Your cosmetic product is ready. Your PIF probably isn’t.

Your PIF probably isn’t.

You’ve spent months on this. The formula is right. The packaging finally looks the way you imagined it. You’ve got a launch date, a list of stockists, and a marketing plan that took weeks to pull together.

And then someone asks for the PIF.

It’s one of those moments that catches a lot of founders off guard — not because they don’t know what a PIF is, but because they assumed the hard part was done. The manufacturer handed over a folder. There’s a safety document in there. Surely that’s enough.

Usually, it isn’t. And the gap between what most indie brands have and what the EU actually requires is where a lot of launches run into trouble.

This isn’t a guide to what a PIF is. If you’re reading this, you already know it’s the document that underpins your product’s legal right to be on the EU market. What I want to talk about is where things go wrong in practice — because the mistakes aren’t random. They follow a pattern, and they tend to show up at the worst possible time.

The assumption that costs the most

The single most common issue we see isn’t a missing document. It’s a misidentified one.

A manufacturer’s technical dossier is not a PIF. It contains data that overlaps with what a PIF requires — formula information, ingredient specifications, sometimes stability data. But it’s built for the manufacturer’s own quality system, and possibly for the regulatory requirements of whatever country they operate in. That’s a very different thing from what EU Regulation 1223/2009, Article 11, actually demands.

The distinction matters because the two documents serve different purposes. A manufacturer’s dossier answers the question: how was this product made? A PIF answers the question: is this product safe, compliant, and traceable — right now, as it currently exists, for the market it’s being sold in?

When a competent authority requests your PIF, they’re not asking for a manufacturing record. They’re asking for proof that you’ve met your legal obligations under EU law. And ‘my manufacturer gave me this folder’ isn’t an answer that holds up.

Where it actually breaks down

There are four places where we consistently find problems when auditing PIFs for indie brands. None of them are exotic. But all of them are serious.

1. The CPSR is signed, but not valid

A Cosmetic Product Safety Report needs to be prepared by someone with the right qualifications — a degree in pharmacy, medicine, toxicology, or a related discipline, as set out in Annex I of the Regulation. Not everyone offering safety assessment services meets that bar, and some assessors operate in ways that wouldn’t survive scrutiny if the CPSR were examined closely.

But the more common problem isn’t credentials. It’s currency. The CPSR must assess the product as it currently exists: current formula, current concentrations, current packaging. If anything changed after the report was signed — a preservative adjusted, a fragrance supplier switched, the formula tweaked for better stability — the report no longer reflects what’s on the shelf.

Technically, at that point, you’re selling a product without a valid safety assessment. That’s not a technicality anyone wants to be tested on.

2. The INCI list and the label don’t match

This one sounds simple. In practice, it trips up a surprising number of brands.

INCI nomenclature gets updated. What was the correct name for an ingredient two or three years ago may have since been revised. Fragrance allergens above certain thresholds require specific declaration. Nanomaterials need to be flagged with [nano]. Colourants follow their own naming rules. And the INCI list in your PIF needs to be exactly — not approximately — what appears on your label.

Regulators read across documents. If the CPSR references ingredient X and your label lists ingredient Y, that inconsistency raises a question about whether the document has been updated to reflect reality. It also raises a question about whether the product is actually the one that was assessed.

It’s a coherence problem as much as a labelling one. And it’s fixable — but only if you catch it before someone else does.

3. The PIF reflects version 1 of your product

Indie brands iterate. That’s one of the things that makes them good at what they do — they respond to feedback, they improve, they adapt. A formula gets refined. A new preservative system proves more effective. The packaging changes to meet sustainability targets.

Every one of those changes is a potential PIF trigger. Some require a full update of the CPSR. Others need updated stability data, or a revised description of the manufacturing method. All of them need to be reflected in the PIF before the updated product goes to market.

The PIF isn’t a document you create once and file away. It’s a living record of your product as it currently exists. This is probably the least understood ongoing obligation in indie brand compliance — and one of the most common reasons a PIF falls apart under scrutiny.

4. The Responsible Person doesn’t actually have the PIF

This one is more structural. Your Responsible Person is the legal entity in the EU that holds accountability for your product’s compliance. They must be named on the label, be reachable by authorities, and — crucially — hold the PIF.

The problem is that some RP arrangements are essentially administrative. The RP handles the CPNP notification, sits on the label, and not much else. If the competent authority contacts them and asks for the PIF, they need to be able to produce it — a complete, current version, not a partial file or a document from two years ago.

Choosing a Responsible Person isn’t just a regulatory box to tick. It’s choosing who stands between your brand and a regulatory authority on a day when things get uncomfortable. That relationship is worth taking seriously.

What a solid PIF looks like in practice

It doesn’t need to be a 300-page document. For most indie brands with a small portfolio, it doesn’t need to be complex. What it needs to be is complete, coherent, and current — and those three things are harder to achieve simultaneously than they sound.

At a minimum, your PIF needs to contain: a product description (intended use, target population, how it’s applied); the full formula with INCI names, concentrations, and the function of each ingredient; a valid CPSR, Parts A and B, signed by a qualified EU safety assessor; evidence of GMP compliance (typically an ISO 22716 certificate or declaration); stability and microbiological data appropriate to the product type; evidence supporting any efficacy or marketing claims made on the label; and a declaration regarding animal testing.

But the list isn’t really the point. The point is coherence. The formula in the CPSR must match the INCI on the label. The claims assessed must match the claims on the packaging. The manufacturing site referenced must be the one that actually made the product. These aren’t bureaucratic details — they’re the checks a regulator runs when they want to know whether your compliance is real or cosmetic.

Getting this right from the start is significantly less expensive than reconstructing it later. And for brands that want to scale — adding distribution partners, entering retail, expanding to new markets — a clean, complete PIF is often what determines whether a conversation moves forward or stalls.

The check you didn’t know was coming

Here’s something that doesn’t get talked about enough: EU market surveillance isn’t theoretical, and it isn’t only pre-market. National competent authorities — ANSM in France, BfR in Germany, AEMPS in Spain — can and do request PIFs from brands already on the market. There’s no advance notice. There’s no grace period for getting your documentation in order.

Most indie brands will never face a formal request. But the ones that build solid compliance foundations from the beginning aren’t just protecting themselves against an unlikely event. They’re building infrastructure that makes everything else easier — retail listings, distribution agreements, new market entries, brand acquisitions.

Your PIF should reflect your product the way your product reflects your brand. If you’re not confident it does, that’s the right place to start.

At Cláritas Regulatory, we work directly with indie brands on PIF audits, gap analysis, and full PIF preparation. If you’re not sure where your documentation stands — or if you know something’s missing but aren’t sure what — we’re happy to take a look. Get in touch.