A systematic review of compliance with indoor tanning legislation

Background Many jurisdictions have enacted indoor tanning legislation in response to the health risks of artificial ultraviolet (UV) radiation exposure. Key components of these legislations include banning minors’ access, requiring parental consent or accompaniment, providing protective eyewear, posting health warning signs, and communicating important health risk information. However, legislation must be complied with to be impactful. Evidence around compliance with indoor tanning legislations has not been synthesized and is an important step toward determining changes in practice due to legislation. Methods A systematic review was conducted to obtain peer-reviewed literature about compliance with indoor tanning legislation worldwide. Six databases were searched, resulting in 12,398 citations. Sixteen studies met the inclusion criteria (peer-reviewed scientific studies, published in English, focused primarily on compliance with indoor tanning legislations, and focused on commercial indoor tanning in indoor tanning facilities). Results Compliance with most aspects of indoor tanning legislation varied widely. There was good compliance for provision of protective eyewear (84 to 100%; mean = 92%; SD = 8). Compliance with age restrictions ranged from 0 to 100% (mean = 65%; SD = 25), while compliance with posting warning labels in the required locations within a tanning facility ranged from 8 to 72% (mean = 44%; SD = 27). Variation in compliance may be due to true differences, study methodology, or temporal trends. Conclusions Variability in compliance with indoor tanning legislation, as found in this systematic review, indicates the legislations may not be having their intended protective effects on the public’s health. The reasons for such low and varied compliance with certain aspects of legislation, and high compliance with other aspects of legislation, deserve further attention in future research to inform best practices around ensuring high and consistent compliance with indoor tanning legislations worldwide. Electronic supplementary material The online version of this article (10.1186/s12889-018-5994-4) contains supplementary material, which is available to authorized users.


Background
The incidence of skin cancer is increasing [1]. One in every three cancers diagnosed worldwide is a form of skin cancer [2]. Approximately 2 to 3 million cases of non-melanoma skin cancers (NMSC) and 132,000 cases of melanoma skin cancer occur globally each year [3]. Ultraviolet (UV) radiation is the main risk factor for skin cancer [4]. Artificial UV radiation exposure from indoor tanning (IT) is responsible for an increasing number of skin cancers [5] and, unlike solar UV exposure, is an entirely avoidable type of UV exposure.
IT is common in North American and most European countries, especially among female young adults and adolescents [5]. This trend is a concerning public health issue as approximately 450,000 cases of non-melanoma skin cancers per year and 10,000 cases of melanoma skin cancers per year in Europe, Australia, and the US combined are attributable to IT [6]. Exposure to IT is associated with a 29% and 67% increased risk of basal cell carcinoma and squamous cell carcinoma, respectively [7]. Importantly, the risk of lifetime melanoma skin cancer increases by 59% with use of IT devices before the age of 35 [8]. This risk is greatest for those 20-29 years of age [9]. Excessive artificial UV radiation can also lead to premature ageing of the skin (wrinkling, age spots, loss of collagen), eye disease (cataracts, ocular melanoma), and immune suppression [10,11]. Given these dangers, the World Health Organization's International Agency for Research on Cancer (IARC) classifies UV radiation from IT beds as a Group 1 carcinogen, in the same category as smoking tobacco and asbestos [12].
Numerous countries have implemented IT legislation, focusing especially on banning minors' access to protect the health of the public. France was the first country to ban youth under the age of 18 from IT in 1997, with Brazil enacting similar legislation in 2002 [13]. Since then, several countries have followed, and some have passed even more stringent access legislations. For example, in 2011 Brazil banned IT for all age groups, and in 2015 Australia banned commercial tanning salons [13,14]. At the time of writing, Canada, the United States (US), Australia, European countries, including France and Germany, and South American countries, including Chile, have enforceable IT legislation. These legislations include banning minor access, requiring parental consent or accompaniment, requiring protective eyewear, posting of warning signs, and communicating important health risk information. In the US specifically, 44 states and the District of Columbia have enforceable IT legislation, including restricting access to and use of IT facilities by minors [15]. Additionally, the Food and Drug Administration (FDA) and Federal Trade Commission (FTC) regulate IT at the Federal level, through labelling and manufacturing of IT devices, and prohibiting false or misleading health claims about IT device use [16].
Legislation has the power to influence social norms, beliefs, and health risk behaviours [17][18][19]. It is one of the most powerful policy tools available to governments, and is the most widely used [20]. An effective enforcement program is required to ensure any regulation meets its intended impact [21]. While studies have been published on compliance with IT legislation, the results have not been synthesized. To address this research gap, we conducted a systematic review to evaluate the compliance with IT legislations around the world.

