What is the primary objective of **REACH**?

**The primary objective of REACH is to ensure a high level of protection for human health and the environment from chemical risks while enhancing EU chemicals industry competitiveness and promoting alternative testing methods.** REACH (Regulation (EC) No 1907/2006) shifts responsibility to industry for generating data on substance hazards, exposure, and risk management via registration dossiers, enabling ECHA and Member States to evaluate, authorise SVHCs on **Annex XIV**, or impose restrictions on **Annex XVII**.

Who is legally or professionally required to comply with **REACH**?

**REACH legally requires manufacturers, importers, and downstream users placing substances on the EU/EEA market in quantities exceeding 1 tonne per year per legal entity to comply.** Non-EU manufacturers must appoint an **Only Representative**; producers/importers of articles face SVHC notification duties under Article 7(2) if ≥0.1% w/w and >1 tonne/year; all supply chain actors must provide **Safety Data Sheets** per Annex II and communicate under Article 33 within 45 days.

Does **REACH** require an external audit or third-party certification?

**No, REACH does not require external audits or third-party certification.** It imposes continuous obligations like dossier submission to ECHA via REACH-IT, Member State-led enforcement inspections, and self-managed recordkeeping for 10 years, with no "REACH certificate" issued by ECHA.

How often should an assessment for **REACH** be performed?

**REACH assessments must be performed continuously as a living obligation, with updates triggered by events like tonnage changes, new hazards, Candidate List additions (typically twice yearly), or Annex XIV/XVII amendments.** Annual tonnage reviews and immediate dossier/SDS updates ensure compliance.

What are the consequences of non-compliance with **REACH**?

**Non-compliance with REACH results in Member State penalties that must be effective, proportionate, and dissuasive per Article 126, including fines, product seizures, market withdrawal, and potential criminal sanctions.** Enforcement varies by country, coordinated via ECHA's Forum, with risks of supply chain disruption and reputational damage.

Can **REACH** be mapped to other international frameworks?

**Yes, REACH elements such as Chemical Safety Reports and exposure scenarios can be mapped to other frameworks, though it remains a standalone EU regulation.** Its data requirements (Annexes VII-X) and SVHC criteria align with global chemicals regimes, facilitating partial reuse in multi-jurisdictional compliance.

What is the first step to begin implementing **REACH**?

**The first step to implement REACH is to conduct a substance inventory identifying all materials manufactured or imported ≥1 tonne/year per legal entity, mapping tonnages, uses, and roles.** Prioritize by Annex lists and Candidate List to build an IUCLID-ready master list for registration planning.

What is the primary objective of **AS9100**?

**The primary objective of AS9100 is to establish a quality management system (QMS) for aviation, space, and defense organizations that ensures product safety, configuration integrity, and supply chain reliability.** AS9100D (2016) builds on ISO 9001:2015's 10-clause structure, adding over 100 aerospace-specific requirements in Clause 8, including operational risk management (8.1.1), configuration management (8.1.2), product safety (8.1.3), and counterfeit parts prevention (8.1.4). It promotes risk-based thinking across enterprise (Clause 6.1) and operational levels to prevent quality escapes, reduce variation, and standardize practices via the IAQG's OASIS database for supplier visibility.

Who is legally or professionally required to comply with **AS9100**?

**AS9100 applies professionally to organizations that design, develop, manufacture, or service aviation, space, and defense products.** It targets manufacturers of parts, materials suppliers, design centers, and quality support organizations in the ASD supply chain; AS9110 suits MRO, AS9120 distributors. Major OEMs and primes require certification as a supplier qualification condition, with scope defined in Clause 4.3 considering context, regulatory, and customer requirements. Exclusions are limited, justified only if they do not affect conformity.

Does **AS9100** require an external audit or third-party certification?

**Yes, AS9100 requires third-party certification through accredited bodies via IAQG oversight.** Initial certification involves Stage 1 (readiness/documentation review) and Stage 2 (implementation/effectiveness audit), with nonconformities resolved in 60–90 days. Maintenance includes annual surveillance audits and recertification every three years, emphasizing objective evidence of process effectiveness per AS9101 guidance.

How often should an assessment for **AS9100** be performed?

**AS9100 requires internal audits per a planned program (Clause 9.2) and external surveillance annually with recertification every three years.** Internal audits must be risk-based, covering all processes by competent auditors, with results feeding management review (Clause 9.3). Frequency depends on risks, size, and performance; high-risk areas like Clause 8 controls demand more frequent evaluation.

What are the consequences of non-compliance with **AS9100**?

**Non-compliance with AS9100 risks certification suspension, contract loss, and supply chain exclusion via OASIS delisting.** Audits identify nonconformities requiring root-cause corrective action; major findings delay certification. Operationally, it leads to quality escapes, product safety events, rework, and OEM penalties, as 96% of certified firms are under 500 employees reliant on primes.

