Compliance & Regulatory
Claims, Labelling, Safety, IP, Privacy, Accessibility
- Compliance done early costs $2K-$20K; done late it's $50K-$500K+ in recalls, fines and legal fees.
- Every claim must be provable on demand - puffery is fine, but 'clinically proven' needs the evidence file.
- File trademarks in every market you sell into; patents are expensive and distracting, so win on brand strength.
- Keep chargebacks under 0.5% and build a dated compliance register - buyers pay for a clean file at exit.
On this page
- Why This Section Exists
- Product Compliance by Category
- Claims & Advertising Compliance
- Influencers, Reviews & User-Generated Content
- Subscriptions & Auto-Renewal
- Data Privacy & Cookie Consent
- Website Accessibility (ADA / WCAG)
- Labelling Requirements
- Intellectual Property Foundations
- Product Safety & Recalls
- Compliance as a Business Asset
- Fraud, Chargebacks & Payment Risk
- Regulatory Acronym Reference
Most founders ignore compliance until something goes wrong. A product recall, a cease-and-desist on your claims, a regulatory investigation. The cost of getting it right early is a fraction of the cost of getting it wrong later. This section won't make you a lawyer. It will tell you what questions to ask, when to get help, and what to never ignore.
Why This Section Exists
Most DTC founders come from marketing or product backgrounds. Compliance is the thing you assume you'll figure out later. Then later arrives as a cease-and-desist letter, a marketplace listing suspension, or a recall notice.
Get it right upfront and it typically costs $2K-$20K depending on category (testing and certification - IP protection like trademarks and patents is extra, covered below). Get it wrong and it's $50K-$500K+ in recalls, fines, legal fees, and brand damage, usually arriving at the worst possible moment. This section won't make you a regulatory expert. It will tell you what to ask about, what you can't ignore, and when to pay for help. Practical guidance, not legal advice. This section is the product-and-market-facing half of the legal picture: what you can sell, label, claim and say, how you protect your IP, and the consumer-protection and data-privacy rules around it. The corporate and structural half - entity, equity, founder agreements, contracts and governance - is Section 30: Legal & Corporate Foundations.
What's required depends heavily on your category. An accessories brand has minimal regulatory burden. A supplements brand operates in one of the most regulated consumer product spaces. Know where your category sits and invest accordingly. And if you're early stage, accept that you'll never dot every i and cross every t. Don't do everything compliance could possibly demand, and don't let it stop you from shipping either.
Start with the category table below: find your product and see what actually applies to you. The acronym reference lives at the end of this section - use it when you need it.
Product Compliance by Category
| Category | Key Requirements | Regulatory Bodies | What to Ask |
|---|---|---|---|
| Beauty/Skincare | Ingredient safety (INCI lists), preservative testing, stability testing, SPF claims, GMP where relevant | AICIS and ACL/ACCC in AU, FDA in the US, EU Cosmetic Regulation | "Are my ingredients and claims compliant in each market? Does this product cross into therapeutic claims?" |
| Supplements | Registration or notification where required, health claims substantiation, GMP, batch testing, label compliance | In AU this may fall under TGA or food regulation depending on the product and claims, FDA in the US, EFSA and local food rules in the EU | "Are my health claims substantiated? Is my manufacturer GMP-certified? Which regime applies in each market?" |
| Food/Beverage | Food safety standards, allergen labelling, nutritional panels, shelf life testing | FSANZ in AU/NZ, FDA in the US, FSA in the UK | "Is my labelling compliant for each market? Do I have HACCP or equivalent controls?" |
| Electronics | CE or equivalent conformity marking, FCC compliance, RCM in AU, safety testing, EMC, RoHS where applicable | ACMA and other applicable AU schemes, FCC in the US, EU product rules | "Has this been tested and certified for each market I'm selling into?" |
| Children's Products | Additional safety testing (choking hazards, lead, phthalates) | CPSC in the US, EN 71 in the EU, ACCC and mandatory AU standards where applicable | "Has this been tested to the relevant children's product standard in every market?" |
| Apparel/Textiles | Fibre content labelling, country of origin, flammability for relevant products, care labelling | ACCC and ACL in AU, FTC in the US, EU Textile Regulation | "Is my label compliant for fibre content and country of origin in each market?" |
These categories have requirements that are easy to get wrong and expensive to fix. A regulatory consultant costs $2K-$5K. A product recall costs $50K-$500K+. The maths is straightforward.