Search strategy
Following PRISMA guidelines (Additional file 1) [22], a systematic review of business, medical, policy, and psychology databases was conducted in November 2016 to obtain peer-reviewed literature about compliance with IT legislations worldwide. Databases were chosen based on their coverage of relevant subject matter. Search terms were generated using the topic of the review, keywords from known relevant studies, MeSH terms, and database thesauri. Search terms were grouped by themes and combined using appropriate Boolean operators. The search terms for IT included: indoor tanning, artificial tanning, suntan, tanning bed, sunbed, sunbathing, sunlamp, tanning facilities, solarium, tanning device. The policy-related search terms were: policy, policies, legislat*, regulat*, act, bill, law, ban, restrict, enforce, control, compliance, government legislations, license, licensure, national health policy, youth access, adolescent access, minor, evaluation. The skin cancer-related search terms were: melanoma, skin cancer, skin neoplasm, basal cell carcinoma, squamous cell carcinoma, malignant melanoma, and cutaneous melanoma. IT search terms or skin cancer search terms were combined with policy search terms to retrieve all articles relating to IT and policy or skin cancer and policy. The databases searched, and the number of results returned from each, were: PubMed (n = 6447), Medline (n = 5241), JSTOR (n = 133), ABI/INFORM (n = 149), Business Source Complete (n = 197), PsycINFO (n = 230). In total, 12,398 studies were found: 5492 were duplicates, resulting in 6906 unique studies to be screened. Reference lists from relevant studies were also searched for additional studies to include; however, this process did not identify any new studies that the database search had not already identified.

Selection criteria
To be included in this systematic review, studies had to be peer-reviewed scientific studies, published in English, focused primarily on IT legislation (compliance with of legislations, not voluntary guidelines), and focused on commercial IT in IT facilities. There were no restrictions regarding year or country. Compliance was defined broadly by the authors as the criteria provided by the included studies, in relation to fulfilling the requirements of the legislation of interest for each included study (whether Federal/National, or State level). The exclusion criteria were systematic reviews or commentary style studies, grey literature, studies about spray/lotion/solar tanning, and studies about the impact of IT legislation on youth IT. Impact of IT legislation was defined as studies describing the change in prevalence and frequency of IT attributable to the implementation of IT legislation restricting youth access. After applying inclusion and exclusion criteria, 6836 studies were excluded based on title and abstract screening. Another 58 studies were excluded after full text screening. Overall, 12 studies met all inclusion criteria and were thus included in the review. The authors returned to the literature in June 2018 to check for additional studies to be included. Web of science was used to search for studies citing those already included in the review. This uncovered four additional studies, for a total of 16 studies included in this review. Figure 1 outlines the process of exclusion of studies based on exclusion criteria.
Two additional files present the critical appraisal as supplementary information. Additional file 2 provides supplementary information for the critical appraisal tool used. Each study, critical appraisal question, and the resulting score can be found in Additional file 3.

Data extraction
The first author conducted data extraction. The information extracted from each study included the following: author names, title, date of publication, country, population or site of interest, study design, sample size, outcome(s) of interest, and key findings relevant to compliance and enforcement of IT legislation. These results were grouped by aspect of the legislation they dealt with. A summary of this information appears in Table 1. Additionally, means and standard deviations were calculated where possible.