An **AS9100** be mapped to other international frameworks?

**Yes, AS9100D aligns structurally with Annex SL frameworks due to its ISO 9001:2015 base.** The 10-clause PDCA structure supports integrated systems, with shared elements like risk-based thinking (Clause 6), leadership (Clause 5), and performance evaluation (Clause 9) enabling mapping without other standards mentioned.

What is the first step to begin implementing **AS9100**?

**The first step to implement AS9100 is conducting a gap analysis against AS9100D clauses.** Review current processes versus requirements, define QMS scope (Clause 4.3) with minimal justified non-applicability, map processes, and prioritize aerospace additions like Clause 8 controls, typically taking 6–18 months total.

REACH vs AS9100

Standards Comparison

REACH

Mandatory

2007

EU regulation for chemical registration, evaluation, authorisation, restriction

AS9100

Mandatory

2016

International standard for aerospace quality management systems.

Quick Verdict

REACH mandates chemical risk management across EU supply chains for health/environment protection, while AS9100 certifies aerospace quality systems emphasizing product safety and traceability. Organizations adopt REACH for legal compliance, AS9100 for market access and reliability.

Chemical Safety

REACH

Regulation (EC) No 1907/2006 (REACH)

Cost

€€€

Complexity

Medium

Implementation Time

18-24 months

Key Features

1. Shifts burden of proof to industry for registrations
2. Tonnage-triggered escalating data requirements from 1 tpa
3. Authorisation regime for SVHCs promoting substitution
4. EU-wide restrictions via dynamic Annex XVII
5. Mandatory SVHC communication down supply chain

Quality Management

AS9100

AS9100D Quality Management Systems Requirements

Cost

€€€€

Complexity

High

Implementation Time

12-18 months

Key Features

Configuration management for product integrity
Product safety processes across lifecycle
Counterfeit parts prevention controls
Operational risk management in Clause 8
Enhanced supplier evaluation and controls

Detailed Analysis

A comprehensive look at the specific requirements, scope, and impact of each standard.

REACH Details

What It Is

REACH (Regulation (EC) No 1907/2006) is a directly applicable EU regulation on Registration, Evaluation, Authorisation and Restriction of Chemicals. It protects human health and environment by requiring industry to generate and submit safety data on substances. Scope covers manufacture, import, and use of chemicals in substances, mixtures, and articles. Uses a risk-based, tonnage-driven approach with escalating requirements.

Key Components

Four pillars: Registration (>1 tpa threshold), Evaluation (dossier checks), Authorisation (SVHCs on Annex XIV), Restriction (Annex XVII bans/limits).
17 annexes detailing data (Annexes VI-X), lists, SDS rules (Annex II).
Supply-chain duties: SDS, Article 33 SVHC notifications.
Managed by ECHA; no certification, continuous compliance via dossiers.

Why Organizations Use It

Mandatory for EU market access; avoids fines, seizures, bans.
Reduces supply-chain risks, enables substitution innovation.
Builds trust via transparency; competitive edge in ESG.
Manages enforcement variability across Member States.

Implementation Overview

Phased: inventory, gap analysis, dossiers (IUCLID), monitoring.
Cross-functional for manufacturers/importers/downstream users in EU/EEA.
Ongoing; national audits/enforcement, no central certification.

AS9100 Details

What It Is

AS9100D (AS9100:2016) is the international quality management system (QMS) standard for aviation, space, and defense (ASD) organizations. It builds on ISO 9001:2015 with over 100 aerospace-specific requirements, using a risk-based, process-oriented approach to ensure product safety and supply chain integrity.

Key Components

10-clause Annex SL structure covering context, leadership, planning, support, operation, evaluation, and improvement.
Aerospace additions: configuration management (8.1.2), product safety (8.1.3), counterfeit parts prevention (8.1.4), operational risk (8.1.1), enhanced supplier controls (8.4).
Built on PDCA cycle; certification via accredited third-party audits (Stage 1/2, surveillance, recertification).

Why Organizations Use It

**Market accessRequired by OEMs/primes for supplier qualification.
**Risk reductionPrevents safety incidents, defects, counterfeit risks.
**Efficiency gainsImproves delivery, reduces rework, enhances traceability.
Builds stakeholder trust via OASIS database visibility.

Implementation Overview

Phased: gap analysis, process design, training, internal audits, certification (6-18 months).
Applies to ASD designers/manufacturers/suppliers globally; suits all sizes with scaled complexity.

