Abstract
This chapter shows how standardisation, certification, and accreditation procedures are used for a few decades at the European level for ensuring consumers’ safety against medium-risk products. Despite some regulatory failures, such as in the Medical Devices’ sector, this way of regulating risks is becoming a European model which is both being superimposed on pre-existing older risk regulation regimes and being applied to new domains.
You have full access to this open access chapter, Download chapter PDF
Similar content being viewed by others
Keywords
8.1 Introduction
International trade has dramatically increased over the past decades and this tendency has been accompanied by a proliferation of standards (Brunsson and Jacobsson 2000). Regulators, be they public authorities or “non-state market-driven” actors (Auld et al. 2009), increasingly rely on standards to meet their regulatory goals, in this globalisation framework. Once a standard it desires is defined and set, a regulator must ensure that the products, processes, or organisations it wants to regulate conform with the desired standard. More and more in this purpose, conformity assessments procedures with standards are delivered by specific bodies which are supposed to be independent both of producers and consumers and are called third-party certifiers. Most of the time, third-party certifiers are private bodies which sell their services to regulatees, for these assessment tasks. Regulatees must pay for this service but may choose their certifier, meaning that third-party certifiers usually are in a competition against one another inside certification markets, each given standard tending theoretically to open a specific certification market. More recently, regulators discovered that this construction was incomplete: inorganised competition among third-party certifiers could lead to a “race to the bottom” and allow “black sheep” to obtain more business. That is why they pushed third-party certifiers to be themselves controlled by other independent entities called accreditation bodies, whose role is to verify the competencies and seriousness of third-party certifiers. This global construction, which answers nowadays to different regulators’ goals (social or environmental ones, or safety ones), has been summed up as a Tripartite Standard Regime (standardisation, certification, accreditation) (Loconto and Busch 2010). To put it differently, alongside the traditional “two-way” relationship in which a (national) regulator regulates by law its own (national) regulatees, the past few decades have seen the emergence, at a transnational level, of some forms of “three-way” interactions (Levi Faur and Starobin 2014), where between regulators and regulatees stand also “intermediaries”, such as standards makers, third-party certifiers, and accreditation bodies.
This relatively new kind of relationship between regulators and regulatees has not been studied much till now, especially when standards are oriented towards safety goals, although the emergence of Tripartite Standard Regimes (TSRs) in this purpose has been signalled for a few decades (Grundlach 2002).
In this chapter, I will first focus on a specific category or “family” of risk regulation regimes (Hood et al. 2001) invented by the European Community and the Member States a few decades ago, both for progressively opening industrial products markets at the European level and for ensuring European consumers safety. I have related (Galland 2013) the technical and political reasons which historically led to the so-called New Approach to technical harmonisation and standardisation (Council Resolution of May 7, 1985) and the Global Approach to assessing conformity (Council Resolution of May 28, 1989). Here, I will just sum up how this “family” of regulations is organised; then I will focus on a specific sector which is regulated by these means, the Medical Devices’ one, with its main regulatory failure, the PIP scandal; and discuss some weaknesses of this architecture. In conclusion, I will question the success encountered by this family of risk regulation regimes in Europe and wonder whether the fact it has become a regulatory “standard” is always a guarantee of safety improvements.
8.2 The “New Approach” Directives
-
The opening of markets at the EU level is realised through successive sector-oriented directives. When a given sector (toys, lifts, pressure equipment …) is to be liberalised, the Council and the Parliament adopt a sector directive which describes, among other subjects, the “essential safety requirements” products must meet.
-
European Committee on Standardisation (CEN) sets “harmonised European standards” intended to fulfil these requirements. Implementation of these standards by producers is voluntary.
-
Usually, the conformity of their products with “essential safety requirements” is checked by producers themselves. But some “sensitive sectors” or “sensitive products” within a sector require auditing or testing by an independent or third-party body.
-
When a New Approach Directive (sector X) is voted, each Member State approves domestic expert organisations that it considers able to deliver conformity assessments certificates with corresponding essential safety requirements and notifies the Commission of them. The Commission then consolidates these in a single list of “Notified Bodies/directive X”, which opens a sector certification market at the European level, where Notified Bodies compete against one another.
-
Member States are intended to be responsible for the respective bodies they have notified and to monitor their certifying competences and activities. However, over time, the EU authorities have pushed States to delegate these tasks to independent accreditation bodies. Since 2008 (Regulation (EC) 2008), every Member State must have a unique national accreditation body tasked with “certifying” the certifiers’ competences in each specific sector.
