What type of requirements might be imposed by external authorities?

Non-functional requirements encompass criteria that judge the operation of a system, rather than specific behaviors or functionalities. External authorities, such as regulatory bodies, compliance organizations, or industry standards, often impose non-functional requirements to ensure that systems meet certain safety, security, performance, and usability standards. For example, an organization might need to comply with data protection regulations that dictate how personally identifiable information (PII) should be handled and protected.

These requirements are crucial in contexts like finance and healthcare, where adherence to strict regulations is mandatory. They ensure that a system not only performs its intended functions but does so in a manner that protects users or aligns with broader societal or legal expectations.

Functional requirements, by contrast, focus on what the system should do, such as the specific actions or functions it must support. User-generated requirements are derived from the needs and feedback of users, and organizational requirements relate to the goals and objectives set by an organization. While all these are important, the specific collaboration with external authorities regarding criteria such as compliance or performance benchmarks aligns best with non-functional requirements.