In particular for technical sectors, regulators tend to refer to international or national standards as a means to set up requirements. This article examines some risks and downsides of (classic) direct and specific referencing, a referencing that makes the standards mandatory (A.). Furthermore it presents a matrix that can be used to generate dozens or hundreds of alternative techniques of referencing that avoid these risks and downsides and describes in more details a few favourite techniques (B.).
A. The risks and downsides of direct and specific referencing
We call “specific reference” a reference to a standard identified by the name of the standardisation body and a title and/or a number, but not necessarily an edition or year of publication (e.g. “ISO 9001”). Specific referencing can be dynamic (1.) or static (2.). Both raise legal and practical issues which in some jurisdictions create an uncomfortable double-bind situation (3.).
1. a) Dynamic referencing consists in referring to a certain standard of a certain standardisation body in its latest version. Dynamic referencing can be explicit by mentioning “in its latest version” or “as last amended” or implicit (by referring to a certain standard number without indicating the version). The first is preferable in so far as it creates more certainty. In some jurisdiction a pure reference to a certain standard number might also be understood as reference to the last version of the standard prior to the adoption of the regulation.
b) Dynamic direct and specific referencing gives the standardisers (e.g. ISO) a quasi-legislative power. When the regulator has referred to the standard in its last amended version, the standardiser can, after the adoption of the regulation, change the standard as he wishes, including in such a way that the regulator would not or should not have referred to it. This happens more often than is desirable1. Standardisation is industry driven. Industry has an interest in avoiding burdensome requirements. It even happened that one single multi-national company, Siemens and its subsidiaries in the field of certain high-tech medical devices is the driving force for a particular topic in the national standardisation bodies of a dozen IEC countries and thus determines the content of an IEC standard in such a way that might disadvantage its competitors. More often, companies jointly agree to loosen / water-down legal requirements, e.g. by giving more leeway to economic operators than foreseen or wished by the legislator. Permanent active monitoring and at least occasional corrective action by regulators is thus recommended if not needed.
c) Dynamic referencing to standards is legally problematic in some jurisdictions because it goes beyond the democratic legitimation chain (from the people to the parliament to the government to a body under control of the government)2. Standardisation is, to our knowledge, nowhere near a democratic process or legitimised by this legitimation chain, with the exception of some national standardisation organisations which are controlled by national governments like a sub-ordinate agency.
2. Static referencing to a precise version of a standard provides more legal certainty and more effective control in the hands of the regulator. The first drawback of static referencing is however that it requires periodic updating, each time that the standard referred to is amended. A second, more legal issue is caused by the practice of ISO, IEC and other international standardisation bodies to use so-called normative references in the standards themselves. We can often see long chains of normative references and even complex networks or cascades of normative references. This practice of standards-internal normative referencing has many downsides, some of them amounting to legal issues in certain jurisdictions:
- It is often extremely burdensome or even virtually impossible to identify all the text parts to be applied because they can be spread across dozens of standards. The author found several IEC standards that contained normative references to about 50 other standards with a total number of seventy thousand pages. These 50 standards contain themselves further normative references. Hence the issue of legal preciseness is touched upon. The economic operator cannot know anymore what texts s/he has to apply. (In practice they stop to follow at some point the further references, but this makes the assessment potentially incomplete.)
- The different normative reference chains may be contradictory, e.g. because one reference chain splits into two, but further on these two chains refer to different versions of the same standard whilst the two versions are not compatible with each other. Hence the issue of legal preciseness is touched upon again.
- The longer the reference chains, the higher the likelihood that the standards normatively referred to have been formally withdrawn in the meantime. Is a formally withdrawn standard still valid as normatively referenced text? The answer to this question might differ from one jurisdiction to the next. But at any rate, we have again a legal issue to be analysed and a potential legal flaw.
- Where jurisdictions take the view that even a withdrawn standard can be normatively referred to, the issue of accessibility of the withdrawn standard arises. Lawyers across the globe will certainly agree that one basic condition has to be fulfilled: law must be accessible. Withdrawn standards are mostly not accessible anymore.
3. At least in several continental European jurisdictions, namely those which influenced in the past most of the other ones (the French and the German), both the legal concerns described in 1. and those described in 2. are relevant. If so, there is an uncomfortable double-bind situation. Both dynamic and classic referencing aiming at making standards mandatory seem to be impossible or at least difficult to practice and problematic. We will see in Part B how France and Germany have found a work-around and which other paths might be available to promote, directly or indirectly, the use of standards. Despite the mentioned deficiencies, standards are still an important tool to reduce risks of products and services.
