What Is a Competent Authority? UK/EU Definition and Examples

Categories
Recent Posts

A competent authority is the person or organisation that the law formally empowers to do a specific job: set rules, issue approvals, monitor compliance, and, where needed, enforce. “Competent” here means legally competent — designated in statute or regulation — rather than simply being skilled. Who the competent authority is depends on the context. In the UK/EU you’ll meet the term in data protection (eg, law‑enforcement processing under the DPA 2018), dangerous goods transport (ADR, RID, IMDG, ICAO/IATA), financial services (eg, the FCA or national market regulators), health, environment and professional qualifications.

This guide explains how the term is used across UK and EU law, with clear definitions and practical examples. You’ll see how competent authorities are designated and what powers they hold, how they differ from “supervisory authorities” and “regulators”, and how to identify the right body for your situation. We’ll cover when you must notify or seek approval, what to expect during audits, and how to keep records that stand up to scrutiny. Sector snapshots for the UK and EU — including dangerous goods — and answers to common questions round things off. We’ll start with where the term appears in UK and EU law.

Where the term appears in UK and EU law

In UK and EU legislation, “competent authority” is a formal label used where the law needs to point to the body empowered to act. Sometimes it is an explicit list (eg, a Schedule); other times it is defined functionally — any person or organisation with statutory powers for the purpose in question. You’ll see it most clearly in UK data protection law for law‑enforcement processing, and across EU sectoral regimes that appoint national competent authorities (NCAs) to supervise markets or enforce specialist rules.

  • UK data protection (law enforcement): Part 3 of the Data Protection Act 2018 applies to “competent authorities” processing for the law‑enforcement purposes, with examples including police, criminal courts and other bodies with statutory powers; Schedule 7 lists many such authorities.
  • EU/UK financial markets: Sector rules designate NCAs to supervise and enforce (eg, UK Financial Conduct Authority; France’s AMF; Germany’s BaFin; a full spread exists across EU/EEA states).
  • Public protection and prosecution: Bodies with statutory functions can be competent authorities to investigate or prosecute offences (eg, local authorities for trading standards offences; the Environment Agency for environmental offences).
  • Professional qualifications: Approved professional bodies may act as a competent authority for recognising qualifications and assisting counterparts in other states.

These usages anchor who can approve, supervise, investigate, or enforce within the relevant legal framework.

Competent authority under the UK GDPR and DPA 2018 (law enforcement)

Under the UK regime, “competent authority” has a precise meaning for law‑enforcement processing. Part 3 of the Data Protection Act 2018 (read alongside the UK GDPR) applies when a competent authority processes personal data for the law‑enforcement purposes defined in section 31: the prevention, investigation, detection or prosecution of criminal offences, or the execution of criminal penalties, including safeguarding against threats to public security. A competent authority is either a person listed in Schedule 7 of the DPA 2018 or any person who, to the extent of their statutory functions, exercises public powers for those purposes. The ICO notes that its guidance on this area is under review following the Data (Use and Access) Act 2025.

The key test is your primary purpose. If the processing is primarily for law enforcement, Part 3 applies; if it is for general purposes (eg, HR, public engagement), the general processing regime (UK GDPR and Part 2 DPA 2018) applies. Controllers determine the purposes and means; processors act on their behalf and may share accountability. Processing can shift between regimes as circumstances change, and some data may be processed under both simultaneously.

  • Who qualifies: Police, criminal courts, prisons and non‑policing law‑enforcement bodies; also, for example, local authorities prosecuting trading standards offences or the Environment Agency when prosecuting environmental offences.
  • When Part 3 clearly applies: Recording and using body‑worn video to investigate an alleged assault.
  • When it does not: A police force’s public perception survey processed for engagement rather than crime prevention/detection.
  • Sensitive processing: Extra rules apply to data revealing race/ethnicity, political opinions, religion, trade union membership, genetic/biometric identifiers, health and sex life/sexual orientation (section 35(8)).
  • Governance expectations: Logging, categorisation, and compliance with Part 3 principles and rights specific to law‑enforcement processing.

Competent authority in dangerous goods transport (ADR, RID, IMDG, ICAO/IATA)

Dangerous goods rules across all modes use “competent authority” to mean the body legally empowered to apply, supervise and enforce the code in a given jurisdiction. The label is functional: it identifies who may take decisions the regulations reserve to an authority, such as recognising specific arrangements, receiving notifications, or taking enforcement action. Because shipments move across borders and modes, the relevant competent authority depends on where the activity occurs and which rule set (ADR, RID, IMDG, ICAO/IATA) governs the movement.

