorption, should be addressed. If your CPSR assumes a certain preservative concentration or pH for safety, and manufacturing tolerances or process drift push outside that window, you are relying on luck. A credible CPSR clearly ties stability and microbiology conclusions to defined product specifications and cosmetics GMP controls.

6) Part A: Exposure Scenarios & Target Populations

Exposure drives risk. Part A must describe how, how often, how much and on which body sites the product is used. Parameters include application amount per use, frequency, retention time (rinse‑off vs leave‑on), body surface area, inhalation potential for sprays or powders, and whether use is on intact or compromised skin. Exposure factors for adults, children, infants, and special populations (e.g. pregnant women) must be considered where relevant.

Lazy CPSRs simply quote default exposure values without checking if they make sense for the specific product. A thick balm used on a tiny patch of skin is not the same as a lotion applied head‑to‑toe daily. A pressurised aerosol sprayed near the face is not equivalent to a compact powder used with a brush. A serious assessment uses realistic, sometimes conservative, exposure models that reflect the actual product, not whatever was convenient in an old template.

7) Part A: Toxicological Profiles & Margins of Safety

The toxicology section compiles hazard data for each ingredient, usually focusing on endpoints such as systemic toxicity, irritation, sensitisation, phototoxicity, genotoxicity, carcinogenicity, reproductive toxicity and endocrine disruption. For each ingredient, a No Observed Adverse Effect Level (NOAEL) or similar point of departure is selected from animal or human data. The assessor then calculates margins of safety (MoS) by comparing NOAELs to estimated systemic exposures (SEDs) derived from Part A exposure data.

This is where expertise shows. Poor CPSRs cherry‑pick convenient NOAELs, ignore species or study quality issues, and gloss over ingredients with scarce data. Good CPSRs explicitly state data sources, justify the chosen point of departure, address read‑across and uncertainty factors, and flag where margins are tight or where only weight‑of‑evidence judgments are possible. When regulations or SCCS opinions change, this is also the section that must be revisited quickest, not ignored until the next product refresh.

8) Part B: The Safety Assessment & Conclusion

Part B is where the assessor actually answers the question: is this cosmetic product safe under normal and reasonably foreseeable conditions of use? It summarises key hazards and exposure, discusses margins of safety, identifies any critical uncertainties, and sets out conditions or restrictions needed to maintain safety (e.g. “do not apply on damaged skin”, minimum ages, professional‑only use, avoidance of eye area, reduced frequency).

The conclusion must be specific, not generic: it should reference the actual formulation and packaging, the intended users and any necessary warnings or directions for use. It should also discuss vulnerable groups where relevant (infants, young children, pregnant women) and justify the decision if data are limited. A one‑line conclusion pasted onto hundreds of products is a red flag; regulators expect Part B to show real engagement with the data in Part A, not copywriting.

9) Links to GMP, Manufacturing & Quality Systems

The CPSR is built on assumptions: that the formula matches what is actually made, that specifications are respected, that preservatives and pH are within defined ranges, that microbiology is under control and that packaging is as described. Those assumptions live or die in your quality system and manufacturing controls. If reality diverges—uncontrolled reformulations, ad‑hoc substitutions, poor cleaning, incorrect filling or uncontrolled rework—the CPSR is effectively void.

This is why regulators look for alignment between the CPSR, ISO 22716 practices, MES/eBR controls and lab specifications. Mature organisations treat the CPSR as an input to manufacturing design: process limits, in‑process controls, sampling plans and release tests are all grounded in the safety assessment. Immature ones let manufacturing and safety evolve separately and hope nothing breaks in between. Regulators are not fooled by the latter.

10) Special Cases: Children, Eyes, Mucous Membranes & Inhalation

Not all cosmetics are equal. Products intended for children under three, around the eyes, on mucous membranes or in spray/powder form require extra attention. Exposure patterns, skin barrier function, behaviour, accidental ingestion and inhalation risk are all different. SCCS Notes of Guidance and local guidelines provide specific expectations here; ignoring them is asking for problems.

A serious CPSR treats these as distinct cases: lower acceptable margins of safety, stricter impurity and contamination limits, more conservative exposure estimates and sometimes additional testing (e.g. ophthalmological tests for eye‑area products). Claims like “safe for babies” or “ophthalmologist tested” without matching depth in the CPSR are not just marketing over‑reach; they are open invitations for regulators and litigators to dig deeper.

11) Fragrances, Allergens & Sensitisation Risk

Fragrances and certain preservation systems are the primary drivers of cosmetic sensitisation. The CPSR must consider allergen labelling, individual and cumulative exposure to known sensitisers, and relevant restrictions or opinions (e.g. on specific fragrance ingredients). For leave‑on products or those used on children, the stakes are higher.

Real‑world safety assessment here means more than ticking a box that “fragrance complies with IFRA”. The assessor should look at total allergen load across the formula, cross‑product exposure where the brand encourages layering, and post‑market data for similar formulas. If complaints and serious undesirable effects cluster on certain product lines or regions, the CPSR needs to be revisited, not quietly filed away while marketing pushes more of the same into the market.