Claims & Advertising Compliance
What you say about your product matters legally, not just commercially. Every claim you make in ads, on your website, in emails, or through influencers is subject to advertising standards and consumer law.
The difference between puffery and claims:
- Puffery (generally fine): "We make the best coffee." "You'll love how this feels." Subjective opinions that no reasonable consumer would take as literal fact.
- Claims (must be substantiated): "Clinically proven to reduce wrinkles by 40%." "Dermatologist recommended." "Organic." These are specific, measurable, or verifiable statements that require evidence.
Common traps that get brands in trouble:
- "All natural" - Has no legal definition in most jurisdictions. If your product contains any synthetic ingredients, this claim is defensible grounds for a complaint.
- "Chemical free" - Everything is a chemical. This claim is scientifically meaningless and increasingly flagged by regulators.
- "Clinically tested" - Doesn't mean "clinically proven." Tested could mean one test with five people that showed no results. Regulators are increasingly scrutinising this distinction.
- "Dermatologist approved/recommended" - How many? Under what conditions? One paid dermatologist doesn't constitute a recommendation.
Social media and influencer claims follow the same rules. If an influencer makes a health claim about your supplement, you're potentially liable. Brief your creators clearly on what they can and can't say. See Section 20: PR & Earned Media for disclosure requirements in seeding and gifted product.
Competitor comparisons are allowed in most jurisdictions if they're truthful, substantiated, and not misleading. But "our product is better than [Competitor]" without evidence is a lawsuit waiting to happen. Stick to objective, verifiable claims.
Before launching any campaign with specific product claims, ask: "If a regulator asked me to prove this tomorrow, could I?" If the answer is no, rewrite the claim or get the evidence. Regulators and advertising bodies including the ACCC in Australia, the FTC in the US, and the ASA in the UK do actively scrutinise misleading claims, especially in beauty, supplements, and health.
Influencers, Reviews & User-Generated Content
The claims rules above don't stop at your own ads. The moment someone else talks about your product on your behalf - a creator you pay, a customer you incentivise, a review you publish - you're on the hook for what they say. Regulators have got sharper here, and the penalties are no longer theoretical.
Disclosure is non-negotiable. If there's a material connection between you and the person endorsing your product (payment, free product, an affiliate commission, an employment relationship), it has to be disclosed clearly: legible, in the same place as the endorsement, on every platform it appears. A buried #ad on the third line of a caption doesn't cut it. Same with affiliate links - if a click earns you money, say so.
The FTC's fake-reviews rule (in force since late 2024) bans buying positive reviews, suppressing honest negative ones, posing as an independent reviewer, and using AI to fabricate testimonials. Civil penalties run up to roughly $53,000 per violation, and "per violation" can mean per fake review. It's the kind of thing a founder waves off as a growth hack early on, until a disgruntled competitor or ex-employee reports it. Don't buy reviews, don't gate your widget to publish only the five-stars, and don't let an agency do it on your behalf.
Four things to get right, and they're cheap to get right:
See Section 20: PR & Earned Media for the disclosure mechanics in gifting and seeding - the same rules apply to ads run through a creator's handle.
Subscriptions & Auto-Renewal
If you run subscriptions, free trials, or any auto-renewing charge, you are in one of the most actively enforced corners of consumer law. The headlines move around, but the underlying obligations barely shift, and founders get caught by reading the headline and missing the substance.