-
Producers pay their Notified Bodies for delivering conformity assessments certificates and Notified Bodies pay their respective accreditation bodies each time they need accreditation certificates. Producers affix a CE mark on products when they get conformity assessment certificates, which allows these marked products to circulate and be sold everywhere in Europe.
This complex framework is generally considered as a success. About 30 sector-based “New Approach” directives and 1400 Notified Bodies are active now, both contributing to a general opening of the European or internal market. Nevertheless, a lot of problems and failures have arisen since 1985, most of them concerning Notified Bodies, the question of their competences and of differences in their conformity assessment procedures. The main response of the Commission to these problems was to invite Notified Bodies themselves and Member States to write soft law documents, such as guides of good practice. But it seems that this was not enough, at least in some sectors, especially in the Medical Devices’ one.
8.3 The Medical Devices Sector and Its Failures
Medical Devices are non-pharmaceutical products which are used to help ill or disabled persons in their day-to-day life. This is a broad industry sector that ranges from white canes for blind people to hip prosthesis or pacemakers. It has been regulated in Europe since 1993 by New Approach Directives, which indicate that, for the riskiest Medical Devices (classes 2 and 3), conformity assessment certificates of products with essential safety requirements (or the corresponding harmonised standards) must be delivered by Notified Bodies. I have to add that in the USA, Medical Devices, at least the riskiest of them, are regulated by the Food and Drug Administration (FDA) which delivers (or not) premarket approval as it does for pharmaceuticals. The Medical Devices “New Approach” regulation, and the Notified Bodies’ role in this sector, have been controversial for decades. For example, the British Medical Journal and The Daily Telegraph denounced in the 1990s the fact there were “black sheep” among Notified Bodies, and voices have always argued for the creation of a European Medical Devices Agency. Although they were aware of these problems, the Commission and Member States did not change their mind but began a revision process of the directives in the 2000s.
Then, at the beginning of the 2010s, came the Poly Implant Prosthesis (PIP) scandal in France. Public French Authorities discovered that a French producer had used for years an unauthorised silicone gel in its breast implants, although these Medical Devices were CE marked thanks to conformity assessment certificates delivered by a big and well-known German Notified Body, Tüv Rheinland. Thousands of women (around 400,000) had serious health problems in France, Europe, and other regions of the world: the non-conforming breast implants burst or leaked and required removal. PIP’s owner was quickly judged and sent to jail, but interestingly another question arose: what about Tüv’s own responsibilities in this regulatory failure?
This question is still open now. There have been several trials and court appeal judgments in France, Germany, and even a decision of the European Court of Justice (Court of Justice of the European Union 2017), but judges (and observers) still often disagree on this matter (van Leewen 2014). Here, I just go back to the first trial that took place in France (Tribunal de commerce de Toulon, 2013) and stress three main points that were pointed out by French judges at this time.
-
First, when Tüv was visiting and auditing PIP factory, it only paid attention to “papers” (PIP’s management system), but it usually did not examine any breast implants themselves. Tüv answered, correctly, that this procedure was compatible with both the directive’s essential safety requirements and the corresponding harmonised standard.
-
Second, although PIP’s Notified Body was Tüv Rheinland Germany, it was Tüv Rheinland France, a subsidiary, which visited the PIP factory. Tüv Rheinland France had no specific competencies with Medical Devices, although, as French judges argued, a Notified Body must have at least a part of its staff trained with specific skills in the concerned sector (emphasised in the directive).
-
Third, the 1993 Medical Device Directive vaguely stated that “a Notified Body may pay unannounced visits to producers”. Tüv admitted it never did any, but argued, correctly, that it was not legally obliged to do so.
