Compliance

Product Information File (PIF): What Goes In and How to Create It Correctly

INCIkit Editorial14 min read
Creating a Product Information File — document folder with the mandatory PIF components for cosmetic products under EU Regulation 1223/2009

The Product Information File (PIF) is the central compliance document for every cosmetic product in the EU. No product may be placed on the market without a complete PIF — Art. 11 of the EU Cosmetics Regulation (EC) No 1223/2009 sets this out unambiguously. Yet in practice the PIF is one of the most common weak points during market surveillance inspections.

The reasons are almost always the same: incomplete safety assessments, outdated formulation data, missing GMP evidence or a structure that cannot be found when it matters. Especially for small and contract manufacturers in the DACH region working with limited regulatory-affairs resources, maintaining the PIF quickly becomes a burden.

This guide explains, step by step, how to create a PIF correctly: which components are mandatory, what the safety assessment (CPSR) must contain, what a practical PIF structure looks like and which mistakes you should avoid. With concrete examples from cosmetics manufacturing.

What is a Product Information File — and why is it mandatory?

The Product Information File (PIF) — often simply called the product dossier — is the complete documentation of a cosmetic product. It contains all the information that proves a product is safe, correctly labelled and manufactured under GMP conditions.

The legal basis is Art. 11 of the EU Cosmetics Regulation (EC) No 1223/2009. In essence it states: from the moment a product is placed on the market, the Responsible Person must keep a product information file for the cosmetic product. The PIF must be “readily accessible” to the competent authorities at the address indicated on the label.

Key rule

No cosmetic product may be placed on the market in the EU without a complete PIF. This applies regardless of company size, product category or distribution channel — including products that are sold exclusively online.

The PIF is not a static document. It must be updated whenever the formulation, the manufacturing method or the safety assessment changes — and that throughout the entire life cycle of the product. In practice this means: as long as a product is being manufactured, the PIF lives on too.

PIF components under the EU Cosmetics Regulation 1223/2009

Art. 11(2) of the EU Cosmetics Regulation defines five mandatory components that every PIF must contain. These requirements are non-negotiable — a PIF missing any one of these components is incomplete and therefore a compliance risk.

1. Product description and formulation

The PIF must contain a clear description of the product: name, category, intended use and the complete qualitative and quantitative composition. The formulation must list all ingredients with their INCI names and percentage shares.

  • Product name and, where applicable, article number
  • Product category (leave-on, rinse-off, etc.)
  • Intended target group and area of application
  • Complete formulation with INCI names and concentrations (%)
  • Function of each ingredient (emulsifier, preservative, fragrance, etc.)

Important: The formulation in the PIF must match exactly the product actually manufactured. When the formulation changes, the PIF — and in particular the safety assessment — must be updated promptly. A common audit finding: the INCI list on the label does not match the formulation in the PIF.

2. Safety report (CPSR / safety assessment)

The Cosmetic Product Safety Report (CPSR) is the heart of the PIF. It consists of two parts:

  • Part A — safety information: Quantitative and qualitative composition, physico-chemical properties, stability data, microbiological quality, impurities, packaging data, exposure estimation and toxicological profiles of the ingredients.
  • Part B — safety assessment: Conclusion of a qualified safety assessor (toxicologist, pharmacist or similar) as to whether the product is safe under intended and reasonably foreseeable use.

Part A in particular is the most demanding step for manufacturers: all formulation data, raw material specifications and exposure data must be prepared in a structured way before the external assessor can begin Part B. Tools such as the CPSR assistant in INCIkit support this preparatory work by compiling the data directly from formulation management — including MoS pre-calculation and exposure data.

3. Evidence of GMP compliance

The PIF must demonstrate that manufacturing meets the requirements of good manufacturing practice (GMP). In practice this means: a reference to ISO 22716 and the corresponding documentation (batch records, quality control reports, SOPs).

4. Proof of efficacy

If claims are made on the product or in advertising (e.g. “moisturising”, “anti-ageing”, “mattifying”), these must be substantiated by suitable evidence. This can take the form of clinical studies, in-vitro tests, consumer studies or literature references.

Without an advertised efficacy claim, this component does not apply — the PIF then only needs to document that no claims are made.

5. Animal testing data

If animal testing was carried out in connection with the development of the product (including tests performed to satisfy the legislation of third countries), it must be documented. Since 2013, animal testing for cosmetic products and their ingredients has been completely banned in the EU.