B. Alternative referencing techniques
In the following, we try to demonstrate that there are in total several dozen if not several hundred techniques for referring to standards and incentivising their use. We do so by enumerating a range of parameters. Basically any of the possibilities under one parameter can be combined with any possibilities of a second and so forth, of course with some exceptions that do not make sense. We thus have a matrix structure in front of us (I.). In a second step, we will select a few combinations that seem particularly interesting to us because they respond to typical regulatory needs, our “favourites” (II.).
I. The matrix
1. To start illustrating that we have indeed a matrix structure in front of us, let us take note of the fact that references cannot only be specific in the meaning given above, but also more generic. Instead of referring to “ISO 9001”, regulation can also refer to “ISO quality management standards”, “applicable ISO standards” or even “applicable standards” altogether. The degree of specificity is thus one parameter.
2. The parameter specific – generic can be combined with the parameter time. Also in the case of generic references to standards, one can introduce time or similar criteria like “of the last five years”, “latest edition”, “latest edition as last amended”, “latest or or the one before” et cetera. Time criteria can be crossed: “reference is made to standards adopted in the last ten years …” (measured as from the adoption of the regulation or as from the time of the regulated activity, e.g. the selling of a product) (… or the latest standard in case no standard has been adopted in the last ten years).
3. Another parameter is the degree of directness of the reference.
a) As example, we can quote German legislation which often refers to the “generally recognised state of the art” (“allgemein anerkannte Regeln der Technik” or “Stand der Technik”3). Administrative instructions or courts’ interpretation create the bridge to the standards by stating that the state of the art is mostly defined by standards. Hence the innocent expression “state of the art” can turn-out to become a quite mandatory generic reference to “applicable standards”. Whilst we suppose that there is an equation “the more indirect a reference is, the less it is mandatory”, the German example illustrates that even a very indirect reference can trigger mandatory effects. Jurisdictions interested in this elegant referencing technique, should consider official interpretative recommendations or guidance as means to promote the desired interpretation of the term “state of the art” or equivalent.
N.B.: As explained in the Handbook “How to regulate?” there is an alternative, less imprecise and slightly more severe term for “state of the art”: “best available techniques” (“meilleures techniques disponibles”). However, as standards do not necessarily reflect the “best available techniques”, it is risky to use this expression as a means to describe a dynamic and generic path to applicable standards. Whilst generally preferable, we do not recommend this expression here.
b) Another technique to make the standards indirectly mandatory is the involvement of insurances, see this article. Since the 19th century, when many of the technological risks emerged, mandatory “membership-based” insurances were established in the Austrian empire (so-called “Berufsgenossenschaften”), e.g. to reduce risks of workers in factories. The insurances developed risk reduction schemes, similar to standards, and established compliance verification schemes. Today, we face a similar situation – a mismatch of ever more products and services on one hand and decreasing state verification or surveillance resources on the other. Mandatory insurances, possibly even mandatorily containing compliance verification schemes, might thus become a state of the art regulatory tool. If so, the insurance companies will look for means to reduce risks – and will more or less automatically favour the application of standards, at least as long as no better risk reduction schemes are available.
4. For the German example, we have stated a quite mandatory effect. This indicates another range or parameter: the application of standards can be more or less mandatory in the meaning of open to alternatives. In this regard, we present a range of possibilities, most of which can be combined:
a) No alternative;
b) No alternative, but possibility to deviate in certain details;
c) To be followed as a rule, but non-application possible when non-application is compensated, e.g. by additional compliance verification by third party; the necessary compensation creates an incentive for the use of the standards;
d) To be followed as a rule, but non-application possible when equivalent alternative is applied;
e) To be followed as a rule, but non-application possible when it can be justified / explained;
f) Application of the standards recommended with positive incentive(s); and
g) Application of the standards recommended without positive incentive(s).
5. The compensations of letter c), negative incentives so-to-say, and the positive incentives referred to in f) merit a further deepened analysis. Before we do so, we clarify two issues:
- The option c) is equivalent to saying that, as a rule, condition X has to be fulfilled, but that condition X does not have to be fulfilled when standards are used. This regulatory technique has supposedly been created in France and from there spilled-over into other jurisdictions, including the international context (see the sources cited at the end of this article).