Key Differences

Aspect	REACH	AS9100
Scope	Chemicals registration, evaluation, authorisation, restriction	Aerospace quality management system processes
Industry	Chemicals, manufacturing, EU-wide all sectors	Aviation, space, defense supply chains globally
Nature	Mandatory EU regulation, legally binding	Voluntary certification standard based on ISO 9001
Testing	Dossier submission, substance evaluation by ECHA	Third-party audits, Stage 1/2 certification cycles
Penalties	National fines, effective/proportionate/dissuasive	Certification loss, no direct legal penalties

Scope

REACH

Chemicals registration, evaluation, authorisation, restriction

AS9100

Aerospace quality management system processes

Industry

REACH

Chemicals, manufacturing, EU-wide all sectors

AS9100

Aviation, space, defense supply chains globally

Nature

REACH

Mandatory EU regulation, legally binding

AS9100

Voluntary certification standard based on ISO 9001

Testing

REACH

Dossier submission, substance evaluation by ECHA

AS9100

Third-party audits, Stage 1/2 certification cycles

Penalties

REACH

National fines, effective/proportionate/dissuasive

AS9100

Certification loss, no direct legal penalties

Frequently Asked Questions

Common questions about REACH and AS9100

REACH FAQ

AS9100 FAQ

You Might also be Interested in These Articles...

DORA Third-Party Risk Management: A Consultant’s Guide to Mapping Critical ICT Service Providers in 2026

Navigate DORA's complex third-party risk pillar. Step-by-step consultant guide to identify critical ICT providers, remediate Article 30 contracts, and build the

NIST 800-53 Private Sector ROI Uncovered: 2025 Podcast Deep Dive into Control Family Impact on $10M+ Breach Aversions

Uncover NIST 800-53 ROI in healthcare & finance: RA, SI, IR controls break even after 1-2 incidents ($100K-$10M savings). Podcast deep dive with CISO metrics fo

The SOC Maturity Roadmap: A 5-Step Blueprint for Scaling from Ad-Hoc to Optimized Operations

Unlock SOC excellence with our 5-step maturity roadmap. Compare SOC-CMM, NIST CSF, and CMMC frameworks to scale from ad-hoc to automated operations. Start your

Run Maturity Assessments with GRADUM

Transform your compliance journey with our AI-powered assessment platform

Assess your organization's maturity across multiple standards and regulations including ISO 27001, DORA, NIS2, NIST, GDPR, and hundreds more. Get actionable insights and track your progress with collaborative, AI-powered evaluations.

100+ Standards & Regulations

AI-Powered Insights

Collaborative Assessments

Actionable Recommendations

Check out these other Gradum.io Standards Comparison Pages

ISO 55001 vs ISO 41001

Uncover ISO 55001 vs ISO 41001: Asset mgmt system for lifecycle value vs FM excellence. Compare clauses, benefits & implementation for resilient ops. Choose wisely now!

CMMI vs ISO 27017

CMMI vs ISO 27017: Compare CMMI's maturity levels for process excellence vs ISO 27017's cloud security controls. Optimize IT ops, boost compliance. Discover key differences now!

UL Certification vs WELL

UL Certification vs WELL: Safety marks & testing meet health-focused building standards. Compare processes, benefits & choose for compliance. Boost safety & wellness today!

REACH

AS9100

Quick Verdict

REACH

Key Features

AS9100

Key Features

Detailed Analysis

REACH Details

What It Is

Key Components

Why Organizations Use It

Implementation Overview

AS9100 Details

What It Is

Key Components

Why Organizations Use It

Implementation Overview

Key Differences

Scope

Industry

Nature

Testing

Penalties

Frequently Asked Questions

REACH FAQ

What is the primary objective of REACH?

Who is legally or professionally required to comply with REACH?

Does REACH require an external audit or third-party certification?

How often should an assessment for REACH be performed?

What are the consequences of non-compliance with REACH?

Can REACH be mapped to other international frameworks?

What is the first step to begin implementing REACH?

AS9100 FAQ

What is the primary objective of AS9100?

Who is legally or professionally required to comply with AS9100?

Does AS9100 require an external audit or third-party certification?

How often should an assessment for AS9100 be performed?

What are the consequences of non-compliance with AS9100?

An AS9100 be mapped to other international frameworks?

What is the first step to begin implementing AS9100?

You Might also be Interested in These Articles...

DORA Third-Party Risk Management: A Consultant’s Guide to Mapping Critical ICT Service Providers in 2026

NIST 800-53 Private Sector ROI Uncovered: 2025 Podcast Deep Dive into Control Family Impact on $10M+ Breach Aversions

The SOC Maturity Roadmap: A 5-Step Blueprint for Scaling from Ad-Hoc to Optimized Operations

Run Maturity Assessments with GRADUM

Check out these other Gradum.io Standards Comparison Pages

ISO 55001 vs ISO 41001

CMMI vs ISO 27017

UL Certification vs WELL