REACH vs EU AI Act

What It Is

REACH (Regulation (EC) No 1907/2006) is a directly applicable EU regulation establishing a comprehensive framework for managing chemical risks. Its primary purpose is protecting human health and the environment through industry-led identification, assessment, and control of chemical substances across their lifecycle, from manufacture to use in articles. It employs a responsibility-shift approach, requiring industry to generate and submit data via standardized dossiers.

Key Components

• **Four pillarsRegistration (dossiers for >1 tpa substances), Evaluation (dossier/substance checks), Authorisation (SVHC permissions via Annex XIV), Restriction (bans/limits in Annex XVII).
• 17 technical annexes detailing data requirements, SDS rules, and lists.
• Built on risk-based principles with tonnage-scaled info, read-across adaptations, and supply-chain duties.
• No certification; compliance enforced nationally with ECHA coordination.

Why Organizations Use It

Mandated for EU market access; avoids fines, seizures, market bans. Enhances risk management, supply transparency, substitution innovation, ESG reporting, and competitiveness via safer products.

Implementation Overview

Phased: gap analysis, substance inventory, dossiers/CSRs via IUCLID, SDS flows, monitoring. Applies to manufacturers/importers/downstream users in chemicals/products; cross-industry, EU/EEA-focused. Ongoing audits, no central cert but national enforcement.

What It Is

The EU AI Act (Regulation (EU) 2024/1689) is a comprehensive EU regulation for artificial intelligence, published in the Official Journal on 12 July 2024 and entering force on 1 August 2024. It establishes horizontal rules to ensure safe, transparent, and rights-respecting AI across sectors. The core risk-based approach tiers AI into unacceptable (prohibited), high-risk, limited-risk (transparency), and minimal-risk categories.

Key Components

• Prohibited practices (Chapter II), high-risk obligations (Chapter III: risk management, data governance, documentation, oversight, cybersecurity), transparency duties (Chapter IV), GPAI rules (Chapter V).
• Lifecycle requirements with conformity assessments, CE marking, EU database registration.
• Built on product safety principles; enforced via hybrid governance (AI Office, national authorities).
• Tiered fines up to 7% global turnover.

Why Organizations Use It

• Mandatory for EU market access and outputs used in EU.
• Mitigates severe penalties, legal risks.
• Builds trust, enables regulated sector operations (healthcare, finance, HR).
• Drives better AI governance, competitive differentiation.

Implementation Overview

• Phased: prohibitions (6 months), GPAI (12 months), high-risk (24-36 months).
• Inventory/classify AI, build QMS/RMS, assessments, monitoring.
• All sizes/industries with EU exposure; audits by authorities.