Restoring Trust at Scale: A Compliance Redesign for 10,000+ Developer Organizations (2025)

Restoring Trust at Scale: A Compliance Redesign for 10,000+ Developer Organizations (2025)

Client
Confidential (Developer Tools Domain)
Timeline
6 Month Iterative Process
Role
UX Designer · State Modeling · System Architecture · Research · User Testing · UX Writing · Accessibility · Engineering + PM Partnership
Tools
Figma

I designed a mission-critical compliance system relied on by more than 10,000 organizations. The new experience boosted certification by 70% in three months, reduced triage effort by nearly 50%, and introduced a unified trust language that now guides decision-making across the platform.

📖 Overview

Marketplace compliance had become unpredictable. Signals contradicted each other, rules lived in disconnected tools, and certification existed only at the publisher level. This left blind spots at the extension level, the surface developers rely on.

I rebuilt the compliance ecosystem end-to-end: state modeling, trust indicators, verification logic, routing, prioritization, UX writing, accessibility, and onboarding patterns.

Goal Create a unified, predictable, trustworthy system
Outcome Within 90 days, 70 % of extensions across 10 000 + orgs became certified

🧩 The Problem

Compliance had grown brittle and inconsistent, creating systemic failures across the workflow.

“With hundreds of extensions, everything looks risky. I can’t tell what to fix first.”
— Marketplace Admin
Core insight Users didn’t need more governance. They needed clarity, predictability, and a shared mental model.

🧑‍🤝‍🧑 Team & Collaboration

I partnered across PM, engineering, accessibility, legal, and compliance to ship a scalable, standards-aligned system.

🔍 Research & Insights

I interviewed Marketplace Admins, Engineers, PMs, and Compliance Reviewers to identify why decisions felt inconsistent and difficult to trust. Four systemic insights shaped the redesign.

Design Principle Trust at scale comes from simplicity, not added rules.
Legacy dense extension list
Before

Flat, dense list: every extension looked equally risky.

Prioritized extension list
After

Prioritized, trust-first design: high-risk items rise to the top.

Design Process & Decisions

1. Three-Stage Compliance Model

We replaced legacy terms with plain, cognitive-friendly language. The model is simple, predictable, and fast to recognize.

Compliant

Meets all requirements.

Action Required

Next steps are shown inline.

Non Compliant

High risk. May be disabled until resolved.

Disabled

Temporarily turned off as a safety fallback.

Design Process & Decisions

2. Publisher & Extension Trust Signals

We designed a layered trust language that separates publisher identity from extension safety, while still reading as one cohesive system across the Marketplace.

Publisher Trust

Indicates whether a publisher meets verified identity and domain requirements.

Publisher identity uses a verification badge (✔︎), while extension trust uses shield-based compliance states. These signals work together but represent different layers of trust.

Extension Trust

Shows whether an extension has passed signing, permission, and update-safety checks.

Marketplace Example
Marketplace cards showing CORP-certified publishers with a verification badge and trust shield.
A real surface where both layers of trust appear together: publisher verification (✔︎) and extension compliance shields.

Key decisions

  • Replaced color-only indicators with evergreen icons and labels.
  • Optimized icon readability at small sizes for dense surfaces.
  • Applied consistent visuals across all Marketplace contexts.
  • Separated publisher and extension safety signals.
“The shield makes it obvious. I know exactly what is safe.” Admin Tester

Design Process & Decisions

3. Temperature-Based Prioritization

High-risk items rise to the top using a simple temperature range: Compliant (grey), Disabled (grey), Action Required (gold), and Non Compliant (red).

Design Process & Decisions

4. Automated Verification & Routing

The system identifies publisher type automatically and routes users into the correct path. This ensures consistent naming, accurate domain verification, and predictable outcomes. Publisher identity is surfaced via a verification badge (✔︎), while extension safety is communicated through shield-based compliance states.

1P Publishers
  • Naming rules: Strict internal-affiliation conventions
  • Domain verification: Corporate domain required
  • Identity signal: Verified publisher badge (✔︎) once CORP identity is confirmed
  • Certification path: Accelerated
3P Publishers
  • Naming rules: Avoid internal-style prefixes
  • Domain verification: Optional but guided
  • Identity signal: No verification badge; trust is instead communicated at the extension level through compliance shields
  • Certification path: Transparent with opt-out
Automated routing flowchart

Design Process & Decisions

5. Shift-Left Quality

Compliance checks used to fire late in the publishing flow, creating rework and slow approvals. The new system shifts checks earlier in the lifecycle, catching issues during authoring and pre-submission, so uploads are predictable and faster to approve.

