When a lipstick becomes a legal risk: what 2025’s cosmetic recalls reveal about product compliance.

Three recent recalls, three lessons

Case 1 — The moisturiser that burns

Several brands were pulled from the market in 2025 for using a methylchloroisothiazolinone (MCI) and methylisothiazolinone (MI) blend in leave-on products. Both preservatives are authorised in rinse-off products, but explicitly banned in a cream you leave on the skin. The reason has been documented for years: burn risk, eye lesions, severe allergic reactions.

The trap? The exact same formula can be perfectly legal in a shower gel and entirely banned in a day cream. Compliance does not hinge on the product itself — it hinges on its end use.

Case 2 — Heavy-metal makeup

A makeup palette flagged by Ireland contained arsenic, lead, nickel and chromium VI. According to health authorities, that is a cocktail that is simultaneously carcinogenic, neurotoxic and allergenic.

Contamination of this kind almost never originates in a marketing decision. It comes from the pigments themselves — minerals extracted, in some cases, in conditions where traceability is weak. Put plainly: the non-compliance starts at the other end of the supply chain, often at a tier-3 supplier the brand has never audited.

Case 3 — PFAS, where the rule changes overnight

French law n°2025-188 of 27 February 2025 banned certain perfluoroalkyl substances (PFAS) in cosmetics. Several products were recalled in the immediate aftermath — not because they had changed, but because the regulation had.

This is probably the most instructive of the three. The product was compliant on a Monday. It was no longer compliant on the Tuesday.

Why cosmetic compliance has three stacked layers of complexity

Compared to other sectors, cosmetic product compliance is hard on three distinct fronts at once.

The ingredient layer

Regulation (EC) 1223/2009 governs a set of living annexes: banned substances (Annex II), restricted substances (Annex III), authorised preservatives (Annex V), UV filters (Annex VI), colourants (Annex IV). Those annexes are amended several times a year. A formula validated 18 months ago may very well not be compliant today.

The dossier layer

Every product placed on the EU market must hold an up-to-date Product Information File (PIF), including a Cosmetic Product Safety Report (CPSR) signed by a qualified assessor. That file must be kept available to authorities for 10 years after the last placing on the market of the relevant batch. That is exactly what inspectors come to verify.

The claim layer

Saying a cream is "hypoallergenic", "natural" or "paraben-free" is not an editorial choice. It is a regulated statement, framed by Regulation (EU) 655/2013 on cosmetic claims, which requires fairness, truthfulness, evidence and equity. A blog post claiming "100% natural" without an evidentiary file is a non-compliance dossier writing itself.

Why this is different from textile or electronics

In textile, a non-compliance can often be fixed by switching supplier. In electronics, by a firmware update. In cosmetics, an ingredient or claim non-compliance generally triggers:

• an immediate market withdrawal
• a Safety Gate (RAPEX) notification — therefore EU-wide visibility
• fines that can reach several hundred thousand euros
• and, for retail-distributed brands, listings compromised for years

And often, all of that because a 4-page text was amended in Brussels three months earlier.

What the brands that get it right do differently

They stop treating compliance as an event (annual audit, product launch) and start treating it as a flow. They know what changed in the annexes this month, what changes next month, and what is in the pipeline at every market they distribute to.

Because in cosmetics, more than anywhere else, non-compliance does not show up in the product. It shows up in the regulatory calendar.