What the term names in the US system.
Use this layer to stop vague credibility claims. A buyer can only trust a term when the page says what body, pathway, rule, or process the term actually belongs to.
See FedRAMP
Reference for the regulatory bodies, procurement frameworks, and incentive programs that show up in cross-border US market entry. Each entry carries precise source links and routes into the relevant pillar work.
Each entry should tell a foreign operator what the term means, what it is not, where it appears in the US market-entry path, and which commercial surface has to make it legible.
Use this layer to stop vague credibility claims. A buyer can only trust a term when the page says what body, pathway, rule, or process the term actually belongs to.
See FedRAMPUse this layer when home-market teams treat a certificate, acronym, or registration as if it closes the US buyer's risk question. It usually does not.
See ISO 9001Use this layer to route from reference to action: page copy, sales deck, distributor material, procurement file, or engagement scope.
See engagementsFederal Risk and Authorization Management Program. Standardised approach for assessing, authorising, and continuously monitoring cloud products for US federal government use. Three baselines (Low, Moderate, High), Rev 5 from May 2023.
Read the entry →Cybersecurity Maturity Model Certification. DOD requirement for contractors handling Federal Contract Information or Controlled Unclassified Information. CMMC 2.0 has three levels finalised October 2024.
Read the entry →Federal Acquisition Regulation, codified at 48 CFR Chapter 1. Uniform policies and procedures for acquisition of supplies and services by US federal executive agencies. Issued jointly by DOD, GSA, and NASA.
Read the entry →Defense Federal Acquisition Regulation Supplement, codified at 48 CFR Chapter 2. DOD-specific supplement to FAR. Adds defense-mission-specific cybersecurity, domestic-source preferences, and Berry Amendment provisions.
Read the entry →North American Industry Classification System. Six-digit code identifying business industries. Required field on SAM.gov entity registration and federal RFP responses. Sets size standards for small-business eligibility.
Read the entry →General Services Administration Multiple Award Schedule. Long-term governmentwide contract providing federal/state/local agencies streamlined access to commercial products, services, and solutions at pre-negotiated terms.
Read the entry →System for Award Management. US federal entity registration database. Mandatory for any entity seeking federal contracts above the micro-purchase threshold. Includes UEI, CAGE/NCAGE, NAICS, FAR/DFARS reps and certs.
Read the entry →International Traffic in Arms Regulations, 22 CFR Parts 120-130. Administered by US State Department DDTC. Controls export and temporary import of defense articles and services on the US Munitions List.
Read the entry →Export Administration Regulations, 15 CFR Parts 730-774. Administered by US Department of Commerce BIS. Controls exports, re-exports, and in-country transfers of dual-use items via the Commerce Control List and ECCNs.
Read the entry →EU Medical Device Regulation replacing the Medical Device Directive. Full application 26 May 2021. Stricter clinical evidence, mandatory Notified Body involvement for higher classes, UDI, EUDAMED, PRRC. Does not equal FDA clearance.
Read the entry →Premarket Notification under Section 510(k) of the FD&C Act. 21 CFR Part 807 Subpart E. Most common FDA medical device pathway. Demonstrates substantial equivalence to a legally marketed predicate device.
Read the entry →Quality System Regulation. Current Good Manufacturing Practice for finished medical devices. Being harmonised with ISO 13485:2016 under QMSR, effective 2 February 2026.
Read the entry →FDA CDRH framework for pre-submission interactions. Pre-Sub, Submission Issue Request, Study Risk Determination, Informational and Agreement Meetings. Voluntary but recommended for novel devices and unclear pathways.
Read the entry →Production Part Approval Process. AIAG standard, currently Fourth Edition. Five submission levels with 18 elements. Required by Detroit Three (Ford, GM, Stellantis NA) and most global OEMs. European VDA 2 not directly substitutable.
Read the entry →Advanced Product Quality Planning. AIAG framework for automotive product development. Five phases with gate reviews, DFMEA, PFMEA, control plans, MSA, SPC. Required by IATF 16949 and customer-specific requirements.