Before: Late-stage checks
Authoring
No guidance; policies hidden in docs.
Upload & Review
Issues = rework loops
Violations caught after upload, blocking approvals.
Rework
Back-and-forth with reviewers; unclear blockers.
Approval
Slow, unpredictable path to compliant state.
After: Shift-left quality
Authoring
Inline hints
Real-time guidance while editing manifests and metadata.
Pre-submission checks
Critical checks
Blockers vs warnings separated with clear, actionable errors.
Upload
Clean, policy-aligned packages hit the pipeline.
Approval
Faster, predictable approvals with fewer review cycles.

Shifting checks left cut late-stage rework, reduced back-and-forth, and made approvals more predictable for both publishers and reviewers.

🧪 User Testing Strategy

Two targeted flows simulated high-friction compliance moments and measured comprehension, confidence, and decision-making at critical points. Sessions used scenario tasks, live observation, think-aloud, and post-task reflection to expose friction and mental-model gaps.

Flow 1: Initial Setup

Creating a publisher → uploading an extension → assigning roles.

Scenario Tasks Live Observation Post-Task Reflection

Flow 2: Reclassification

Resolving issues or opting out of certification, with downstream impact checks.

Think-Aloud Critical Incidents Confidence Ratings
1
Observation
Level confusion

Publisher vs extension certification blurred.

Outcome
Clear levels

Copy separates publisher vs extension certification.

2
Observation
State uncertainty

“Action Required” and “Non-Compliant” lacked clear outcomes.

Outcome
Outcome ladders

States now show consequences and next steps.

3
Observation
Icon ambiguity

Shield meaning unclear without labels.

Outcome
Labeled trust

Shield is paired with evergreen labels and helper text.

4
Observation
Routing surprise

1P vs 3P paths felt unexpected.

Outcome
Transparent routing

Inline explanations for 1P and 3P paths.

5
Observation
Triage overload

100+ flagged extensions with no prioritization.

Outcome
Prioritized triage

Temperature-based ordering surfaces high-risk first.

Sharper language, clearer outcomes, visible routing, and risk-first ordering reduced cognitive load and improved accuracy.

🔄 Iteration & Validation

Early versions used the same shield language for both publishers and extensions, blurring the distinction between certified publishers and certified extensions. High-urgency extensions were also getting lost inside publishers with hundreds of listings. Through multiple rounds of testing, we separated the signal types and restructured the UI so triage aligns with how admins actually scan for risk.

Before: Publisher and extension signals were mixed, using the same shield, and urgent extensions disappeared inside dense tables.
Before design with shared shields and dense tables
After: Verified publisher badge (✔︎) for identity, shield-only states for extensions, labeled state cards, and role-guided resolution paths that surface the highest-urgency items.
After design with distinct badges and guided paths
Admin
“I can finally tell what needs action. It used to take 20+ minutes just to scan.”
PM
“Separating publisher badges from extension shields made the model click instantly and cut our documentation overhead.”

📊 Outcomes

Before

Confusing signals
No prioritization
Unclear publisher types
Fragmented tooling

After

Unified three-stage model
40–50% faster prioritization
Automatic 1P/3P routing
Cohesive shields + labels
70% certification adoption in 90 days

🧠 What I Learned

Principle

Governance ≠ bureaucracy

Clarity beats control.

Pattern

Three is a magic number

Fewer states → faster cognition → fewer errors.

System UX

System UX = language

Consistency in words drives consistency in action.

Collaboration

Partnership wins

Embedding with engineering ensured scalability, not just polish.

Accessibility

Accessibility is trust

Evergreen icons outperformed color-only cues for every user.

🏁 Reflection

This project changed the way I approach complex systems. I realized that clarity, not control, is what allows trust to grow. By crafting a shared mental model instead of another interface, we helped thousands of organizations regain confidence and create a durable foundation for governance.

Let's make something cool together. 🚀

Share a few details, and I’ll be in touch.
Thanks for dropping a line! I'll be in touch shortly.
Oops! Something went wrong while submitting the form.
Back to Top ↑

© 2025 Kendra De'Anne