Study characteristics
An overview of the general study characteristics and key study outcomes can be found in Table 1. Most studies were conducted in the US (n = 12), with the others conducted in Germany (n = 1), France (n = 1), Australia (n = 1), and Chile (n = 1). Of those conducted in the US, they most commonly examined legislation in one state (n = 6), two states (n = 1), and four states (n = 2), while one study evaluated legislation compliance in 14 states, one evaluated 42 states and the District of Columbia, and one evaluated all 50 states. Specific legislative requirements examined in the included studies can be found in Table 2.
All the studies used observational, cross-sectional designs (n = 16). The studies focused on IT facilities, their operators, IT users, and other aspects of the IT business. The most common location or population of interest was IT facility operators (n = 12), with the remaining studies focused on IT facilities (n = 1), IT users (n = 1), individual IT beds (n = 1), and IT facility websites (n = 1). Sample sizes varied widely by study: IT facility operators (n = 24 to n = 3647); IT users (n = 357) IT facilities (n = 32); IT beds (n = 224 devices from n = 85 facilities); and IT facility websites (n = 71).
A variety of methods for investigating compliance were used in the studies, alone and in various combinations, but most commonly included telephone or in-person "secret shopper" strategies. These strategies included research assistants posing as potential clients in the following combinations: underage telephone secret shoppers (n = 7), underage telephone secret shoppers plus underage in-person secret shoppers (n = 2), underage in-person secret shoppers with facility observation (n = 2), underage in-person secret shoppers with follow-up telephone interview (n = 1), in-person facility observation by researchers (n = 1), online website observation (n = 1), and facility inspection (n = 1). Additionally, one study interviewed IT users on the telephone.

Study outcomes
The outcomes of the 16 studies are grouped into the following compliance categories: age restriction (n = 9), parental consent or accompaniment (n = 8), protective eyewear (n = 5), warning labels (n = 6), health risk information (n = 8), health benefit information (n = 4), and risk restrictions (n = 2). We summarize the findings for each of these outcomes below. Table 3 highlights the means and ranges of percent compliance for each outcome.

Age restriction
Nine studies investigated compliance with age restrictions by noting if IT facilities state age restrictions verbally and adhere to them. Age compliance was evaluated using underage telephone secret shopper requests to buy IT services [23][24][25][26][27][28], underage in-person secret shopper requests [29], or both [30,31].
In two studies, minimum age requirements in IT facilities were evaluated. In Chile, 62% of IT facility operators reported having a minimum age requirement (telephone inquiry) [29]. In Minnesota and Massachusetts, 19% of IT facilities self-reported serving minors, regardless of stated age restrictions (in-person inquiry) [30]. For both studies, perfect compliance would be 100% of the facilities having and following the minimum age requirement.
Eight studies investigated compliance with specific age restrictions (i.e., 13, 14, 15, 16, 17, 18 years of age), six via telephone, and two via in-person inquiries. In three US states (Illinois, Texas, and Wisconsin) with an under 13 age restriction, compliance ranged from 23 to 89% (telephone inquiry) [25]. In this case, operators reported that they would not permit someone under 13 to tan. In five US states with an under 14 age restriction (Georgia, Indiana, Maine, North Dakota, and West Virginia), compliance     ranged from 10 to 70% (telephone inquiry) [28]. In one US state with an under 15 age restriction (Alabama), no IT facilities complied [28]. Compliance with an under 16 age restriction was 70% [26], 77% [25] and 80% [28] in one US state (Wisconsin) (telephone inquiry). Additionally, in another US state with an under 16 age restriction (Pennsylvania), compliance was 70% [28]. Legislation restricting access to either those under 17 or 18 years of age was complied with by 80% of IT facilities across 14 US states, when the operator was asked if the underage caller could use the IT facilities (telephone inquiry) [23]. More specifically, legislation with an under 17 age restriction in three US states (Connecticut, New Jersey, and New York) ranged from 50 to 70%, and legislation with an under 18 age restriction in 14 states (California, Delaware, DC, Hawaii, Illinois, Louisiana, Minnesota, Nevada, New Hampshire, North Carolina, Oregon, Texas, Vermont, Washington) ranged from 50 to 100% [28]. Additionally, legislation prohibiting those under 18 years of age was complied with by 77% [24] of IT operators in California (telephone inquiry), 81% of IT facilities in Texas (telephone inquiry) [27], 31% [30] of IT facilities in Minnesota and Massachusetts (in-person inquiry), and 20% [31] of IT facilities in Australia (in-person inquiry). Two studies investigated compliance with age inquiries and requests for age identification. An Australian study using telephone inquiry found 23% of IT operators inquired about the customer's age and 10% informed them age identification was required [31]. In person, 77% of Australian IT operators inquired about the customer's age, and 17% asked for age identification [31]. Overall, 80% of operators allowed an underage shopper to tan if age was concealed, and 3% of underage shoppers were allowed to tan who openly disclosed their age [31]. A study in Minnesota and Massachusetts [30] using in-person inquiry found that 60% of operators assessed age eligibility, 57% inquired about age, but did not assess age identification, and 3% assessed age identification. Age inquiries and requests for age identification proved important for whether a minor was able to make a successful purchase in this study: when operators did not inquire about age and identification was not assessed, a purchase attempt was successful 98% of the time; when operators inquired about age but identification was not assessed, a purchase attempt was successful 50% of the time; and when identification was assessed, a purchase attempt was successful 35% of the time [30].
Temporal lapse, the time between when legislation was enacted and when compliance was evaluated, was considered in the context of age restriction compliance. When the time lapse between passing legislation and measuring compliance was one to two years, compliance was lower (n = 3; 20% to 77%; mean = 46%, SD = 28) than when the time lapse was 11 to 14 years (n = 4; 70% to 89%; mean = 77%, SD = 7). However, the mean for compliance of age restrictions at one to two years post-legislation may be biased by one study that investigated compliance as a recent update to a law that had already been in place for 25 years [32]. Upon update of the literature and the inclusion of a new study which is the largest to date (44 states), and most recent study published at the time of writing, this temporal relationship did not remain [28].

