Darko Pavic - Global Retail & Fiscalization Expert
Let's Talk

Compliance in Global Retail: The 2026 Overview

  • Darko Pavic
  • February 20, 2026
  • 0

If you want to understand why compliance has become a board-level retail topic, start with an overview.

Global retailers are no longer managing “rules.” They are managing systems of proof: proof of correct tax treatment, proof of secure payments, proof of safe products, proof of responsible sourcing, proof of resilient operations, and proof that digital experiences are fair and accessible.

Fiscalization is only one part of it, often a surprisingly small one. And if you know how complex fiscalization already is, you can imagine what it means to implement compliance across all these areas at once. In global retail, these are not optional initiatives. Compliance is mandatory.

If you’re asking yourself how to manage all of this more effectively, with lower risk and lower cost, I recommend my book, “The Fiscalization Compliance Maturity Model.” It’s designed to help organizations not only implement compliance in a more structured way, but also use compliance as a competitive advantage

Here is the compliance landscape, structured as an overview, almost like a checklist.

Compliance map (checklist)

1) Transaction, tax, and reporting compliance

  • Fiscalization / sales data integrity: Ensures every sale is recorded with a tamper-proof audit trail and, in many countries, reported to tax authorities in near real time. It protects you from fines and from “data credibility” disputes during audits.
  • E-invoicing and digital reporting: Requires invoices in structured electronic formats and often near-real-time reporting to authorities. It forces consistent invoice logic across ERP, POS, and e-commerce.
  • VAT / GST / sales tax calculation and reporting: Applies the right tax rate, exemptions, and rules per product, location, and channel. Mistakes scale fast when you sell cross-border.
  • Corporate tax and transfer pricing: Governs how profits are allocated across countries and entities. Poor documentation can trigger audits and double taxation.
  • Financial reporting controls (SOX-like): Ensures financial numbers are accurate, traceable, and controlled. Weak controls create audit findings and investor risk.
  • Record retention and audit readiness: Defines how long you must keep invoices, receipts, logs, and master data. Without retention discipline, you can “fail” an audit even if you were compliant operationally.

2) Payments, fraud, and financial crime

  • Card payment security (PCI DSS): Protects card data and reduces breach and chargeback risk. Noncompliance can lead to penalties and even loss of card acceptance.
  • Payment regulations (e.g., strong authentication): Sets rules for authenticating customers and securing digital payments. If you miss it, conversions drop or transactions get blocked.
  • Instant payments readiness: Requires faster reconciliation and stronger fraud controls because money moves immediately. “Verification of Payee” adds new data-quality requirements.
  • AML / CTF: Detects and reports suspicious financial activity, especially in high-risk markets or high-value goods. Gaps can bring regulator scrutiny and banking restrictions.
  • Chargebacks, disputes, and payment rights: Ensures you meet rules around refunds, disputes, and evidence. Poor processes directly increase cost and fraud exposure.
  • Gift cards and stored value: Covers issuance, expiry rules, and unclaimed property in some jurisdictions. These programs can create hidden liabilities if managed loosely.

3) Product compliance and what you are allowed to sell

  • Product safety: Ensures products meet safety standards and can be recalled efficiently if needed. One incident can become a multi-country crisis.
  • Product traceability: Captures batch/serial and supply-chain information to target recalls and prove origin. It reduces operational chaos during quality events.
  • Digital Product Passport readiness: Builds a product “identity file” with materials, sustainability, and lifecycle data where required. It turns sustainability claims into verifiable data.
  • Labeling and claims: Ensures packaging and online listings meet disclosure rules and avoid misleading statements. This includes allergens, warnings, and environmental claims.
  • Restricted and age-controlled products: Applies legal rules for alcohol, tobacco, medicines, and age-rated goods. Failures can lead to fines, license loss, and brand damage.
  • Category-specific regulations: Adds extra obligations for food, cosmetics, toys, electronics, and more. Compliance depends on your assortment mix, not your brand size.
  • Second-hand / refurbished goods: Requires clear condition disclosure and, in some cases, safety checks and documentation. It’s crucial for resale models and recommerce.
  • IP and counterfeit prevention: Protects you from selling infringing or counterfeit goods, intentionally or not. It also safeguards marketplace and supplier relationships.

4) Supply chain, sourcing, and third-party compliance

  • Supplier due diligence: Verifies suppliers meet expectations on labor, human rights, and environmental practices. Retailers are increasingly expected to prove oversight, not just promise it.
  • Vendor risk management (tech and service providers): Assesses whether partners meet security, privacy, and resilience requirements. Your compliance is only as strong as your weakest vendor.
  • Origin and provenance controls: Confirms where goods come from and whether claims like “made in” are accurate. It also supports customs, sanctions, and sustainability proof.
  • Ethical audits and corrective action: Ensures issues found in the supply chain are fixed and tracked. Without follow-through, audits become theater and risk remains.
  • Logistics compliance: Covers cold chain, hazardous goods, and controlled substances in transport and storage. A logistics failure can become a legal failure.

