Product Compliance

01 February, 2021

Your expert for questions

Jörg Tüllner
Partner, PwC Germany
Phone: +49 69 95851-915

The next stage in the evolution of corporate compliance management

Ever since the diesel emissions scandal, product compliance has become an essential part of corporate compliance management – not only in the automotive industry, but for almost all sectors.

Managing product risks in a structured and sustainable manner

Products are subject to numerous regulations, such as the German Product Safety Act (Produktsicherheitsgesetz, or ProdSG) or the German Product Liability Act (Produkthaftungsgesetz, or ProdHaftG). Among other provisions, these laws govern the requirements that must be met for product certifications such as the GS (Geprüfte Sicherheit – “tested safety”) or CE labels. The focus of social values and standards is also changing, as are customer expectations regarding a company’s products and services. Manufacturers need to keep a critical eye on what they promise for their products – more so now than ever before. Failure to meet product promises or regulatory requirements will endanger the core elements of company success, and can result in severe fines and loss of reputation. Dedicated compliance management systems (CMSs) for products can help manage these risks – in a structured, holistic and sustainable manner.

“Managing Product Compliance systematically is not a ‘nice-to-have’. Rather, it is an indispensable factor to ensure the sustainable success of companies.”

Jörg Tüllner,Partner, PwC Germany

Have you got product compliance under control?

When making an initial assessment, you need to ask yourself questions such as:

  • Is product compliance codified in your corporate values?
  • Has an analysis of the key risks related to product compliance been provided to senior management?
  • Does your company’s definition of product compliance cover all phases of the product life cycle?
  • Does your company use risk profiles to decide on product compliance measures?
  • Does your product compliance organisation conform to the three lines of defence model?
  • Are your product development and product certification/approval functions separated?
  • Is your training on product compliance tailored to specific target groups?
  • Do you conduct regular, independent reviews of the effectiveness of product compliance measures?

The seven elements of an effective product compliance management system

Product compliance is a new stage in the evolution of corporate compliance management. Transferring traditional success factors from compliance to new areas enables horizontal expansion of existing CMSs.


A sustainable and effective management system requires the commitment of all employees and a good corporate culture.

The company’s vision and its mission determine what constitutes a good culture. The framework of values in an organisation is the foundation of integrity and compliance. In the traditional approach to compliance, the target culture is dominated by legal and economic perspectives. But effective product compliance also requires a technical perspective: it must be accessible and usable for engineers, scientists, software developers and technicians. Measures to promote the target culture must effectively combine all perspectives and viewpoints.


The scope of a product compliance management system is determined by the organisation’s strategy and corporate objectives.

Product compliance means adhering to product-related regulations throughout the product life cycle. Working in a risk-oriented manner, the corporate objectives serve as a basis for determining which regulations and business units the product compliance management system will focus on. Integrating product compliance into operations means understanding that compliance is the foundation of traditional targets – i.e. time, costs and quality – because product compliance sets minimum requirements for products and processes.


A systematic risk analysis is essential for effective design of a product compliance management system.

Where does your organisation stand in terms of product safety? Which specific risks are associated with your products? What is the probability of different risk scenarios occurring? If internal or external requirements are not met, placing products on the market may result in potential risks. To avoid or limit potential damage as effectively as possible, the risks of defective products need to be identified and assessed as early and as comprehensively as possible. The first step is to identify the processes and organisational units relevant to product compliance. The specific risks involved then need to be recorded and assessed. This creates an individual and complete (and therefore manageable) risk profile for each unit in the organisation.


Product compliance risks can be effectively managed with an individual package of measures.

Appropriately designed and effectively implemented, the package serves to reduce risks and protect the company from harm. This involves both proactive and reactive measures. In this regard, it is particularly important to include technical experts, and to use their knowledge of processes and idiosyncrasies throughout the product life cycle when planning suitable measures. Generally accepted standards from the world of traditional compliance management (e.g. “Evaluation of Corporate Compliance Programs” by the US Department of Justice) and industry benchmarks – including those from other industries – may serve as a helpful comparison.


The segregation of duties is a crucial success factor for the effective management of product compliance.

As noted above, traditional compliance management tends to focus on legal and economic aspects. Product compliance management, on the other hand, requires additional perspectives: companies need a mix of technical and operational knowledge, along with expertise on traditional compliance areas, internal control systems (ICS) and risk management. Both the role of the compliance organisation and the responsibilities of each operational unit must be clearly defined. Seamless interfaces with other management systems are vital, and reporting, decision-making and escalation processes must be clear and well documented.

Communication & training

Product compliance can only be effective if employees follow the compliance procedures in their thinking and their day-to-day actions.

Tailored information and dedicated training are vital for long-term success of product compliance management. Communication and employee training must therefore serve two essential goals:

  • Employees must be familiar with the compliance programme as a whole and the product compliance requirements relevant to them. They must be able to apply them confidently.
  • Companies must help their employees to develop an appropriate awareness of product compliance so that they can integrate it into their own values.

Monitoring & improvement

Effective product compliance requires regular monitoring.

Product life cycles are complex, demanding for the organisation, and subject to constant change. Because of this, intelligent mechanisms are necessary to identify possible errors and potential for improvement – for example, regular audits. Staff involved in these monitoring and testing activities should have an appropriate understanding of product-oriented procedures, processes and challenges, both from training and practical experience.

We’re here to help you on your journey into the future

PwC’s product compliance services combine product-related expertise with the success factors of traditional compliance management.

Kolja von Westerholt

Kolja von Westerholt

Director, PwC Germany

“We support you in designing and implementing your product compliance management system, or individual elements of it.”

Dr. Christian Foltz

Dr. Christian Foltz

Partner, Strategy& Germany

“We verify your control mechanisms from a compliance perspective – across critical processes in product development, certification or field monitoring.”

Dietrich Boß

Dietrich Boß

Partner, PwC Germany

“We assess and certify your product compliance management system under IDW PS 980, the widely used German assurance standard for compliance management systems.”

Follow us

Contact us

Jörg Tüllner

Jörg Tüllner

Partner, PwC Germany

Tel: +49 171 74 070 16

Kolja von Westerholt

Kolja von Westerholt

Director, Risk & Regulatory, PwC Germany

Tel: +49 160 90194316

Dietrich Boß

Dietrich Boß

Partner, Risk & Regulatory, PwC Germany