CPSC Recall Penalties: What Happens If You Don't Comply

The headline civil penalties under the federal Consumer Product Safety Act look big. They are big. But the dollar figures published by the CPSC tell only part of the story. For a Shopify merchant, the real cost of a non-compliance event is usually a combination of statutory penalties, settlement terms, and operational disruption — plus a meaningful hit to customer trust. This article lays out what that cost actually looks like, with sources, so you can make an informed call about how much process risk you want to carry.

Compliance content disclaimer: penalty amounts under the CPSA are inflation-adjusted and change over time. The numbers below reflect the publicly-stated caps as of 2026. Verify current amounts with the CPSC or qualified counsel before relying on a specific figure.

Civil penalties: the headline numbers

Two penalty tracks matter most for Shopify retailers:

Section 15 reporting violations. Failing to file a required Section 15(b) report — or filing late — can trigger civil penalties. The per-violation cap is adjusted for inflation and currently sits above $120,000 per violation, with an aggregate cap exceeding $16 million for a related series of violations.

Selling a recalled or banned product. Continuing to sell a product after a CPSC recall, or selling a product subject to a federal ban, is itself a violation of Section 19(a) of the CPSA. Each unit sold can be counted as a separate violation. The same per-violation and aggregate caps apply.

Both tracks can be triggered by the same underlying event. A merchant who fails to report a hazard and keeps selling the affected product can be on the hook for both reporting and selling violations.

Criminal penalties

The CPSA also authorizes criminal penalties — imprisonment of up to five years and fines up to $250,000 for individuals (and significantly higher for organizations) — for “knowing and willful” violations of the act. Federal prosecutors don’t pursue criminal CPSA cases often, but they have, and the precedent matters. Cases that involve concealment of safety data, false statements to the CPSC, or harm-with-knowledge tend to be the ones that escalate.

The settlement pattern

For most companies, the worst outcome is not the maximum civil penalty — it’s a negotiated CPSC settlement. The pattern is consistent across decades of consent decrees:

1. A meaningful civil penalty. Often well below the statutory maximum, but rarely small in absolute terms. Settlements in the low millions for mid-sized retailers are common.
2. A mandated compliance program. The company agrees, in writing, to put a documented product-safety program in place: written policies, defined escalation paths, training, recordkeeping, internal audits, and (often) a designated compliance officer.
3. Extended reporting obligations. The company agrees to file regular compliance reports with the CPSC for a multi-year period — typically three to five years.
4. Document retention requirements. The company agrees to retain product-safety records, communications, and incident logs, often for periods longer than its normal retention policies.

The mandatory compliance program is often the most expensive part. A small Shopify merchant suddenly building the operational infrastructure of a publicly-traded consumer-goods company is not a cheap exercise.

The hidden costs

Civil penalties and settlements are the most visible piece. The harder-to-measure costs usually exceed them:

• Operational disruption. Pulling SKUs from inventory, processing customer returns, coordinating refunds or replacements, and rebuilding listings is several full-time weeks of work for even a small store.
• Customer trust. A recall that consumers learn about from a journalist, a competitor, or a viral social post — instead of from you — damages brand trust in ways that take years to repair.
• Chargeback exposure. Customers who feel unsafe with a product are quick to dispute the charge. Card networks generally side with the cardholder on safety-related disputes.
• Platform exposure. Shopify, Amazon, and other marketplaces have their own compliance teams. A merchant who is publicly cited by the CPSC can face restrictions on listing, payouts, or the merchant account itself.
• Insurance. Product-liability insurance policies typically require timely reporting of safety incidents. A late or missing CPSC filing can void coverage on the underlying claim.

What actually reduces risk

The companies that come out of CPSC investigations best aren’t the ones with the most expensive lawyers. They are the ones that can produce, on day one, a clean paper trail showing:

• The date they became aware of the safety issue
• What they did within the first 24 hours (investigated, escalated, paused sales)
• The Section 15(b) report they filed and the date it was submitted
• The customer notifications they sent
• The records they kept

CPSC enforcement decisions are heavily influenced by how the company behaved before it knew an investigation was underway. A company that already had a written compliance program, a documented escalation process, and a clean filing history almost always lands in a meaningfully better place than one that scrambles after the fact.

Concretely, that means:

• Have a written incident-response procedure that anyone in customer support can trigger. “If a customer tells us a product hurt them, here’s the next step” should not be improvised.
• Monitor CPSC recalls daily against your catalog. Missing a recall is the easiest way to turn a single Section 15(b) duty into months of Section 19(a) violations. (See How to Check if Your Products Have Been Recalled.)
• Document everything. Dates, decisions, and the names of the people who made them. If you ever need to defend a filing decision, your records are the evidence.
• File when in doubt. The CPSC has been clear, repeatedly, that filing a report when uncertain is treated more favorably than not filing.

How RecallDocket helps reduce penalty exposure

RecallDocket is not insurance. It is a tool that makes the compliant path cheaper than the non-compliant path — so the right thing also becomes the easy thing.

• Same-day recall detection against your live Shopify catalog reduces the window in which you could be selling a recalled product unknowingly.
• CPSC-formatted Section 15(b) drafts cut report-prep time from hours to minutes, so you actually file within the 24-hour window.
• A compliance dashboard that records every alert, draft, submission, and customer notification — a ready-made paper trail.

Install RecallDocket on Shopify →

Further reading

• What Shopify Merchants Need to Know About CPSC Recalls
• Section 15(b) Reporting Explained: A Retailer’s Guide
• Product Safety Compliance Checklist for Shopify Stores

Not legal advice. This article is general information for educational purposes only and is not legal advice, does not create an attorney-client relationship, and does not substitute for a qualified product-safety attorney or compliance professional. CPSC rules and penalty amounts change over time; verify current requirements with the CPSC or your counsel before relying on any specific number or procedure mentioned above.