01. Dec 2015

ISO 9001 Revision explained in simple terms

Statutory and regulatory requirements

In a series of technical lectures, Quality Austria provides information on the revision of ISO 9001:2015. Each month, a key concept of the revision will be explained more profoundly. This month, Eckehard Bauer, MSc, and Ing. Wolfgang Hackenauer, MSc, explain the exciting topic of the statutory and regulatory requirements and show seven steps to legal certainty.

Understanding statutory and regulatory requirements

Eckehard Bauer, MSc, and Wolfgang Hackenauer, MSc


What approach is pursued by ISO 9001:2015?
ISO 9001:2015 can be used to enable organizations to permanently meet the customer requirements as well as the statutory and regulatory requirements that are applicable to the products and services provided by the organizations. Furthermore, statutory and regulatory requirements are significant for the scope of the Standard. ISO 9001:2015 does not include any specific requirements relating to other management systems, e.g. environmental management systems, occupational health and safety management systems or finance management systems.

Examples of statutory requirements:

  • laws (Product Liability Act, Act on Electrical Engineering, food law, etc.)
  • Regulations and Directives (Machinery Safety Regulation, “CE marking”, Construction Products Directive, etc.)
  • administrative decisions (trade licences)
  • contracts (delivery contract, customer contract, liability insurance, etc.)
  • internal obligations (company agreements, working-time models, plans for personnel development, etc.)

The Figure is to give a rough overview of what Clauses in connection with “statutory and regulatory requirements” (Note: Instead of “statutory and regulatory requirements”, “legal requirements” can also be used) need to be taken into account and of the concrete requirements to be met (e.g. determination of the legal requirements).


Fig. 1: Statutory Requirements

In connection with issues relating to products and services, the topic of legal requirements placed on organizations sometimes is particularly critical.

In order to meet the customers’ expectations and the relevant statutory and regulatory requirements, the organizations are required to determine the relevant requirements and monitor and review relevant information. Furthermore, top management must be capable of demonstrating that the customer requirements as well as applicable statutory and regulatory requirements are determined, understood and met.

Moreover, the organization must be capable of ensuring that it can provide products and services that help the organization to keep promises relating to any statutory and regulatory requirements (feasibility study, contract review). If the organization provides design and development services, applicable statutory and regulatory requirements will have to be considered as design and development input.

When determining the type and extent of control of external provision of processes, products and services, statutory and regulatory requirements will have to be taken into account. These requirements also need to be taken into consideration at post-delivery activities.


Changes to the preceding issue

Up to now, the statutory and regulatory requirements have only been dealt with in the general part.

Now the topic draws a red-thread path through the Standard. However, a comparison with ISO 14001:2015 shows the following: Even though a high level structure is striven for, it is ISO 14001:2015 that closes the control loop. A bow is bent from a commitment to the protection of the environment in environmental policy via performance evaluation to management review.



By systematically implementing these normative requirements relating to the topic of “law”, an organization can take significant steps to becoming fit to meet statutory and regulatory requirements. If statutory and regulatory requirements are not directly transmitted by the customer, it will become necessary to investigate into product and/or service specific obligations.

The REGULATION (EC) No 765/2008 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 9 July 2008 setting out the requirements for accreditation and market surveillance relating to the marketing of products and repealing Regulation (EEC) No 339/93 basically regulates market surveillance of certain products. The member states have issued national Market Surveillance Programmes.

Market surveillance is aimed at ensuring that products will only be brought into circulation and put into operation if they do not pose any risks and hazards to the safety and health of persons and if they meet other requirements regulated in the relevant Regulations, Directives and Acts. Examples of other topics of market surveillance include accuracy of inspection, measuring and test equipment or good housekeeping with energy.

Excerpt from the Market Surveillance Programme 2016:



Mr. Eckehard Bauer, MSc

Executive Vice President Business Development Risk and Safety, Security, Business Continuity, Transport

Network partner

Mr. Wolfgang Hackenauer, MSc

Network partner, Product Expert Environment and Energy

Contact Person


Ms. Dr. Anni Koubek

Executive Vice President Innovation, Business Development Quality

News & Events

The basis for long-term success!

13. Mar 2019

Event with the Austrian Business community in Albania

The event “Working Breakfast in Tirana” was on 6th of February 2019.

Learn more
05. Mar 2019

One year ISO 45001:2018

Challenges and insights into one year of ISO 45001.

Learn more
23. Oct 2019

Event: 63rd EOQ Congress

Rediscovering Quality

Learn more
21. Jun 2018

Event: 62nd EOQ Congress

Feel the new quality way!

Learn more
18. Oct 2018

Event: EFQM Forum 2018

You can´t play a symphony alone, it takes an orchestra...

Learn more
27. Nov 2018

Quality Austria – the first certification body accredited for ISO 50001:2018

Pioneering role – Energy Management Standard

Learn more
06. Aug 2018

Revision ISO 19011 – New Impulses for the Audit

ISO 19011 is the central guide for auditors operating in all sectors.

Learn more
24. Apr 2018

New standards for educational organizations

ISO 29993:2017 and ISO 21001:2018

Learn more
23. Apr 2018

qualityaustria Forum in Budapest

The conference for quality managers and CEOs was held for the 13th time on April 17th, 2018.

Learn more
05. Mar 2018

ISO 45001:2018 replaces OHSAS 18001

First worldwide ISO standard for Occupational Health&Safety.

Learn more
13. Dec 2017

Changes in the use of the FSC® Trademark

FSC International has published the new version FSC-STD-50-001 (V2-0).

Learn more
+43 732 34 23 22