12) Digital CPSRs, Data Integrity & System Integration

As portfolios grow, CPSRs cannot live as disconnected Word files on shared drives. A single formula tweak, raw material change or new SCCS opinion can invalidate dozens of reports. The only sustainable model is a digital CPSR backbone where:

• Formulation data are pulled from controlled master data and BOMs, not re‑typed manually.
• Exposure and MoS calculations are transparent, versioned and re‑runnable when assumptions change.
• CPSR documents are managed in a validated DMS with audit trails, e‑signatures and data‑integrity controls.
• Change‑control workflows trigger mandatory CPSR impact assessments for formulation, packaging and process changes.

This is where integration with QMS, LIMS, MES and complaint systems becomes strategic, not “nice to have”. Trying to manage safety assessments with spreadsheets and ad‑hoc file names is a short‑term cost‑saving that usually ends up expensive.

13) MoCRA & Global Safety Assessment Landscape

Outside the EU/UK, safety assessment expectations are converging. The US Modernization of Cosmetics Regulation Act (MoCRA) now explicitly requires “adequate safety substantiation”. Other regions demand similar documentation even if they do not use the term “CPSR”. Running separate, inconsistent safety approaches by region is a good way to lose control of your risk profile.

The pragmatic path is to treat the CPSR framework as the global backbone for safety substantiation. Regional overlays then capture additional requirements (e.g. local restrictions, specific test expectations, language around adverse event reporting). That way, a change in formula or new hazard assessment can be propagated coherently, instead of spawning parallel, conflicting assessments that diverge over time and are impossible to reconcile when regulators compare notes across markets.

14) Typical CPSR Weaknesses & How to Fix Them

When authorities, customers or auditors review CPSRs in detail, the same weaknesses appear again and again:

• Part A data that do not match the actual formula, packaging or specifications in use.
• Copy‑pasted toxicology and conclusion text across unrelated products.
• Margins of safety calculated with outdated exposure factors or NOAELs that ignore newer data or SCCS opinions.
• No explicit treatment of children, mucous membranes or inhalation risks where they are clearly relevant.
• No clear link between post‑market data (complaints, SUEs) and CPSR updates.
• CPSRs stored outside controlled systems, with no version traceability and no integration with change control.

Fixing this is not glamorous work, but it is straightforward: update templates to force product‑specific thinking; implement a risk‑based review plan prioritising high‑volume, high‑risk or problem‑prone products; bring CPSRs into validated DMS/QMS workflows; and tie them explicitly into formulation master data, PIF governance and post‑market surveillance. Anything less is hoping nobody ever looks too closely—and regulators are already looking more closely.

15) Implementation Roadmap & Practice Tips

For organisations with legacy or patchy CPSR coverage, a realistic roadmap looks like this:

• Inventory products: identify all cosmetics currently on the market and those still within the 10‑year retention window.
• Map CPSR status: confirm whether each product has a CPSR, and whether it is current, partially current or obsolete.
• Risk‑rank: prioritise by volume, user population (children, sensitive areas), formulation complexity, complaint history and regulatory scrutiny.
• Standardise templates: implement Annex I‑aligned Part A/Part B templates that force explicit assumptions and references.
• Digitise & integrate: move CPSRs into a validated DMS integrated with QMS and formulation systems; retire local copies.
• Embed in change control: require safety assessor sign‑off for relevant changes and ensure CPSR/PIF versions are updated before launch.
• Link to post‑market data: align cosmetovigilance, complaints and SUE workflows with CPSR review triggers.

Do not wait for an inspection or a high‑profile adverse reaction to start. When regulators arrive or lawyers get involved, you either have coherent, defensible safety assessments—or you have a pile of excuses. The CPSR is where that line is drawn.

FAQ

Q1. Is a CPSR mandatory for every cosmetic?
Yes. Under EU and UK cosmetics laws, every cosmetic product placed on the market must have a Cosmetic Product Safety Report as part of the PIF. There are no volume or brand‑size exemptions.

Q2. How often must the CPSR be updated?
There is no fixed calendar frequency in the law, but the CPSR must be kept up to date. Any significant change in formulation, raw materials, packaging, use conditions, regulatory limits or relevant safety data should trigger a review and, where needed, a revised CPSR.

Q3. Can we reuse a CPSR across similar products?
You can leverage common data and assessments for closely related products (e.g. shade or fragrance variants), but each marketed product must be explicitly covered. If exposure, ingredients or use patterns differ, the CPSR must reflect those differences, not pretend they do not exist.

Q4. Can the CPSR be fully electronic?
Yes. In practice, it should be, especially for larger portfolios. The key is that it is controlled (versioned, signed, traceable), accessible to authorities and consistent with underlying data. Electronic CPSRs managed in a validated DMS/QMS environment are usually more robust than scattered paper files.

Q5. What is the first practical step to improve weak CPSRs?
Start with a gap assessment: map existing CPSRs to current formulas and labelling, identify obviously generic or outdated reports, and risk‑rank products. Then standardise your templates, bring CPSRs under document control, and focus on updating high‑risk and high‑volume products first before cleaning up the long tail.

Related Reading
• Cosmetics & Regulatory: PIF | ISO 22716 | MoCRA | INCI
• Quality & Systems: QMS | DMS | Data Integrity | Change Control
• Manufacturing & Execution: MES | eBR | MMR | Recall Readiness