The FTC's Click-to-Cancel / Negative Option Rule was vacated by a US appeals court in July 2025 on procedural grounds, and the FTC restarted rulemaking with an ANPRM in early 2026 - so that specific rule is not currently in force. But the FTC continues to enforce ROSCA and the FTC Act aggressively, with multiple 2025-26 cases, and other markets run their own auto-renewal and unfair-contract rules. The practical bar is effectively unchanged wherever you sell: make cancellation as easy as sign-up, get clear consent before the first charge, and don't use dark patterns. "The rule got vacated" is not a defence.
The obligations to get right:
- Consent before the first charge: express, informed agreement to the recurring terms - what they will be charged, how often, and when - before any money moves. Pre-ticked boxes and buried terms don't count.
- Clear, ongoing disclosure: the renewal price and cadence stated plainly at sign-up and again in renewal reminders.
- Cancellation no harder than sign-up: if they signed up in two clicks online, they can cancel in two clicks online - not a phone call during business hours.
Email and SMS consent for those subscribers is a related but separate obligation (CAN-SPAM, TCPA, and local equivalents) - see Section 12: Email & SMS for the channel mechanics.
Data Privacy & Cookie Consent
Your entire DTC machine runs on data: pixels, email and SMS lists, customer profiles. All of it is regulated, and a non-compliant data layer is both a live fine risk and a red flag in diligence. The rules differ by region but the obligations rhyme.
| Regime | Who it hits | Key obligation | Penalty ceiling |
|---|---|---|---|
| GDPR | EU/UK customers | Opt-in consent before tracking | Up to 4% of global annual revenue (or €20M, whichever is higher) |
| CCPA / CPRA | California, above threshold | Honour opt-out / data-sale rules | Per-violation penalties |
| 8+ US state laws | CO, CT, TX, VA and more | Varying notice & opt-out rules | Varies by state |
The structure is: over roughly $25M in gross annual revenue (the figure is periodically inflation-adjusted, so confirm the current number), OR data on 100,000+ California consumers/households, OR 50%+ of revenue from selling/sharing data. A growing DTC brand can trip the revenue or consumer-count prong without realising it - which is why this is a check-annually item, not a set-and-forget one.
The practical obligations are short and worth doing properly:
A banner where "Accept all" is a big bright button and "Reject" is buried or greyed out is exactly what regulators are now fining. A genuine equal-weight choice built from the start is far cheaper than a settlement, and a Section 10 tech stack consent-management tool should support it out of the box.
Website Accessibility (ADA / WCAG)
Your storefront is increasingly treated as a public accommodation in law, which makes an inaccessible site two problems at once: it shuts out real customers (around one in five people has a disability), and it is a live legal risk. Web-accessibility complaints are now one of the highest-volume areas of consumer litigation - thousands of ADA suits and far more demand letters land on online retailers every year, DTC stores very much included, and most settle quietly rather than in a headline.
The obligations differ by region but, as with privacy, they rhyme:
| Regime | Who it hits | The standard in practice |
|---|---|---|
| US ADA (Title III) | US customers | No codified web standard, but courts and the DOJ treat WCAG 2.1 Level AA as the benchmark. Some states stack their own damages (California's Unruh Act adds statutory damages per affected visit). |
| European Accessibility Act (EAA) | Selling to EU consumers | Accessibility duties for ecommerce services in force since June 2025, enforced by each member state. |
| UK Equality Act / AU Disability Discrimination Act | UK / AU customers | Long-standing "reasonable adjustment" duties, both read against WCAG in practice. |
WCAG 2.1 Level AA is the de facto target everywhere. The baseline is unglamorous and mostly one-time work baked into the theme:
Test it properly, because scanners only see part of the picture. An automated pass (axe, WAVE or Lighthouse) catches maybe a third of issues; a keyboard-only run-through and a real screen-reader pass (VoiceOver or NVDA) catch the structural ones that actually get you sued.
The bolt-on "one line of code and you're compliant" overlays are marketed hard, but they have become a magnet for litigation rather than a shield against it, and disability advocates broadly reject them. There is no shortcut here: accessibility has to be built into your theme and templates, not painted over at runtime. The practical build-side detail - contrast, tap targets, labelled forms, semantic structure - sits in Section 11: Website & Conversion; email-specific alt text is in Section 12: Email & SMS.