CPSR cosmetic safety assessment: the heart of the PIF

The CPSR is the most demanding and most expensive part of the PIF — and at the same time the most important. No product may be placed on the market without a valid safety assessment. The requirements are set out in detail in Annex I of the EU Cosmetics Regulation.

Part A: safety information

Composition, stability, microbiology, packaging, impurities, exposure data and toxicological profiles. Provided by the manufacturer.

Part B: safety assessment

Conclusion of the safety assessor: is the product safe under intended use? Must be prepared by a qualified expert with a university degree in toxicology, pharmacy or similar.

The safety assessor needs a range of information from the manufacturer in order to carry out the assessment:

  • Complete quantitative formulation with INCI names
  • Specification data sheets for all raw materials (TDS/SDS/CoA)
  • Stability data (accelerated and long-term stability)
  • Microbiological test results (challenge test / PET)
  • Packaging specification including migration data
  • Product category, target group and intended area of application

Practical tip

Prepare all documents for the safety assessor in a structured and complete way before you place the order. Missing data leads to queries, delays and additional costs. A common mistake: raw material specifications are missing or outdated.

Practical example: PIF for a moisturising face cream

A natural cosmetics manufacturer in southern Germany is launching a new face cream. The PIF comprises:

PIF componentContent (specific)Status
Product descriptionFace cream, leave-on, 50 ml, target group: adults, normal to dry skinComplete
Formulation12 ingredients, quantitative with INCI names and %Complete
CPSR Part AStability data (6 months accelerated), PET, raw material CoAs, packaging migrationComplete
CPSR Part BSafety assessment by an external toxicologist, conclusion: safe under intended useComplete
GMP evidenceReference to ISO 22716, batch records, QC recordsComplete
Proof of efficacyClaim “moisturising”: corneometry study with 20 subjectsComplete
Animal testing dataNo animal testing carried out (declaration documented)Complete

In total, the manufacturer needed 8 weeks to create the PIF — of which 4 weeks were spent waiting for the external safety assessment. In practice, the lead time for the CPSR is the time-critical path.

Product Information File template: how to structure a PIF correctly

The EU Cosmetics Regulation does not prescribe any particular format for the PIF. In practice, however, a folder structure that clearly reflects the five mandatory components and is quick to navigate during audits has proven effective.

Recommended PIF folder structure

PIF — [product name] [version]

├— 01_Product_description/

├— Product_data_sheet.pdf

├— Formulation_quantitative.pdf

└— INCI-list_final.pdf

├— 02_Safety_assessment/

├— CPSR_Part_A.pdf

├— CPSR_Part_B.pdf

├— Stability_data/

├— Challenge_Test.pdf

└— Raw_material_CoAs/

├— 03_GMP_evidence/

├— GMP_declaration.pdf

└— Batch_Records/

├— 04_Proof_of_efficacy/

└— Study_moisture_measurement.pdf

└— 05_Animal_testing_data/

└— Declaration_no_animal_testing.pdf

You will find a printable version of this structure in our free PIF template area.

Practical tip

Number the folders according to the five mandatory components. That way any auditor can immediately place the structure. Use descriptive file names with product name and version. Avoid generic labels such as “Document_final_v2.pdf”.

Practical example: PIF responsibility in contract manufacturing

A start-up cosmetics brand from Vienna has its products manufactured by a contract manufacturer in Germany. The question: who creates and maintains the PIF?

PIF componentResponsibleWhy
Product description / formulationContract manufacturerDeveloped the complete formulation
CPSR (safety assessment)Brand ownerCommissions the external safety assessor, as it is the Responsible Person
GMP evidenceContract manufacturerProvides the GMP declaration and batch records
Proof of efficacyBrand ownerCommissions studies for its claims
PIF consolidation & maintenanceBrand ownerIs legally obliged to do so as the Responsible Person

The critical point: in contract manufacturing, the documents have to be brought together from different sources. If the contract manufacturer changes the formulation and the brand owner does not update the safety assessment, a gap arises — one that is immediately apparent during an audit.

Common mistakes when creating a PIF — and how to avoid them

Market surveillance authorities and auditors encounter the following mistakes regularly:

CPSR not updated after a formulation change

The formulation was changed (e.g. a different preservative), but the safety assessment still refers to the old composition. This renders the entire PIF invalid.

Raw material specifications missing or outdated

The safety assessor needs up-to-date CoAs and specification data sheets. Missing or outdated documents delay the assessment or lead to follow-up requests during audits.

No stability data available

Stability tests (accelerated and long-term) are a mandatory component of CPSR Part A. Without stability data, no valid safety assessment can be produced.