Read the entry →International Automotive Task Force quality management standard. IATF 16949:2016 built on ISO 9001:2015. Required by IATF OEMs (BMW, Daimler, FCA/Stellantis, Ford, GM, JLR, Renault, VW). CSRs differ by OEM.
Read the entry →United States-Mexico-Canada Agreement rules-of-origin requirement. 75% RVC for passenger vehicles and light trucks (phased from 66%), 70% for heavy trucks. Plus 40-45% Labor Value Content at 16 USD/hour and 70% steel/aluminium rule.
Read the entry →Inflation Reduction Act 2022 Clean Vehicle Credit. Up to $7,500 federal tax credit for qualified clean vehicles. Critical-minerals requirement and battery-components requirement, phased 2024 through 2029. Foreign Entity of Concern restrictions.
Read the entry →41 USC Chapter 83. The federal preference rule for domestic end-products in direct government procurement. Establishes price differentials and waiver criteria that gate foreign-supplier eligibility on US federal files.
Read the entry →40 USC 3141. Prevailing-wage rule for federally funded construction. Wage determinations issued by US Department of Labor. Reshapes how a foreign bidder prices labour into a US federal-funded RFP response.
Read the entry →41 USC Chapter 67. Federal wage-and-benefits rule for service contracts. Sets the floor for hourly wages and fringe benefits a foreign service provider must price into a US federal service-contract bid.
Read the entry →Defense Contract Audit Agency. Federal audit body that reads contractor cost accounting and indirect-rate structure before cost-reimbursement defense work is awarded. A first DCAA review reshapes a foreign supplier's US cost system.
Read the entry →Committee on Foreign Investment in the United States. Interagency body that reviews foreign investment in US businesses for national-security risk. Covers minority positions, JVs, and certain real-estate transactions.
Read the entry →Foreign Corrupt Practices Act. 15 USC 78dd. US anti-bribery statute with extraterritorial reach to foreign-owned operating companies touching US commerce. Books-and-records and internal-controls provisions apply to issuers.
Read the entry →Sarbanes-Oxley Act 2002. US financial-controls regime for public companies and their subsidiaries. Section 302 and 404 shape audit, board, and internal-controls posture inside US-held operating companies.
Read the entry →Regulation (EU) 2024/1689. Horizontal AI regulation. Risk-tiered obligations on providers and deployers, GPAI model rules, and reach into AI systems placed on the EU market regardless of provider jurisdiction.
Read the entry →Digital Operational Resilience Act. Regulation (EU) 2022/2554. ICT-risk and third-party-provider rules for EU financial entities. Reaches ICT third-party providers serving EU financial entities regardless of provider jurisdiction.
Read the entry →Qualifying Free Zone Person. UAE corporate-tax regime for free-zone entities. Defines the 0% rate gate on qualifying income and the conditions that govern DIFC and ADGM structuring.
Read the entry →Cornerstone guide for Mittelstand and DAX-listed operators. References every regulatory framework in this glossary in operator-context.
Read the guide →SAM.gov registration walkthrough, NAICS code mapping, GSA Schedule pathways, FAR Part 9 responsibility determination.
Read the handbook →Detailed walk through FedRAMP Rev 5, CMMC 2.0 levels, NIST SP 800-171/53, IL2-IL6, ITAR/EAR architecture, FOCI mitigation.
Read the piece →This page matters when a real company enters a new market and the buyer reads the company, proof, offer, price, channel, or follow-up wrong.
| Buyer action | Use this term only where it changes a market-entry decision, proof requirement, or buyer-risk read. |
| Wrong market read | Misuse happens when the term becomes decoration, compliance theater, or internal language that does not help a buyer decide. |
| Proof and trust | Use the term where it changes proof, trust, risk, payment/contact path, offer localization, or sales handoff. |
| Next move | After the term is clear, route to the related market, answer, or /engagements/ page. |