I have been in meetings where systems that were meant to be compliant where not.
The point was raised, the delivery refused, and questions were asked. Apparently someone (not UK based) who didn't know what it was decided to de-scope it from the project rather than investigate and check. And yes, this was pretty recent (this year).
Biting the hand that feeds IT
