The Final Countdown: CPSC’s eFiling Requirement Takes Effect One Year From Today

As the saying goes, time flies, and July 2026 will be here before we know it. Companies now have just one year to prepare for the U.S. Consumer Product Safety Commission’s (CPSC or Commission) eFiling requirement, which will take effect on July 8, 2026. As a reminder, CPSC approved a final rule in December 2024 that requires all importers of consumer products subject to a mandatory safety standard to electronically file (at the time of entry or entry summary, if both are filed together) data elements from certificates of compliance for imported products that are subject to a mandatory CPSC standard or rule. A lot can change in a year – or even a month, as regular readers of this Blog will have seen – but, as we wrote in February and as still seems the case today, it appears that CPSC intends to stay on the path laid out in December’s final rule.

Certificates of Compliance

The Consumer Product Safety Act (CPSA) requires that manufacturers and importers issue certificates of compliance for all consumer products that are subject to a consumer product safety rule under the CPSA, or a similar rule, ban, standard, or regulation under any other law enforced by CPSC. Currently, companies are not required to preemptively file certificates of compliance with CPSC. Instead, certificates must be provided immediately upon request by CPSC or U.S. Customs and Border Protection (CBP). Under the December 2024 final rule, however, importers must preemptively attest to compliance by electronically filing data from certificates of compliance.

What is eFiling again?

Electronic filing of Certificate of Compliance data (eFiling) requires importers of regulated consumer products to electronically submit data from certificates of compliance with CBP at the time of entry filing or entry summary filing (if both entry and entry summary are filed together). CBP will then make the data from the certificates of compliance and the corresponding entry data available to CPSC so that CPSC can complete its validation, risk assessment, and admissibility determinations at entry. eFiling is intended to facilitate compliant trade by giving CPSC the data the agency needs to assess the health-and-safety risk profiles of consumer products at import, as well as to sharpen CPSC’s focus and better utilize CPSC’s finite resources to disrupt noncompliant trade.

As required by federal law, CPSC developed a risk assessment methodology (RAM) to identify consumer products intended for import into the U.S. that are likely to violate consumer product safety statutes and regulations. Through its e-filing pilot test programs, CPSC has been using the data to develop RAM algorithms “to triage the enormous amount of import data received from CBP and to detect more effectively noncompliant consumer products arriving at ports of entry.”¹

eFiling PGA Message Sets

To file data electronically with CBP, importers must file Partner Government Agency (PGA) Message Sets that will be added to the CBP-operated Electronic Data Interchange system known as the Automated Commercial Environment (ACE). Importers can file certificate data using the PGA Message Set by (1) filing a minimum of seven data elements (Full PGA Message Set), or (2) filing only a reference to certificate data stored in a voluntary Product Registry separately maintained by CPSC (Reference PGA Message Set).²

The Full PGA Message Set is composed of the following seven data elements from CPSC Certificates of Compliance for regulated consumer products:

1. Identification of the finished product (may use reference to Global Trade Item Number data for this element)

2. Each consumer product safety rule to which the finished product has been certified

3. Date when the finished product was manufactured

4. Place where the finished product was manufactured, produced, or assembled, including the identity and address of the manufacturing party

5. Date when the finished product was most recently tested for compliance with the consumer product safety rule cited above

6. Parties on whose testing a certificate depends (meaning the name and contact information for the entity that conducted the testing)

7. A check box indicating that a required certificate currently exists for the finished product, as required by Sections 14 and 17 of the CPSA

Instead of filing a Full PGA Message Set for certificate data in ACE at entry each time a product was imported, Reference PGA Message Sets allow importers to choose to pre-file information about a product into a Product Registry, maintained by CPSC, before filing an entry with CBP, and to reference this certificate data each time the product was imported thereafter.³ Once certificate data is filed in the Product Registry, filers will only need to provide a reference, or identifier, to the data using the PGA Message Set during the entry process, rather than entering all data multiple times for repeated importations of the same product. Using Reference PGA Message Sets instead of entering a Full PGA Message Set for each entry should minimize data entry; reduce costs and filing time; and allow firms to manage, update, and re-use certificate data in the registry. Additional information regarding PGA Message Set requirements can be found in the CPSC eFiling Implementation Guide.

What about consumer products that are exempt from testing requirements or CPSC’s jurisdiction altogether?

When a certificate is required for a consumer product, but, because of an exemption, exception, or determination in the underlying rule, the product is not required to be tested to a specific performance requirement in that rule, importers must include a testing exclusion code with the PGA Message Set.⁴

When no certificate is required for the product because the product is not within CPSC’s jurisdiction; because the product is not subject to a rule, ban, standard, or regulation that requires certification; or because the Commission has issued enforcement discretion for the product (i.e., certain refrigerators and adult wearing apparel made from CPSC-specified fabrics) importers may submit a Disclaim Message Set.⁵ Disclaim PGA Message Sets are not required, but in eFiling FAQs, CPSC stated that it “encourages importers to file Disclaim PGA Message Sets for the benefit of potentially improving their risk score.” Since agencies can generally revoke enforcement discretion with less notice than would be required for imposing a wholly new regulatory requirement, companies importing such products should carefully monitor CPSC’s activity.

Is your company ready?

While the eFiling requirements are still a year away from taking effect, consumer product importers need to begin preparing now. This is an additional step that must be worked into current trade-compliance practices and may require significant restructuring of electronic, human, or contractual systems. If you have any questions about how your company can prepare or any other questions about CPSC’s eFiling requirement, please reach out to the authors or any of their colleagues on Arnold & Porter’s Consumer Product Safety team.

© Arnold & Porter Kaye Scholer LLP 2025 All Rights Reserved. This Blog post is intended to be a general summary of the law and does not constitute legal advice. You should consult with counsel to determine applicable legal requirements in a specific fact situation.