Skip to content

Compliance

Actionable checklists, data requirements, and compliance strategies for EU sustainability regulations. Covering ESPR readiness, DPP data completeness, and sustainability reporting obligations.

Stop Overthinking Compliance: Use a Map, Start Selling

The most expensive compliance strategy in the world is not doing compliance badly. It is avoiding compliance until enforcement finds you. And enforcement always finds you — through a CBP hold in Long Beach, an Amazon suppression of your ASIN, a Prop 65 notice from a California plaintiff's attorney, an EU customs authority flagging your goods at Rotterdam, a Saudi SABER rejection, a Chinese environmental inspection shutting down your supplier, or a retailer audit that discovers your documentation does not exist.

The businesses we see on the Sustalium platform fall into two camps. The overthinkers believe compliance requires an expensive consultant, a full-time regulatory specialist, and months of preparation before they can sell anything. The avoiders know compliance exists but they are shipping product now and will deal with it later. Both camps end up in the same place: a compliance emergency that costs significantly more than proactive compliance would have cost.

UK REACH Compliance: Post-Brexit Chemical Guide

When the UK left the EU's single market, it established an independent chemicals regulatory framework — UK REACH — enforced by the Health and Safety Executive (HSE) rather than ECHA. DEFRA has since estimated that full transition to the UK REACH model could cost British industry over £2 billion in duplicative testing, and in May 2024 the government published an Alternative Transition Model (ATR) proposal to reduce that burden by accepting certain EU REACH data. The registration deadlines have been extended to October 2026, 2028, and 2030 depending on tonnage band — but the fundamental requirement has not changed: EU REACH registrations have zero legal standing in Great Britain.

UK REACH is now a distinct regulatory framework governing chemicals placed on the Great Britain market. If your company moves chemicals, mixtures, or articles containing substances of very high concern (SVHCs) between the EU and the UK, you are navigating two separate regimes. On the Sustalium platform, UK-specific registration is the single most misunderstood requirement we see — companies consistently assume their EU REACH dossier covers the UK market, and they are consistently wrong.

US Compliance for Electronics: FCC, UL, Prop 65 & More

An electronic product sold in the US is subject to a minimum of four separate regulatory frameworks — and that is before counting state-level requirements, retailer demands, or packaging rules. The frameworks do not talk to each other. The FCC does not care about Prop 65. UL certification does not substitute for an FCC test report. And a CE Mark means nothing to US Customs.

This guide bundles every US compliance requirement that applies to electronic products into a single reference — so you can see what you need, how the pieces connect, and where the overlaps with EU requirements exist if you are selling into both markets.

How to Answer a CSDDD Supplier Due Diligence Request

If you've noticed your customers' procurement questionnaires getting longer and more demanding, you're not imagining it. That's the CSDDD effect: large companies subject to the Corporate Sustainability Due Diligence Directive need data from every supplier in their chain of activities — including you, regardless of your size.

Here's the thing most suppliers miss: responding well to these questionnaires isn't just about keeping the customer happy. It's a competitive advantage. Suppliers who answer in days instead of weeks, who have their data organised and accessible, consistently rank higher in procurement evaluations.

Digital Enforcement: Your Compliance PDF Is Obsolete

The traditional model of compliance enforcement was manual and slow. A regulator received a complaint, opened an investigation, requested documents by letter, and reviewed them months later. A customs officer physically inspected a shipment, checked the paperwork against the goods, and made a decision at the port. A buyer sent a supplier questionnaire, received a PDF attachment, and filed it in a procurement folder.

That model is dying — and not just in one region. Globally, compliance enforcement is moving from paper to digital, from manual to automated, from reactive to real-time. The PDF attachment that satisfied a buyer audit in 2020 is no longer sufficient in 2026, because the platforms, regulators, and customs authorities that enforce compliance have moved to systems that require structured, verifiable, digitally accessible data.

How to Publish a WCAG Accessibility Statement

If you run a website or app in the EU, UK, or Canada, an accessibility statement isn't optional — it's the law. Even where it isn't legally required, publishing one is the single cheapest way to reduce your ADA litigation risk and signal to users that you take inclusion seriously.