Parental consent or accompaniment
Eight studies investigated compliance with parental consent or accompaniment requirements [25,26,[28][29][30][33][34][35].  Each sunlamp product must have a warning label b The warning label must be "permanently affixed or inscribed on an exterior surface of the product when fully assembled for use so as to be legible and readily accessible to view by the person being exposed immediately before the use of the product." Choy (2017)   Seven of these were conducted in the US and evaluated state-level legislation; one was conducted in Chile and evaluated national legislation. Compliance with parental consent aspects of legislations ranged from 13 to 93%. This varied by assessment method: higher compliance was reported via telephone, (30 to 93%) [25,26,28,30,35]; lower compliance was reported with in-person visits (13 to 64%) [29,30,[33][34][35]. When the time lapse between passing legislation and checking compliance was one to two years compliance was lower (6% to 50%; n = 3; mean = 23%, SD = 23) than when the time between was 11-14 years (32 to 87%; n = 3; mean = 64%, SD = 14).
Compliance with parental accompaniment was investigated in three US studies via telephone. In Texas 6% of operators complied with parental accompaniment legislation [25]. In a study of Indiana and Texas, conducted four years later, 43% of facilities complied [26]. In a study conducted more recently, 30 to 70% of operators complied with under 14 parental accompaniment legislation (Kentucky, Massachusetts, Mississippi, and Tennessee), 30% of operators complied with an under 15 parental accompaniment legislation (Wyoming), 50 and 70% of operators complied with under 16 parental accompaniment legislations (Indiana and Nebraska), and 90% of operators complied with an under 18 parental accompaniment legislation (Utah) [28].

Eye protection
Four studies investigated compliance with the availability and/or provision of protective eyewear through in-person inquiries at IT facilities. One additional study asked IT users about their experiences with eye protection [36]. Two of these studies were conducted in the US [33,34], one in Australia [31], one in Chile [29], and one in Germany [36]. Most (84 to 100%) IT facilities provided protective eyewear as required by the legislation [31,33,34]. When IT users themselves were asked, 87% reported they had been provided with protective eyewear, while 85% reported they were advised to use protective eyewear [36]. This legislation requires the provision and recommended use of protective eyewear [36]. Additionally, individual states have their own protective eyewear compliance rules (see Table 2 for details). Three studies evaluated whether facilities were compliant with requiring clients to use the provided protective eyewear. Of the IT facilities providing protective eyewear in California, 89% required the use of that protective eyewear [33]. In contrast, even though legislation in Chile stipulates both provision and mandatory use of protective eyewear, 25% of IT facilities in Chile made the use of protective eyewear mandatory [29]. Additionally, when IT users were asked, 68% had actually used protective eyewear during their last IT [36].

