What is the primary objective of **REACH**?

**The primary objective of REACH is to ensure a high level of protection for human health and the environment from chemical risks while enhancing EU industry competitiveness and promoting alternative testing methods.** Under **Regulation (EC) No 1907/2006**, it shifts responsibility to industry for registering substances manufactured or imported above **1 tonne per year per legal entity**, generating data on hazards, exposure, and risk management via dossiers submitted to **ECHA**.

Who is legally or professionally required to comply with **REACH**?

**REACH legally requires manufacturers, importers, downstream users, and distributors placing substances, mixtures, or certain articles on the EU/EEA market to comply.** Registration applies to substances exceeding **1 tonne/year per legal entity**; non-EU manufacturers must appoint an **Only Representative**. Downstream users must implement exposure scenarios from **Safety Data Sheets (SDS)** per **Annex II**, with article producers notifying **ECHA** under **Article 7(2)** for **SVHCs** ≥**0.1% w/w** exceeding **1 tonne/year**.

Does **REACH** require an external audit or third-party certification?

**No, REACH does not require external audits or third-party certification.** It imposes ongoing obligations like dossier submission to **ECHA** and national enforcement via inspections by Member State authorities. Compliance is verified through **dossier evaluation** (**Articles 40-42**) and **substance evaluation** (**Articles 44-48**), with no "REACH certificate" issued.

How often should an assessment for **REACH** be performed?

**REACH assessments must be performed continuously as a living obligation, with updates triggered by events like new data, tonnage changes, or list updates.** Registrants update dossiers when new hazards emerge; monitor **Candidate List** (biannual additions), **Annex XIV** (**Sunset Dates**), and **Annex XVII** amendments. **Chemical Safety Reports (CSR)** are required for ≥**10 tonnes/year**, with record retention for **10 years**.

What are the consequences of non-compliance with **REACH**?

**Non-compliance with REACH results in penalties that are effective, proportionate, and dissuasive, enforced by Member State authorities.** These include administrative fines, product seizures, market withdrawal, and potential criminal sanctions. Coordinated via **ECHA’s Forum**, penalties vary by country but can reach millions of euros, plus reputational damage and supply-chain disruptions.

Can **REACH** be mapped to other international frameworks?

**No, these FAQs focus solely on REACH as a standalone EU regulation.** Mapping to other frameworks is outside this scope per independent content guidelines.

What is the first step to begin implementing **REACH**?

**The first step to implement REACH is to conduct a substance inventory identifying all materials manufactured or imported above **1 tonne/year per legal entity****. Map tonnages, roles (manufacturer/importer/downstream user), and check against **ECHA** lists (**Candidate List**, **Annex XIV**, **Annex XVII**) to prioritize registrations and notifications.

What is the primary objective of **EU AI Act**?

**The primary objective of the EU AI Act is to establish a risk-based regulatory framework that prohibits unacceptable-risk AI practices, imposes strict obligations on high-risk AI systems, mandates transparency for limited-risk systems, and promotes safe AI innovation across the EU.** Regulation (EU) 2024/1689, entering force on 1 August 2024, operationalizes safety, fundamental rights protection, and accountability through lifecycle controls like risk management (**Article 9**) and conformity assessments (**Article 43**).

Who is legally or professionally required to comply with **EU AI Act**?

**Providers, deployers, importers, distributors, and authorized representatives of AI systems used in the EU must comply with the EU AI Act, including third-country entities if outputs are used in the EU.** Providers (**Article 3(3)**) develop or place high-risk systems on the market; deployers (**Article 3(4)**) are professional users ensuring oversight and monitoring. Obligations span the value chain, with high-risk duties under **Articles 9–15**.

Does **EU AI Act** require an external audit or third-party certification?

**High-risk AI systems require conformity assessment, which may involve third-party notified bodies for certification, EU Declaration of Conformity (**Article 47**), and CE marking (**Article 48**).** Internal assessments suffice for some (**Annex VI**), but Annex III systems like biometrics often need external notified bodies (**Articles 28–39**, **Annex VII**). GPAI systemic-risk models face AI Office evaluations (**Article 55**).

How often should an assessment for **EU AI Act** be performed?

**Risk classification and conformity assessments for EU AI Act must be conducted before placing high-risk systems on the market or into service, with continuous post-market monitoring (**Article 72**) and updates for substantial modifications.** Ongoing risk management (**Article 9**) and serious incident reporting (**Article 73**) apply lifecycle-wide; logs retained at least six months (**Article 12**).

What are the consequences of non-compliance with **EU AI Act**?

**Non-compliance with EU AI Act incurs tiered administrative fines up to 7% of worldwide annual turnover or €40 million for prohibited practices (**Article 5**), 4% or €20 million for high-risk failures, and 2% or €10 million for others.** Additional remedies include market withdrawal, bans, and personal liability for executives via national authorities and AI Office enforcement (**Articles 70, 99–101**).

