Why Factory Certifications Matter (Beyond the Wall Decor)

Walk into any lash factory in Qingdao, and you will see walls lined with framed certificates. ISO this, GMP that, BSCI, SMETA โ€” each one looks official and impressive. But here is what most first-time buyers do not realize: a certificate on the wall tells you the factory was compliant on the day of the audit. It does not tell you whether the factory is compliant today, whether the certificate is still valid, or whether the certifying body is even recognized in your target market.

Worse, some factories display expired certificates or certificates issued by unaccredited bodies that perform superficial "desktop audits" without ever visiting the facility. A 2024 investigation by a European cosmetics trade publication found that approximately 18% of GMP certificates displayed by Chinese cosmetics exporters had either expired, been issued by unrecognized certifiers, or been digitally altered. The certificate itself is not the evidence โ€” the audit report behind it is.

This guide cuts through the alphabet soup. For each certification, you will learn: what it actually covers, what is not covered (the gaps are often more important than the coverage), how to verify authenticity, typical audit frequency, and which ones genuinely matter for the markets you sell into. If you are placing a $5,000, $20,000, or $100,000 order with a factory you have never visited, the 20 minutes you spend reading this will be among the highest-ROI minutes of your sourcing journey.

ISO 9001: Quality Management Systems

ISO 9001 is the most common factory certification you will encounter โ€” and also the most misunderstood. It does not certify that the factory's products are high quality. It certifies that the factory has a documented quality management system (QMS) and follows it consistently.

What ISO 9001 Actually Covers

What ISO 9001 Does NOT Cover

How to Verify an ISO 9001 Certificate

Every legitimate ISO certificate has a certificate number and the name of the certifying body (e.g., SGS, TUV Rheinland, Bureau Veritas, Intertek). Go to the certifying body's website, enter the certificate number in their public certificate verification portal, and confirm: (a) the certificate is valid and not expired, (b) the scope of certification includes the product category you are buying (eyelash manufacturing, not just "plastic products"), and (c) the factory name and address match exactly. If a factory refuses to share the certificate number or claims their certificate cannot be verified online, walk away. Legitimate ISO certificates are always publicly verifiable.

Also check the certifying body itself. Accreditation bodies like UKAS (UK), ANAB (USA), DAkkS (Germany), and CNAS (China) accredit the certifiers. A certificate issued by "ISO Certifications Ltd" with no IAF-recognized accreditation behind it is essentially worthless โ€” it was likely purchased online for a few hundred dollars with no real audit.

ISO 22716: GMP for Cosmetics

ISO 22716 is the Good Manufacturing Practices standard specifically for cosmetic products โ€” and for lash brands, this is arguably more important than ISO 9001. While ISO 9001 is about the quality management system in general, ISO 22716 is about the specific conditions under which cosmetic products are manufactured, with an emphasis on hygiene, contamination control, and traceability.

Why GMP Matters Specifically for Lash Manufacturing

False eyelashes are applied directly to the human eyelid, millimeters from the eye. Any contamination โ€” bacterial, fungal, particulate โ€” presents a genuine health risk. ISO 22716 addresses this through requirements for:

Key Verification Point: When reviewing an ISO 22716 certificate, check the scope statement carefully. It should explicitly mention "eyelash" or "false eyelash" manufacturing. A GMP certificate scoped for "cosmetics packaging" or "cosmetics distribution" does not cover manufacturing. Also verify that the certifying body is accredited by an IAF signatory โ€” the same verification principle applies as with ISO 9001.

BSCI & SMETA/SEDEX: Social Compliance & Ethical Audits

Social compliance certifications verify that the factory treats its workers fairly. For lash brands selling into the EU, UK, and increasingly the US, this is no longer optional โ€” it is a retailer requirement and, in some jurisdictions, a legal obligation under supply chain due diligence laws.

BSCI (Business Social Compliance Initiative)

BSCI is an amfori-operated social auditing scheme widely used by European importers. A BSCI audit evaluates a factory against 11 performance areas:

BSCI audit results are graded A through E. An A or B grade indicates substantial compliance. A C grade means minor non-conformities were found and must be corrected. D and E grades indicate major non-conformities โ€” the factory must implement a corrective action plan and undergo a follow-up audit. Most reputable European beauty retailers will only work with factories that hold a BSCI grade of C or above.

SMETA / SEDEX

SMETA (Sedex Members Ethical Trade Audit) is the audit methodology used by SEDEX, the world's largest platform for sharing ethical supply chain data. While BSCI is more common among European brands, SMETA is the dominant standard among UK and US retailers, including major beauty chains like Boots, Sephora, and Ulta.

SMETA covers the same four pillars as BSCI โ€” labor standards, health and safety, environment, and business ethics โ€” but differs in a few key ways: SMETA audit reports are uploaded to the SEDEX platform and can be shared with multiple customers (reducing duplicate audits), SMETA places greater emphasis on environmental assessment, and SMETA includes a specific module on business ethics (bribery, corruption, fair competition).

