Laws, Regulations and Standards – What is the difference?

Posted by: Chris Duden

Home/ Blog / Laws, Regulations and Standards – What is the difference?

This question came up the other day; a question that I’ve answered on many occasions over the years.  Admittedly, the differences between how the terms are used can be quite confusing.  The question is usually asked by individuals who do not have a background in compliance; they just know they need to follow the Clean Air Act and its associated EPA regulations, NERC, ISO27K, BVPC, etc. and they hear the terms used in a seemingly interchangeable way.

Speaking in terms of North America, the layman’s explanation is fairly easy to grasp.  Laws (or Statutes) are the actual laws as passed by the legislative branch, be it the U.S Congress or various state legislatures.  In general, these laws specify the “what” the law is to achieve and the “when” it is to go into effect.  On a federal level, these laws\statutes compose the entirety of the US Code.

The Executive Branch controls the various departments and agencies of government – from the EPA to Homeland Security, and those agencies are responsible for implementing the laws passed by Congress.  These departments and agencies promulgate regulations, dictating the “how” the law is to be implemented.  On a federal level, these regulations compose the entirety of the CFR (Code of Federal Regulations).

If this all sounds familiar it is no doubt because we learned about the separation of powers in grade school.  The Legislative and Executive branches are two legs of the three legged stool in our Constitution, the third being the Judicial branch which determines the constitutionality of the laws passed by Congress.  Laws and Regulations are just the vehicles for the Legislative and Executive branches of government to exercise their respective powers.

So how do Standards fit into this mix, especially in the GRC space?  Many departments and agencies rely on voluntary standards in lieu of proscriptive regulations, and many of these standards are maintained by private organizations (ISO, ASTM, NERC etc.).  An example of a voluntary standard that is widely adopted would be ASME BVPC (Boiler and Pressure Vessel Code) although even here the terminology can be confusing as many states have mandated the BPVC as law, and I have heard many people refer to the BPVC as a set of regulations.  The confusion arises when a regulatory body makes a standard mandatory.  At that point, the standard has the force of law and is treated like a regulation.

How can we help?

Predict360 is a fully configurable and automated Enterprise Risk and Compliance management platform that has over 40+ modules for Financial sector, Energy sector, Oil & Gas and other major sectors. Some of the popular modules include, policies and procedures management, risks and controls, audit management software, on-line training and qualifications, in a single cloud-based platform.

Remain up-to-date on industry news / updates through our  Twitter & Linkedin profiles.

Request a Demo

Request a Demo

Complete the form below and our business team will be in touch to schedule a product demo.

By clicking ‘SUBMIT’ you agree to our Privacy Policy.

Stay Informed About Upcoming Webinars & Events!