Can **EU AI Act** be mapped to other international frameworks?

**Yes, EU AI Act obligations align with frameworks like ISO 42001 for AI management systems and ISO 27001 for cybersecurity, enabling presumption of conformity via harmonized standards (**Article 40**).** Its risk-based structure complements product safety regimes in Annex I, facilitating integrated compliance without direct mappings specified.

What is the first step to begin implementing **EU AI Act**?

**The first step to implement EU AI Act is to conduct an AI inventory and risk classification, mapping systems to prohibited practices (**Article 5**), high-risk Annex I/III categories (**Article 6**), or GPAI obligations (**Chapter V**).** Document decisions to confirm scope and prioritize high-risk conformity.

REACH vs EU AI Act

Standards Comparison

REACH

Mandatory

2007

EU regulation for chemical registration, evaluation, authorisation, restriction

EU AI Act

Mandatory

2024

EU regulation for risk-based AI safety and governance

Quick Verdict

REACH governs chemicals via registration and restrictions for EU market access, while EU AI Act regulates AI by risk tiers with conformity assessments. Companies adopt REACH for chemical compliance, AI Act for safe AI deployment, ensuring legal market entry and risk mitigation.

Chemical Safety

REACH

Regulation (EC) No 1907/2006 on REACH

Cost

€€€

Complexity

Medium

Implementation Time

18-24 months

Key Features

Shifts burden of proof to industry for risks
Registration required above 1 tonne per year
Four pillars: register, evaluate, authorise, restrict
SVHC authorisation with sunset dates and LADs
Continuous supply-chain SDS and SVHC communication

Artificial Intelligence

EU AI Act

Regulation (EU) 2024/1689 Artificial Intelligence Act

Cost

€€€

Complexity

Medium

Implementation Time

18-24 months

Key Features

Risk-based four-tier AI classification framework
Prohibitions on unacceptable-risk AI practices
High-risk conformity assessments and CE marking
GPAI models systemic risk obligations
Lifecycle post-market monitoring requirements

Detailed Analysis

A comprehensive look at the specific requirements, scope, and impact of each standard.

REACH Details

What It Is

REACH (Regulation (EC) No 1907/2006) is a directly applicable EU regulation establishing a comprehensive framework for managing chemical risks. Its primary purpose is protecting human health and the environment through industry-led identification, assessment, and control of chemical substances across their lifecycle, from manufacture to use in articles. It employs a responsibility-shift approach, requiring industry to generate and submit data via standardized dossiers.

Key Components

**Four pillarsRegistration (dossiers for >1 tpa substances), Evaluation (dossier/substance checks), Authorisation (SVHC permissions via Annex XIV), Restriction (bans/limits in Annex XVII).
17 technical annexes detailing data requirements, SDS rules, and lists.
Built on risk-based principles with tonnage-scaled info, read-across adaptations, and supply-chain duties.
No certification; compliance enforced nationally with ECHA coordination.

Why Organizations Use It

Mandated for EU market access; avoids fines, seizures, market bans. Enhances risk management, supply transparency, substitution innovation, ESG reporting, and competitiveness via safer products.

Implementation Overview

Phased: gap analysis, substance inventory, dossiers/CSRs via IUCLID, SDS flows, monitoring. Applies to manufacturers/importers/downstream users in chemicals/products; cross-industry, EU/EEA-focused. Ongoing audits, no central cert but national enforcement.

EU AI Act Details

What It Is

The EU AI Act (Regulation (EU) 2024/1689) is a comprehensive EU regulation for artificial intelligence, published in the Official Journal on 12 July 2024 and entering force on 1 August 2024. It establishes horizontal rules to ensure safe, transparent, and rights-respecting AI across sectors. The core risk-based approach tiers AI into unacceptable (prohibited), high-risk, limited-risk (transparency), and minimal-risk categories.

Key Components

Prohibited practices (Chapter II), high-risk obligations (Chapter III: risk management, data governance, documentation, oversight, cybersecurity), transparency duties (Chapter IV), GPAI rules (Chapter V).
Lifecycle requirements with conformity assessments, CE marking, EU database registration.
Built on product safety principles; enforced via hybrid governance (AI Office, national authorities).
Tiered fines up to 7% global turnover.

Why Organizations Use It

Mandatory for EU market access and outputs used in EU.
Mitigates severe penalties, legal risks.
Builds trust, enables regulated sector operations (healthcare, finance, HR).
Drives better AI governance, competitive differentiation.

Implementation Overview

Phased: prohibitions (6 months), GPAI (12 months), high-risk (24-36 months).
Inventory/classify AI, build QMS/RMS, assessments, monitoring.
All sizes/industries with EU exposure; audits by authorities.