For a lash brand, the practical difference is: if your largest retail customer is European, they likely want to see a BSCI report. If they are British or American, they likely want to see a SMETA report on SEDEX. Many Qingdao lash factories hold both โ€” the audit criteria overlap approximately 80%, so completing one makes the other significantly easier.

FDA Registration: What It Does and Does Not Mean

FDA registration is one of the most misunderstood certifications in the lash industry. Many factory sales representatives will tell you their factory is "FDA approved" or "FDA certified." Neither of those things exists for cosmetics factories. The FDA does not approve, certify, or license cosmetics manufacturing facilities in the way it does for pharmaceutical facilities. What exists is FDA facility registration โ€” and it is far less meaningful than most buyers assume.

What FDA Registration Actually Is

Under the FDA's Voluntary Cosmetic Registration Program (VCRP) โ€” and, since 2024, under the Modernization of Cosmetics Regulation Act (MoCRA) โ€” cosmetic manufacturing facilities that export to the US must register with the FDA and renew that registration every two years. The registration consists of: (a) the factory's name, address, and contact information; (b) the brand names of cosmetic products manufactured at the facility; and (c) the name of a US agent who can receive communications from the FDA on the factory's behalf.

That is it. FDA registration does not involve a factory inspection. It does not mean the FDA has reviewed the factory's manufacturing practices. It does not mean the factory's products are safe. It is an administrative filing โ€” similar to registering a business with a state government. The FDA can inspect registered facilities, and it periodically does, but registration alone provides no assurance of quality or compliance.

What Actually Matters for the US Market

If you are importing lashes into the US, here is what actually matters beyond FDA registration: (a) the factory must comply with FDA Good Manufacturing Practice regulations (21 CFR Part 211, applied to cosmetics under MoCRA), which are substantively aligned with ISO 22716; (b) your products must not be adulterated (contaminated) or misbranded (false or misleading labeling); (c) you, as the importer, are responsible for ensuring the products are safe and compliant โ€” the factory's FDA registration does not insulate you from liability; and (d) starting in 2025, MoCRA requires cosmetic product listings with the FDA, including ingredient lists and responsible person contact information. Do not be impressed by "FDA registered" alone โ€” ask for the factory's ISO 22716 certificate and recent third-party microbiological test reports instead.

CE Marking for EU Market Access

CE marking is required for false eyelashes sold in the European Union, and it is tied directly to the EU Cosmetics Regulation (EC) No 1223/2009 โ€” the most comprehensive cosmetics safety regulation in the world.

What CE Marking Requires for Lashes

Unlike FDA registration, CE marking does require substantive compliance documentation. For eyelashes, the key requirements under EU 1223/2009 include:

Critical Distinction: A factory claiming "CE certified" or "CE marked" lashes is making a serious claim. CE marking is a declaration by the manufacturer (or importer) that the product meets all applicable EU requirements. For cosmetics, there is no third-party "CE certification body" that issues a CE certificate โ€” it is a self-declaration backed by the PIF and CPSR. If a factory shows you a "CE certificate" issued by some company, that is a consultant-issued document of limited legal weight. What you need to see is the Cosmetic Product Safety Report (CPSR) signed by a qualified EU safety assessor, and confirmation that the product has been CPNP-notified. Without those two documents, the CE mark on your lash box is legally meaningless.

Certification Comparison: At-a-Glance Reference

CertificationWhat It CoversTypical Cost to FactoryAudit FrequencyMost Relevant Markets
ISO 9001Quality management system โ€” documented processes, management review, continuous improvement$3,000โ€“6,000 initial + $1,500โ€“2,500/year surveillanceAnnual surveillance; recertification every 3 yearsAll markets โ€” baseline expectation for any professional factory
ISO 22716GMP for cosmetics โ€” hygiene, contamination control, batch traceability, raw material control$5,000โ€“8,000 initial + $2,000โ€“3,500/year surveillanceAnnual surveillance; recertification every 3 yearsEU (mandatory under 1223/2009), GCC, Australia โ€” cosmetics-specific requirement
BSCISocial compliance โ€” wages, hours, health & safety, child labor, forced labor, discrimination$2,500โ€“5,000 per audit (factory-paid)Every 2 years (full audit); grade-dependent follow-upEU retailers (required by many), growing US adoption โ€” social/ethical compliance
SMETA/SEDEXEthical trade โ€” labor, H&S, environment, business ethics; shared on SEDEX platform$2,500โ€“5,000 per audit (factory-paid)Varies by customer requirement; typically every 1โ€“2 yearsUK, US retailers โ€” Sephora, Boots, Ulta, Walmart supplier requirements
FDA RegistrationAdministrative registration with US FDA โ€” no inspection, no product approval$0 (factory self-registration) or $500โ€“1,000 (agent-assisted)Renewal every 2 years (biennial)USA โ€” legal requirement for US import, but minimal assurance of quality
CE Marking (EU 1223/2009)EU cosmetics compliance โ€” PIF, CPSR, CPNP notification, labeling, Responsible Person$3,000โ€“8,000 per product (CPSR + RP + CPNP) + annual RP fee $1,000โ€“2,500Ongoing โ€” PIF must be kept current; CPSR updated if formula changesEU/EEA โ€” mandatory for all cosmetics sold in EU
SASO HalalHalal compliance under Saudi standards โ€” raw materials, production, cross-contamination$2,500โ€“5,000 initial + $800โ€“1,500 annual auditAnnual surveillance; recertification every 3 yearsSaudi Arabia, GCC โ€” increasingly required by Saudi retailers