PIF not findable or not structured

The PIF must be “readily accessible” to the authorities. If documents are scattered across different computers, different folders and email inboxes, this requirement is not met.

Proof of efficacy missing for advertised claims

The label says “anti-ageing”, but there is no proof of efficacy in the PIF. This is a breach of Art. 20 of the Regulation.

GMP evidence missing or informal

A sentence such as “We work in accordance with GMP” is not enough. The evidence must be concrete: a reference to ISO 22716, a GMP certificate, or documented batch records and QC records.

Checklist: creating a PIF for cosmetic products

Use this checklist as a quick reference before you finalise a PIF or hand it over to market surveillance:

PIF completeness check (as of 2026)

Product description

  • Product name, category and area of application documented
  • Complete quantitative formulation with INCI names and %
  • INCI list created and verified against CosIng
  • Function of each ingredient stated

Safety assessment (CPSR)

  • Part A: all safety information compiled
  • Raw material CoAs and specification data sheets up to date
  • Stability data available (accelerated + long-term)
  • Microbiological testing (challenge test / PET) carried out
  • Packaging migration data available
  • Part B: safety assessment completed by a qualified person
  • CPSR refers to the current formulation version

GMP, efficacy & animal testing

  • GMP evidence documented (ISO 22716, batch records, QC)
  • Proof of efficacy available for all advertised claims
  • Animal testing declaration documented

Organisation & maintenance

  • PIF available at the address of the Responsible Person
  • Structured folder layout (5 mandatory components)
  • Versioning: all documents with date and version
  • Archiving ensured for at least 10 years
  • Update process defined for formulation changes

Manage PIF data in a structured way

INCIkit links formulations, raw material specifications and batch records — the data foundation you need for a complete PIF.

Try it free for 14 days

Conclusion: the PIF is not a one-off document

The Product Information File is more than a mandatory filing — it is the living compliance document of your product. Every formulation change, every new batch, every new claim creates a need for updates. Anyone who sets this up in a structured way from the outset saves weeks of audit preparation when it matters.

The most important takeaways:

  • Every cosmetic product in the EU needs a complete PIF with 5 mandatory components
  • The CPSR (safety assessment) is the most demanding part — allow 4–8 weeks of lead time
  • When the formulation changes, the entire PIF (including the CPSR) must be updated
  • Structured folders with clear numbering make the PIF audit-ready
  • In contract manufacturing, responsibilities for each PIF component must be clearly defined
  • Digital management is not mandatory, but in practice strongly recommended

FAQ: Frequently asked questions about the PIF

Who is responsible for the PIF?

The Responsible Person under Art. 4 of the EU Cosmetics Regulation is responsible for providing and updating the PIF. This is the manufacturer, the importer or a designated person within the EU. The PIF must be kept at the address of the Responsible Person indicated on the label.

Must every product variant have its own PIF?

Yes, provided the composition or the safety assessment differs. For purely cosmetic differences such as packaging colour or pack size, a shared PIF with a variant annex may suffice. As soon as an ingredient changes, however — including its concentration — a separate safety assessment, and therefore a separate PIF, is required.

How long must a PIF be kept?

At least 10 years after the last batch of the product was placed on the market (Art. 11(3)). In practice this means: if a product has a minimum durability of 3 years and the last batch is produced in 2026, the PIF must remain available until at least 2039.

Can the PIF be kept digitally?

Yes. The EU Cosmetics Regulation does not prescribe any particular format. The PIF may be kept on paper or electronically. What matters is that it is readily accessible to the authorities at the address of the Responsible Person. For practical reasons — in particular the 10-year retention obligation and rapid audit readiness — keeping it digitally is strongly recommended.

What does a safety assessment (CPSR) cost?

Costs vary depending on the complexity of the formulation and the provider. For a standard cosmetic product with 10–15 ingredients, costs typically range between EUR 300 and 800. Products with special claims (e.g. sun protection, anti-ageing) or a large number of ingredients can be considerably more expensive. The safety assessment must be carried out by a qualified person with demonstrated expertise in toxicology.

What happens if the PIF is missing during an inspection?

The market surveillance authority can prohibit the product from being placed on the market. Further consequences range from fines and distribution bans to product recalls. In addition, a missing PIF can lead to the loss of orders during a trade-partner audit — potentially existence-threatening for contract manufacturers.

Further resources

Want to document your cosmetics with full compliance?

INCIkit builds PIF, INCI list and batch records from your formula data — ready for the authority check.

INCIkit Editorial

Cosmetics Compliance Desk

Share:

More articles