What is the primary objective of **RoHS**?

**The primary objective of **RoHS** is to restrict hazardous substances in electrical and electronic equipment (EEE) to protect human health and the environment during waste management and recycling.** Directive 2011/65/EU (RoHS 2) limits ten substances—lead (Pb), mercury (Hg), cadmium (Cd), hexavalent chromium (Cr(VI)), PBB, PBDE, DEHP, BBP, DBP, DIBP—at maximum concentration values (MCVs) of **0.1%** by weight (1000 ppm) in homogeneous materials (except **0.01%** or 100 ppm for Cd), unless exempted in Annexes III/IV. This supports WEEE by enhancing recyclability and ensuring a level playing field for EU market access.

Who is legally or professionally required to comply with **RoHS**?

**Manufacturers, importers, distributors, and authorized representatives placing EEE on the EU market must comply with **RoHS**.** Scope covers all EEE with electrical/electronic components (Annex I categories 1-11) unless excluded (e.g., large-scale fixed installations, military equipment per Article 2(4)). Responsibilities include ensuring homogeneous materials meet MCVs, maintaining technical files per EN IEC 63000:2018, issuing EU Declarations of Conformity (DoC), and affixing CE marking where applicable.

Does **RoHS** require an external audit or third-party certification?

**No, **RoHS** does not require external audits or third-party certification.** Compliance is self-assessed via internal technical documentation (technical files with BoMs, supplier declarations, risk assessments, test reports per IEC 62321 series) and DoC. Market surveillance authorities in Member States verify during inspections; ISO/IEC 17025-accredited labs support verification but certification is not mandatory.

How often should an assessment for **RoHS** be performed?

**RoHS assessments must be performed upon product changes, supplier notifications, and exemption expiries, with ongoing monitoring via risk-based re-verification.** Initial conformity applies at market placement; retain technical files for 10 years. Annual audits of high-risk materials/suppliers, periodic XRF screening, and confirmatory testing (e.g., ICP-MS/GC-MS) ensure sustained compliance amid delegated directive updates.

What are the consequences of non-compliance with **RoHS**?

**Non-compliance with **RoHS** results in decentralized Member State enforcement, including product withdrawal, recalls, sales bans, and administrative fines.** Penalties vary by jurisdiction (no unified EU schedule); risks include market denial, customs seizures, and potential criminal liability. Technical file deficiencies or MCV exceedances trigger corrective actions during surveillance.

An **RoHS** be mapped to other international frameworks?

**Yes, **RoHS** substance lists and MCVs align closely with frameworks like China RoHS 2 (core six substances, broader EEE scope with marking/E-PUP requirements).** However, divergences exist (e.g., no EU-style exemptions in China; California SB50 narrower scope). EU RoHS serves as a baseline for global compliance mapping, with jurisdiction-specific adaptations for documentation and labeling.

What is the first step to begin implementing **RoHS**?

**The first step to implement **RoHS** is scoping products against Annex I categories and exclusions to confirm applicability.** Develop a decision tree for EEE classification, explode BoMs to homogeneous materials, and initiate supplier declarations per EN IEC 63000:2018 for technical file assembly.

What is the primary objective of **EU AI Act**?

**The primary objective of the EU AI Act is to establish a risk-based regulatory framework that prohibits unacceptable-risk AI practices, imposes strict obligations on high-risk AI systems, mandates transparency for limited-risk systems, and fosters trustworthy AI while protecting health, safety, and fundamental rights.** Regulation (EU) 2024/1689, entering force on 1 August 2024, classifies AI into four tiers via Articles 5–6 and Annexes I/III, requiring providers to implement lifecycle controls like risk management (Article 9) and conformity assessments (Article 43).

Who is legally or professionally required to comply with **EU AI Act**?

**Providers, deployers, importers, distributors, and authorized representatives of AI systems used in the EU must comply with the EU AI Act, including third-country entities if outputs are used in the EU.** Article 3 defines providers as those developing or placing systems on the market under their name; deployers are professional users (Article 3(4)). High-risk obligations (Articles 16–17) apply primarily to providers of Annex III systems (e.g., biometrics, employment), with deployers responsible for human oversight (Article 27) and monitoring.

Does **EU AI Act** require an external audit or third-party certification?

**High-risk AI systems require conformity assessment, which may involve third-party notified bodies and certification for certain Annex III uses, but internal assessments suffice where harmonized standards confer presumption of conformity.** Article 43 mandates EU Declaration of Conformity (Article 47) and CE marking (Article 48); notified bodies (Articles 28–39) issue certificates (Article 44) for third-party paths (Annex VII), with post-market surveillance (Article 74).

How often should an assessment for **EU AI Act** be performed?

**Assessments for EU AI Act compliance must be performed before placing high-risk systems on the market, after substantial modifications, and continuously via post-market monitoring.** Article 61 requires conformity reassessment post-modification (Article 3(23)); providers maintain ongoing risk management (Article 9), logging (Article 12), and monitoring plans (Article 72), with serious incident reporting without undue delay (Article 73).

