There is a version of this story where the headline writes itself: CPSC requires electronic filing of product certificates starting July 8, 2026. That is accurate, and for some importers it is all they need to know to start making calls. But the rule has enough moving parts: two certificate types, two filing methods, seven required data elements, a phased enforcement posture, roughly 600 flagged HTS codes, and a separate registry system that works differently from the main ACE submission—that a one-liner does not really serve anyone who needs to act on it.
What the Rule Actually Does
The Consumer Product Safety Commission has required importers and manufacturers to maintain Certificates of Conformity since 2008. This has not changed. What changed on July 8, 2026, is what you have to do with those certificates. Under the old system, you kept the certificate on file and produced it if someone asked. Under the new system, the certificate data has to be electronically filed with U.S. Customs and Border Protection through the Automated Commercial Environment at the time of entry. Proactively, before your goods arrive, not reactively when a regulator comes knocking.
This applies to two certificate types. The Children’s Product Certificate covers products designed or intended for children and subject to mandatory CPSC safety standards. The General Certificate of Conformity covers general-use products—non-children’s products that are subject to applicable consumer product safety rules. If your product required either type of certificate before July 8, it still does. The eFiling rule does not expand the universe of covered products. It just changes the submission mechanic entirely.
One carveout worth noting: products entering through a Foreign Trade Zone get additional runway. The eFiling requirement for FTZ entries does not take effect until January 8, 2027. Everything else is live now.
The Seven Data Elements
Every eFiled certificate must include seven specific data elements. These are not optional fields or suggested inclusions. They are required at the time of entry for every covered shipment.
The first is a product identifier. This can be a GTIN, SKU, UPC, model number, serial number, registered number, or an alternate ID; a custom alphanumeric string that links back to information about the trade party. Whichever format you choose, be consistent within each product line. Mixing identifier types for the same product across different shipments can create administrative headaches.
The second is the cited safety rule. You must reference the specific CPSC regulation the product is certified against. This is the importer’s responsibility. CPSC does not assign the applicable rule for you. If your product is subject to multiple standards, each one needs to be cited.
Third is the date of manufacture, at minimum the month and year, or a starting month and year for a continuous production batch.
Fourth is the place of manufacture, including the name, full address, and contact information of the manufacturing party. City, state if applicable, and country are the minimum.
Fifth is the date of the most recent compliance testing. Not the testing program or a reference to historical results — the date when the testing most recently occurred.
Sixth is the testing laboratory’s contact information: name, full address, and phone number of whatever lab ran the compliance testing. For General Certificates of Conformity, third-party testing is not always required, so this field may reference an in-house testing program. But if a third-party lab was used, it has to be identified.
Seventh is the contact information for the party maintaining the test records. This person or entity does not have to be from the same firm that issued the certificate, but the certifying firm is responsible for ensuring test records can be produced when requested.
Getting any of these wrong or leaving them incomplete can result in your shipment being flagged, placed under review, or held for examination.
Two Ways to File
Importers have two methods for transmitting this data through ACE, and the choice between them matters more than it might initially seem.
The first is the Full PGA Message Set. Under this method, all seven data elements are transmitted fresh with each shipment at the time of entry. The upside is simplicity of setup: there is no pre-registration required, and each submission is self-contained. The downside is volume. If you are moving the same products repeatedly, you are re-entering the same information every time a shipment comes through. For importers with a varied catalog, infrequent shipments, or products that change frequently, the Full Message Set is likely the more practical path.
The second is the Reference PGA Message Set, which uses CPSC’s Product Registry. The Product Registry is a separate, secure CPSC database that sits outside of ACE. Under this method, an importer pre-registers certificate data in the Registry and then, at the time of entry, transmits only three identifiers through ACE: a Certifier ID, a Product ID, and a Version ID. Those identifiers point back to the full certificate data already on file. When the same product is imported repeatedly with no material changes to its compliance profile, the certificate can be registered once and referenced indefinitely.
The efficiency gain is significant for high-volume importers. The tradeoff is setup time on the front end, and the need to keep Registry data current. If product specifications, manufacturing location, or testing information changes in a way that affects compliance, a new certificate version needs to be entered. The Privacy and permission settings in the Registry also need to be configured carefully to avoid inadvertent disclosure of sensitive supply chain information to unauthorized parties.
For most importers moving volume in a consistent product catalog, the Product Registry is the right long-term infrastructure. For smaller importers or those with highly variable shipments, the Full Message Set avoids the Registry setup burden without a major ongoing cost.
How Enforcement Will Work
CPSC has indicated that it will not initially instruct CBP to reject shipments outright based solely on missing eFiling data. For now, the system issues warning messages rather than hard reject messages for absent PGA data. That is a softer rollout than many anticipated, and it is worth understanding correctly.
What it means: the system will not automatically bounce your entry because the certificate data is missing. What it does not mean: you can ignore the requirement without consequence. Incomplete filings raise a shipment’s risk profile in CPSC’s review system, which means more examinations, longer holds, and greater scrutiny. CPSC exams can run up to 60 days, and the costs associated with those holds fall on the importer. A warning message is a ramp, not an exemption, and CPSC has been clear that it will continue to enforce the underlying certificate requirements and can submit requests to CBP to initiate seizure of non-compliant products.
The agency’s initial enforcement focus is on roughly 600 Harmonized Tariff Schedule codes it has identified as likely to contain regulated products; categories ranging from all-terrain vehicles and lawn mowers to children’s furniture, toys, pacifiers, carpets and rugs, wearing apparel, and mattresses. If your products fall within any of those codes, expect scrutiny from day one. If they fall outside those codes, that is not a green light. CPSC is explicit that the obligation to determine whether your product requires certification belongs to the importer, regardless of HTS flagging. A product that requires a GCC or CPC but is classified under a non-flagged code is still subject to the rule.
CPSC offers a free tool called the Regulatory Robot on its website that asks a series of questions about your product and returns a report on likely applicable requirements. If you have not used it and are uncertain about your product’s certification status, it is a reasonable starting point.
The Practical Checklist
If you are an importer of covered consumer products and you have not yet addressed eFiling, the to-do list is straightforward even if the execution takes some additional work.
Start by auditing which of your imported products require a GCC or CPC. This is the foundational question, and everything downstream depends on getting it right. Coordinate with your manufacturers, suppliers, and testing labs to confirm you have all seven required data elements for each covered product. Decide whether the Full or Reference PGA Message Set is the better fit for your import profile, and if you choose the Product Registry route, begin registration now. Set privacy and permission controls in the Registry to protect sensitive supply chain data. Designate a single internal point of contact for eFiling across your supply chain partners to avoid conflicting data submissions. Make sure your customs broker has complete, accurate certificate data before each shipment files. And monitor CPSC for any updates to the flagged HTS code list or changes to applicable safety standards, since those changes directly affect what has to be filed.
The administrative machinery here is very real, and it is not going away any time soon. The better your data infrastructure on the front end, the lower the operational drag on every shipment that follows.