How the modal codes use the term

  • ADR/RID (road/rail): Refer to the competent authority of the state concerned to carry out designated functions under the inland transport rules, including monitoring compliance with applicable statutes and regulations.
  • IMDG Code (sea): Uses “competent authority” to point to the national body empowered to implement and enforce maritime dangerous goods requirements within its jurisdiction.
  • ICAO Technical Instructions / IATA DGR (air): Rely on the state’s competent authority to oversee compliance with air transport requirements and exercise any powers allocated to an authority in the text.

In practice, competent authorities in dangerous goods transport typically:

  • Set domestic arrangements: Publish guidance on how the international code is applied in their jurisdiction.
  • Receive notifications/approvals: Where the code assigns a task to “the competent authority”, they are the addressee for submissions.
  • Monitor compliance: Plan inspections and take action for breaches, consistent with their legal powers.
  • Coordinate with peers: Work with other authorities when consignments, operators or incidents span multiple jurisdictions or modes.

For shippers, carriers and DGSAs, identifying the correct competent authority for the consignment and mode — and following its published instructions — is essential to staying compliant and avoiding disruption.

National competent authorities in financial services and markets

When money, securities and trading venues are involved, each country designates a national competent authority (NCA) to watch the shop. In the EU/EEA and the UK, an NCA is the organisation with legally delegated powers to perform the market‑supervision function — typically monitoring compliance with national statutes and regulations, receiving reports, and taking enforcement action where necessary. For cross‑border groups, the right NCA depends on where the firm is authorised and where the activity occurs.

  • United Kingdom – Financial Conduct Authority (FCA): The UK’s competent authority for markets and conduct.
  • France – Autorité des marchés financiers (AMF): France’s markets regulator.
  • Germany – BaFin: The Federal Financial Supervisory Authority.
  • Netherlands – AFM: Authority for the Financial Markets.
  • Luxembourg – CSSF: Commission de Surveillance du Secteur Financier.
  • Spain – CNMV: National Securities Market Commission.
  • Italy – CONSOB: The Italian securities regulator.
  • Ireland – Central Bank of Ireland (CBI): Acts as the competent authority for market supervision.
  • Portugal – CMVM: Portuguese Securities Market Commission.
  • Sweden – Finansinspektionen (FI): Financial supervisory authority.
  • Belgium – FSMA: Financial Services and Markets Authority.

For firms, the NCA is your first port of call for permissions and your principal counterpart for oversight: it sets local expectations, receives required notifications and reports, and investigates suspected breaches. If you operate in multiple jurisdictions, expect to interact with more than one competent authority — plan your governance, reporting lines and record‑keeping accordingly to meet each authority’s requirements without duplication or gaps.

Other common uses: health, environment and professional qualifications

Outside law enforcement and finance, “competent authority” often appears wherever public protection or recognition decisions must be anchored in law. In health and biosafety it points to the public body authorised to approve activities and enforce safeguards; in environmental protection it identifies who can investigate and prosecute breaches; and in professional mobility it names the body empowered to recognise qualifications and liaise with counterparts. Knowing who the competent authority is helps you route notifications, seek approvals and understand who can take enforcement action.

  • Health and biosafety: Public health departments or specialised agencies act as the competent authority to regulate specific domains (eg, biosafety/biotechnology), issue approvals and enforce health safeguards.
  • Environment: Bodies with statutory powers prosecute and enforce environmental offences; for example, in the UK the Environment Agency acts as a competent authority when bringing environmental prosecutions.
  • Professional qualifications: Designated professional bodies serve as the competent authority for recognition, providing information and advice to applicants, assessing competence, and collaborating with other competent authorities across borders.

In each case the label isn’t cosmetic: it confers legal powers and duties — to receive applications, make determinations, monitor compliance and, where necessary, sanction — so organisations must follow the competent authority’s procedures to remain compliant.

Competent authority, supervisory authority and regulator: key differences

These labels are often used interchangeably, but in law they serve different purposes. The safest way to keep them straight is to focus on what the statute is doing. When a rule book needs to pinpoint who can approve, supervise or enforce in that sector, it names a “competent authority”. When the subject is general data protection oversight, you’ll usually see “supervisory authority”. “Regulator” is a broader, everyday term that may describe either of the above depending on context.