- It is often referred to as a so-called “presumption of conformity” in the case of standards, and this presumption of conformity is presented as an incentive. However, we claim that this presentation is erroneous. If something or somebody is presumed to be in compliance – so what? Nothing follows from this statement as such. A presumption of conformity for the use of standards only becomes interesting for the economic operators when they have an advantage linked to the presumption of conformity (e.g. lower conformity assessment obligations, better protection against state measures, lower liability risk for instance because no negligence can be assumed etc.). Thus it is in substance irrelevant whether certain advantages / privileges or, as we here say, incentives are provided due to the use of the standards as such or because there is a presumption of conformity due to the use of the standards and based on the presumption of conformity the advantages are provided. The presumption of conformity becomes a presentation or rhetoric justification bridge with no value in substance. However, admittedly it can facilitate the presentation. It is sometimes easier to define the conditions for a presumption of conformity and then link a range of incentives / advantages to the presumption of conformity than to link the incentives / advantages directly to the use of the standards.
6. We hereby come to the complex topic of incentives. Incentives have become the topic of a science of its own, situated between economics and psychology, the so-called behavioural economics. Evidently, we cannot strive for scientific depth here4, but we can illustrate relatively plausible examples:
a) The use of standards can be linked to reputational advantages provided by authorities. Here a few examples that can be combined as one wishes:
- E.g. where authorities have the right to use the ever more popular soft enforcement technique of “naming and shaming” by authorities5, economic operators can be protected against the full reputational damage by obliging the authorities to also mention that the economic operator used the appropriate standard.
- Another, more direct possibility of providing a reputational advantage is to permit labels that prove conformity with applicable standards whilst other labels are banned. Standards under this concept would be seen as independent, a second path for reaching the goals of the regulation, e.g. safety of users.
- Furthermore, a public statement can recommend the use of certain standards for the fulfilment of legal requirements or just as a means for reaching a particular high quality, going beyond the legal requirements.
b) The use of standards can also be linked to status advantages. The status advantages that can be provided very much depend on the respective regulatory system that provides a sub-matrix for potential status advantages. It is recommended to go through the provisions of that system and to check one-by-one whether an advantage can be provided in a justified way. Again some examples:
- Lower requirements for demonstrating compliance in case of use of standards – e.g. reduced technical documentation versus full technical documentation or lower final compliance verification obligation.
- Lower procedural requirements – e.g. third party assessment limited to the question whether standards have been used in reality, but no expensive type testing or technical file examination.
- Lower quality management system (QMS) obligations – e.g. simplified QMS instead of full QMS.
- Longer validity of certificates or approvals.
- Better protection against authority measures – e.g. the authority must in parallel launch a procedure to state that the standard is in conflict with legal requirements.
- Better protection against conformity control by competitors or clients in regulatory systems where these have the right to sue the economic operator.
- Exemption from liability insurance obligation or reduced liability insurance obligation.
- In case of liability insurance obligation: no, or reduced, mandatory compliance verification by insurer (e.g. insurance only verifies that standard has been applied whilst it would otherwise examine the technical file).
- Privileged access to public tenders or contracts (e.g. for green procurement).
c) The last two examples are already on the borderline between status and financial advantages for which we would like to enumerate (in addition) a few more examples:
- Lower liability risks, e.g. in jurisdictions where the application of standards is seen as a means to reach the “state of the art” or similar abstract requirements (e.g. “best available techniques”).
- Privileged access to subsidies / grants.
- Tax incentives.
d) Evidently, the different incentives can be combined in many ways. There are situations in which several incentives combined trigger a shift of the behaviour whereas one of the incentives alone doesn’t. These incentives sometimes permit the design of a package of non-coercive measures which have the same or more effect than coercive measures.
7. Another parameter that can be applied to the reference to standards is the one of conditions. All the different techniques and incentives can be subject to plenty of conditions or combinations of conditions. Conditions can be temporal, geographic, relating to personal characteristics, relating to characteristics of objects, relating to characteristics of processes etc. E.g. it can make sense to provide a certain privilege linked to the use of standards when the economic operator employs a particularly trained and trustful person and that person is in charge of verifying in-house compliance with a high degree of independence. As the conditions can be combined, the parameter “conditions” can be dissolved into another sub-matrix.
