Product vs. Company Level Compliance

Compliance with new regulations can be one of the biggest barriers to entry for companies selling their products and doing business in new locations. Understanding regulatory requirements often times necessitates a team of professionals to work on existing, and stay on top of new and evolving regulations. When approaching a new regulation, there’s essentially two levels of due diligence you can follow - company level and product level.


Company vs. Product Level Due Diligence


Company-level supply chain due diligence entails reaching out to your suppliers, and inquiring about a certain regulation, standard or process. Responses may vary, but strong company level programs have workflows where surveys are distributed, and suppliers work through the survey to answer questions and provide supporting documentation. Once the initial supplier engagement and data collection is complete, compliance teams will review documentation, request additional documentation (if necessary) and follow regulation guidelines to develop a report on the company’s compliance status. We’ll dive into appropriate company level programs below.


Performing product level supply chain due diligence is typically a more involved process, where your ultimate goal is to gather a bill of materials (BOM) or a full materials disclosure (FMD) for a particular product. Product level due diligence is usually supported by a system that has the ability to import, organize and display data in a way that shows materials at different levels of the supply chain that make up the product.


Now, from the above descriptions, company level due diligence probably seems more attractive because information is seemingly easier to gather, but it’s important to point out there is a limit to the scalability of company level compliance due diligence, and a limitation of due diligence that can be performed. Nonetheless, both levels of due diligence are meaningful and can satisfy various regulatory needs - Let’s go deeper into this thought.


This is a tough question, and the answer really depends on the type of regulation you're facing. Here are examples of company level and product level due diligence scenarios.


Company-level Due Diligence Scenario


Anti-human trafficking (UK Modern Day Slavery Act and California Transparency in Supply Chains Act - SB 657) are focused on your supply chain’s management practices, workplace health & safety and employee treatment. According to the regulatory requirements (to understand your supply chain’s behavior and to mitigate the risk of slavery in your supply chain), company level due diligence is satisfactory.


Alternatively, regulations that focus on elements of the products you sell, require you to gather information on the material makeup of your product to uncover any chemicals or “restricted substances.” By definition, company level products will not satisfy a product level regulation. A good example of regulations that require product level due diligence are global chemical regulations, EU REACH, EU RoHS, and California Prop 65.


Product-level Due Diligence Scenario


Regulations that are based on chemicals in or on a product require you to do a deep dive into the material make-up of your products, and gather data on the chemicals in those materials such as quantity and possibly leachability. If you find chemicals in your products that are applicable to regulations like EU REACH and California Prop 65, further due diligence is required to understand chemical levels, thresholds and reporting/labeling requirements. Asking your suppliers company level information about the chemicals used in the materials you purchase will most likely not get you the information you need to understand your regulatory requirements.


While the brute of the work for product level compliance is done at the beginning, the benefits of a strong product level due diligence program is best represented by the phrase, “one to many.” Product level due diligence gives you the ability to gather product chemical information, which can then be applied to multiple regulations. In the chemical regulations realm, a comprehensive BOM or FMD can be automatically applied to California Prop 65, EU REACH and EU RoHS to give you real time compliance status with all three regulations. Click here to connect with an expert on our chemical management solutions.


Below are a list of common global regulations that most companies face, and their due diligence level recommendations:


Company-Level Due Diligence



Product-Level Due Diligence



***Company level chemical compliance can be done, but again, there are limitation to the depth of data you'll receive. This limitation increases your risk of non-compliance.


Note: Conflict minerals and Sustainable Palm Oil Sourcing can be performed at both a product and company level. The determination of which level of due diligence to perform depends on the company's objectives.


Customer Inquiry Fatigue


When looking at maximizing your efficiency with supply chain due diligence, it’s important to address the issues suppliers face when the volume of information requests increases. There are a few times a year when suppliers are seemingly bombarded with requests from companies inquiring about certain aspects of their products, company processes, and management practices. At Source Intelligence, we call this customer inquiry fatigue.


Customer Inquiry fatigue is a common pain point experienced by suppliers/vendors who sell their products to a high volume of customers. Regulatory compliance and ethical sourcing standards require complex supply chain data investigation, and as a result, downstream companies must ask their suppliers (and their suppliers’ suppliers) to populate multiple data points around product and company information. As the volume of information requests increases, suppliers find themselves overwhelmed - and fatigued - with numerous responses that can often be redundant.


Our supplier engagement team has spent years working with suppliers to ease the burden of information requests, and we’ve found that when approaching multiple regulations that share the same data collection needs, like EU REACH, EU RoHS and Prop 65, (goal - gathering full materials disclosure or bill of materials information) product compliance programs create less of a burden on suppliers because there is one overarching information request, not three different requests that ask about different chemical lists and thresholds.


Now, this high level analysis of product vs. company regulation due diligence may have left you with some questions, that's fine. Compliance is very challenging to any successful business, and being proactive about your approach to existing and new regulations is a huge step in the right direction. If you have questions about approaching new regulations, or creating a scalable compliance process, click the button below to connect with an expert who can elaborate more on company vs. product level compliance, and how to find the right process for your needs.

Contact Us

Back to Blog