Ensuring REACH and RoHS compliance in the long term

The financial and strategic risk of companies increases drastically if they fail to comply with the legal requirements. However, the sanctions imposed by the authorities in the case of administrative offences are still manageable. Measures are taken, for example, in the event of violations of the REACH Regulation's requirement to provide commercial customers with information on substances of very high concern (SVHC) in products with a concentration of 0.1 mass percent or more.

More serious are infringements with criminal relevance, for example if restrictions on use and prohibitions regulated in Annex XVII of the REACH Regulation are not complied with. Equally serious are the economic consequences resulting from supplier failures, production stoppages, product withdrawals ordered by the authorities or lawsuits filed by competitors or downstream players in the supply chain.

Risks of non-compliance with REACH and RoHS

In view of the constantly increasing number of environment-related regulations, many companies are faced with the question of how they can meet the requirements of the legislator. The REACH Regulation and the RoHS Directive in particular present many companies in the EU with major challenges due to their complexity and stringent requirements.

In connection with the RoHS Directive, further risks are added. Reinforced by customer requirements, product-specific compliance with certain substance-related limits is required, even if the producer does not yet fall within the scope of the directive or benefits from an exclusion. In the past, many cases have shown that these economic risks are omnipresent. For example, companies have had to file for insolvency or withdraw products from the market in large numbers due to non-compliance.

Economic risks are omnipresent.

In addition, they could not meet customer requirements and were "sorted out" by the customer. These consequences could have been avoided.

Companies know too little about REACH and RoHS

REACH is often associated only with the registration requirement for substances above one tonne/year, without which it is prohibited to place the corresponding substance on the market in the EU at all. However, this is only part of the legal requirements. Depending on the role a company takes under REACH, different obligations have to be fulfilled:

Be it the obligation to inform about SVHC substances in the article, the compliance with restrictions of use (Annex XVII), the prohibition of use of substances without granted authorisation after the expiry date (Annex XIV), the requirements for REACH-compliant safety data sheets, the obligation to prepare chemical safety reports or various notification obligations to the European Chemicals Agency ECHA based in Helsinki.

With regard to the purely product-related RoHS Directive, the situation is somewhat different. At least the limit values that the directive prescribes for the homogeneous material seem to be sufficiently known. However, the topics of product classification (do I fall under RoHS and if so, from when?), exemptions and technical documentation in accordance with DIN EN50581 and CE marking repeatedly raise questions.

Common to both regulations is that the substance lists are to be further expanded in the future. For example, according to the SVHC roadmap of the ECHA, an expansion of the REACH-SVHC list from currently 163 substances to approx. 600 substances is planned by 2020. From 2019, four further substance restrictions will apply under RoHS. The pressure on companies to implement these measures is therefore increasing.

In many companies, knowledge of the contents of the REACH Regulation and RoHS Directive is concentrated on individual persons. Separate employees are often appointed to deal with the subject matter. In these cases, the company management often assumes that the topics REACH and RoHS are adequately delegated with the appointment of an employee.

While this approach seems perfectly understandable and plausible for small, manageable companies, it no longer achieves any significant success above a certain company size.

Systematic approach important

The consequence of this shielded or marginally developed knowledge is numerous reactive individual actions with which the organization attempts to protect itself against risks. In most cases, however, these isolated measures, such as simply sending out supplier inquiries, do not have a lasting effect. Why?

A glance at the recitals of the REACH Regulation or RoHS Directive quickly reveals that the EU is oriented towards a holistically oriented enterprise. Conversely, however, this means that companies are required to think in terms of EFQM. Companies must therefore have a number of characteristic features in order to meet the basic requirements for systematic compliance in the first place. Characteristics that a company exhibits in the so-called association phase according to F. Glasl can be:

As a result of a lack of compliance, companies have already had to file for insolvency.

• continuous value stream
• extended process awareness
• Openness and trustful cooperation between all partners (also in the supply chain) as well as 
• Thinking beyond the boundaries of your own company.

Organizations can only meet this holistic understanding, on which the EU based the REACH Regulation and the RoHS Directive, by including all relevant areas. In corporate practice, however, this approach is still very rare.

Due to the increasing pressure of implementation, the question therefore arises as to where (organizationally or process-wise) REACH- and RoHS-specific knowledge must be available in the company in order to meet the legal requirements. The individual company circumstances should be taken into account, including development, quality management, environmental management, production, purchasing, sales/procurement process, product development process, data management, change management or customer-related processes. Each company must answer this question for itself.

Audits as a key method

If companies take into account the principles of quality management, customer orientation, leadership, involvement of people, process-oriented approach and system-oriented management approach, they can adequately meet the idea of the EU. Nothing stands in the way of a systematic and holistic integration of the legal requirements.

Actions carried out in isolation, such as simply sending out supplier enquiries, have no effect.

With regard to the implementation of REACH and RoHS, companies often underestimate the potential of internal and external audits. Within the framework of internal audits with a thematic focus on REACH and RoHS, there is the possibility of gaining an overview of the current status of one's own company in a short time. The company determines the extent to which it is able to systematically meet the requirements.

A thematic prioritization, such as an objective within the scope of the audit program, helps to drive the topic forward in the company in a sustainable manner and on a lean footing.

Within the scope of the audits, companies can check legal compliance in a structured manner, find synergies, discover weak points in the system and follow up on corrective measures. Since the requirements of REACH and RoHS are analogous to many chapters of the DIN EN ISO 9001 and 14001 standards, a thematic link to already planned internal audits can be made quickly and conveniently.

Last but not least, the final report provides an ideal starting point for integrating audit results into the CIP of support, value creation and management processes and for directing the focus of management and executives more strongly on existing corporate risks.