We use cookies to understand site performance and improve follow-up from our team.

    Practitioner's guide

    Product Information File requirements, without the folklore.

    Every cosmetic product on the EU or UK market needs a Product Information File. The regulation is specific about what it must contain and how long it must be kept available. This is a working guide to the five mandatory parts, who is on the hook for them, and how to run the PIF as a living, audit-ready record instead of a folder someone rebuilds the week before an inspection.

    Quick answer

    The Product Information File (PIF) is the dossier a cosmetic Responsible Person must keep, in the language of the Member State of inspection (English in the UK), at their declared address, for ten years after the last batch is placed on the market. Under Article 11 of EU Regulation 1223/2009 and the equivalent UK Cosmetic Regulation, the PIF contains five mandatory parts: a description of the cosmetic product, the Cosmetic Product Safety Report (Annex I), a description of the method of manufacturing and a statement of GMP compliance, proof of the effect claimed where the nature of the claim justifies it, and data on any animal testing carried out by the manufacturer, its agents or suppliers.

    • The five mandatory parts of the PIF under Article 11
    • Who holds the PIF and where it must be available
    • How the PIF relates to the CPSR, CPNP and SCPN notifications
    • What EU competent authorities and the UK OPSS actually inspect
    • The ten year retention rule, and what 'last batch placed on the market' means in practice
    • Why the PIF should be a query against a live data layer, not a PDF folder

    What the PIF actually is

    The Product Information File is the legal dossier behind every cosmetic product on the EU or UK market. It is defined by Article 11 of Regulation (EC) No 1223/2009 and carried across, almost word for word, into the UK Cosmetic Regulation (the assimilated 1223/2009 as amended for Great Britain). The PIF is not a single document. It is a structured collection of evidence that, taken together, allows a competent authority to verify that the product is safe, lawful and as labelled.

    The Responsible Person holds the PIF. In the EU that is a legal or natural person established in the Union. In Great Britain it is a person established in the UK. The PIF must be kept at the address that appears on the product label and must be available, in an electronic or other format, for ten years after the date the last batch of the product was placed on the market.

    Part 1 · Description of the cosmetic product

    The description is the identity of the product. It must allow the PIF to be clearly attributed to the cosmetic in question: trade name, internal reference, intended category (leave-on or rinse-off, area of application), the labelled use, the format, the pack sizes and the markets where it is sold. In practice this is the section that ties the rest of the file to a specific SKU, a specific artwork version and a specific Responsible Person declaration on the label.

    Part 2 · The Cosmetic Product Safety Report (Annex I)

    The CPSR is the heart of the PIF. Annex I of the regulation fixes its structure: Part A gathers all of the safety relevant information about the product (qualitative and quantitative formula, physico-chemical and microbiological characteristics, stability, impurities and traces, packaging material, normal and reasonably foreseeable use, exposure to the product and its substances, toxicological profile of each substance, undesirable effects and supporting evidence for claims). Part B is the Safety Assessor's reasoned conclusion on whether the product is safe for human health when used under those conditions.

    Part B must be signed and dated by a qualified Safety Assessor (diploma in pharmacy, toxicology, medicine or a similar discipline, recognised in the relevant jurisdiction). The CPSR is reviewed and updated whenever there is a material change to the formula, the packaging, the supplier of a substance, the toxicological profile of an ingredient or the claims being made.

    Part 3 · Method of manufacturing and GMP statement

    The PIF must describe the method of manufacturing and include a statement that the product has been manufactured in compliance with Good Manufacturing Practice. ISO 22716 is the harmonised standard that is presumed to demonstrate GMP compliance. In practice this means a process description (mixing, filling, packing), the controls applied at each step and a clear link to the manufacturing site's GMP certification or internal audit evidence. For brands that contract out manufacturing, this section depends on the CMO providing current GMP evidence per site, per product.

    Part 4 · Proof of the effect claimed

    Where the nature of the cosmetic claim justifies it, the PIF must contain proof of the effect. The applicable common criteria are set by Commission Regulation (EU) No 655/2013: legal compliance, truthfulness, evidential support, honesty, fairness and informed decision making. A claim of hydration must be supported. A claim of 24 hour wear, anti-ageing, dermatologically tested or hypoallergenic each carries its own evidence standard.

    In practice the proof file is a structured set of clinical, instrumental or consumer studies, ingredient level evidence and references. Filing evidence against the claim, not against the launch, is what makes this section maintainable as the portfolio grows.

    Part 5 · Animal testing data

    The PIF must contain data on any animal testing performed by the manufacturer, its agents or suppliers, relating to the development or safety assessment of the cosmetic product or its ingredients. In the EU and the UK, animal testing of finished cosmetics and of ingredients for cosmetic purposes is prohibited. This section therefore documents historical tests where they exist, alternative method use (in vitro, in silico, read-across) and, where ingredients have been tested for non cosmetic regulatory purposes (for example REACH), the basis on which that data has been relied upon.

    PIF, CPNP and SCPN are not the same thing

    The PIF is the underlying dossier. The Cosmetic Product Notification Portal (CPNP) is the EU level notification of the product before it is placed on the EU market. Submit Cosmetic Product Notification (SCPN) is the UK equivalent for Great Britain. Notification gives the authorities and poison centres the headline data. The PIF is what they ask for when they want to look behind the headline. A current CPNP or SCPN entry does not relieve the Responsible Person of the obligation to hold a complete, up to date PIF.