  • Competent authority: A legally designated person or organisation empowered to perform specified functions under a particular regime. Examples in the SERP include law‑enforcement bodies under Part 3 DPA 2018 and national competent authorities supervising financial markets. The label ties powers to a specific statute or code.

  • Supervisory authority: A term used in data protection for the independent body that oversees compliance with the general processing regime. It receives complaints and supervises controllers and processors under that regime, which is distinct from the law‑enforcement framework that uses “competent authority”.

  • Regulator: A broad descriptor for bodies that regulate activities, often through rule‑making, supervision and enforcement. In many sectors the regulator is also the competent authority named in the sector rules (for instance, market supervisors listed as NCAs), but “regulator” on its own does not tell you which powers the body has in a given legal context.

In practice, always read the underlying legislation. If it says “competent authority”, follow that regime’s procedures. If your issue is general data protection (not law enforcement), route it to the supervisory authority. If guidance refers to a “regulator”, check which statutory hat it’s wearing for your specific purpose.

How competent authorities are designated and empowered

Designation is a legal act, not a label of convenience. In UK law, a body can be named directly in legislation (for example, Part 3 DPA 2018 points to “competent authorities” and Schedule 7 lists many of them) or qualify because it has statutory functions to exercise public powers for the defined purpose, and then only “to the extent” of those functions. EU sectoral regimes follow the same logic: each Member State names a national competent authority (NCA) to supervise a field (such as securities markets), and international transport codes refer to the “state’s competent authority”, which national law then assigns to a ministry or agency.

  • By explicit listing: The statute or a schedule names the authority for that regime (eg, DPA 2018 Schedule 7 for law‑enforcement processing).
  • By functional test: Any person or organisation with statutory powers for the stated purpose is a competent authority, limited to that remit.
  • By state nomination for EU regimes: Governments designate an NCA to monitor compliance with national statutes and regulations in that sector.
  • By reference in international codes: ADR, RID, IMDG and ICAO/IATA rely on each state’s appointed competent authority for decisions and enforcement.

Empowerment flows from the enabling Act, regulations or code: the authority can exercise only the powers that framework grants and only for the purposes it specifies. The same institution may wear multiple “hats” — competent in one context (eg, law enforcement) while acting under a different regime for general administration — so always check which statutory role applies.

What competent authorities do: typical functions and powers

Across UK/EU regimes, a competent authority is the legally empowered actor that turns rules into outcomes. While each statute or code defines precise powers, the core functions tend to cluster around permissions, supervision and enforcement, with clear duties on governance where personal data is involved.

  • Issue guidance and instructions: Explain how statutes or sector codes apply nationally, setting expectations for firms and public bodies within the legal framework.
  • Grant permissions and accept notifications: Receive and decide on applications, approvals and recognitions reserved to “the competent authority” (eg, designated arrangements, licences or notifications).
  • Supervise and monitor compliance: Conduct audits and inspections, request information, and review records to check adherence to national statutes and regulations.
  • Investigate breaches: Gather evidence and compel information where the law allows, including for criminal or regulatory offences within their remit.
  • Enforce: Apply administrative measures (eg, warnings, fines) and bring or refer prosecutions to the courts; market NCAs frequently publicise sanctions and convictions to protect integrity.
  • Coordinate with counterparts: Share information lawfully and work with other national competent authorities when activity or incidents cross borders or modes.
  • Fulfil data‑protection governance (law enforcement): When acting under Part 3 DPA 2018, log processing, categorise data, meet conditions for sensitive processing and, for joint operations, designate a controller contact point.
  • Provide public assistance: Offer information and advice to stakeholders; in professional recognition, assess applications and collaborate with other competent authorities.

For organisations, this means knowing which decisions require prior approval, what must be reported, how inspections are conducted, and which records (and logs) you must maintain to demonstrate compliance on request.

UK competent authorities by sector: quick examples

If you’re trying to work out who you must notify, seek approval from, or expect to inspect you, start with the sector and the legal regime in play. Below are plain‑English examples of UK bodies that the law treats as a “competent authority” in that context, drawn from the definitions and use‑cases referenced earlier.