How to Verify Certifications: A Practical Checklist

When a factory sends you their "certification package," here is exactly what to do โ€” in order โ€” before you place an order:

  1. Request the actual certificate (not a summary or sales brochure). The certificate must show: the full factory name and address (must match the business license), the certifying body's name and logo, the certificate number, the date of issue and expiry, the scope of certification (what is covered), and the accreditation mark of the IAF-recognized body that accredited the certifier. If any of these elements is missing, push back.
  2. Verify the certificate online. Go to the certifying body's website (not a link the factory sends you โ€” search for it independently) and use their certificate verification tool. Enter the certificate number. Confirm validity, scope, and factory name match. Print or screenshot the verification result for your records.
  3. Request the most recent audit report. Certificates are binary (pass/fail). Audit reports contain the detail โ€” non-conformities found, severity of each non-conformity, corrective actions required, and whether those actions were verified as completed. A factory with a valid certificate but major non-conformities that were "fixed" with a promise rather than verified implementation is higher risk than one with minor non-conformities that were fully resolved with evidence. Many factories will push back on sharing full audit reports. Insist. A factory that has nothing to hide will share it.
  4. Check for red flags. Expired certificate (even by one day โ€” a factory that lets its certifications lapse is a factory with weak management). Certificate issued to a different company name or address than the one you are contracting with. Certificate issued by an unaccredited certifier (search the certifier's name + "accreditation" โ€” if no IAF signatory relationship exists, the certifier is likely a "certificate mill"). Certificate scoped for a different product category or industry. Audit report showing repeated non-conformities that recur year after year without resolution (indicates systemic neglect, not just a one-off finding).
  5. Cross-reference multiple certifications. If a factory claims to have ISO 22716 GMP but cannot produce microbiological test reports for finished products โ€” that is inconsistent. If they claim BSCI compliance but you notice worker overtime records showing 360+ hours per month during your own factory visit โ€” that is inconsistent. Certifications should be internally coherent. Inconsistencies are red flags.

Which Certifications Do You Actually Need?

The answer depends on where you sell, who your retail partners are, and how you position your brand. Here is a practical decision framework:

Your SituationMinimum RequiredRecommendedOptional (Nice to Have)
Selling on your own DTC website, US onlyFDA RegistrationISO 9001, ISO 22716BSCI or SMETA (adds credibility)
Selling into EU countriesCE Marking (PIF + CPSR + CPNP + RP), ISO 22716ISO 9001, BSCI or SMETAHalal (if targeting Muslim consumers)
Selling to EU retailers (Douglas, DM, etc.)CE Marking, ISO 22716, BSCI (grade C or above)SMETA/SEDEX, ISO 9001, ISO 14001Halal certification
Selling into GCC (Saudi Arabia, UAE)SASO Halal or ESMA Halal, ISO 22716ISO 9001, CE Marking (EU standards are respected)BSCI or SMETA
Selling to US mass retail (Target, CVS, Ulta)FDA Registration, ISO 22716, SMETA/SEDEXISO 9001, BSCIISO 14001 (environmental)
Private-label startup, testing the marketISO 9001 (factory-level), product safety test reportsISO 22716Social compliance certs โ€” add as you scale

No single certification covers everything. The most credible factories typically hold 3-5 certifications โ€” ISO 9001 for quality systems, ISO 22716 for cosmetics GMP, and at least one social compliance certification (BSCI or SMETA). If a factory claims to have "all certifications" but cannot produce verifiable certificates and audit reports, they have nothing. The paper is not the proof. The audit report, the verifiable certificate number, and the independent online verification are the proof.

Work with a Certified, Audited Lash Factory

At Aurevia Lashes, we operate a fully certified manufacturing facility in Qingdao, China. Our certifications are verifiable, current, and backed by complete audit reports we are prepared to share with qualified buyers. We hold ISO 9001 for quality management, ISO 22716 for cosmetics GMP, and BSCI for social compliance. Our factory is FDA registered, and we support clients pursuing SASO Halal, ESMA Halal, and CE marking compliance โ€” with complete documentation packages including raw material specifications, CPSR-ready safety data, and CPNP-notification support through our EU Responsible Person network.

Request a quotation and ask for our certification verification package โ€” we will provide certificate numbers you can independently verify within one business day. You can also take a virtual tour of our factory or request product samples to evaluate quality before committing.