What is the primary objective of REACH?

The primary objective of REACH is to ensure a high level of protection for human health and the environment from chemical risks while enhancing EU industry competitiveness and promoting alternative testing methods. Under Regulation (EC) No 1907/2006, it shifts responsibility to industry for registering substances manufactured or imported above 1 tonne per year per legal entity, generating data on hazards, exposure, and risk management via dossiers submitted to ECHA.

Who is legally or professionally required to comply with REACH?

REACH legally requires manufacturers, importers, downstream users, and distributors placing substances, mixtures, or certain articles on the EU/EEA market to comply. Registration applies to substances exceeding 1 tonne/year per legal entity; non-EU manufacturers must appoint an Only Representative. Downstream users must implement exposure scenarios from Safety Data Sheets (SDS) per Annex II, with article producers notifying ECHA under Article 7(2) for SVHCs ≥0.1% w/w exceeding 1 tonne/year.

Does REACH require an external audit or third-party certification?

No, REACH does not require external audits or third-party certification. It imposes ongoing obligations like dossier submission to ECHA and national enforcement via inspections by Member State authorities. Compliance is verified through dossier evaluation (Articles 40-42) and substance evaluation (Articles 44-48), with no "REACH certificate" issued.

How often should an assessment for REACH be performed?

REACH assessments must be performed continuously as a living obligation, with updates triggered by events like new data, tonnage changes, or list updates. Registrants update dossiers when new hazards emerge; monitor Candidate List (biannual additions), Annex XIV (Sunset Dates), and Annex XVII amendments. Chemical Safety Reports (CSR) are required for ≥10 tonnes/year, with record retention for 10 years.

What are the consequences of non-compliance with REACH?

Non-compliance with REACH results in penalties that are effective, proportionate, and dissuasive, enforced by Member State authorities. These include administrative fines, product seizures, market withdrawal, and potential criminal sanctions. Coordinated via ECHA’s Forum, penalties vary by country but can reach millions of euros, plus reputational damage and supply-chain disruptions.

Can REACH be mapped to other international frameworks?

No, these FAQs focus solely on REACH as a standalone EU regulation. Mapping to other frameworks is outside this scope per independent content guidelines.

What is the first step to begin implementing REACH?

The first step to implement REACH is to conduct a substance inventory identifying all materials manufactured or imported above 1 tonne/year per legal entity*. Map tonnages, roles (manufacturer/importer/downstream user), and check against ECHA lists (Candidate List, Annex XIV, Annex XVII*) to prioritize registrations and notifications.

What is the primary objective of EU AI Act?

The primary objective of the EU AI Act is to establish a risk-based regulatory framework that prohibits unacceptable-risk AI practices, imposes strict obligations on high-risk AI systems, mandates transparency for limited-risk systems, and promotes safe AI innovation across the EU. Regulation (EU) 2024/1689, entering force on 1 August 2024, operationalizes safety, fundamental rights protection, and accountability through lifecycle controls like risk management (Article 9) and conformity assessments (Article 43).

Who is legally or professionally required to comply with EU AI Act?

Providers, deployers, importers, distributors, and authorized representatives of AI systems used in the EU must comply with the EU AI Act, including third-country entities if outputs are used in the EU. Providers (Article 3(3)) develop or place high-risk systems on the market; deployers (Article 3(4)) are professional users ensuring oversight and monitoring. Obligations span the value chain, with high-risk duties under Articles 9–15.

Does EU AI Act require an external audit or third-party certification?

High-risk AI systems require conformity assessment, which may involve third-party notified bodies for certification, EU Declaration of Conformity (Article 47), and CE marking (Article 48). Internal assessments suffice for some (Annex VI), but Annex III systems like biometrics often need external notified bodies (Articles 28–39, Annex VII). GPAI systemic-risk models face AI Office evaluations (Article 55).

How often should an assessment for EU AI Act be performed?

Risk classification and conformity assessments for EU AI Act must be conducted before placing high-risk systems on the market or into service, with continuous post-market monitoring (Article 72) and updates for substantial modifications. Ongoing risk management (Article 9) and serious incident reporting (Article 73) apply lifecycle-wide; logs retained at least six months (Article 12).

What are the consequences of non-compliance with EU AI Act?

Non-compliance with EU AI Act incurs tiered administrative fines up to 7% of worldwide annual turnover or €40 million for prohibited practices (Article 5), 4% or €20 million for high-risk failures, and 2% or €10 million for others. Additional remedies include market withdrawal, bans, and personal liability for executives via national authorities and AI Office enforcement (Articles 70, 99–101).