Warning labels
Compliance with displaying required warning labels varied widely among the six studies using in-person inquiries [29,31,33,34,37,38]. Compliance with sign location varied from 8 to 97%. In Chile, 8% of IT facilities had an obligatory sign in the reception area, 20% had a warning sign posted in the IT area, and 63% had a sign in the IT booth [29]. Legislation in Chile stipulates that   signs must be visible in the IT facility reception and in IT service areas [29]. In the US, the FDA requires a clearly visible warning sign on each IT bed [39]. Three US studies observed warning labels on 65% [37], 78% [34], and 85% [33] of IT beds; but, even when warning labels were observed, there were problems with their visibility. Twenty-five percent of IT beds had warning labels that were "clearly visible" and 1% of IT beds had warning labels that were "completely visible" [37]. Additionally, 78% of warning signs were easily viewed by customers and 72% of warning signs were posted within 1 m of IT stations [34]. In Australia, 97% of IT facilities displayed mandatory warning signs indicating skin cancer risk [31]. One study investigated warning statements on IT facility websites; 35% of French websites complied with the legislative requirement to include France's black box legal warning [38].Two studies in the US assessed compliance of the text content of warning labels. FDA warning label content requirements can be found in Table 2. A study in North Carolina found 90% of warning signs had text that was compliant with federal legislation [34]. A study in California found that of IT facilities, 15% had warning signs that were correct (as well as accessible and legible), 74% had danger labels that were correct (as well as accessible and legible), and 74% had exposure labels that were correct (as well as accessible and legible) [33].

Health risk information
Seven studies reported compliance with the provision of health risk information by IT facility operators, using in-person methods [29,33,34], telephone methods [23,24,40], or both [31]. One additional study reported compliance with health risk information through telephone interviews with IT users [36]. In addition to the required posting of warning labels containing health risk information, health risk information is also legally required in oral or written formats depending on the jurisdiction. Three studies evaluated compliance with written health risk information: in one, 19% of IT facilities had a consumer statement about risks available for customers to sign, as required by state legislation [34]; and in another, 0% provided written information about IT beds, which the IT facilities are required to provide to customers [29]. In the third study, 33% of IT users were ever offered written health risk information [36]. With respect to compliance with oral information, 61% of operators denied any dangers from IT booths when asked [24], which is in conflict with the legislation from California stating IT facilities "shall not claim, or distribute promotional materials that claim, that using an ultraviolet tanning device is safe or free from risk or that indoor tanning has any known health benefits" [32]. A more recent study, across multiple US states, found 90% of operators did not deny the dangers of IT [23]. Additionally, 43% of IT users were ever advised of negative health risks of IT by operators [36].
Compliance with the provision of specific types of risk information (i.e., skin cancer, sunburn, premature ageing) was assessed in five studies. In US states, when asked explicitly about skin cancer, an average of 49% of IT facility operators reported that skin cancer was a potential health risk of IT [33,40]. In US states, when asked general, non-specific questions about health risks, an average of 18% of IT facility operators reported that skin cancer was a potential health risk [23,24]. One Australian study evaluated whether operators reported skin cancer as a risk both on the telephone and in-person: 10% of operators mentioned skin cancer as a risk over the telephone, while 97% mentioned skin cancer in-person [31]. In US states, when asked explicitly about sunburns, an average of 89% of IT facility operators reported that a sunburn was a potential health risk of IT [33,40]. In US states, when asked about general, non-specific health risks, an average of 32% of IT facility operators reported that a sunburn was a potential health risk [23,24]. In US states, when asked explicitly about premature ageing, an average of 54% of IT facility operators reported that premature ageing was a potential  CA, CO, CT, DC, DE, HI, IL, LA, MN, NV,  NY, OR, TX health risk of IT [40]. In US states, when asked about general, non-specific health risks, an average of 3% of IT facility operators reported that premature ageing was a potential health risk [23,24].

Health benefit information
Four studies reported non-compliance with legislation prohibiting beneficial health claims. In general, false, and misleading health claims about the health benefits of IT are prohibited by IT legislations. In the US, the FTC mandates that IT facilities must avoid all claims that suggest a health benefit of IT [16]. During in-person inquiries, 72% of IT facility operators in the US [24] and 29% [29] of IT facility operators in Chile promoted IT as healthy. On the telephone, 89% of IT facilities in the US claimed false and misleading health benefits, which are prohibited by the legislation under study [23]. In France, claiming any beneficial health effects of IT is forbidden, and 7% of IT facility websites did not comply with legislation, by mentioning supposed beneficial health effects of IT [38].