  • Law enforcement (DPA 2018 Part 3): Police forces, criminal courts, prisons and other non‑policing law‑enforcement bodies acting under statutory powers. Local authorities can be competent authorities when prosecuting trading standards offences; the Environment Agency acts as a competent authority when prosecuting environmental offences.

  • Financial services and markets (NCA): The Financial Conduct Authority (FCA) is the UK’s national competent authority for market supervision, receiving reports, granting permissions and enforcing national statutes and regulations.

  • Dangerous goods transport (ADR, RID, IMDG, ICAO/IATA): For each mode, the UK designates the state “competent authority” referred to by the international code. That authority publishes national instructions, receives notifications/approval requests reserved to “the competent authority”, and oversees compliance for the mode concerned.

  • Professional qualifications: Designated professional bodies act as the competent authority for recognising qualifications, advising applicants and collaborating with counterpart competent authorities in other countries.

  • Environment and public protection: Where a statute gives an organisation powers to investigate, prosecute or enforce for specified offences, it is a competent authority to that extent and for that purpose.

Note the data‑protection nuance: for general processing, the UK’s supervisory authority is the ICO, but for law‑enforcement processing, the “competent authority” is the body carrying out the statutory law‑enforcement function under Part 3 of the DPA 2018.

EU competent authorities by sector: how they vary by member state

Across the EU/EEA, each Member State designates its own competent authorities for specific legal regimes. Structures differ: some countries appoint a standalone markets watchdog, others vest powers in the central bank; some split functions across multiple agencies. Despite the variety, the role is consistent — to monitor compliance with national statutes and regulations, receive required reports and notifications, and take enforcement action where needed. For cross‑border businesses, that means engaging with different authorities, timelines and formats depending on where activity occurs.

  • Financial markets – examples of NCAs: France – Autorité des marchés financiers (AMF); Germany – BaFin; Netherlands – AFM; Luxembourg – CSSF; Spain – CNMV; Italy – CONSOB; Ireland – Central Bank of Ireland; Belgium – FSMA; Sweden – Finansinspektionen; Portugal – CMVM; Austria – FMA; Poland – KNF; Denmark – Danish FSA; Czech Republic – Czech National Bank; Romania – ASF; Malta – MFSA.

Member States also appoint competent authorities in operational safety regimes. In dangerous goods transport (ADR, RID, IMDG and ICAO/IATA), each state names the “competent authority” referenced by the code — typically a ministry or specialised agency that issues national instructions, receives notifications/approvals reserved to “the competent authority”, and supervises operators under its jurisdiction.

Beyond markets and transport, the label appears wherever EU‑derived frameworks require a state‑level decision‑maker:

  • Professional qualifications: Designated professional bodies act as the competent authority for recognition, advising applicants and liaising with peers.
  • Environment and public protection: Authorities empowered to investigate and prosecute specified offences operate as competent authorities to that extent.
  • Law‑enforcement data processing: Bodies with statutory criminal‑justice functions act as competent authorities when processing for law‑enforcement purposes.

Always check the sector rulebook and national designation to confirm which authority applies — and for which purpose — in the Member State concerned.

How to identify the right competent authority for your situation

Start by framing the legal question you’re trying to answer. The “competent authority” is always defined by a specific statute or code and by the purpose of the activity. Mis‑routing approvals or notifications wastes time and can expose you to enforcement. Use this quick, reliable method to pinpoint the right body.

  • Fix the regime and purpose: Is this law‑enforcement processing (Part 3 DPA 2018) or general processing (UK GDPR/Part 2)? In Part 3, the primary purpose test applies: prevention, investigation, detection or prosecution of offences, or execution of penalties.

  • Determine the jurisdiction and sector: UK or an EU/EEA Member State; finance, dangerous goods, environment, professional recognition, etc. In EU/UK markets, look for the national competent authority (e.g., the FCA in the UK).

  • Check for explicit listings: Some laws name competent authorities directly (e.g., DPA 2018 Schedule 7 for law‑enforcement bodies). If listed, that settles it.

  • Apply the functional test where not listed: If a body has statutory powers to exercise public authority for the relevant purpose, it is a competent authority to that extent (e.g., local authorities prosecuting trading standards offences; environmental prosecutions).

  • For dangerous goods, match the mode: ADR (road), RID (rail), IMDG (sea) and ICAO/IATA (air) all refer to the state’s competent authority. Identify the authority designated nationally for the mode you’re using and follow its published instructions.