As with everything here, this is awareness, not legal advice. Your exposure depends on where your customers are and how big you are, so confirm the current rules for your markets and get proper advice if an accessibility claim lands on you.
Labelling Requirements
Labelling requirements vary by product category and market. What must appear on the label, in what format, and in what language differs between AU, US, EU, and UK.
Universal basics (almost every market requires):
- Product name and description
- Ingredients or materials list
- Net weight/volume
- Country of origin (rules differ by jurisdiction)
- Manufacturer or importer name and address
- Batch/lot number (critical for traceability)
- Any required warnings or certifications
Market-specific requirements:
- EU/UK: Language requirements vary by market. CE marking applies to relevant product categories. UK conformity rules have shifted repeatedly, so check the current UK position for your product before printing artwork.
- US: FTC Made in USA rules. FDA-specific requirements for food, supplements, and cosmetics.
- AU: Country-of-origin and consumer law requirements under ACL, plus TGA requirements where the product is a therapeutic good.
Cross-reference: Section 24: International Expansion for market-specific compliance considerations when entering new regions.
As we scaled Quad Lock into new regions and moved from simple accessories into electronic products, the compliance and labelling requirements got significantly more complex. EU packaging recycling rules, certification markings, retailer-specific requirements on top of the regulatory ones. The key lesson for us was building compliance timelines into the product development cycle from the start. It can add weeks/months to the end of a project, and if you haven't accounted for it, you're either delaying your launch or cutting corners.
International Conformity: EU GPSR & UKCA
Selling into the EU and UK is no longer just a labelling exercise. Both now require a named, locally established party who is accountable for the product's safety. "We ship from Australia" or "we're a US brand" is not an answer a marketplace will accept.
Since the EU's General Product Safety Regulation took effect (13 December 2024), you can't legally sell to EU consumers unless an EU-established "Responsible Person" is named on the product or listing. That can be your importer, an authorised representative, or in some setups a fulfilment provider, but it has to be someone with an EU address who takes responsibility. No Responsible Person, no sale, and marketplaces will pull your listings. Check the current position before you print artwork - the Commission keeps issuing further guidance.
What the two regimes demand:
| Requirement | EU (GPSR) | UK |
|---|---|---|
| Local accountable party | EU-established Responsible Person named on product/listing | UK-based Responsible Person for UK sales |
| Conformity marking | CE marking where the product category requires it | UKCA marking (UKNI for Northern Ireland) |
| Technical documentation | Retained and available to authorities for 10 years | Retained per the relevant UK product rules |
| Marketplace safety reporting | Register/report unsafe products via the EU Safety Gate; unsafe listings removed within ~2 working days of an order | Report via the UK product safety database |
| Labels | Physical safety labelling, not QR-code-only, where safety information is required | Physical safety labelling per UK rules |
The practical move is a per-market conformity matrix before you enter a region: one row per market, columns for who your Responsible Person is, which mark applies, where the technical file lives, and whether you're Safety-Gate registered. Naming the Responsible Person is the longest-lead item, so start it early. If a cell is blank, you're not ready to sell there yet.
This is one of the heaviest parts of entering Europe. Treat it as part of the market-entry plan, not an afterthought. See Section 24: International Expansion for sequencing market entry.
Intellectual Property Foundations
Section 5: Product covers IP in the context of product development. Here's the operational summary:
Trademark: File in every market you sell into. AU, US, EU, UK as a minimum for most DTC brands. Budget $1K-$3K per jurisdiction. File before you launch if possible - someone else registering your brand name in a market you haven't filed in is expensive to resolve.
Design registration: Protects the visual appearance of your product. Cheaper than patents, faster to obtain, and often more useful for DTC products where the design is distinctive. Budget $500-$1,500 per design per jurisdiction.
Patents: Expensive ($10K-$50K+), slow (2-4 years), and only worth pursuing if your product has a genuinely novel functional innovation. Not all DTC brands need patents. Focus on trademarks and design registrations first.