Key Differences

Aspect	REACH	EU AI Act
Scope	Chemicals lifecycle: registration, evaluation, authorisation, restriction	AI systems by risk: prohibited, high-risk, transparency, minimal-risk
Industry	Chemicals, manufacturing, importers EU-wide	All sectors using AI, EU market/outputs
Nature	Mandatory EU regulation, national enforcement	Mandatory EU regulation, risk-based conformity assessments
Testing	Dossier evaluation, substance checks by ECHA/MS	Conformity assessments, notified bodies for high-risk
Penalties	National fines, effective/proportionate/dissuasive	Up to 7% global turnover for prohibited practices

Scope

REACH

Chemicals lifecycle: registration, evaluation, authorisation, restriction

EU AI Act

AI systems by risk: prohibited, high-risk, transparency, minimal-risk

Industry

REACH

Chemicals, manufacturing, importers EU-wide

EU AI Act

All sectors using AI, EU market/outputs

Nature

REACH

Mandatory EU regulation, national enforcement

EU AI Act

Mandatory EU regulation, risk-based conformity assessments

Testing

REACH

Dossier evaluation, substance checks by ECHA/MS

EU AI Act

Conformity assessments, notified bodies for high-risk

Penalties

REACH

National fines, effective/proportionate/dissuasive

EU AI Act

Up to 7% global turnover for prohibited practices

Frequently Asked Questions

Common questions about REACH and EU AI Act

REACH FAQ

EU AI Act FAQ

You Might also be Interested in These Articles...

How to Implement CIS Controls v8.1 as a ‘Control Backbone’ for NIS2 & DORA (Step-by-Step Implementation Guide)

Deploy CIS Controls v8.1 as a control backbone for NIS2 & DORA compliance. Step-by-step roadmap (IG1→IG2), deliverables, metrics & evidence model for hybrid/clo

Top 5 Unseen Complexities Modern Compliance Software Effortlessly Manages

Uncover top 5 unseen complexities modern compliance software manages effortlessly—from sensitive data mapping to real-time regulatory shifts. Automate audits, i

SOC 2 Audit Survival Guide: Auditor Questions, Red Flags, and Evidence Prep for First-Time Pass

Ace your SOC 2 audit with predicted auditor questions, model answers, red flags, and evidence checklists from CPA best practices & SignWell's journey. Reduce st

Run Maturity Assessments with GRADUM

Transform your compliance journey with our AI-powered assessment platform

Assess your organization's maturity across multiple standards and regulations including ISO 27001, DORA, NIS2, NIST, GDPR, and hundreds more. Get actionable insights and track your progress with collaborative, AI-powered evaluations.

100+ Standards & Regulations

AI-Powered Insights

Collaborative Assessments

Actionable Recommendations

Check out these other Gradum.io Standards Comparison Pages

CAA vs MAS TRM

Explore CAA vs MAS TRM: Compare Clean Air Act standards with Singapore's Technology Risk Management guidelines. Gain expert insights on compliance, risks & strategies to master both frameworks now.

FERPA vs WEEE

Discover FERPA vs WEEE: US student privacy law shields records; EU directive drives e-waste recycling. Key diffs, compliance tips & strategies. Dive in!

GLBA vs SAMA CSF

Discover GLBA vs SAMA CSF: Compare US financial privacy rules with Saudi cyber framework. Key diffs in governance, risk mgmt & safeguards boost global compliance. Master now!

REACH

EU AI Act

Quick Verdict

REACH

Key Features

EU AI Act

Key Features

Detailed Analysis

REACH Details

What It Is

Key Components

Why Organizations Use It

Implementation Overview

EU AI Act Details

What It Is

Key Components

Why Organizations Use It

Implementation Overview

Key Differences

Scope

Industry

Nature

Testing

Penalties

Frequently Asked Questions

REACH FAQ

What is the primary objective of REACH?

Who is legally or professionally required to comply with REACH?

Does REACH require an external audit or third-party certification?

How often should an assessment for REACH be performed?

What are the consequences of non-compliance with REACH?

Can REACH be mapped to other international frameworks?

What is the first step to begin implementing REACH?

EU AI Act FAQ

What is the primary objective of EU AI Act?

Who is legally or professionally required to comply with EU AI Act?

Does EU AI Act require an external audit or third-party certification?

How often should an assessment for EU AI Act be performed?

What are the consequences of non-compliance with EU AI Act?

Can EU AI Act be mapped to other international frameworks?

What is the first step to begin implementing EU AI Act?

You Might also be Interested in These Articles...

How to Implement CIS Controls v8.1 as a ‘Control Backbone’ for NIS2 & DORA (Step-by-Step Implementation Guide)

Top 5 Unseen Complexities Modern Compliance Software Effortlessly Manages

SOC 2 Audit Survival Guide: Auditor Questions, Red Flags, and Evidence Prep for First-Time Pass

Run Maturity Assessments with GRADUM

Check out these other Gradum.io Standards Comparison Pages

CAA vs MAS TRM

FERPA vs WEEE

GLBA vs SAMA CSF