Risk restrictions
Two studies evaluated compliance with state-specific legislations regarding exposure schedules and skin type [24,31]. In direct conflict with US FDA exposure schedules, in California 59% of IT facility operators stated that daily IT was acceptable and 22% of IT facility operators stated that unlimited IT was acceptable [24]. In Australia, legislation mandates a minimum of 48 h is required between IT exposures; however, customers with fair skin that burns easily ("Type 1") are banned from IT [41]. Although 90% of operators complied with minimum time requirements between IT sessions when asked, 47% of fair-skinned secret shoppers were granted access to an IT facility [31].

Discussion
In this systematic review of 16 studies across four countries, compliance with IT legislation varied. Although the studies indicated relatively high (92% on average) and somewhat consistent compliance for the provision of protective eyewear, there was variability and suboptimal compliance for other components of legislation. For example, compliance with warning signs was lower (60% on average), and compliance with age-restrictions was much lower (34% on average with in-person methods). Variability may be due to true differences, or methodological, jurisdictional, or temporal factors. IT legislation is clearly not meeting its intended outcome of total compliance. We can, however, use lessons learned from other successful health legislations to suggest areas for improvement. The most effective strategy may be through youth-focused and knowledge-based approaches, along with the use of effective enforcement.

Youth access
The elevated skin cancer risk to young people has been a major impetus for the implementation of legislation to restrict the age of those using IT devices [42]. The long-term risks of melanoma associated with artificial UV radiation exposure at young ages is a serious public health problem [3,8]. However, compliance with age restrictions and parental consent varied, and during in-person inquiries was, on average, very low. Greater efforts around enforcement of youth access legislation are necessary to reduce the prevalence of IT among youth. Stronger public health interventions are needed to address the significant health and economic burden of youth IT [19]. As with other risky behaviours, IT often begins during adolescence [43], and youth targeted interventions have been successful with regard to reducing other voluntary risk behaviours, including tobacco use. Restricting youth access to tobacco has been an important component of tobacco legislation [44]. Prohibiting tobacco sales to youth, conducting unannounced inspections, and raising the legal purchasing age, have significantly decreased youth tobacco sales [19]. Indeed, raising the legal tobacco purchasing age above 18 or 19 to 21 is seen as a favourable way to prevent youth tobacco use [45]. IT legislation should mandate an age restriction of at least 18, and possibly higher than 18, and the mandatory checking of age identification as it increases compliance with age restrictions [30,31]. Relatedly, it is likely that checking age identification of IT facility customers who appear to be under 25 would reduce minor access to IT facilities. This would be similar to what is used to restrict the sale of tobacco and alcohol to minors, where age identification requests have been shown to reduce sales [44]. Unlike tobacco or alcohol, IT cannot be purchased by someone else and provided to a minor. Therefore, enforcement of age bans, and age identification checks should be more successful in reducing minor access to IT facilities.
Differences in compliance across studies with respect to age and parental consent may be due to different methodological approaches across studies. On average, just over two-thirds of IT facility operators complied with age restrictions when contacted by telephone, but only one-third did so in-person. Similarly, two-thirds of IT facility operators complied with parental consent over the telephone, but less than half did so with in-person inquiries. There was higher reported compliance with telephone methods and lower compliance with in-person "secret shopper" methods. Hence, compliance with IT legislation estimated by telephone methods may be overestimated. In-person methodologies may more closely resemble real-life scenarios and may provide a more accurate reflection of true compliance with IT legislation, while social acceptability bias impacts telephone methodologies. Although two of the studies commented that telephone methods and in-person methods are similar in their accuracy of evaluation of compliance [26,35], the results of this review suggest otherwise. One exception was the study by Hurd et al. (2006); however, for both the in-person and telephone methods in that study, the IT facility operator was prompted with a question. All studies using telephone methodologies used prompting when asking about age or parental consent. Such direct questions about age compliance or parental consent do not necessarily directly measure, or accurately reflect, the business behaviour (i.e., selling IT sessions to minors).
Compliance appeared to vary with the time between when legislation was passed and when compliance was examined. Compliance with youth access aspects of IT legislation increased as time from enactment to evaluation increased. When the time lapse between passing a law, and measuring compliance was two years or less, compliance with age and parental consent was lower than when the time lapse was more than 10 years. Such temporal trends were also reported with smaller time differences (e.g., less than one year, one to two years, two or more years) [23]. These differences may have occurred because operators may take more time to become aware of, and comply with, new legislations, or enforcement may not occur promptly following the enactment of new legislations.
Upon our update to the literature and the inclusion of newly published studies, the temporal relationship between the implementation of IT legislation and when research was conducted became less clear. Rather, there may be a relationship between the overall number of jurisdictions with legislation and higher compliance, even with short time lapses between implementation and evaluation. Perhaps as more jurisdictions implement IT legislation, compliance with new legislation occurs more quickly, as these types of restrictions are expected by the IT facilities and their clients. There may have previously been a temporal relationship with those jurisdictions first adopting IT legislations, but with time this has lessened. Even the results from the 44-state study conducted in 2018 did not show a temporal relationship between implementation and evaluation of IT legislation [28], while the 14-state study conducted in 2017 explicitly discussed the presence of a temporal relationship [23]. This difference may have occurred because more states are adopting IT legislation in the US and around the world, or because the number of states included in the two studies differed, among other possible reasons.
There were insufficient studies from countries other than the US to evaluate between-country differences; however, we have noted some jurisdictional trends in findings from the US studies. There are regional differences in compliance with IT legislation across the US. When compliance across multiple US states was investigated, relative to other states with similar legislation, states in the south reported lower compliance with IT legislation for youth access [23,25,28]. It is unclear why this is the case, but could be due to differences in climate, political and social environment, or state differences in legislation or enforcement. Regarding the latter, for example, legislation regarding youth access in Texas outlines strict enforcement, but penalties are less severe than in other states [25].