Marketplace brand protection. Once you're selling well, someone will copy you, and marketplaces are where it shows up first: counterfeits, listing hijackers piggybacking on your product page, unauthorised sellers. This is where trademark strength earns its keep, because the takedown tools are built around it. On Amazon, enrol in Brand Registry (which needs a registered trademark), then layer on Project Zero for self-service takedowns and Transparency for unit-level serialisation that proves authenticity. Amazon now seizes 15M+ counterfeits a year and stops around 99% of suspected infringements before brands even have to report them, but you still need a monitored takedown workflow across every marketplace you sell on, plus a clean chain of authenticity for your retail and wholesale channels.
This is the day-to-day reason the patent story above lands the way it does: brand and trademark enforcement is cheaper, faster, and higher-ROI than patent litigation for almost every DTC brand.
The first time we had to enforce our IP was against a Taiwanese company we believed was infringing our US patent. We'd been speaking with a major US retailer, then discovered they had found a similar product from that supplier and gone cold on us.
We issued a cease and desist. Nothing happened. So we sent the patent directly to the retailer, telling them they couldn't import or sell the product. The Taiwanese company then sued us, and we counter-filed in Chicago, where our lawyers were based.
By the time I was in a freezing Chicago courtroom just before Christmas, we'd already spent about a quarter of a million dollars. Once the judge saw our development history and timeline, it was clear we were in the stronger position, and the matter settled. They could sell through remaining stock, then we had the market to ourselves.
We got the result, but it reinforced a view I still hold: patents are expensive and distracting to enforce. If you can win on trademark strength and brand, that's usually the better path.
Secure your brand name across .com, .com.au, .co.uk, and any market-specific TLDs before launch. Domains are cheap to register ($10-$50/year) and expensive to recover once someone else has them.
Product Safety & Recalls
If you sell a consumer product, a recall is always possible. The question isn't whether you can imagine one happening, it's whether you're prepared if it does.
| Metric | Current figure | Why it matters |
|---|---|---|
| CPSC recalls & safety warnings | 369 in 2024 (the highest in recent years), already passed with 376 by Sept 2025 | ~92% are tied to major online platforms, the channel most DTC brands sell on |
| CPSC reporting deadline | Within 24 hours of learning of a substantial product hazard | The clock is fast and unforgiving once you have reportable information |
| California Prop 65 notices | ~5,400 filed in 2024 (up from 4,142 in 2023 and 3,170 in 2022) | A private-enforcement machine; sell into California and you're exposed to it |
| FTC fake-reviews penalty | Up to ~$53,000 per violation | "Per violation" can mean per fake review (see Influencers, Reviews & UGC above) |
None of these should scare you off shipping. They're the reason the founder's principle at the top holds: getting it right early is a fraction of the cost of getting it wrong late. Know which of these touches your category, and watch those.
What triggers a recall:
- Product causes injury or poses a safety risk
- Non-compliance with a mandatory standard discovered
- Contamination (food, beauty, supplements)
- Labelling error that creates a safety issue (e.g., missing allergen declaration)
Preparation (before you need it):
- Batch/lot traceability: Every unit should be traceable to a production batch. This lets you recall the affected batch without recalling everything. If you can't trace by batch, a recall means recalling all stock - exponentially more expensive.
- Product liability insurance: Non-negotiable once you're selling to the public. Budget $1K-$5K/year for most DTC product categories. More for higher-risk categories (electronics, children's products, supplements).
- Recall protocol documented: Who's responsible, who contacts the regulator, what goes on the website, how affected customers are reached, how product is returned or destroyed. See Section 20: PR & Earned Media for the communications framework.
Product liability insurance is one of the cheapest forms of business insurance relative to the risk it covers. If you're selling physical products and don't have it, stop reading and get a quote today. One product injury lawsuit without insurance can end a brand.
Compliance as a Business Asset
Everything above reads like cost and admin while you're building. At exit it flips, and becomes one of the things a buyer pays for, or punishes you on. A serious acquirer diligences every claim you've ever made, every recall, every regulatory file, every IP registration. If it's organised and dated, diligence is fast and your reps and warranties are clean. If it's scattered across inboxes and a founder's memory, the buyer prices the uncertainty in, or holds back part of the consideration against it.