II. Our favourite ways of referencing
Amongst the probably several hundred possible ways of referencing to standards that can be created on the basis of the matrix described, we will in the following present a few ways that seem particularly interesting to us because they respond to typical regulatory needs, our “favourites”. We do so in particular for those readers who do not have the time to develop tailor-made solutions for their specific situation. Evidently, solutions adapted to the specific jurisdiction and sector are more likely to have positive effects.
1. The German technique of establishing an abstract term like “state of the art” and to provide a legal interpretation that this term is to be understood as (more or less closely) referring to standards, see Part A 3.a). For this to work smoothly, the authority in charge of the application of the regulation should strive for the active promotion of the “right” or desired interpretation with the tools available in the respective jurisdiction. This interpretation should evidently deal with questions like:
- What to do when there are different editions of the same standard, whilst the newer one has important advantages?
- What to do when there are different standards applicable in parallel, one being more specific than the other?
- What to do in case of supposed mistakes in the standards?
- What to do in case the standard can only be partly applied?
- What to do when different users (e.g. conformity assessment bodies or compliance authorities) develop diverging views?
In addition, there will be a need for some active steering to respond to simple day-to-day questions that can easily evolve into diverging and incompatible “traditions” within the same jurisdiction.
2. a) The technique of mandatory liability insurance combined with the use of mandatory risk reduction schemes will steer insurances and economic operators towards the use of standards, at least as long as no better risk reduction schemes are available. Insurance companies or at least the re-insurance companies will have the data to assess whether the schemes work and in some regards, they might even have a better position than regulators when assessing risks. If standards are a good basis for risk reduction, they will work with standards and try to improve them. If not, they will develop other schemes and discard the standards, and for good reasons. This very indirect referencing technique leads thus to a very reasonable result: standards are used where they are good, otherwise they are discarded.
b) Once there is an obligation to establish risk reduction schemes, mandatory compliance verification is next . Evidently, mandatory compliance verification could also be established with regard to legal requirements directly. But it is evidently more “hands on” where the compliance verification relates to risk reduction schemes selected by the insurer (be they standards, standards-based or completely independent).
3. a) We see a high potential in providing conformity assessment privileges in the use of standards, as is used in France. Conformity assessment by state authorities or private bodies can inter alia verify, in the light of legal requirements, the:
- the initial design of the product, service or process;
- the compliance of the final product, service or process; and
- the ways in which the products are (designed and) produced, the services are (designed and) provided or the other processes are (designed and) organised – hereafter “delivery process”.
To the extent that the economic operator demonstrates that he applied a certain standard and that this standard covers correctly legal requirements with regard to the initial design, the final product or the delivery process, the state authority or private conformity assessment body can either be obliged or just authorised not to verify certain elements. So far, this referencing technique has mainly been used in the first variant. We examine here in more detail the second variant. As standards so often fail to be fully in compliance with legal requirements, it is not recommended to give economic operators the right not to be fully examined. This variant differs from the French concept that had been copied in quite some other jurisdictions.
b) How can the second variant work in practice? The state authority or the private body will analyse those economic operators using standards versus those which are not using standards. They will find-out to which extent and for which elements the application of standards is indeed a good indicator for compliance with legal requirements and those which are not. This might often change with time, be it because the standards changes, be it because economic operators find new loopholes in the standards or simply start cheating. As the state authorities or private bodies have an interest in investing their scarce time in the most effective way, they will nonetheless not miss any opportunity to downgrade their verification intensity where the use of standards indicates good compliance results. However, they will in these cases nonetheless (have to) verify:
- whether the standards have indeed been applied; and, on a sampling basis;
- whether the economic operator applies the standards in a correct way; and
- the conformity elements not, or not correctly, covered by the standards.
The verification by the authorities or private bodies can thereby become shorter, less intense and also less expensive, in particular if fees are to be paid and if the fees are proportionate to the verification intensity.
As authorities and private conformity assessment bodies have no obligation, but just the discretionary power to reduce the intensity of their scrutiny, they can adapt their practice without formalities. This possibility creates an additional incentive for economic operators to apply the standards correctly and, in the first place, to produce correct standards via their involvement in standardisation bodies. Both could be further favoured by business associations.
c) We understand “conformity assessment” normally occurs “pre market”, thus before a product is sold, a service provided or a process organised. But nothing hinders us to apply the same concept for “post market” verification of compliance.