What are the consequences of non-compliance with **EU AI Act**?

**Non-compliance with the EU AI Act incurs tiered administrative fines up to 7% of worldwide annual turnover or €40 million for prohibited practices, 3% or €30 million for high-risk obligations, and 2% or €10 million for other violations.** Chapter XII (Article 99–101) empowers national authorities (Article 70) and the AI Office for enforcement, including market withdrawal, bans, and personal liability.

Can **EU AI Act** be mapped to other international frameworks?

**Yes, EU AI Act obligations can be mapped to other international frameworks through harmonized standards (Article 40) that create presumption of conformity.** While the Act aligns with EU product safety regimes (Annex I), providers may leverage voluntary codes like the GPAI Code of Practice (Article 56) for GPAI models, pending global standards; however, mappings require sector-specific validation.

What is the first step to begin implementing **EU AI Act**?

**The first step to implement the EU AI Act is to conduct an inventory of all AI systems and classify them by risk tier (unacceptable, high, limited, minimal).** Map assets to Article 5 prohibitions, Article 6/Annexes I/III high-risk criteria, and GPAI (Chapter V); document decisions (Article 6(4)) to confirm obligations like conformity for high-risk systems.

RoHS vs EU AI Act

Standards Comparison

RoHS

Mandatory

2011

EU regulation restricting hazardous substances in EEE

EU AI Act

Mandatory

2024

EU regulation for risk-based AI governance

Quick Verdict

RoHS restricts hazardous substances in EEE for EU market access, while EU AI Act regulates high-risk AI systems with conformity assessments. Companies adopt RoHS for safe recyclability and AI Act for ethical, safe AI deployment and compliance.

Hazardous Substances

RoHS

Directive 2011/65/EU (RoHS 2)

Cost

€€€€

Complexity

High

Implementation Time

6-12 months

Key Features

Restricts 10 hazardous substances at 0.1% in homogeneous materials
Open scope covers all EEE unless explicitly excluded
Time-limited exemptions for impracticable substitutions
Requires technical file and EU Declaration of Conformity
Dynamic updates through delegated acts and reviews

Artificial Intelligence

EU AI Act

Regulation (EU) 2024/1689 Artificial Intelligence Act

Cost

€€€

Complexity

Medium

Implementation Time

18-24 months

Key Features

Risk-based four-tier AI classification framework
Prohibitions on unacceptable AI practices (Art. 5)
High-risk conformity assessments and CE marking
GPAI model transparency and systemic risk duties
Post-market monitoring and tiered fines

Detailed Analysis

A comprehensive look at the specific requirements, scope, and impact of each standard.

RoHS Details

What It Is

RoHS (Directive 2011/65/EU, or RoHS 2) is an EU regulation restricting hazardous substances in electrical and electronic equipment (EEE). It protects health and environment by limiting risks in waste management, using an open-scope approach for all EEE unless excluded, with homogeneous material concentration thresholds as the core methodology.

Key Components

Ten restricted substances: Pb, Hg, Cd, Cr(VI), PBB, PBDE, DEHP, BBP, DBP, DIBP
Thresholds: 0.1% w/w (Cd at 0.01%)
Time-limited exemptions (Annexes III/IV)
Compliance model: technical documentation, EU Declaration of Conformity (DoC), CE marking

Why Organizations Use It

Mandatory for EU/EEA market access, avoiding fines/recalls
Improves recyclability, supply chain integrity, ESG reporting
Manages risks from decentralized enforcement
Builds stakeholder trust, competitive edge in global markets

Implementation Overview

Risk-based: product scoping, BoM analysis, supplier declarations, tiered testing (IEC 62321), technical files. Targets EEE manufacturers/importers; 6-18 months initial, ongoing for exemptions/updates. Applies globally via equivalents like China RoHS 2.

EU AI Act Details

What It Is

Regulation (EU) 2024/1689, the EU Artificial Intelligence Act, is a comprehensive horizontal regulation establishing a risk-based framework for AI systems. It prohibits unacceptable-risk practices, regulates high-risk systems via lifecycle controls, mandates transparency for limited-risk AI, and minimally regulates others.

Key Components

**Four risk tiersunacceptable (banned), high-risk (conformity assessment, risk management), limited (transparency), minimal (voluntary).
Core obligations: risk management (Art. 9), data governance (Art. 10), documentation (Arts. 11-13), human oversight (Art. 14), cybersecurity (Art. 15).
GPAI models (Chapter V) with systemic risk duties; CE marking, EU database registration; tiered fines up to 7% global turnover.

Why Organizations Use It

Mandatory for EU market access; mitigates legal risks, fines; enhances trust, competitiveness in sectors like employment, healthcare; integrates with GDPR, product safety laws.

Implementation Overview

Phased rollout (6-36 months); inventory/classify AI, build QMS, conformity assessments, post-market monitoring. Applies EU-wide to providers/deployers; cross-industry, high complexity for high-risk AI.