These three statements reveal a few weaknesses of the New Approach, in the Medical Devices sector and beyond. At least, they show how, in the long run, diverse stakeholders of the regulation regime use its inaccuracies or margins of appreciation for their own profit or interest. The main regulator (the EU) and secondary one (the standard setter, CEN) allow producers and Notified Bodies to choose between different procedures for the delivery of conformity assessment certificates. Most of the time and more and more, they choose management-based standards rather than technology or performance-based ones, because the first procedure is faster and cheaper for them. On another hand (second point above), the Notified Body certification markets have evolved since their respective emergence. Tüv Rheinland is not the only Big Third-Party Certifier which uses its own network of subsidiaries to develop its business; a few others in Europe have likewise expanded their activities during the past few decades (Galland 2017). And the relevance of outsourcing inside certification procedures, with its other possible pitfalls, is currently unclear. The third point which has been raised during the Tribunal de Toulon trial invites us to revisit the early discussions which led, in the 1980s, to the New Approach itself. At that time, stakeholders agreed on and underlined the necessity that essential safety requirements should be worded in precise terms so that harmonised standards (and conformity assessment procedures if needed) should depend automatically on them (Previdi 1997). A simple reading of New Approach Directives indicates that this is not the case (point 3). A further point is that the “accreditation solution”, which was supposed to bring seriousness and reliability to the whole procedure, has not prevented anything in the PIP case.
8.4 Discussion and Conclusion
As already indicated, the New Approach and its successors are generally considered as a success for ensuring both the opening of markets at the EU level and the safety of “medium-risk” industrial products. New directives have been voted and implemented these last years, which concern new sectors. The CE Marking procedure is not costly for public authorities and seems to meet globally the regulators’ goals. But the problems discussed in this chapter constitute a warning to European regulators, not only about the Medical Devices sector. A series of questions must be addressed, despite the a priori successful story of the New Approach family of risk regulation regimes.
Firstly, these risk regulation regimes are decentralised ones and involve a great number of (private) actors. These diverse actors are “loosely coupled”, if I may borrow Charles Perrow’s concept (Perrow 1984) and employ it in an unusual context, that is to say, that actors have margins of appreciation and may choose between diverse solutions for realising their own task (standard setting, certification, or accreditation). In this case, the fact that the different actors are “loosely coupled” leads them to choose the solutions that best fit their own economic interests. On another hand, some of these actors may be discreetly present and active at all three levels of these Tripartite Standard Regimes, although this is theoretically forbidden (Galland 2017). These characteristics make each of these regimes opaque in its real and day-to-day functioning and may lead, in the long run, to unexpected failures, such as in the PIP case. Following this affair, besides, a new directive was voted in 2017 which among other changes, strengthened the conditions for becoming a Notified Body in this sector and reduced their number. But a few years later, the number of Notified Bodies specialised in the Medical Devices sector, which had to restart from zero, has anew seriously increased (23 identified by the EU/NANDO website, 22 March 2022; 32 identified on 18 August 2022), certainly for political (rather than technical) reasons.
Secondly, although the New Approach risk regulation regimes are aimed to regulate “medium-risk” products, these regimes may play a role in the global regulation regimes of certain high-hazard industries. For example, some critical components inside chemical or nuclear plants, such as vessels, pipes systems, or turbines, are regulated in Europe by a New Approach “pressure equipment” Directive (last version, 2014/68/EU, 15 May 2014), with its own Notified Bodies in charge of checking those components. A similar example concerns railways: “interoperability constituents” have been added to railway systems so that trains could cross national borders in Europe and maintain their level of service despite remaining differences between Member States; these diverse interoperability constituents are presently regulated by a New Approach Directive (last version, 2016/797, 11 May 2016), with its own Notified Bodies in charge of delivering conformity assessments on those matters. In both cases, there are two ways of appreciating these circumstances: one can consider that the addition of safety procedures concerning specific components of high-hazard systems, guaranteed by an external eye (the third-party certifier or Notified Body), naturally improves the global safety of the whole; others would wonder about the complexity which has been added that way, and on the relationships between the set of actors then involved in safety issues (industrial firms, HSE engineers, public regulators, Notified Bodies …) and on everyone’s respective responsibilities inside this framework.
Thirdly, for many European regulators, the “New Approach” and the subsequent Notified Bodies system, considered as a successful way of regulating markets and risks, are becoming a generic model in the EU for dealing with a series of new (safety or security) problems: this is the case with the question of General Data Protection (Lachaud 2018), with that of ongoing reflexions concerning artificial intelligence (Veale and Borgesius 2021), or even with the question of cybersecurity. In each of these emerging subjects, the existing or projected regulation relies at least partly on standardisation, certification, and accreditation procedures which are inspired by the New Approach family of risk regulation regimes described in the present chapter.