Risk communication
Effective health communication is an important tool used by public health to alter risk behaviours. It is important for individuals to be aware of exposure to health risks, especially if the risk is harmful, yet avoidable. This research examined compliance with communication-related aspects of IT legislation, including communicating health risks, use of warning labels, and risk restrictions. Knowledge of the risks of IT can allow customers to make informed decisions; however, the public lacks knowledge and understanding of IT risks [46,47]. Providing health risk information, not using misleading health benefit claims, enforcing risk restrictions, and posting informative warning signs, are all important ways to ensure the communication of appropriate and correct health and risk information.
The provision of health risk information varied, as did using misleading health benefit claims. The combination of insufficient risk information communicated appropriately, and IT facility operators claiming health benefits from IT will lead to wholly misinformed customers. In two studies evaluating risk information, IT facility operators were either asked about general health risks [24], or specifically about skin cancer and sunburn [33]. Compliance rates were higher when operators were asked about specific health problems relative to general health problems, but even then, less than half of IT facility operators warned of skin cancer as a health risk, while nearly three quarters warned of sunburn. Possible explanations may include that operators are not knowledgeable about the health risks of IT [24,40], or they may fear they are deterring potential customers and selectively choose to communicate risk information. However, we do not know how customers are asking about risk information, and therefore are unable to determine if they are receiving specific and appropriate health risk information.
Warning labels are an important method of communicating health risk information. In the context of other health risk behaviours besides IT, they raise awareness of avoidable health issues, influence health behaviours, and even support other aspects of related health policies [48][49][50]. In addition, health warning labels increase conversations about risky behaviour, and can shift social norms about these health behaviours [51]. Given the low compliance with the provision of health risk information at IT facilities, the communicative role of warning labels is heightened. Compliance with location and content of warning labels varied and, on average, was poor. Two-thirds of IT facility operators complied with both warning sign location and the content needed on those warning signs. While both were suboptimal, average compliance was higher for warning label content than location.
Warning label compliance ranges were narrower for federal US legislation (65-85%) [33,34,37] than US state-level warning label legislation (20-90%) [33,34], suggesting a trend by scope of jurisdiction. The US FDA requires IT bed manufacturers to permanently attach federal warning statements to beds during assembly [16,39,52]. In contrast, state-level IT facility warning labels differ between states and must be affixed, and sometimes even created by operators, as is the case in California [16,32]. In comparison, manufacturers are required to include warning labels on cigarette packaging before they can be provided for sale [53] leading to high compliance with warning label requirements for tobacco.