Can EU AI Act be mapped to other international frameworks?

Yes, EU AI Act obligations align with frameworks like ISO 42001 for AI management systems and ISO 27001 for cybersecurity, enabling presumption of conformity via harmonized standards (Article 40). Its risk-based structure complements product safety regimes in Annex I, facilitating integrated compliance without direct mappings specified.

What is the first step to begin implementing EU AI Act?

The first step to implement EU AI Act is to conduct an AI inventory and risk classification, mapping systems to prohibited practices (Article 5), high-risk Annex I/III categories (Article 6), or GPAI obligations (Chapter V). Document decisions to confirm scope and prioritize high-risk conformity.

Standards Comparison

REACH vs EU AI Act

REACH

Mandatory

2007

EU regulation for chemical registration, evaluation, authorisation, restriction

EU AI Act

Mandatory

2024

EU regulation for risk-based AI safety and governance

Quick Verdict

REACH governs chemicals via registration and restrictions for EU market access, while EU AI Act regulates AI by risk tiers with conformity assessments. Companies adopt REACH for chemical compliance, AI Act for safe AI deployment, ensuring legal market entry and risk mitigation.

Chemical Safety

REACH

Regulation (EC) No 1907/2006 on REACH

Cost

€€€

Complexity

Medium

Implementation Time

18-24 months

Key Features

Shifts burden of proof to industry for risks
Registration required above 1 tonne per year
Four pillars: register, evaluate, authorise, restrict
SVHC authorisation with sunset dates and LADs
Continuous supply-chain SDS and SVHC communication

Artificial Intelligence

EU AI Act

Regulation (EU) 2024/1689 Artificial Intelligence Act

Cost

€€€

Complexity

Medium

Implementation Time

18-24 months

Key Features

Risk-based four-tier AI classification framework
Prohibitions on unacceptable-risk AI practices
High-risk conformity assessments and CE marking
GPAI models systemic risk obligations
Lifecycle post-market monitoring requirements

Detailed Analysis

A comprehensive look at the specific requirements, scope, and impact of each standard.

REACH Details

What It Is

REACH (Regulation (EC) No 1907/2006) is a directly applicable EU regulation establishing a comprehensive framework for managing chemical risks. Its primary purpose is protecting human health and the environment through industry-led identification, assessment, and control of chemical substances across their lifecycle, from manufacture to use in articles. It employs a responsibility-shift approach, requiring industry to generate and submit data via standardized dossiers.

Key Components

**Four pillarsRegistration (dossiers for >1 tpa substances), Evaluation (dossier/substance checks), Authorisation (SVHC permissions via Annex XIV), Restriction (bans/limits in Annex XVII).
17 technical annexes detailing data requirements, SDS rules, and lists.
Built on risk-based principles with tonnage-scaled info, read-across adaptations, and supply-chain duties.
No certification; compliance enforced nationally with ECHA coordination.

Why Organizations Use It

Mandated for EU market access; avoids fines, seizures, market bans. Enhances risk management, supply transparency, substitution innovation, ESG reporting, and competitiveness via safer products.

Implementation Overview

Phased: gap analysis, substance inventory, dossiers/CSRs via IUCLID, SDS flows, monitoring. Applies to manufacturers/importers/downstream users in chemicals/products; cross-industry, EU/EEA-focused. Ongoing audits, no central cert but national enforcement.

EU AI Act Details

What It Is

The EU AI Act (Regulation (EU) 2024/1689) is a comprehensive EU regulation for artificial intelligence, published in the Official Journal on 12 July 2024 and entering force on 1 August 2024. It establishes horizontal rules to ensure safe, transparent, and rights-respecting AI across sectors. The core risk-based approach tiers AI into unacceptable (prohibited), high-risk, limited-risk (transparency), and minimal-risk categories.

Key Components

Prohibited practices (Chapter II), high-risk obligations (Chapter III: risk management, data governance, documentation, oversight, cybersecurity), transparency duties (Chapter IV), GPAI rules (Chapter V).
Lifecycle requirements with conformity assessments, CE marking, EU database registration.
Built on product safety principles; enforced via hybrid governance (AI Office, national authorities).
Tiered fines up to 7% global turnover.

Why Organizations Use It

Mandatory for EU market access and outputs used in EU.
Mitigates severe penalties, legal risks.
Builds trust, enables regulated sector operations (healthcare, finance, HR).
Drives better AI governance, competitive differentiation.

Implementation Overview

Phased: prohibitions (6 months), GPAI (12 months), high-risk (24-36 months).
Inventory/classify AI, build QMS/RMS, assessments, monitoring.
All sizes/industries with EU exposure; audits by authorities.

