Methodology

How we source and classify rules

Our conservative stance only works if it is transparent. Here is exactly where our regulatory data comes from, how every entry is classified, and what our output does — and does not — do.

How we source rules

Entries are compiled from the following sources, in order of authority:

EU primary legislation (EUR-Lex)
National legislation
Competent-authority guidance
PRO / compliance-scheme guidance
Industry convention / common practice
Internal assessment (our reading where the above are silent or unsettled)

How each entry is classified

Every requirement in the dataset carries one of these status levels, shown to the user:

Primary source checked — confirmed against the cited EU/national legislation.
Authority or PRO guidance — rests on competent-authority or scheme guidance, not statute.
Convention — common practice, not a legal requirement.
Internal assessment — our reading where law/guidance is silent or unsettled.
Provisional — under review — not yet pinned to a primary source; treat as indicative.

What the output does not do

It does not certify, approve or guarantee compliance.
It does not grant or confirm market access.
It does not replace legal, EPR or artwork review.

It is a preparation layer: it organises packaging data, flags likely gaps, and prepares structured documentation for expert review.

Versioning

Every output and the dataset carry a version number, a last-checked date, and a changelog, so users can see currency. See our Source Status and Regulatory Updates pages.