Product Regulatory Compliance: The Ecosystem and Participants

By Tom Killam and Cyril Mecwan

May 16, 2021 | Series 1 / No. 3

  • Established in 1894, Underwriters Laboratories (UL) participated in the safety analysis of many of the 20th century's new technologies and developed testing standards to maintain safety. Today, UL is one of several test labs approved to perform safety testing by the U.S. federal agency, the Occupational Safety and Health Administration (OSHA).
  • Founded in 1906, the Food and Drug Administration (FDA) protects and promotes public health through the oversight of food safety, prescription and over-the-counter pharmaceutical drugs, vaccines, medical devices, cosmetics, animal foods & feed, veterinary products etc.
  • The Federal Communications Commission (FCC) was founded in 1934 to regulate the interstate and international communications by radio, television, wire, satellite and cable.
  • Founded in 1901, the National Institute of Standards and Technology (NIST), now part of the U.S. Department of Commerce, is one of the nation's oldest physical science laboratories. It supports measurements of the most complex technologies.

Today's thriving ecosystem of Product Regulatory Compliance supports hundreds of thousands of new products entering the US globally, and provides a mechanism to regulate safety and security while promoting free trade. At present, more than 2,000 test labs in the USA alone, mostly small businesses, provide gainful employment to many.


The regulators, Standards making bodies (IEC, Cenelec, UL, CSA, VDE, VCCI, etc.), OEMs, factories (or contract manufacturers), component suppliers, third-party testing laboratories, accreditors, third party notified bodies, auditors, technical professional organizations (TIA, IEEE, EIA, etc.), technical and marketing publications – all these entities have contributed in creating thriving ecosystem that provides a mechanism and oversees launch of safe products globally.

The Ecosystem:

The following are the key participants of the Product Regulatory Compliance ecosystem:

  • Regulators: Regulators are law makers; they form the laws, also termed as legislation or regulations or directives. The regulations are made by international bodies, countries, states, cities and sometimes by a market made of multiple countries, such as the European Union (EU). Often the regulators are grouped by the disciplines and industries they serve. For instance, the USA has separate regulator for product safety, communications (taking place by radio, television, wire, satellite, and cable), environment etc. Many times the government of the country appoints the regulators according to the structure of the government and what branches are defined to address what concerns. The government may appoint a different regulator for telecommunications and information technology, or for food and drug (taking care of food, drug and medical devices). Similarly, Japan has different regulators addressing the product safety and communications concerns. On the other hand, keeping with its mission statement to ‘unlock the full potential of the single market’, the European Commission (EC) is the single entity forming all kinds of regulations for product compliance for the EU market – addressing different disciplines and industries.
  • Standards Development Organizations (SDO): The Regulatory Standards Organizations are formed at the behest and in support of the regulators. These organizations are responsible for the development and maintenance of the underlying technical standards that provide shape and form to the regulations; the standards enable the conformity assessment of the product and its parameters leading to verification that the product (or service or process) complies with the respective regulations.

    The International Electrotechnical Commission (IEC) is an example of an international body representing 170-plus countries, providing an independent standardization platform that promotes international trade in electrical and electronic goods.

    In addition, CEN, CENELEC and ETSI are the European standards organizations creating the harmonized standards for the EU based upon the international standards. In the US, the FCC establishes the communications related standards in participation with the industry; UL develops the product safety related standards; the FDA develops the food & drug related standards. In Taiwan, the Bureau of Standards, Metrology and Inspection (BSMI) establishes and maintains the national standards; it also harmonizes the national standards with the international standards.
  • The Original Equipment Manufacturer (OEM): The word ‘OEM’ is used in different contexts. For our purpose, the OEM is an entity that develops and manufactures a product with its own brand. The OEM products may be sold and marketed by distributors, resellers and retailers. Sometimes, the OEM offers its products to be branded by a third-party company, in which case this new company now owns the responsibility of marketing and selling the newly branded products in the market.