Protective eyewear
Compliance was high for the provision of protective eyewear, with all studies reporting over 80% compliance, rendering it rather anomalous relative to all other IT legislation components investigated. Eye protection is important because artificial UV radiation can cause acute eye damage and ocular melanoma [54,55]. Explanations for this high compliance include that it is relatively easy to implement, is low cost, and it likely has little or no negative impact on business because individuals can still tan. It is also possible protective eyewear may be an additional revenue stream for IT facility operators. Some states in the US require IT facilities to provide free eyewear, while others allow for the sale of eyewear [16].
Although a high percentage of IT facilities provided protective eyewear, there was lower compliance with requiring clients to wear the provided protective eyewear [29,33,36]. Although it may be relatively easy to provide protective eyewear to clients, it is difficult to ensure the use of eyewear because it involves checking on the client as they enter the IT bed. More research is needed to investigate the extent to which clients are wearing what is provided with respect to eyewear, and whether provision and use are closely correlated.

Policy implications and recommendations
The variation in compliance, and relatively low compliance, with most aspects of IT legislation, leads to concerns about enforcement. One possible reason why low compliance was reported could be due to low enforcement. Some studies have shown variability in inspection and enforcement practices by health inspectors [56,57]. Reduction of harm from IT beds for all individuals, including youth, cannot be fully realized without proper enforcement [58]. To increase compliance, an increased level of inspection and enforcement is imperative. This has been seen with enforcement of tobacco legislation [44]. A universal IT tax is one way to fund IT facility inspections [59]. Furthermore, if IT clients are required to pay a higher tax percent, this could become a deterrent to IT use. IT legislation without enforcement, including penalties, is not expected to lead to change.
Overall, greater provisions for enforcement of IT legislation are needed, as without enforcement, compliance is unlikely to improve. Optimal compliance with all areas of IT legislation will likely require increased inspection, and mandatory and stricter penalties for infractions. Increased inspection could be funded by moneys collected through a federal IT tax or an IT business license, which are both already used in some jurisdictions [59]. Protection of youth from the dangers of IT could be improved by mandatory age identification checks, and age identification checks should encompass ages higher than the minimum identified by the legislation. Further, parental consent compliance was low and thus does little to protect youth. We therefore suggest there be no parental consent exceptions, and that all clients under the minimum age be refused service, as is the case in the context of tobacco control. Compliance with warning labels was also suboptimal. In addition to enhanced inspection and penalties, standardization of warning label content and provision of warning labels to IT facility operators may also increase compliance. Further, health "benefit" information should be more widely and aggressively restricted through IT legislation, and the provision of health risk information through other means in addition to warning labels ought to be considered. A multi-pronged approach to risk communication, as used in alcohol and tobacco control, may be more effective. Finally, given the discrepancies in findings between methodological approaches, we suggest policy makers consider in-person checks be considered a best practice in the evaluation of IT legislation.

Limitations
Only English-language, peer-reviewed studies were included, meaning studies in other languages, and those in the grey literature, were excluded. One author conducted all data extraction. We restricted the review to assess compliance and not impact. Compliance levels inform public health practitioners and policy makers about IT legislations and are a necessary first step. We restricted the review to compliance with legislation and not with voluntary guidelines, because the latter shows poor compliance [31,60,61]. Due to differences in legislation and how each study operationalized compliance, the definition of compliance with legislations of interest varied between studies. Further, the broader heterogeneity of studies including variable study designs, temporal and geographical differences, and the different study sites (IT facilities, websites, IT beds, public health inspectors) made comparisons across studies challenging.

Future research
Given the lower compliance with in-person inquiries compared to telephone inquiries, we encourage researchers to use in-person data collection techniques, which may more accurately reflect day-to-day business practices. The variability in compliance suggests that high-compliance for key aspects of IT legislation is possible, as was noted in some studies. More carefully determining the variables that contribute to high compliance with IT legislation is a priority area for future research, as such findings could inform best practices. Future research should strive to explicitly operationalize compliance, to allow for clearer understanding of research findings.
Future research should also consider the temporal relationship between the implementation of IT legislation, and the timing of compliance research. Researchers may wish to explore how compliance with legislation in a jurisdiction changes over time to further describe temporal trends, which should clarify some of difference in compliance, and shed some light on how long it takes for a legislation to become impactful. Most studies on compliance were conducted in the US, suggesting a need for studies from more countries with different IT legislation experiences. Research is also needed to evaluate why regional differences exist.
Additionally, in-depth case study evaluations identifying factors contributing to successful compliance with and enforcement of a specific jurisdiction's IT legislation (e.g., process and implementation evaluations) may lead to a more robust understanding of the hindrances and facilitators to high compliance. An understanding of these differences might shed light on ways to improve compliance through legislative amendments.