The asset is a single, audit-ready compliance register. Build it as you go, not the week before a sale.
The difference between an organised compliance register and a pile of forwarded emails can be a holdback, a price chip, or a stalled deal. A buyer's lawyers will find every gap, and every gap they find becomes leverage against your valuation and your reps-and-warranties exposure. The work you do here quietly compounds into a cleaner, higher, faster exit. See Section 28: Valuation & Exit for how diligence actually runs.
Fraud, Chargebacks & Payment Risk
Fraud is a cost of doing business in DTC. You won't eliminate it, but you can manage it to a level where it doesn't meaningfully impact your margin or your relationship with payment processors.
What actually happens:
- A stolen credit card is used to buy product on your site
- You fulfil the order and ship the product
- The real cardholder disputes the charge with their bank
- The bank issues a chargeback - taking the money back from you
- You lose the product, the revenue, and get hit with a chargeback fee ($15-$25 per incident)
At low volumes, this is annoying. At scale, it's a margin problem. And if your chargeback rate starts climbing toward the 0.9-1% range, Shopify Payments or your processor is likely to get uncomfortable. Sustained levels above that can threaten your processing relationship. That's an existential risk, not just a cost.
We had a meaningful fraud and chargeback problem coming out of the Philippines. As Quad Lock got more popular there, a small group worked out they could buy product with stolen or disputed cards, receive the goods, then resell them locally on Facebook Marketplace.
It was tricky because there was also plenty of legitimate demand from the same region, so blocking the country wasn't an option. What worked was geolocation analysis. We mapped the orders that turned into chargebacks and found they clustered in a few very small areas, often shipping to addresses that weren't real residences. Once we saw the pattern, we tightened filters around those signals without hurting genuine customers.
The lesson was practical: fraud rarely disappears, but once you stop being the easy target, volume usually drops to a manageable level.
Chargeback rate benchmarks:
| Rate | Status | Action |
|---|---|---|
| <0.5% | Healthy | Monitor monthly |
| 0.5-0.8% | Elevated | Investigate patterns, tighten fraud filters |
| 0.8-1.0% | Warning zone | Urgent action needed |
| >1.0% | Critical in many processor relationships | Processor relationship may be at risk |
What Shopify gives you by default: Shopify's built-in fraud analysis flags orders as low, medium, or high risk based on signals like Address Verification System (AVS) mismatch, IP location vs billing address, and order velocity. For many brands under $5M, this plus basic manual review of flagged orders is adequate.
When to add dedicated fraud tooling: If you're seeing chargebacks above 0.5%, processing over $5M annually, or selling high-AOV products that attract professional fraudsters (electronics, luxury goods), consider a dedicated fraud prevention tool. NoFraud, Signifyd, or Riskified sit between your checkout and payment processor, scoring every transaction in real time and guaranteeing approved orders against chargebacks.
Common fraud patterns in DTC:
- Card testing: Small orders ($1-$5) to test stolen card numbers before making large purchases elsewhere. Watch for sudden spikes in low-value orders.
- Friendly fraud: A real customer makes a legitimate purchase, then disputes the charge claiming they didn't receive it or didn't authorise it. Clear shipping confirmation with tracking and signature on delivery reduces this.
- Promo abuse: Customers creating multiple accounts to stack discounts or exploit new-customer offers. Tighten your promo code logic and flag repeated shipping addresses.
- Refund fraud: Claiming a product was defective or never arrived when it was. Return reason coding (see Section 8: Quality & Returns) helps identify patterns.
Dispute management: When you do get a chargeback, respond promptly with evidence. Shipping confirmation, delivery tracking, AVS match, customer communication history. Shopify has a built-in dispute response flow. Good evidence materially improves your odds. Not responding means you lose by default.
