Regulatory Compliance for Consumer Goods Brands Selling DTC

Regulatory Compliance for Consumer Goods Brands Selling DTC

The Notice That Cost Veracity Wellness Its Launch Quarter

The brand I will call Veracity Wellness sold $4 million worth of magnesium and probiotic powders through Chemist Warehouse and Priceline before they ever ran a paid ad to their own website. The on-pack copy had been signed off by the retailers' compliance teams. The regulatory file sat in a Dropbox folder no one had opened in eighteen months. The board approved a DTC launch in February. The Therapeutic Goods Administration sent a compliance notice in June.

The trigger was a single product page. The wording on the bottle read fine because it lived inside a pharmacy, surrounded by other pharmacist-controlled goods, with the retailer absorbing the obligation to vet therapeutic claims. The same wording on the brand's own product page, indexed by Google, served to anyone with a credit card, was treated by the TGA as advertising of a therapeutic good. Two of the three SKUs on the new Shopify site were flagged. Veracity's launch quarter went from a planned $600k contribution channel to a six-week takedown, a frantic re-shoot of packaging photography, and a legal bill that ate the entire first-year DTC budget.

Veracity is a composite. The pattern is not. I have watched this exact sequence play out across at least a dozen FMCG brands that crossed from wholesale into DTC between 2023 and 2026. The brand assumes the on-pack language they won at the retailer is portable. It is not. The retailer was the regulatory shield. Selling direct removes the shield in the time it takes to publish a product page.

The ACCC published its final environmental claims guidance in late 2023, then ran an internet sweep of 247 businesses and found that 57 percent had made concerning environmental and product claims. The regulator named misleading claims and unsafe goods sold through digital channels among its 2026-27 enforcement priorities. At least one in two FMCG brands launching DTC in this country are doing so with claims that already fail the regulator's own published test. Veracity's notice was not bad luck. It was the median outcome.

I run this story first because compliance feels abstract until you see the calendar. The brand had budgeted twelve weeks to launch, eight weeks to find product-market fit, and four weeks to ramp paid acquisition. The notice consumed the launch quarter and pushed contribution into a Q3 number the board never recovered. The CMO left in October. The investor deck for the next round had to carry a regulatory disclosure on slide nine.

The notice itself was three pages long. It listed the offending claims, named the rule the brand had broken, set a fourteen-day window to respond, and reserved the regulator's right to publish the matter on its public register. The brand's first instinct was to call the retailer's compliance team and ask for help. The retailer politely declined. The retailer's clearance covered the retail pack, sold inside the retailer's stores, under the retailer's pharmacist supervision. The DTC site was, in the retailer's words, a separate trading entity with separate obligations. The shield was gone the moment the brand started taking the order itself.

Why the Math Doesn't Work: The Hidden Liability per Parcel

The retailer-as-shield model collapses on three economic fronts at once.

The first front is advertising scope. While the product sat inside Chemist Warehouse, the on-pack claim was a piece of in-store packaging vetted by a pharmacist-led compliance team. The same product on a brand-owned page, written into hero copy, repeated in an email flow, and cross-referenced by an influencer's discount code, becomes therapeutic-goods advertising under the TGA's published advertising compliance plan. The plan sets out a risk-based posture: the regulator targets the claims most likely to harm consumers, and a Shopify product page beats a sealed bottle on shelf for harm risk every time. The TGA confirmed the same posture across 2026 and 2027 in its compliance principles statement, naming proactive enforcement and digital channel monitoring as core operating commitments.

The second front is per-parcel attribution. A retailer ships a pallet. The brand ships a parcel with the brand's name on the air-waybill and the brand's ABN on the receipt. Every parcel that crosses a state line, every parcel that lands in California, every parcel a NZ customer orders on the brand's domain becomes a discrete regulated event. Country-of-origin claims, ingredient disclosures, allergen warnings, and warning labels are no longer absorbed by the retailer's freight ops. They sit, item by item, on the brand. The ACCC's own country of origin claims guidance under the Australian Consumer Law makes this explicit when a brand's DTC packaging differs in any way from the retail pack, which it almost always does because retail packs carry barcode panels and shelf-edge logic that DTC packs strip out.