    When a channel partner such as a distributor agrees to market and sell the product in a particular market, the distributor expects the OEM to take full responsibility of obtaining and furnishing the proof of the approval. Additionally, in order for the OEM to offer the product to a third-party for branding and other marketing related activities, the OEM is obligated to test its products to confirm compliance to the applicable technical standards mandated by the regulatory authority of all countries where the product is to be sold, followed by obtaining any necessary country specific approvals prior to shipping the product to that market.
  • Component Suppliers: Suppliers of components to be used in an end product have a responsibility to the end customer to provide evidence that the component has been evaluated and shown to comply with the technical standards addressing the particular component. This is necessary because the end product will not receive an approval until all critical components used within have been shown to comply with their respective technical standards. Although one can say that a manufacturer – either an OEM owning the end product requiring an approval or a supplier of a component that goes into that end product – have the same obligation as it relates to the product regulatory compliance, it is important to have the distinction between the two. Most regulatory authorities require that the critical components used in the end product be identified and disclosed in the end product conformance test report, and that the product safety related approvals of these components be furnished along with their supporting test reports.  
  • Factories: Factories play a critical role in the maintenance of the regulatory approval for a product. It is important to have an established process that ensures consistency and quality of the end product. The factories also provide important end-of-the-production-line testing to ensure that the product is safe and will not present a hazard to the end user. This testing is performed just prior to shipping the product. The regulatory authorities monitor the production process by having several types of activities that occur at the factory location. In general, the location of the factory is required to obtain the approval. In some cases, the approval of the product is predicated upon a successful inspection of the factory to ensure that the manufacturing tests are established and documented, and that the factory has processes in place to provide the necessary repeatability. Some countries also require that the factory production line be inspected up to four times a year to ensure that the product is not deviating from the design that was shown to comply with the technical standards. A manufacturing factory might be a captive factory owned by the OEM, or it might be an outsourced, contract manufacturer. In the event an OEM changes the manufacturing (factory) location, it becomes necessary to inform all of the conformity assessment bodies of the change as well as the new location meeting the requirements for quality and manufacturing tests identified by the conformity assessment bodies.
  • Testing Laboratories: This is a critical participant in the ecosystem! Most of the OEMs can’t afford and justify an investment into the capital equipment required to establish a captive test lab. As a result, this service provider segment of Testing, Inspection and Certification (TIC) has grown tremendously over a period of the past thirty-five years, generating various assessment capabilities and many jobs. In the US alone, there are more than 2,000 test labs. Excepting the top twenty test labs, most of the test labs have been owned and operated as a family business, contributing towards safe products and healthy economy. The test labs must follow a uniform process to assess products such that their goal is to be able to retest a product and obtain identical test results. The testing process and equipment must be documented and approved by an accreditation body suitable for the type of laboratory. Test labs must also maintain a strict process of calibrating test and measurement equipment in order to guarantee accurate test results.
  • Accreditors: For assessment test reports to be considered accurate and complete, we have established the process of accreditation of the test labs that publish the conformance test reports. This allows the test reports from the third-party test labs to be accepted by the authorities without question about the accuracy of the findings in the report. The accreditation is the process of assessing and providing a formal recognition of a particular test lab’s stated capabilities provided by an authoritative body called the accreditor. The accreditors are recognized by the federal and state government agencies as well as by the private-sector organizations. On behalf of the regulators/legislators and industry groups, they provide the accreditation of testing and calibration laboratories, inspection bodies, certification bodies, etc.

    In some cases, agreements have been drawn up between countries allowing for labs outside the country to have their national accreditations accepted by a foreign country. This is typically called a Mutual Recognition Agreement and allows reports to be accepted from foreign countries. If a laboratory was to publish a test report but not have the accreditations in place for the testing, any authority that is involved in the approval process can declare the test report unacceptable and require that testing be repeated at an accredited laboratory prior to granting any approval. For instance, the American Association for Laboratory Accreditation (A2LA) and the National Voluntary Laboratory Accreditation Program (NVLAP) are two US-based accreditors in this space. According to the A2LA website, as of March 2021, A2LA has over 3,700 actively accredited certificates representing all 50 US states and more than 50 countries! The NVLAP offers more than 15 accreditation programs covering different types of testing and industries.
  • Notified Bodies (NB): Unlike other markets where a certification body assesses products to determine conformance with mandated technical standards, EU has a self-certification process in place, where manufacturers can perform self-assessment and self-declaration of their products to conform with the legislated requirements. However, in certain circumstances, as defined by the EU directives, the self-certification process is augmented by having a third-party, an independent body review and render an opinion about the conformity of the subject product.

    Therefore, a notified body is an organization designated by an EU country to assess the conformity of certain products before being placed on the market. These bodies carry out tasks related to conformity assessment procedures set out in the applicable legislation, when a third party is required. According to European legislation, the involvement of a Notified Body in the conformity assessment procedure depends on the type of product and the European harmonized standards which have to be met in each particular case. For example, in the case of medical devices which present risk factors, certification by a Notified Body is required. In other cases when a Notified Body is not required, for example, conformance to the low voltage Directive (LDV) 2014/35/EU, the manufacturer has the choice to engage a Notified Body, if desired, in the conformity assessment procedure for consultation.
  • Auditors: Auditors provide an essential feedback for the Product Regulatory process. This feedback will provide actionable information to confirm that the process is functioning properly. These audits happen at various stages of the regulatory process. Some regulators require that the factory is audited prior to allowing any products to ship into a market. This is to ensure that the factory is aware of and is prepared to meet its responsibilities necessary to manufacture approved products. This is typically demonstrated by having their entire process audited by a third-party who is accredited to perform audits. In order to ensure that a product is produced identically to the originally evaluated product, and to confirm that the factory mandated production testing is performed and documented according to the written procedure, some authorities require that the manufacturing facility be audited up to four times per year. Auditors are subject to the same type of accreditation process that the test laboratories follow which is typically administrated by the national accreditation organizations.

The Compliance professionals, the people – compliance engineer, compliance tester, compliance program manager etc. – they are at the center of this industry, and play a vital role. Therefore, we will have a dedicated editorial on this topic later.