Set up a monthly fraud review. Check your chargeback rate, review the orders that were disputed, and look for patterns. Is it concentrated on a specific product? A specific region? A specific promotion? Fraud often comes in clusters, and catching the pattern early saves you from a chargeback rate spike that threatens your processor relationship.
Card-Network Monitoring & Dispute Deflection
Your processor's comfort level isn't the only threshold that matters. The card networks run their own monitoring programmes, and breaching them puts your ability to take payments at risk regardless of what Shopify thinks. The network average is still low, so you've got real headroom if you stay disciplined.
Visa's VAMP programme is the one to watch. It combines fraud and dispute activity into a single ratio (fraud reports plus disputes, over total sales). The threshold dropped to 2.2% from June 2025, tightening to 1.5% in some regions from 1 April 2026. Mastercard runs equivalent monitoring; your acquirer can tell you the current thresholds and whether you're near them. The shift that matters: under VAMP, disputes count toward the ratio, not just confirmed fraud. So deflecting disputes matters as much as blocking fraud.
Around 75% of disputes are friendly (first-party) fraud: a real customer who genuinely bought the product, then disputes the charge anyway. A fraud filter can't block your way out of that, because the order looked legitimate - it was. The lever is deflection: resolving the complaint before it hardens into a chargeback. Different toolset from fraud scoring, and you need both.
Three tools work together:
The trap on the other side is over-blocking. Tighten the filters too hard and you reject good customers.
Globally, declined legitimate orders cost merchants roughly 9x what actual fraud does (about $443B in lost good orders versus about $48B in fraud). Guarantee-backed platforms run false-decline rates of roughly 1.0-2.5%. Every legitimate customer you wrongly decline is a lost sale, a dented lifetime value, and often a customer who never comes back. The goal isn't zero fraud, it's the lowest total cost of fraud plus false declines. Watch both numbers, not just the chargeback line.
Regulatory Acronym Reference
Different markets, different bodies. The acronyms used in this section refer to:
| Acronym | Full name | Jurisdiction |
|---|---|---|
| ACCC | Australian Competition and Consumer Commission | AU |
| ACL | Australian Consumer Law | AU |
| ACMA | Australian Communications and Media Authority | AU |
| AICIS | Australian Industrial Chemicals Introduction Scheme | AU |
| TGA | Therapeutic Goods Administration | AU |
| FSANZ | Food Standards Australia New Zealand | AU/NZ |
| RCM | Regulatory Compliance Mark | AU |
| FDA | Food and Drug Administration | US |
| FCC | Federal Communications Commission | US |
| FTC | Federal Trade Commission | US |
| CPSC | Consumer Product Safety Commission | US |
| ADA | Americans with Disabilities Act | US |
| CCPA | California Consumer Privacy Act | US |
| CPRA | California Privacy Rights Act | US |
| ROSCA | Restore Online Shoppers' Confidence Act | US |
| TCPA | Telephone Consumer Protection Act | US |
| CAN-SPAM | Controlling the Assault of Non-Solicited Pornography And Marketing Act | US |
| GDPR | General Data Protection Regulation | EU/UK |
| GPC | Global Privacy Control | International |
| EFSA | European Food Safety Authority | EU |
| CE | Conformité Européenne marking | EU |
| RoHS | Restriction of Hazardous Substances | EU |
| FSA | Food Standards Agency | UK |
| ASA | Advertising Standards Authority | UK |
| UKCA / UKNI | UK Conformity Assessed marking (UKNI for goods placed in Northern Ireland) | UK |
| GMP | Good Manufacturing Practice | International |
| HACCP | Hazard Analysis and Critical Control Points | International |
| EMC | Electromagnetic Compatibility (testing standard) | International |
| INCI | International Nomenclature of Cosmetic Ingredients | International (cosmetics labelling) |
| VAMP | Visa Acquirer Monitoring Program | International (card networks) |
| WCAG | Web Content Accessibility Guidelines | International |
Section 9 Checklist
Go from reading to doing.
You've read the section. Sign in to score your ecommerce brand with the Health Check, track your progress across 472 checklist items, and get your tools and history in one dashboard. Free, and always will be.