The third front is the math of the penalty. Prop 65 in California carries a $2,500-per-day penalty for unwarned products, applied per SKU per consumer. The OEHHA's own business FAQ confirms that out-of-state internet retailers are treated as covered businesses once they have ten or more employees and ship into the state. An Australian skincare brand selling thirty units of a citrate-based serum into California carries roughly $75,000 of daily exposure if a single warning is missed. That is not a hypothetical. It is the line item the brand's lawyer reads back to them after the first complaint.

Stack the three fronts. Wholesale margin per unit might be 40 percent. DTC margin per unit might rise to 65 percent. A single TGA notice that pulls a SKU for six weeks costs more than a year of the contribution lift the channel was meant to deliver. The math is not subtle. The math is that one missed clearance wipes out the entire reason the brand launched DTC in the first place.

The cost of running a real compliance function is small compared to the cost of skipping one. A regulatory consultant on a quarterly retainer in Australia costs roughly $8,000 to $20,000 a year for a brand at the $1M to $10M revenue band. A specialist takedown lawyer brought in after a notice costs $400 to $700 an hour and burns through a $30,000 retainer in the first three weeks. The brand chooses, in effect, between an annual line item and a one-off six-figure event. Most brands choose the event by default, because the line item never gets approved at the budget meeting.

The Label Truth Framework Blueprint

The fix I run with brands in this position is The Label Truth Framework. The blueprint treats every parcel as a regulated event with its own labelling, advertising, and jurisdictional checks. It removes the wholesale-era assumption that a retailer somewhere is doing the legal reading on the brand's behalf.

The Label Truth Framework has four components.

The first component is the parcel-level audit. Every claim, every disclosure, every warning that attaches to the unit when it leaves the brand's warehouse gets logged. Not the bottle. The bottle plus the product page plus the post-purchase email plus the ad creative that drove the visit. The audit asks one question of every claim: which regulator has jurisdiction over this exact wording when it appears in front of this exact buyer in this exact channel? The answer has to be a person, not a department.

The second component is the channel-by-channel copy reconciliation. The on-pack copy might be cleared for retail. The product page copy gets re-cleared for DTC. The Meta ad creative gets cleared for paid media. The email subject line gets cleared for SMS-and-email overlap. Each piece of copy lives in a register with a clearance owner, an effective date, and a regulator-mapped citation.

The third component is the cross-border lens. The framework treats the destination postcode as a compliance variable. A parcel to Sydney is one regime. A parcel to Auckland is the NZ Medsafe regime. A parcel to San Diego is FDA labelling rules and California Prop 65 layered on top. The brand has to either restrict shipping to compliant geographies or build the per-jurisdiction warnings into the checkout flow before launch.

The fourth component is the priced-in reserve. Every category of compliance exposure gets a dollar value loaded into the COGS line for that SKU. Not a vague provision. A specific reserve, reviewed quarterly, that pays for re-clearance fees, reformulated label runs, takedown freight, and the inevitable lawyer call. I have seen brands try to run DTC compliance as a pure overhead line. It always blows up because the brand learns the cost only after the notice arrives.

I have rolled out The Label Truth Framework across nine FMCG brands since 2023. The average finding from the parcel-level audit is that 30 to 40 percent of the live product copy on the DTC site has at least one claim that would not pass a retailer's own pre-2026 vet, let alone a regulator's. Most of the brands had no idea. Some of the founders had personally written the copy.

Execution: Day 0 to Day 90

Day 0 to Day 30 is the audit. Pull every SKU you sell or plan to sell DTC into a single sheet. Add a column for every surface the SKU appears on: product page, paid ad, email flow, influencer brief, organic social, packaging insert, return slip. Score each surface against the regulator that owns it. For supplements, that is the TGA advertising plan and the Therapeutic Goods Advertising Code. For cosmetics shipping into the US, that is the FDA's cosmetics labeling guide and the MoCRA facility-registration mandate. For food, beverage, and household goods inside Australia, that is the Australian Consumer Law and the labelling code summarised in the Sprintlaw labelling compliance guide. Every gap goes into a triage list with a date and an owner.