  • Account for cross‑border or multi‑activity scenarios: You may need to engage more than one competent authority (e.g., different Member States or different modes).

  • Verify scope and document your rationale: Confirm the powers and limits in the underlying statute/code and keep a short record of how you identified the authority.

Common pitfalls to avoid:

  • Confusing roles: The ICO is the supervisory authority for general data protection; under Part 3 DPA 2018, the “competent authority” is the law‑enforcement body itself.
  • Mode‑mix errors in DG: Using sea instructions for an air shipment (or vice versa).
  • Assuming one EU authority covers all countries: NCAs are national, not EU‑wide.
  • Missing a purpose shift: If your purpose changes, the applicable regime (and competent authority) may change with it.

With the right authority identified, the next question is when you must notify them or seek prior approval.

When you must notify or seek approval

You must notify or seek approval whenever the statute, regulation or code says that a matter is reserved to “the competent authority”. That signal appears explicitly in sector texts: some decisions require prior recognition or authorisation; others require routine or event‑driven reporting. In law‑enforcement processing under the DPA 2018, engagement is shaped by the Part 3 governance duties (eg, logging, categorisation and controller designation for joint processing), whereas in dangerous goods and financial markets, formal submissions to the authority are common.

  • When the rulebook says so: If the provision reads “notify the competent authority” or “obtain approval from the competent authority”, you must do exactly that, in the form and timeframe it specifies.

  • Approvals, exemptions and special arrangements: Where a code allows a derogation or recognises a specific arrangement, that recognition usually sits with the competent authority.

  • Regulatory reporting to NCAs: Financial‑market NCAs receive reports and notifications prescribed by national statutes and regulations; missing these is an enforcement risk.

  • Dangerous goods submissions: ADR, RID, IMDG and ICAO/IATA reserve certain notifications and approvals to the state’s competent authority; use the authority designated for your mode and jurisdiction.

  • Professional recognition: Applications to recognise a professional qualification are made to the designated competent authority, which assesses and liaises with counterparts.

How to check and stay right:

  • Read the operative provision: Look for the words “competent authority”.
  • Match sector, mode and jurisdiction: Identify the correct authority for that context.
  • Follow published instructions: Use the authority’s formats and timelines.
  • Record your rationale: Keep evidence of how and when you complied.

Getting this right reduces delays, avoids refusals, and lowers the chance of enforcement action.

Records, audits and communications: working with competent authorities

Competent authorities exist to turn statute into supervision and enforcement, so your records and communications must show how you meet the specific regime and purpose in play. Expect inspections and information requests focused on whether you followed the authority’s published instructions, made required notifications or sought approvals on time, and kept governance in order (for law‑enforcement processing under Part 3 DPA 2018, that includes logging and categorisation obligations).

Records that stand up to scrutiny

  • Map regime and purpose: Note the statute/code and the activity’s primary purpose; if the purpose later changes, record when and why the applicable regime switched.
  • Evidence of submissions: Keep copies of notifications, approvals and acknowledgements reserved to “the competent authority”, with timestamps.
  • Governance under Part 3 DPA 2018: Maintain logs, data categorisation, lawful basis aligned to the law‑enforcement purposes, and conditions relied on for any sensitive processing; document controller/processor roles.
  • Operational controls: Retain current procedures, version history, training completions and incident logs tied to the relevant statute or code.

Handling audits and inspections

  • Clarify scope and appoint a lead: Nominate a single point of contact and confirm which legal powers and timeframe the request relies on.
  • Prepare a concise evidence pack: Provide the requested records, cross‑referenced to the statute/code and the authority’s instructions.
  • Be ready to explain decisions: Show how you identified the competent authority and why notifications/approvals were or were not required.

Communications that build trust

  • Use official channels and timelines: Respond factually, on time, and in the format the authority specifies.
  • Document advice: Record queries and any guidance received from the authority, and reflect it in updated procedures.
  • Designate contacts for joint work: For Part 3 joint processing, ensure a controller contact point is in place for data subjects and the authority.
  • Close out actions: Track findings, assign owners and record completion with evidence.

For shippers and DGSAs: why competent authorities matter in practice

On the ground and in the back office, the difference between a smooth clearance and a stranded load often comes down to how you handle the competent authority. The dangerous goods codes (ADR, RID, IMDG, ICAO/IATA) reserve certain decisions, notifications and approvals to the “competent authority” of the state concerned. Knowing who that is for your mode and jurisdiction — and following their national instructions — keeps consignments moving and audits uneventful.

