What It Is

Directive 2011/65/EU (RoHS 2) is an EU regulation restricting hazardous substances in electrical and electronic equipment (EEE). It protects human health and the environment by minimizing risks during EEE waste management and enhancing recyclability. Scope is open: all EEE unless excluded, with restrictions applied at homogeneous material level via maximum concentration values (MCVs).

Key Components

• **Ten restricted substancesPb, Cd, Hg, Cr(VI), PBB, PBDE, DEHP, BBP, DBP, DIBP.
• MCVs: 0.1% (1000 ppm) for most, 0.01% (100 ppm) for Cd.
• **Annex III/IV exemptionstime-limited, application-specific, renewed via delegated acts.
• Compliance model: self-assessed via technical documentation, EU Declaration of Conformity (DoC), CE marking (where applicable), no mandatory third-party certification.

Why Organizations Use It

Mandatory for EU/EEA market access, preventing fines, recalls, bans. Drives supply chain transparency, substitution innovation, ESG alignment. Mitigates enforcement risks from decentralized Member State surveillance. Builds stakeholder trust, enables global competitiveness via baseline compliance.

Implementation Overview

Phased risk-based approach: scope products, analyze BoMs, manage suppliers/exemptions, tiered testing (XRF screening, IEC 62321 confirmation), build technical files (10-year retention). Applies to manufacturers/importers/distributors of EEE; scales with portfolio complexity, suits all sizes/industries with EU exposure.

What It Is

The Privacy Act 1988 (Cth) is Australia's foundational federal privacy regulation. It mandates a principles-based framework for APP entities—government agencies and private organizations over AU$3M turnover (plus exceptions like health providers)—to handle personal information across its lifecycle. The approach emphasizes reasonable steps contextualized by risk, size, and sensitivity, balancing privacy with transborder data flows.

Key Components

• **13 Australian Privacy Principles (APPs)Govern collection, use/disclosure, security (APP 11), cross-border (APP 8), access/correction.
• Notifiable Data Breaches (NDB) scheme (Part IIIC): Mandatory notifications for serious harm breaches.
• **OAIC enforcementInvestigations, audits, penalties up to AU$50M/30% turnover. No certification; compliance via governance, policies, evidence.

Why Organizations Use It

• Mandatory compliance avoids penalties, reputational harm.
• Enhances risk management, breach preparedness.
• Builds stakeholder trust, enables secure data use.

Implementation Overview

Phased: discovery/gap analysis, policy/controls design, training/incident readiness. Applies economy-wide; scalable for small/medium entities. OAIC assessments verify adherence. (178 words)