5) Trade, customs, and geopolitical compliance

  • Customs classification and valuation: Determines duties, taxes, and documentation requirements for imports. Errors cause delays, penalties, and unexpected landed cost.
  • Sanctions screening: Prevents transactions with prohibited countries, entities, or individuals. Violations can lead to severe penalties and banking restrictions.
  • Tariff and trade policy volatility: Requires fast adjustments to sourcing and pricing when duties change. Retailers who model this well protect margin and availability.
  • Cross-border e-commerce obligations: Includes registrations and local rules for distance selling and marketplaces. Noncompliance can block sales or trigger retroactive tax claims.

6) Data privacy and customer data governance

  • Privacy compliance (GDPR/CCPA-like): Controls how you collect, use, and retain personal data. Fines are costly, but loss of trust is worse.
  • Cross-border data transfers: Governs moving personal data between countries and cloud regions. It affects system architecture and vendor choices.
  • Loyalty and profiling rules: Regulates personalization, segmentation, and automated marketing decisions. You need clear consent and explainable practices.
  • Cookies and tracking compliance: Controls tracking for advertising and analytics on web and apps. Poor setup can make marketing data unusable or unlawful.

7) Cybersecurity and operational resilience

  • Security baseline controls: Requires strong identity, patching, logging, and endpoint protections. Retail is a high-value target because downtime equals lost revenue.
  • Incident and breach reporting: Defines when and how you must report cyber incidents to regulators and customers. Speed and evidence matter as much as technical containment.
  • Business continuity and disaster recovery: Ensures stores can trade and supply chains can operate during outages. Resilience is now part of customer experience.
  • Software supply-chain security: Manages risks from third-party components, scripts, and updates. A small dependency can become a major breach vector.

8) AI, automation, and digital identity

  • AI governance: Sets controls for bias, transparency, and human oversight in AI decisions. It’s essential for AI in pricing, hiring, fraud, and service.
  • Automated decision compliance: Regulates when and how machines can decide outcomes for customers or employees. You need explainability and appeal paths where required.
  • Digital identity and age verification: Uses stronger identity checks for regulated goods and high-risk transactions. Wallet-based identity will raise expectations at checkout.

9) ESG and sustainability obligations

  • ESG reporting and assurance: Requires structured reporting on emissions and impacts, sometimes with external assurance. Weak data quickly becomes a legal and reputational risk.
  • Packaging and waste (EPR): Covers producer responsibility fees, labeling, and recycling obligations. It influences packaging design and supplier requirements.
  • Circular economy requirements: Supports repair, take-back, and resale programs with compliance built in. Done well, it reduces waste and creates new revenue streams.
  • Environmental product rules (RoHS/WEEE-type): Applies restrictions and take-back duties for electronics and hazardous substances. Noncompliance can block products at the border.

10) Consumer protection, pricing, and marketing compliance

  • Pricing transparency and promotions: Requires clear pricing history and truthful discount messaging. Poor compliance can trigger penalties and consumer backlash.
  • Returns, refunds, and warranties: Defines customer rights and minimum service levels. It directly affects reverse logistics cost and brand trust.
  • Advertising and claims compliance: Ensures marketing statements are truthful and substantiated, including “green” claims. Regulators increasingly treat misleading claims as enforcement targets.
  • Subscriptions and recurring billing rules: Requires clear terms, easy cancellation, and fair renewal practices. Hidden friction is becoming a legal risk, not just a UX choice.
  • Accessibility (digital and in-store): Requires websites, apps, and sometimes self-service checkout to be usable by people with disabilities. Compliance improves reach and reduces legal exposure.

11) Labor, workplace, and store operations

  • Employment law and scheduling: Covers wages, working time, and fair scheduling obligations. Workforce compliance failures scale quickly across store networks.
  • Health and safety: Requires training, incident tracking, and safe store and warehouse operations. Strong safety culture reduces legal risk and turnover.
  • Contractor and right-to-work compliance: Ensures third-party labor and hiring checks meet local rules. Violations can create joint-employer exposure.
  • Employee data privacy and monitoring: Regulates monitoring, biometrics, and workforce analytics. Retailers need clear purpose, limits, and transparency.

12) Corporate governance and ethics

  • Anti-bribery and corruption: Controls gifts, facilitation payments, and third-party agents. It’s critical in expansion markets and public-sector touchpoints.
  • Whistleblowing and investigations: Requires safe reporting channels and documented follow-up. It’s a strong early-warning system when run properly.
  • Competition and antitrust: Prevents illegal coordination, abuse of dominance, and unfair supplier practices. Breaches can trigger major fines and long-term restrictions.