  • Approvals and recognitions: Where the code permits a specific arrangement or requires prior authorisation, only the competent authority can grant it. Using the wrong body stalls shipments.
  • Event-driven notifications: Incident, non‑conformity or safety notifications that the code assigns to “the competent authority” must go to the right state authority, in the right timeframe.
  • Mode and border changes: Multimodal or cross‑border routings may trigger engagement with more than one competent authority. Plan routes and documents accordingly.
  • National instructions: Authorities publish how they apply international rules domestically. Procedures, formats and lead times can differ by state.
  • Inspection readiness: Competent authorities monitor compliance with national statutes and regulations. Clear records of classifications, training, packaging, and any submissions or approvals are essential.
  • DGSA assurance: Advisers are expected to identify the correct authority, justify when approvals/notifications are required, and evidence that the operator followed the authority’s instructions.

For shippers and DGSAs, a short, written rationale for which competent authority applies — by mode, state and purpose — plus copies of submissions and acknowledgements, is practical insurance. It reduces delays, supports frontline teams, and stands up when an inspector asks, “Why did you do it this way?”

Frequently asked questions

This section answers the practical questions we hear most often from compliance teams, DGSAs and data‑protection leads. The short answers below point you back to the legal tests used in UK/EU regimes so you can quickly decide who the competent authority is, when to engage them, and what they will expect from you.

What does “competent authority” actually mean?
It means the person or organisation that the law designates to perform a specific function — approve, supervise, receive notifications and enforce. “Competent” here is legal status, not a statement of expertise. The identity of the competent authority depends on the regime and purpose.

Who is the competent authority in the UK?
There isn’t one universal body. In markets, the Financial Conduct Authority (FCA) is the UK’s national competent authority. For law‑enforcement processing under the DPA 2018, the competent authority is the policing, courts or other body with statutory criminal‑justice powers; for dangerous goods, each mode refers to the state’s designated competent authority.

What is a competent authority under the UK GDPR/DPA 2018?
Part 3 DPA 2018 applies to “competent authorities” processing for law‑enforcement purposes. You’re a competent authority if you are listed in Schedule 7, or to the extent you have statutory functions to exercise public authority for those purposes. The primary purpose test determines whether Part 3 applies.

What does a competent authority do?
Typical functions include issuing guidance, receiving notifications, granting approvals, supervising compliance and taking enforcement action. Market NCAs oversee compliance with national statutes and regulations, while dangerous goods authorities handle decisions expressly reserved to “the competent authority” in ADR, RID, IMDG or ICAO/IATA.

When do I need to notify or seek approval?
Whenever the statute or code says “notify the competent authority” or “obtain approval”. This includes approvals or specific arrangements, prescribed regulatory reports, and event‑driven notifications. Use the forms, timelines and channels the authority publishes for that regime.

What counts as “sensitive processing” under Part 3 DPA 2018?
Extra rules apply when processing data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic or biometric data for unique identification, health data, and sex life or sexual orientation. You must meet the specific conditions and governance duties in Part 3.

Key takeaways

“Competent authority” is a legal status, not a compliment. It names the body empowered by a specific statute or code to approve, supervise, receive notifications and enforce — and it always depends on regime, purpose and jurisdiction. This guide showed where the term appears in UK/EU law, how to identify the right body, and how to work with it confidently.

  • It’s regime‑specific: Tied to a statute or code and the activity’s primary purpose.
  • Data protection split: Part 3 DPA 2018 uses “competent authority” for law‑enforcement processing; the ICO is the supervisory authority for general processing.
  • Dangerous goods are modal: ADR/RID/IMDG/ICAO‑IATA point to the state’s competent authority; follow its national instructions for notifications/approvals.
  • Markets use NCAs: Finance is overseen by national competent authorities (eg, the FCA in the UK) with reporting, supervision and enforcement powers.
  • Identify, then document: Fix the regime and jurisdiction, check listings or apply the functional test, and record your rationale.
  • Engage on the text: Notify/seek approval when the rule says so; keep evidence, logs and audit‑ready records.

Need practical help applying this, especially for dangerous goods? Train your team and streamline compliance with Logicom Hub.