An accessibility statement is a public declaration of your conformance level, what you've done to meet it, and how users can contact you if they encounter barriers. This guide covers what to include, which jurisdictions require one, and how to keep it from going stale (which is where most organisations fall down).

Compliance & Sustainability: Two Worlds Becoming One

In most businesses, compliance and sustainability report to different executives, use different software, collect different data, and attend different conferences. Compliance owns the legal obligation — the product safety certificates, the chemical declarations, the import filings. Sustainability owns the voluntary narrative — the carbon footprint, the ESG report, the supplier diversity metrics.

That separation is ending. Regulations across every major market are requiring the same data that both functions need — and building separate systems to satisfy the same regulatory demand is no longer tenable.

In Europe, the CSRD requires audited sustainability disclosures against over 1,100 data points. In the United States, California's SB 253 and SB 261 require climate emissions and risk disclosure from companies doing business in the state. The SEC's climate disclosure rule — currently stayed but directionally clear — will require public companies to report Scope 1, 2, and in many cases Scope 3 emissions. Australia's mandatory climate reporting framework, phased in from 2024 onward, requires financial-disclosure-grade climate data from large entities. China's dual-carbon policy (碳达峰, 碳中和 — "carbon peak, carbon neutrality") is driving mandatory environmental disclosure through the China Securities Regulatory Commission and the Ministry of Ecology and Environment.

The global direction is unambiguous: sustainability reporting is becoming compliance.

WCAG: Web Content Accessibility Guidelines

If you run a website, app, or digital service, you're probably already required to comply with WCAG — even though it isn't a law itself. The Web Content Accessibility Guidelines (WCAG) are the global standard for digital accessibility, and they've been incorporated into legal frameworks across the EU, UK, US, Canada, and Australia. You don't have a choice about whether to follow them; you only have a choice about whether you comply proactively or reactively after a complaint.

Developed by the W3C's Web Accessibility Initiative, WCAG covers visual, auditory, physical, speech, cognitive, language, learning, and neurological disabilities. It's the closest thing to a universal accessibility rulebook the world has.

What to Ask Suppliers Before They Get You Fined

If your supplier uses forced labor, the goods are seized at the US border — and you are the importer of record. If your supplier discharges untreated wastewater, your CSRD disclosure is inaccurate, your CSDDD due diligence is incomplete, and your buyer drops you. If your supplier's SMETA audit is expired by six weeks, the procurement system deselects you automatically — and the buyer does not ask why. The legal violation is the supplier's. The commercial and legal consequence is yours.

The regulatory frameworks that impose cascading liability — making a buyer legally responsible for what happens in their supply chain — are multiplying globally. The German Supply Chain Act (LkSG), the EU's CSDDD, the US Uyghur Forced Labor Prevention Act (UFLPA), the UK and Australian Modern Slavery Acts, the Canadian Fighting Against Forced Labour and Child Labour in Supply Chains Act — each of these creates a legal obligation for the buyer to know what is happening in their supply chain and to act on what they find. And each of them starts with the same operational question: what do you ask your suppliers — and what documentation do you demand — before you place the order?

Regulatory Obesity: The Compliance Burden No One Tracks

A single product sold globally — a Bluetooth speaker, a cotton t-shirt, a wooden chair — can now be subject to twenty or more regulatory frameworks before it reaches a customer. In the United States: FCC, UL, CPSC, Prop 65, TPPA, and state PFAS laws. In the European Union: CE Marking, RoHS, REACH, WEEE, GPSR, and CSDDD. In the United Kingdom: UKCA, UK REACH, and UK-specific safety regulations. In China: GB standards, CCC certification, and data security requirements. In Australia: RCM, modern slavery reporting, and packaging regulations. In the Middle East: Gulf Conformity Mark, Saudi SABER, UAE ECAS. In Africa: a growing patchwork of national standards and the emerging AfCFTA trade framework.

The technical term is regulatory obesity — and it is not limited to any one region. The number of rules a business must comply with has grown faster than the business's ability to discover, understand, and document compliance with them. The rules themselves are not the problem — product safety, environmental protection, worker rights, and supply chain transparency are legitimate policy objectives. The problem is that the rules do not coordinate across borders, they do not share data formats, and they do not come with a notification system.