    What inspectors actually ask for

    EU competent authorities and the UK Office for Product Safety and Standards (OPSS) inspect on a risk basis and on complaint. When they ask, the request is rarely for the entire file. They ask for the parts they need to test a specific concern: the signed Part B of the CPSR, the substantiation behind a specific claim, the supplier specification for a particular substance, the GMP evidence for the site of last manufacture, the cosmetovigilance log for serious undesirable effects.

    The standard the regulation sets is availability without undue delay. In practice that means hours to days, not weeks. A file that requires someone to rebuild it from email threads, shared drives and a former colleague's laptop will not meet that standard.

    The ten year clock, and what triggers it

    The retention period is ten years from the date the last batch of the product was placed on the market. That last batch is a moving target. A product reformulated, renamed or repackaged is a new product for PIF purposes; the previous PIF clock keeps running on the last batch of the old version, while a new PIF is opened for the new one. In a busy portfolio this quickly accumulates into hundreds of historical PIFs that still have to be retrievable on demand.

    The PIF as a living record, not a snapshot

    Most brands and contract manufacturers run the PIF as a folder. A folder is a snapshot. The moment a supplier changes specification, a substance is restricted, a piece of artwork is revised or a new market opens, the snapshot is out of date and nobody on the team has the time to chase every product it touches.

    A unified data layer flips the model. Substances live in one master, versioned and CAS keyed. Suppliers push specifications and SDSs into a portal that updates every product they touch. Claim substantiation is filed against the claim, not the launch, so a single update flows through every SKU that uses it. The PIF is then a query against live data, generated on demand for any product in any market, with the version of every input pinned at the moment of generation. That is what audit-ready by default looks like.

    Worldover is built around exactly this idea. The PIF, the CPSR pack, the CPNP and SCPN references and the cosmetovigilance log sit on one record, with one substance master underneath. When an inspector calls, the answer is a query.

    FAQs

    Common questions.

    See Worldover on your operation.

    A 20-minute working session. Your SKUs, your customers, your documentation. No slide deck.

    We use cookies to understand site performance and improve follow-up from our team.

    Worldover, AI operating system for chemicals and cosmetics companies

    The AI operating system for substances.

    Worldover is one system that replaces your ERP, PLM, QMS, LIMS, regulatory tools and more – and uses AI to orchestrate every workflow. Designed for chemical, cosmetic and substance-based businesses. 

    • 100% deployment success rate
    • Live in 3 months
    • 16 native modules, one data model

    Used by industry leaders

    HUDA Beauty, Worldover customerICONIC London, Worldover customerThe White Company, Worldover customer
    Substance OS·one record, every module
    Substance record

    Citral

    CAS5392-40-5INCICitralEC226-394-6
    GHS07GHS09
    Stock on hand
    840 kg
    Reorder point
    200 kg
    Next batch
    RUN-4821 · 14 Aug
    • F-2214Rose Attar EDP45 kg18 Aug
    • F-2287Velvet Body Lotion22 kg22 Aug
    • F-2301Signature Shower Gel38 kg29 Aug
    Willow · your AI operator
    Where is Citral exposed across supply and demand?
    Ask Willow anything...

    Meet Willow

    The AI connective tissue that flows through the entire operating system.

    Meet Willow

    Worldover connects your product, customer and regulatory data into one system.

    Then Willow, our AI layer, tells you exactly what to do with it. One platform replaces the patchwork of tools keeping chemicals and cosmetics businesses in the past. Worldover becomes the central hub for your entire operation.

    ERP

    Finance, procurement, inventory and operations in one data model.

    PLM

    Formulation, specs, versioning and change control from concept to shelf.

    QMS

    CAPA, deviations, audits and supplier quality without disconnected modules.

    CRM

    Customer relationships, orders and commercial data tied to the product record.

    LIMS

    Testing, specifications, batch release and COA management in the same workflow.

    Regulatory tools

    Ingredient restrictions, registrations, notifications and global filing status in one view.

    Compliance tools

    REACH, GHS, CLP and other substance rules checked against your live product data.

    Document authors

    SDS, PIF, dossiers, CoA and labels generated from the same source of truth.

    Implementation

    Live in 3 months.

    1. 01

      Weeks 1 to 4

      Scoping and data model

      Map your systems and configure the foundational data model.

    2. 02

      Weeks 5 to 8

      Configuration and migration

      Build modules, migrate master data and run parallel testing.

    3. 03

      Weeks 9 to 12

      Training, testing, go-live

      Train your team, run final QA and go live with support coverage.

    Backed by the world's best investors

    Chalfen Ventures, Worldover investor
    Index Ventures, Worldover investor
    Entrepreneur First, Worldover investor

    Enterprise-grade security

    SOC 2 certified

    SOC 2 certified

    Independently audited controls for security, availability and confidentiality.

    Book a demo

    See Worldover in action today.

    Give us 30 minutes. We'll show you exactly how Worldover would deploy in your business, with your processes, your data and your guardrails.

    • A live tour of the platform and Willow
    • Custom modules mapped to your workflow
    • Typically replaces 4–7 point solutions

    We'll send a calendar link within one business day.

    By submitting you agree to be contacted by Worldover. We'll never share your details.