Day 31 to Day 60 is the rebuild. Take the highest-risk gaps from the audit and rewrite. The order matters. Therapeutic claims first because they carry the highest regulatory exposure and the longest lead time on label re-prints. Country-of-origin claims second because they are the cheapest to fix and the most common to get wrong when the DTC pack is sourced from a different fill site than the retail pack. Environmental claims third because the ACCC has been the loudest regulator on this category and the bar for substantiation has risen sharply since the 2023 sweep.

Each rewrite ships through a four-step gate. A drafter writes the new copy. A subject-matter reviewer (a regulatory consultant or an in-house compliance lead) signs off. A second reviewer cross-references the citation. The change goes live with a register entry that names the regulator, the rule, the wording before, the wording after, and the date. The register is the audit trail you want to be holding when an ACCC officer asks how a claim was substantiated.

Day 61 to Day 90 is the cross-border layer. If you ship to the US, your two priority items are MoCRA registration for any cosmetic SKU and a Prop 65 warning audit for every SKU that contains an OEHHA-listed substance. The OEHHA business FAQ is the source of truth on the ten-employee threshold and the warning text required at point of sale. The practitioner walkthrough at Practical Ecommerce on the per-day penalty regime explains the warning placement on the product page itself, not just the parcel insert. If you ship to NZ, the equivalent priority is Medsafe classification for anything making a health claim and Fair Trading Act parity-checking for environmental claims. If you ship to the UK, the priority is the post-Brexit cosmetic SCPN registration and the UKCA mark for relevant categories.

Each cross-border lane gets its own row in the register. Each row carries the same five fields: regulator, rule, wording, owner, review date. The register is the deliverable. The register is what survives a founder leaving, a marketing manager rotating out, or an agency being replaced.

Two roles are non-negotiable across the 90-day build. The first is a single named compliance owner inside the brand. Not a committee. Not the founder by default. A person whose KPI is the integrity of the register. The second is an external regulatory consultant retained on a quarterly fixed fee to re-vet new claims and notify the brand when a regulator updates a position. The cost of a quarterly retainer is roughly the cost of a single mid-tier influencer post. The lawyers' bill the first time you skip the retainer is roughly the cost of the entire DTC year.

By Day 90, the brand should be able to print the register, walk it into a board meeting, and answer any compliance question by pointing at a row. If that is not true, the build is not finished. Extend by 30 days and re-staff before launching paid acquisition.

From Outsourced Risk to Defendable Register

The brand that finishes a Label Truth Framework rollout looks different on the inside in three measurable ways.

The first is that compliance exposure is priced into product margin. The brand can answer the question, for any SKU, of how much regulatory reserve sits in the COGS line and what that reserve has paid for in the last twelve months. The CFO stops being surprised by lawyer invoices. The contribution-margin model the brand uses to set price moves from optimistic to defensible.

The second is that the register exists. A real register, with real rows, real owners, real review dates. When an ACCC officer or a TGA delegate calls, the brand sends a single PDF. The conversation moves from defensive to procedural in one email. I have watched a TGA enquiry close in eight days with a brand running the register, against the four to six months it ran for a brand without one.

The third is that the brand stops outsourcing its own brand voice. The wholesale-era reflex was to write whatever copy the retailer's compliance team would clear and treat that as the ceiling. The new posture treats the retailer-cleared copy as the floor and rebuilds the DTC voice on top, with citations the brand owns. The voice gets sharper because the brand has to defend each word.

The new metric to run the function on is parcel-defendability. For every parcel the brand ships, can the brand point to the specific clearance, the specific register row, and the specific regulator citation that backs every claim attached to the SKU and the channels that drove the order? If the answer is yes, the brand has earned the right to scale DTC. If the answer is no, the brand is selling on borrowed time, and the borrowing rate is a regulator's calendar, not the brand's.

The retailer was never the regulator. The retailer was the buffer. Build the buffer back inside the brand before the next quarter starts, or accept that the launch quarter you are budgeting for has already been spent on a notice you have not received yet. The brands that win the next five years of DTC growth in this category will not be the brands with the best creative or the cheapest paid acquisition. They will be the brands that priced compliance into the unit before they took the first parcel order, and that wrote down their own register the same week they wrote their first product page.