Key Differences

Aspect	REACH	EU AI Act
Scope	Chemicals lifecycle: registration, evaluation, authorisation, restriction	AI systems by risk: prohibited, high-risk, transparency, minimal-risk
Industry	Chemicals, manufacturing, importers EU-wide	All sectors using AI, EU market/outputs
Nature	Mandatory EU regulation, national enforcement	Mandatory EU regulation, risk-based conformity assessments
Testing	Dossier evaluation, substance checks by ECHA/MS	Conformity assessments, notified bodies for high-risk
Penalties	National fines, effective/proportionate/dissuasive	Up to 7% global turnover for prohibited practices

Scope

REACH

Chemicals lifecycle: registration, evaluation, authorisation, restriction

EU AI Act

AI systems by risk: prohibited, high-risk, transparency, minimal-risk

Industry

REACH

Chemicals, manufacturing, importers EU-wide

EU AI Act

All sectors using AI, EU market/outputs

Nature

REACH

Mandatory EU regulation, national enforcement

EU AI Act

Mandatory EU regulation, risk-based conformity assessments

Testing

REACH

Dossier evaluation, substance checks by ECHA/MS

EU AI Act

Conformity assessments, notified bodies for high-risk

Penalties

REACH

National fines, effective/proportionate/dissuasive

EU AI Act

Up to 7% global turnover for prohibited practices

Frequently Asked Questions

Common questions about REACH and EU AI Act

REACH FAQ

EU AI Act FAQ

You Might also be Interested in These Articles...

TISAX Tabletop Exercises for ADAS Suppliers: Simulating Prototype IP Leaks and Ransomware in Hybrid Supply Chains (2025 Edition with Hero Scenario Visual)

Master TISAX 'Very High' tabletop exercises for ADAS suppliers with 2024 breach simulations like CAD leaks and ransomware. Get scripts, AAR templates, hybrid ti

PDPA Cross-Border Transfer Rules Decoded: Singapore, Thailand, and Taiwan Mechanisms Compared with Practical Implementation Templates

Decode PDPA cross-border transfers for Singapore, Thailand, Taiwan. Statutory excerpts, approved mechanisms, SCC templates. Harmonize with GDPR, navigate exempt

CMMC Scoping Mastery for Defense Supply Chains: Enclave Mapping, Subcontractor Flow-Down, and CUI Inventory Blueprint

Master CMMC scoping for DIB: delineate FCI/CUI boundaries, segment enclaves, manage subcontractor flow-down. Prevent 80% assessment failures with SSP templates,

Run Maturity Assessments with GRADUM

Transform your compliance journey with our AI-powered assessment platform

Assess your organization's maturity across multiple standards and regulations including ISO 27001, DORA, NIS2, NIST, GDPR, and hundreds more. Get actionable insights and track your progress with collaborative, AI-powered evaluations.

100+ Standards & Regulations

AI-Powered Insights

Collaborative Assessments

Actionable Recommendations

Explore More Comparisons

See how REACH and EU AI Act compare against other standards

Other REACH Comparisons

Other EU AI Act Comparisons

What It Is

Key Components

**Four pillarsRegistration (dossiers for >1 tpa substances), Evaluation (dossier/substance checks), Authorisation (SVHC permissions via Annex XIV), Restriction (bans/limits in Annex XVII).

17 technical annexes detailing data requirements, SDS rules, and lists.

Built on risk-based principles with tonnage-scaled info, read-across adaptations, and supply-chain duties.

No certification; compliance enforced nationally with ECHA coordination.

What It Is

Key Components

Prohibited practices (Chapter II), high-risk obligations (Chapter III: risk management, data governance, documentation, oversight, cybersecurity), transparency duties (Chapter IV), GPAI rules (Chapter V).

Lifecycle requirements with conformity assessments, CE marking, EU database registration.

Built on product safety principles; enforced via hybrid governance (AI Office, national authorities).

Tiered fines up to 7% global turnover.

Aspect

REACH

EU AI Act

Scope

Chemicals lifecycle: registration, evaluation, authorisation, restriction

AI systems by risk: prohibited, high-risk, transparency, minimal-risk

Industry

Chemicals, manufacturing, importers EU-wide

All sectors using AI, EU market/outputs

Nature

Mandatory EU regulation, national enforcement

Mandatory EU regulation, risk-based conformity assessments

Testing

Dossier evaluation, substance checks by ECHA/MS

Conformity assessments, notified bodies for high-risk

Penalties

National fines, effective/proportionate/dissuasive

Up to 7% global turnover for prohibited practices