01. Dec 2015

ISO 9001 Revision explained in simple terms

Statutory and regulatory requirements

In a series of technical lectures, Quality Austria provides information on the revision of ISO 9001:2015. Each month, a key concept of the revision will be explained more profoundly. This month, Eckehard Bauer, MSc, and Ing. Wolfgang Hackenauer, MSc, explain the exciting topic of the statutory and regulatory requirements and show seven steps to legal certainty.

Understanding statutory and regulatory requirements

Eckehard Bauer, MSc, and Wolfgang Hackenauer, MSc


What approach is pursued by ISO 9001:2015?
ISO 9001:2015 can be used to enable organizations to permanently meet the customer requirements as well as the statutory and regulatory requirements that are applicable to the products and services provided by the organizations. Furthermore, statutory and regulatory requirements are significant for the scope of the Standard. ISO 9001:2015 does not include any specific requirements relating to other management systems, e.g. environmental management systems, occupational health and safety management systems or finance management systems.

Examples of statutory requirements:

  • laws (Product Liability Act, Act on Electrical Engineering, food law, etc.)
  • Regulations and Directives (Machinery Safety Regulation, “CE marking”, Construction Products Directive, etc.)
  • administrative decisions (trade licences)
  • contracts (delivery contract, customer contract, liability insurance, etc.)
  • internal obligations (company agreements, working-time models, plans for personnel development, etc.)

The Figure is to give a rough overview of what Clauses in connection with “statutory and regulatory requirements” (Note: Instead of “statutory and regulatory requirements”, “legal requirements” can also be used) need to be taken into account and of the concrete requirements to be met (e.g. determination of the legal requirements).


Fig. 1: Statutory Requirements

In connection with issues relating to products and services, the topic of legal requirements placed on organizations sometimes is particularly critical.

In order to meet the customers’ expectations and the relevant statutory and regulatory requirements, the organizations are required to determine the relevant requirements and monitor and review relevant information. Furthermore, top management must be capable of demonstrating that the customer requirements as well as applicable statutory and regulatory requirements are determined, understood and met.

Moreover, the organization must be capable of ensuring that it can provide products and services that help the organization to keep promises relating to any statutory and regulatory requirements (feasibility study, contract review). If the organization provides design and development services, applicable statutory and regulatory requirements will have to be considered as design and development input.

When determining the type and extent of control of external provision of processes, products and services, statutory and regulatory requirements will have to be taken into account. These requirements also need to be taken into consideration at post-delivery activities.


Changes to the preceding issue

Up to now, the statutory and regulatory requirements have only been dealt with in the general part.

Now the topic draws a red-thread path through the Standard. However, a comparison with ISO 14001:2015 shows the following: Even though a high level structure is striven for, it is ISO 14001:2015 that closes the control loop. A bow is bent from a commitment to the protection of the environment in environmental policy via performance evaluation to management review.



By systematically implementing these normative requirements relating to the topic of “law”, an organization can take significant steps to becoming fit to meet statutory and regulatory requirements. If statutory and regulatory requirements are not directly transmitted by the customer, it will become necessary to investigate into product and/or service specific obligations.

The REGULATION (EC) No 765/2008 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 9 July 2008 setting out the requirements for accreditation and market surveillance relating to the marketing of products and repealing Regulation (EEC) No 339/93 basically regulates market surveillance of certain products. The member states have issued national Market Surveillance Programmes.

Market surveillance is aimed at ensuring that products will only be brought into circulation and put into operation if they do not pose any risks and hazards to the safety and health of persons and if they meet other requirements regulated in the relevant Regulations, Directives and Acts. Examples of other topics of market surveillance include accuracy of inspection, measuring and test equipment or good housekeeping with energy.

Excerpt from the Market Surveillance Programme 2016:



Mr. Eckehard Bauer, MSc

Executive Vice President Business Development Safety Management, Business Continuity, Risk, Security, Compliance and Transport

Network partner

Mr. Wolfgang Hackenauer, MSc

Network partner, Product Expert Environment and Energy

Contact Person


Ms. Dr. Anni Koubek

Executive Vice President Innovation, Business Development Certification Quality

News & Events

The basis for long-term success!

08. Feb 2023

New International training program 2023

Start your next career adventure!

Learn more
10. Jan 2023

QMD Services obtains designation as a Notified Body for in vitro diagnostic devices

Milestone for the Medical Device Industry

Learn more
03. Jan 2023

Christian Matzku (50) takes over the Management of “Sales Steering” at Quality Austria

Sales professional starts at certification organization

Learn more
14. Oct 2022

The new EU Guideline on the implemen­tation of Food Safety Management Systems published

New developments for Food Businesses

Learn more
05. Oct 2022

What’s in for an Assessor?

Experience report from Mario Mauracher

Learn more
16. Sep 2022

New cooperation with ENFIT for highest standards

HQF Certification in supply chains acc. to the ENFIT Standard

Learn more
08. Aug 2022

The Many Uses of Lean Six Sigma

Guest article by Mischa Lucyshyn

Learn more
26. Jul 2022

Ransomware & other potential threat scenarios

07. Jul 2022

Building up Competency as Change Management

Continual Improvement Process

Learn more
07. Jun 2022

The five stumbling blocks you should dodge on your way to a management system

Mind the step!

Learn more
16. May 2022

25th anniversary of successful cooperation in certification

Alkaloid celebrates 25 years of successful cooperation

Learn more
03. May 2022

IFS Food Version 8 – first DRAFT version published

What changes and new features are coming

Learn more
+43 732 34 23 22