Compliance or regulatory compliance is a term used across industries to describe rules and policies that prohibit or regulate specific products, services, or processes. Often legally binding and enforced by government agencies, compliance standards are federal, state, and municipal regulations that restrict the way organizations conduct business. 

First established to protect consumers and the environment, compliance standards create responsibility for organizations that sometimes induce added expenses. Not complying could be even more costly when the consequences are financial penalties, court costs, suspension of services, and more.

Compliance standards are agreed-upon mandates by a governing body, often representative of a nation-state’s population or industry. Before and after adopting a standard, companies sometimes take advantage of the change by marketing their product or service as compliant. For example, before seat belts were required components of a car, auto manufacturers could market their vehicles as safer.

Where Do Compliance Standards Apply?

  • Accounting
  • Corporations
  • Data encryption
  • Data storage
  • Environmental ops
  • Financial records
  • Food and drinks
  • Health records
  • Payment cards
  • Pharmaceuticals
  • Security systems
  • Technology specs

Examples of compliance standards

General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) mandates data protection and data privacy for the economies of the EU and consumer data. Foundational to global data regulation, the GDPR applies to all organizations recording, controlling, or processing the personal data of EU citizens. In addition, the legislation includes several provisions that protect consumers, like data collection transparency, access to stored personal data, and the right of erasure.

Read more about how the landmark EU regulation works via GDPR Compliance for Mobile Apps 2021.

California Consumer Privacy Act (CCPA)

The CCPA includes the right of California citizens to opt-out of data collection, financial remediation rights for data breaches, and guidelines for security practices. Applicable to any organization with gross revenue over $25 million, working with the personal data of 50,000 consumers, or earning half its annual income through personal data sales, the California Consumer Privacy Act (CCPA) is the closest standard to the GDPR. 

Payment Card Industry Data Security Standard (PCI-DSS)

Organizations managing credit and debit cards are highly regulated to ensure the security of consumer financial data. Set by the PCI Security Standards Council, the PCI standard ensures companies maintain an active cybersecurity stack capable of preserving data integrity and protecting personally identifiable information.

National Institute of Standards and Technology (NIST) Standards

Housed in the U.S. Department of Commerce, the National Institute of Standards and Technology (NIST) has been a standards leader for American companies since 1901. While the NIST is not a regulatory agency, its published standards serve as benchmarks across industries. Examples of NIST standards cover information security, manufacturing, Internet of Things (IoT) devices, federal patents, and more.

Pure Food and Drug Act of 1906 

In 1906, the Pure Food and Drug Act was the first to regulate the integrity of food and drugs publicly sold to consumers. The resulting Food and Drug Administration (FDA) established an infrastructure for inspecting and banning goods and regulations governing the sale and distribution of addictive substances like tobacco and alcohol. deemed certain substances addictive publicly. 

The EPA, Clean Air and Water, and Toxic Waste

A series of bills and executive orders between 1969 and 1976 established compliance standards relating to environmental protections for all public and private American organizations. These steps included creating the Environmental Protection Agency (EPA), mandating environmental quality reporting, and prohibiting pollution.

Sarbanes-Oxley (SOX) Act 

For corporate America, the Sarbanes-Oxley Act expanded accountability for white-collar crime by requiring independent auditing, attributing fraud to corporate officers, and more.

Health Insurance Portability and Accountability Act (HIPAA)

HIPAA mandates include items like health care access and portability and a privacy policy and security rules relating to patient information.

What is compliance software?

Compliance software, also known as governance, risk, and compliance (GRC) software, is a standalone security software program or a suite of applications designed to ensure organizations meet all compliance standards that apply to their company. According to Grand View Research, the enterprise GRC market combined was $35.1 billion in 2020. 

Compliance Software Vendors

  • BambooHR
  • Google Cloud Platform
  • OnPay
  • PowerDMS
  • Process Street
  • Zenefits
Sam Ingalls
Sam Ingalls is a content writer and researcher covering enterprise technology, IT trends, and network security for,,, and

Top Articles

The Complete List of 1500+ Common Text Abbreviations & Acronyms

From A3 to ZZZ we list 1,559 SMS, online chat, and text abbreviations to help you translate and understand today's texting lingo. Includes Top...

List of Windows Operating System Versions & History [In Order]

The Windows operating system (Windows OS) refers to a family of operating systems developed by Microsoft Corporation. We look at the history of Windows...

How to Create a Website Shortcut on Your Desktop

Website Shortcut on Your Desktop reviewed by Web Webster   This Webopedia guide will show you how to create a website shortcut on your desktop using...

Generations of Computers (1st to 5th)

Reviewed by Web Webster Learn about each of the 5 generations of computers and major technology developments that have led to the computing devices that...


Docker is an open-source platform used for developing and running applications by allowing...


Blockchain is one of the core technologies behind cryptocurrency. Blockchain is a system...

Cached Data

Cached data is designed to improve the user experience when browsing the internet...