01. Dec 2015

ISO 9001 Revision explained in simple terms

Statutory and regulatory requirements

In a series of technical lectures, Quality Austria provides information on the revision of ISO 9001:2015. Each month, a key concept of the revision will be explained more profoundly. This month, Eckehard Bauer, MSc, and Ing. Wolfgang Hackenauer, MSc, explain the exciting topic of the statutory and regulatory requirements and show seven steps to legal certainty.

Understanding statutory and regulatory requirements

Eckehard Bauer, MSc, and Wolfgang Hackenauer, MSc


What approach is pursued by ISO 9001:2015?
ISO 9001:2015 can be used to enable organizations to permanently meet the customer requirements as well as the statutory and regulatory requirements that are applicable to the products and services provided by the organizations. Furthermore, statutory and regulatory requirements are significant for the scope of the Standard. ISO 9001:2015 does not include any specific requirements relating to other management systems, e.g. environmental management systems, occupational health and safety management systems or finance management systems.

Examples of statutory requirements:

  • laws (Product Liability Act, Act on Electrical Engineering, food law, etc.)
  • Regulations and Directives (Machinery Safety Regulation, “CE marking”, Construction Products Directive, etc.)
  • administrative decisions (trade licences)
  • contracts (delivery contract, customer contract, liability insurance, etc.)
  • internal obligations (company agreements, working-time models, plans for personnel development, etc.)

The Figure is to give a rough overview of what Clauses in connection with “statutory and regulatory requirements” (Note: Instead of “statutory and regulatory requirements”, “legal requirements” can also be used) need to be taken into account and of the concrete requirements to be met (e.g. determination of the legal requirements).


Fig. 1: Statutory Requirements

In connection with issues relating to products and services, the topic of legal requirements placed on organizations sometimes is particularly critical.

In order to meet the customers’ expectations and the relevant statutory and regulatory requirements, the organizations are required to determine the relevant requirements and monitor and review relevant information. Furthermore, top management must be capable of demonstrating that the customer requirements as well as applicable statutory and regulatory requirements are determined, understood and met.

Moreover, the organization must be capable of ensuring that it can provide products and services that help the organization to keep promises relating to any statutory and regulatory requirements (feasibility study, contract review). If the organization provides design and development services, applicable statutory and regulatory requirements will have to be considered as design and development input.

When determining the type and extent of control of external provision of processes, products and services, statutory and regulatory requirements will have to be taken into account. These requirements also need to be taken into consideration at post-delivery activities.


Changes to the preceding issue

Up to now, the statutory and regulatory requirements have only been dealt with in the general part.

Now the topic draws a red-thread path through the Standard. However, a comparison with ISO 14001:2015 shows the following: Even though a high level structure is striven for, it is ISO 14001:2015 that closes the control loop. A bow is bent from a commitment to the protection of the environment in environmental policy via performance evaluation to management review.



By systematically implementing these normative requirements relating to the topic of “law”, an organization can take significant steps to becoming fit to meet statutory and regulatory requirements. If statutory and regulatory requirements are not directly transmitted by the customer, it will become necessary to investigate into product and/or service specific obligations.

The REGULATION (EC) No 765/2008 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 9 July 2008 setting out the requirements for accreditation and market surveillance relating to the marketing of products and repealing Regulation (EEC) No 339/93 basically regulates market surveillance of certain products. The member states have issued national Market Surveillance Programmes.

Market surveillance is aimed at ensuring that products will only be brought into circulation and put into operation if they do not pose any risks and hazards to the safety and health of persons and if they meet other requirements regulated in the relevant Regulations, Directives and Acts. Examples of other topics of market surveillance include accuracy of inspection, measuring and test equipment or good housekeeping with energy.

Excerpt from the Market Surveillance Programme 2016:



Mr. Eckehard Bauer, MSc

Executive Vice President Business Development Risk and Safety, Security, Business Continuity, Transport

Network partner

Mr. Wolfgang Hackenauer, MSc

Network partner, Product Expert Environment and Energy

Contact Person


Ms. Dr. Anni Koubek

Executive Vice President Innovation, Business Development Certification Quality

News & Events

The basis for long-term success!

13. May 2020

System certification in the time of Corona

Short overview of adjusted frameworks for audits during Corona.

Learn more
19. Mar 2020

Handling COVID-19

Our support in these challenging times

Learn more
15. Jun 2021

Event: 64th EOQ Congress

Effective Education & Quality Management

Learn more
14. Jan 2020

ISO 22301:2019

What is new?

Learn more
14. Jan 2020

Optimizations within the supply chain

ISO 41001 & ISO 55001

Learn more
14. Jan 2020

Anti-corruption: a challenge

ISO 37001

Learn more
10. Jan 2020

The future of quality – will ISO 9001 be revised soon?

by Anni Koubek

Learn more
30. Sep 2019

Quality Austria Adriatic and Advantage Austria Croatia organized the Austrian Business Circle in Zagreb

Austrian ambassador was guest of honor.

Learn more
26. Jul 2019

Obituary: TR Ing. Viktor Seitschek

His pioneer spirit remains unforgotten.

Learn more
13. Mar 2019

Event with the Austrian Business community in Albania

The event “Working Breakfast in Tirana” was on 6th of February 2019.

Learn more
05. Mar 2019

One year ISO 45001:2018

Challenges and insights into one year of ISO 45001.

Learn more
23. Oct 2019

Event: 63rd EOQ Congress

Rediscovering Quality

Learn more
+43 732 34 23 22