There aren’t many issues left that we can see in terms of black and white. Everything has nuance—there are shades and complexities, levels of acceptance, and so on.
Here’s an exception. If you handle credit card data, your product or service is either PCI-compliant, or it’s not. Period.
I know this isn’t a fun topic. You want to focus on launching a commerce API but instead you spend time on figuring out how to comply with a long list of confusing rules. It’s a hassle and an obstacle. But it’s also vital.