Regulator says your technical non-compliance isn’t a problem? Think again


The last few years have brought a great deal of upheaval in the product regulatory world. The complications brought about by Brexit and the Northern Ireland Protocol have forced complex changes to a raft of existing product regulatory frameworks in the UK, including pieces of EU legislation such as the Cosmetic Products Regulation 1223/2009 which have been retained as part of UK law.

The EU has also introduced revolutionary new regulatory frameworks for medical devices, comprising Regulation 2017/745 on medical devices (MDR) and Regulation 2017/746 on in vitro diagnostic medical devices (IVDR), which together regulate the placing on the market of medical devices and in vitro diagnostic medical devices in the EU. The MDR and IVDR repeal and replace the old EU regulatory framework on medical devices which comprised three Directives:

  • Medical Devices Directive 93/42/EEC (MDD)
  • In Vitro Diagnostic Medical Devices Directive 98/79/EC (IVDD)
  • Active Implantable Medical Devices Directive 90/385/EEC (AIMDD)

As a result of this upheaval, suppliers of products regulated under these frameworks may have a lot of changes to make. Regulators will also need to be well resourced to monitor and enforce the new frameworks.

Faced with this increasing regulatory burden, suppliers and regulators may make informal short term arrangements to allow products to stay on the market, while not being strictly compliant with the regulations. An example would be an EU national authority giving assurances to a company placing non MDR compliant but MDD compliant products on the market that they can continue to sell off existing stock after the end of the transitional period in the MDR. Suppliers may also take the view that certain technical requirements in UK retained legislation are unimportant and that it is worth risking a minor breach, such as failing to label cosmetics from the EU with the details of a UK responsible person, rather than incurring the cost to comply. This is especially the case where it is deemed that there is a lack of enforcement bandwidth in relation to minor breaches. We’ll refer to non-compliance in these types of scenarios as “Technical Non-Compliance” in this article.

However, even where there is no or little risk of regulatory enforcement, suppliers should consider the other legal and commercial risks of Technical Non-Compliance, which we’ll explore below.

Current agreements

Technical Non-Compliance is likely to have an impact on any agreement in a product supply chain where a party warrants that the products comply with all applicable law, or provides more specific warranties around ensuring all legal and regulatory authorisations required to distribute the product are in place. The warranting party would be in breach of such warranties, no matter how small or inconsequential the Technical Non-Compliance is. It’s probable that no losses arise out of such a minor breach but if the agreement allows the other party to terminate the agreement for breach of these warranties, the Technical Non-Compliance might be used as a way to get out of a long term agreement or used as leverage to get an improved deal on other aspects.

Consider also the amount of weight downstream partners can place on assurances from regulators that they will not seek to enforce against a manufacturer. This type of assurance is inherently informal and the scope may not be clear. A downstream distributor would be well-advised not to rely on such assurances, particularly where there is no reference to the distributor in the assurance or in any other communications with the regulator. The manufacturer may offer an indemnity in this scenario, but such an indemnity would likely be unenforceable if the relevant liability is criminal and in many cases would be ineffective where the relevant criminal sanction is anything other than a fine. Even where the liability is a regulatory fine, the distributor may find it difficult to enforce that indemnity against the manufacturer.

Another risk that arises on discovery of a breach is that insurance policies, such as product liability insurance, will typically exclude damages caused by deliberate acts or omissions. Accordingly, where a supplier is aware that its products are non-compliant but decides to take the risk and distribute or market the products anyway, any losses caused by such a breach are unlikely to be covered by insurance, leading to potentially significant ongoing financial exposure until the issue is remedied.

Future agreements

A supplier also needs to consider the consequences of Technical Non-Compliance on future deals. Where a supplier has an agreement in place with a public body won under a public procurement tender, there is already a good chance that the distributor is in breach of that agreement under warranties regarding compliance discussed above. In addition, such a breach can have an adverse impact when bidding for future contracts. Under the current Public Contracts Regulations 2015, a supplier may be discretionarily excluded from future tenders where they have “shown significant or persistent deficiencies in the performance of a substantive requirement under a prior public contract… which lead to early termination of that prior contract” (see Regulation 57). Where a public body has terminated a previous agreement with the supplier due to a Technical Non-Compliance, the regulations would allow other public bodies to exclude the supplier from participating in future tenders, which may remove a major revenue stream for the supplier. Note that the government recently introduced the Procurement Bill which, as currently drafted, appears to make it even easier for public bodies to exclude a supplier from tenders through the introduction of a “past poor performance” discretionary exclusion basis, which allows a public body to exclude suppliers that have not performed a previous procurement contract to a public body’s satisfaction.

Further, should the supplier look to be acquired by or merge with another organisation, any Technical Non-Compliance will inevitably be subject to scrutiny by the buyer as part of the due diligence process. Where a breach can’t easily be remedied (e.g. a full product recall would come at a disproportionate cost), a potential buyer is likely to insist on a mechanism to keep the risk in the seller’s hands, such as a price reduction or an indemnity covering such losses, noting that indemnities may not be an attractive option given the enforceability issue highlighted above.

Other legal consequences

Technical Non-Compliance also carries consequences beyond the contractual context. For example, where Technical Non-Compliance is a criminal offence, which might include something as simple as a breach of the labelling requirements under the Cosmetic Products Regulation 1223/2009, the supplier will be making money committing criminal acts and any profits will be considered criminal property under the Proceeds of Crime Act 2002 which opens the supplier, and any organisations it deals with, up to the money laundering offences contained in Part 7 of the Act.


In short, regulatory enforcement should not be the sole focus of a supplier when considering Technical Non-Compliance. Contractual obligations to comply with law and regulation, often framed broadly without exception, are seen as a base requirement by many contract counterparties. Beyond regulatory enforcement action, Technical Non-Compliance is often likely to have negative consequences under other areas of law and commercial contracting practice, particularly where such activity is taken intentionally and knowingly.