Key Differences

Aspect	RoHS	EU AI Act
Scope	Hazardous substances in EEE materials	Risk-based AI systems and practices
Industry	EEE manufacturers, EU/EEA market	AI providers/deployers, EU-wide sectors
Nature	Mandatory EU directive, decentralized enforcement	Mandatory EU regulation, hybrid oversight
Testing	XRF screening, IEC 62321 lab tests	Conformity assessment, notified bodies
Penalties	Member State fines, recalls, decentralized	Up to 7% global turnover fines

Scope

RoHS

Hazardous substances in EEE materials

EU AI Act

Risk-based AI systems and practices

Industry

RoHS

EEE manufacturers, EU/EEA market

EU AI Act

AI providers/deployers, EU-wide sectors

Nature

RoHS

Mandatory EU directive, decentralized enforcement

EU AI Act

Mandatory EU regulation, hybrid oversight

Testing

RoHS

XRF screening, IEC 62321 lab tests

EU AI Act

Conformity assessment, notified bodies

Penalties

RoHS

Member State fines, recalls, decentralized

EU AI Act

Up to 7% global turnover fines

Frequently Asked Questions

Common questions about RoHS and EU AI Act

RoHS FAQ

EU AI Act FAQ

You Might also be Interested in These Articles...

Step-by-Step Implementation Guide to ISO 27701: Building a Privacy Information Management System (PIMS) on Your ISO 27001 Foundation

Implement ISO 27701 on your ISO 27001 foundation with this actionable guide. Tackle PII controls, audit evidence, GDPR integration. Templates, checklists for 20

NIST CSF 2.0 Implementation Tiers Roadmap: Step-by-Step Guide from Partial to Adaptive Cybersecurity Maturity

Master NIST CSF 2.0 Implementation Tiers with a step-by-step roadmap. Assess your tier, build gap analyses, and advance from Partial (Tier 1) to Adaptive (Tier

CMMC Sustainment Mastery: Continuous Monitoring, Annual Affirmations, and Subcontractor Flow-Down Playbook

Master CMMC sustainment beyond certification: continuous monitoring dashboards, SPRS/eMASS affirmations, enforceable subcontractor clauses. Get templates for ve

Run Maturity Assessments with GRADUM

Transform your compliance journey with our AI-powered assessment platform

Assess your organization's maturity across multiple standards and regulations including ISO 27001, DORA, NIS2, NIST, GDPR, and hundreds more. Get actionable insights and track your progress with collaborative, AI-powered evaluations.

100+ Standards & Regulations

AI-Powered Insights

Collaborative Assessments

Actionable Recommendations

Check out these other Gradum.io Standards Comparison Pages

COBIT vs GRI

Compare COBIT vs GRI: ISACA's IT governance powerhouse meets global sustainability standards. Uncover key differences in principles, domains, implementation, and HES compliance to optimize enterprise risk and ESG reporting. Discover now!

HIPAA vs ISA 95

Compare HIPAA vs ISA-95: Decode healthcare privacy/security rules vs manufacturing integration standards. Gain compliance strategies, risk insights, and best practices for resilient operations.

FERPA vs CAA

Compare FERPA vs CAA: Decode student privacy (FERPA) vs air quality regs (CAA). Expert insights on compliance, key diffs & strategies for educators/operators. Unlock now!

RoHS

EU AI Act

Quick Verdict

RoHS

Key Features

EU AI Act

Key Features

Detailed Analysis

RoHS Details

What It Is

Key Components

Why Organizations Use It

Implementation Overview

EU AI Act Details

What It Is

Key Components

Why Organizations Use It

Implementation Overview

Key Differences

Scope

Industry

Nature

Testing

Penalties

Frequently Asked Questions

RoHS FAQ

What is the primary objective of RoHS?

Who is legally or professionally required to comply with RoHS?

Does RoHS require an external audit or third-party certification?

How often should an assessment for RoHS be performed?

What are the consequences of non-compliance with RoHS?

An RoHS be mapped to other international frameworks?

What is the first step to begin implementing RoHS?

EU AI Act FAQ

What is the primary objective of EU AI Act?

Who is legally or professionally required to comply with EU AI Act?

Does EU AI Act require an external audit or third-party certification?

How often should an assessment for EU AI Act be performed?

What are the consequences of non-compliance with EU AI Act?

Can EU AI Act be mapped to other international frameworks?

What is the first step to begin implementing EU AI Act?

You Might also be Interested in These Articles...

Step-by-Step Implementation Guide to ISO 27701: Building a Privacy Information Management System (PIMS) on Your ISO 27001 Foundation

NIST CSF 2.0 Implementation Tiers Roadmap: Step-by-Step Guide from Partial to Adaptive Cybersecurity Maturity

CMMC Sustainment Mastery: Continuous Monitoring, Annual Affirmations, and Subcontractor Flow-Down Playbook

Run Maturity Assessments with GRADUM

Check out these other Gradum.io Standards Comparison Pages

COBIT vs GRI

HIPAA vs ISA 95

FERPA vs CAA