d) The elegance in this referencing technique lies in its flexibility and it ability to circumvent legal hindrances. The double remoteness of the link to standards (1. influence only on scrutiny and 2. only discretionary power) protects against the legal concerns described in Part A, but does not hinder the incentive to work. At the same time it is ensured that standards do not get a credit that they do not deserve; each time that it is detected that standards fall behind legal requirements or even expectations, they can be discarded. The flexibility provided by the discretionary power is also important in the opposite sense: even where the authority has doubts as to the appropriateness of the standards, it might decide to turn a blind eye on the deficiencies where these appear to be minor when compared to other deficiencies detected in the remit of economic operators that do not apply standards. This discretion thus helps also where the authority has not the work capacities to prosecute all infringements at the same time – a situation that we will face ever more often given that authorities tend to receive less resources, but increasing tasks and ever more products, services and processes to control.
e) The downside or risk of this referencing technique is evidently that conformity assessment bodies or authorities might develop diverging practices when using their discretion. Subject to the case, diverging trends need to be countered, be it by informal coordination of views, recommendations of the supervising authority, by instructions of that authority or even by legally binding instruments. E.g. it could be considered to establish a negative list of standards partly or fully non-compliant with legal requirements, and such a list could also be contained in a legally binding instrument.
f) To sum up our preferred variant of this referencing technique : Authorities or private conformity assessment bodies get the permission to scrutinise less severely in cases of the use of standards, whilst the economic operators get the expectation (but no right) to be less severely and thus less costly scrutinised for conformity; this is a win-win situation to the extent that the standards really ensure conformity with legal requirements. This must of course be verified in a supervision and coordination mechanism that also avoids too diverging decisions.
4. a) A well tested technique used in France of referencing standards is the “use or explain” / “use or justify” principle. This principle gives also a conformity assessment advantage to those who use the standards – they do not have to explain or to justify why they are not using the standard. But the incentive is so limited that economic operators who, for good reasons, cannot or do not want to apply the standard will mostly not tremendously suffer. The use of standards is promoted by the “use or explain” / “use or justify” principle, but not at all costs. New technologies can easily emerge under the “use or explain” / “use or justify” principle.
b) Authorities can develop criteria for explanations or justifications be satisfactory. These criteria can be placed into recommendations, binding instructions or even into binding regulation. Hence the “use or explain” / “use or justify” principle can be applied more or less severely, and the severity can be more or less uniform / harmonised in the given jurisdiction.
5. a) The use of standards can be favoured by providing a quality label which is linked to its use. Alternatively, the mentioning of standard “ISO XYZ” can as such become a quality mark. E.g. ISO 9001 has become a commonly understood quality indicator for companies and even public bodies, where many of these affix a label indicating that their compliance with ISO 9001 has been certified.
b) With regard to food, textiles and many other products, we see nowadays so many labels that the average consumer is confused. The same confusion could arise if too many labels relating to standards were to appear for the same product, service or process. Hence regulators might consider to ban misleading labels and to give a monopoly to those labels that relate to standards that are really meaningful in the given context.
The few commonly known techniques of referencing to standards are only the tip of the iceberg, or the surface of a complex multidimensional matrix. Accordingly, it can be assumed that regulators have at best just begun to explore the full potential of referencing to standards. The outlined matrix, which can, as one wishes, be made more complex or adapted to a specific regulatory system, or it can be taken as a starting point for a tailor-made referencing technique. Alternatively, regulators can build on a few standard techniques and adapt them to their needs.
1 E.g., industry wished to get away with the so-called high-temperature test for condoms under the CEN standard EN 4078 whilst it makes perfect sense to test whether condoms are still safe after having spend a few hours in a car heated-up by the sun.
2 For a more detailed analysis of this and other legal issues that arrise with standards and other soft law, see this excellent study of the French State Council (Conseil d’État), and therein namely pages 69 onwards: https://www.ladocumentationfrancaise.fr/rapports-publics/144000280-etude-annuelle-2013-du-conseil-d-etat-le-droit-souple
3 As introduction, see https://de.wikipedia.org/wiki/Anerkannte_Regeln_der_Technik. For more details, seehttps://www.kan.de/fileadmin/Redaktion/Dokumente/KAN-Studie/de/2016_KAN-Studie_Rechtsprechung.pdf
4 See for more the OECD document: Regulatory Policy and Behavioural Economics: http://www.oecd-ilibrary.org/governance/regulatory-policy-and-behavioural-economics_9789264207851-en
5 E.g. the UK is naming and shaming employers who do not pay the minimum wage, see http://www.bbc.com/news/uk-27751722