This chapter has shown that transnational risk governance relies increasingly on standards and certification/accreditation procedures, which is specifically remarkable in the EU construction case. Risk regulation regimes based on these principles are gaining more and more problems and sectors. This observation raises two levels of questions. Firstly, although these risk regulation regimes seem, at first glance, globally successful and fit for purpose—improving consumer safety regarding “medium-risk” products—they are opaque in their day-to-day functioning, are transformed or grow outdated without anyone noticing, and may sometimes lead to completely unexpected failures. But the powerful introduction of standards and standardisation procedures inside pre-existing safety or security systems, such as inside high-hazard sectors, or when dealing with other new problems (such as artificial intelligence or cybersecurity) raises the global question of the standardisation of control (Demortain 2011), here through due standards and certification procedures. Standardisation and TSRs should not only be studied as such and as a means for reaching some safety goals but also as a ready-made solution to solve identified problems that are mobilised in an excessively systematic manner (Olsen 2020).
References
G. Auld, C. Balboa, S. Bernstein, B. Cashore, The emergence of non-state market-driven (NSMD) global environmental governance, in Governance for the Environment: New Perspectives (2009), pp. 183–218
N. Brunsson, B. Jacobsson, A World of Standards (Oxford University Press, 2000)
Court of Justice of the European Union, Judgment in Case C-219/15 (Elisabeth Schmitt v TÜV Rheinland LGA Products GmbH, 2017)
D. Demortain, Scientists and the Regulation of Risk. Standardizing Control (Edward Elgar Cheltenham, 2011)
J.-P. Galland, The difficulties of regulating markets and risks in Europe through notified bodies. Eur. J. Risk Regul. 4/3, 365–373 (2013)
J.-P. Galland, Big third party-certifiers and the construction of transnational regulation. Ann. Am. Acad. Polit. Soc. Sci. 670, 263–279 (2017)
H. Grundlach, Certification, a tool for safety regulation?, in Changing Regulation: Controlling Risks in Society, ed. by B. Kirwan, A. Hale, A. Hopkins (Pergamon, 2002)
C. Hood, H. Rothstein, R. Baldwin, The Government of Risk. Understanding Risk Regulation Regimes (Oxford University Press, 2001)
E. Lachaud, The general data protection regulation and the rise of certification as a regulatory instrument. Comput. Law Secur. Rev. 34, 244–256 (2018)
D. Levi Faur, S.M. Starobin, Transnational politics and policy: from two-way to three-way interactions, in Jerusalem Papers in Regulation & Governance, Working Paper 62 (2014)
A. Loconto, L. Busch, Standards, techno-economic networks, and playing fields: performing the global market economy. Rev. Int. Polit. Econ. 503–536 (2010)
O.E. Olsen, Dilemmas of standardization in risk governance, in Standardization and Risk Governance. A Multi-Disciplinary Approach, ed. by O.E. Olsen, K. Juhl, P.H. Lindoe, O.A. Engen (Routledge, 2020), pp. 275–280
C. Perrow, Normal Accidents. Living with High-Risk Technologies (Basic Books, 1984)
E. Previdi, The organization of public and private responsibilities in European risk regulation: an institutional gap between them?, in Integrating Scientific Expertise into Regulatory Decision Making, National Traditions and European Innovations, ed. by C. Jorges, K.H. Ladeur, E. Vos (Nomos Verlagsgesellschaft, Baden-Baden, 1997), pp. 225–241
Regulation (EC) N° 765/2008 of the European Parliament and the Council of 9 July 2008 setting out the requirements for accreditation and market surveillance
B. van Leewen, PIP breast implants, the EU’s new approach for goods and market surveillance by notified bodies. Eur. J. Risk Regul. 5(3), 338–350 (2014)
M. Veale, F.Z. Borgesius, Demystifying the draft EU artificial intelligence ACT—analysing, the good, the bad, and the unclear elements of the proposed approach. Comput. Law Rev. Int. 4, 97–110 (2021)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.
The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.
Copyright information
© 2024 The Author(s)
About this chapter
Cite this chapter
Galland, JP. (2024). Standards, Certification, and Accreditation: Indispensable Tools for European Safety Regulations?. In: Le Coze, JC., Journé, B. (eds) The Regulator–Regulatee Relationship in High-Hazard Industry Sectors. SpringerBriefs in Applied Sciences and Technology(). Springer, Cham. https://doi.org/10.1007/978-3-031-49570-0_8
Download citation
DOI: https://doi.org/10.1007/978-3-031-49570-0_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-49569-4
Online ISBN: 978-3-031-49570-0
eBook Packages: EngineeringEngineering (R0)