1. Introduction
This set of regulations defines the requirements for TAPA certification of companies within the EMEA region. The framework is based on the standards of the International Accreditation Forum (IAF), German & Swiss Accreditation Bodies, and the Dutch Raad voor Accreditatie.
The objective is to ensure a standardized, transparent, fair, and consistent certification process.
2. Scope
This regulation is mandatory for:
- TAPA EMEA new members/ non-members interested in certification from the moment this document is published, according to the date in the footer/publication history on the last page of the document
- Existing members, effective January 01st, 2026
- Full implementation and standardization by January 01st, 2027
- Transition periods and exceptions are possible upon agreement with the TAPA EMEA Executive Team
- Non-member companies that choose not to obtain TAPA EMEA membership but wish to utilize the necessary certification-related services by paying the applicable non-member fees
3. Certification Eligibility
Under the membership criteria (fees), only commercially registered companies with a verifiable legal affiliation to a TAPA EMEA-registered member organization can be certified.
Special agreements for non-member companies are outlined in this chapter as well.
The following criteria must be met:
- The company must have an official commercial register entry in its respective country.
- The name on the certificate must match the name registered in the commercial register and tax identification number.
- The mention of the certification location (city/country*) can optionally be added in parentheses on the certificate.
(*This does not affect the Authorized Auditor (AA) regulation, the requirement, or the necessity of a responsible person to ensure and uphold the TAPA security standards/ levels per location. Central Functions (CF) of a Multisite CERT can also operate across regions but must have an AA function trained and assigned for each location.
- Non-member companies may apply for certification, provided they pay the applicable non-member fees and comply with the same certification requirements and documentation obligations as TAPA EMEA members.
4. Regulations for Corporate Structures
- Subsidiaries or economically independent companies cannot be certified under the name of a TAPA EMEA member organization unless documented legal affiliations exist.
- In the case of a group/ holding* organizational structure or enterprise memberships, proof of affiliation is required.
(*A group/ holding structure gets created when one limited company owns another limited company. The limited company at the top of the structure becomes what is commonly known as a ‘holding company’. A holding company can have many different subsidiaries, that is, companies beneath it, that it controls. A Group company has the same characteristics as a holding company in terms of composition of companies, restrictive use and consent, however, a distinct characteristic is that it must comprise three or more associated companies with common shareholders and similar names.)
Example:
- Companies without verifiable affiliation to a member organization are considered non-members and may obtain certification by paying the non-member fees. They are subject to the same rules and documentation obligations as TAPA EMEA member companies.
5. Documentation Requirements
To confirm affiliation, the following documents may be required, as needed:
- Commercial register extract with identification number
- Shareholder agreement or corporate structure documents
- Tax registration certificates
- Proof of shared management and security structures
6. Compliance with Accredited Standards
This approach aligns with the principles of equal treatment and certification guidelines for accredited standards in the EMEA business sector. The application of relevant chapters from the regulations of the International Accreditation Forum (IAF), German & Swiss Accreditation Bodies and RvA is permitted if they contribute to clarification and implementation.
7. Implementation and Deadlines
- Effective immediately and upon publication (as per the date in the footer/ publication history on the last page of the document) for new members & non-members
- Existing members must comply with the regulations by January 01st, 2027
- Transition periods and individual exceptions may be granted in consultation with the TAPA EMEA Executive Team but must remain regulation-compliant
8. Compliance with International Certification Guidelines
The certification requirements align with internationally recognized standards:
- International Accreditation Forum (IAF) – Multi-Site Certification Approach (IAF MD 1 and IAF MD 2):
- A multi-site certification is possible if central control, standardized processes, and management systems are in place.
- Holding structures or independent subsidiaries do not automatically fall under this regulation.
- ISO/IEC 17021 – Requirements for Certification Bodies:
- Certification bodies (IABs*) must verify whether an economic or organizational affiliation exists.
(*Thus, the Certification Body (IAB) acts as a contract partner and agent of TAPA EMEA upon commissioning and must pre-verify whether an economic or organizational affiliation exists before the tracking number application is submitted.)
- Certificates must not be issued to independent companies that are only loosely connected (e.g., through corporate structure).
- German & Swiss Accreditation Bodies / Dutch Raad voor Accreditatie – Certification Requirements:
- Companies must prove legal and organizational affiliation if they seek joint certification.
- Tax numbers, commercial register entries, or shareholder structures are potential proofs of affiliation.
9. Final Provisions
This set of regulations is binding for all TAPA EMEA members/ non-members interested in certification and will be regularly reviewed to ensure compliance with international accreditation and certification standards.
