Failure to comply with material-related regulations and substance restrictions can result in serious consequences for companies, including enforcement actions such as product recalls, production stops, sales bans, and damage claims.
Material compliance requirements have been governed by various legal provisions for decades. However, with the enactment of the European REACH Regulation in 2007, these obligations were given a standardized legal framework. Since then, additional regulations have emerged, such as the RoHS Directive, which restricts the use of certain hazardous substances in electrical and electronic equipment, and California Proposition 65, which applies to products sold in the state of California that may come into contact with drinking water or food. Since many European companies supply products that are distributed in California—and thus the United States—European manufacturers typically pass these compliance obligations down to their suppliers. As a result, Proposition 65 has increasingly become a standard requirement in intra-European trade as well.
In parallel, customer-specific requirements related to material compliance have also significantly increased, making suppliers contractually obligated to ensure compliance. In recent years, the pressure to implement these requirements has intensified—not only due to more stringent oversight by regulatory bodies, which are increasingly well-resourced, but also due to industrial clients conducting their own testing to reduce liability risks. As a result, the need for compliance has never been greater.
Despite this, the risks and consequences of material compliance violations continue to be underestimated by many companies. Two areas of law are relevant here: regulatory/criminal law in cases of legal violations, and civil law in cases of contractual breaches. Violations of regulations such as REACH can result in legal accountability for both the company and its leadership, regardless of whether any actual damage occurred. Typically, the regulatory authority will investigate the nature and extent of the violation and impose corrective measures. These can range from formal warnings and fines to mandatory product recalls and production halts. While regulatory agencies used to be more lenient in cases of minor non-compliance, they now demand strict adherence to legal requirements in accordance with the state of the art. This “state of the art” is defined based on the implementation of the RoHS Directive and is aligned with the procedural requirements of DIN EN IEC 63000 (formerly DIN EN 50581). Within the scope of this international standard, the objective has been extended to ensure compliance with applicable substance restrictions worldwide under various hazardous substance regulations. The approach outlined in the standard is recognized by both industry and enforcement authorities.
Upon closer examination, the financial impact of such enforcement actions can quickly escalate into significant sums. The following costs may arise in the event of non-compliance:
- Regulatory fines and penalties
- Legal fees
- Suspension of production
- Investigation to determine in which other products the non-compliant component has been used; similar measures may need to be taken for those products
- Rework of affected semi-finished products
- Recall of affected products already on the market
- Recall of affected products already delivered to customers
- Rework of returned products from the market
- Disposal of returned customer products
- Reissue of the CE Declaration of Conformity; until then, a sales ban may be imposed on the affected product(s)
- Logistics and project management for the entire remediation process
Moreover, it’s not just the immediate financial penalties that pose a threat, but also the personal liability of corporate representatives. For example, violations of the REACH Regulation (EC No. 1907/2006) can result in criminal penalties under §27b of the German Chemicals Act, including up to two years of imprisonment or monetary fines. Even more serious than regulatory consequences are the civil liability risks posed by customer claims for damages. According to §433 of the German Civil Code (BGB), sellers are obligated to deliver goods free from defects. Buyers are not required to verify compliance themselves—they are entitled to assume that legal requirements are met. If defects are found, companies may also face legal proceedings under product liability law (§823 BGB and §1 of the Product Liability Act). These civil proceedings are often further reinforced by individual contractual agreements that specify detailed material compliance obligations—many of which go beyond legal requirements.
In cases of non-compliance, customers may assert claims for damages based not only on statutory requirements but also on contractually guaranteed product properties. Such damages may include direct financial losses as well as lost sales, cancelled orders, or loss of customers. This highlights another significant risk associated with material compliance violations. For example, if a bicycle manufacturer installs a handlebar grip that contains a substance exceeding the applicable limit value—or even a banned substance—they must initiate corrective measures as described above. This includes launching a product recall through retail distribution channels, which can lead to the following serious consequences:
- Termination of ongoing projects
- No future contracts with the affected retail chain
- Claims for damages by the retail chain
- Reputational damage to the bicycle brand, leading to reduced sales across the entire product portfolio
- Loss of customer trust
When combined with the potential liability costs incurred by the retailer and end customers due to the grip manufacturer’s non-compliance, total damages can quickly amount to several million euros. Such liability costs and market consequences can seriously threaten a company’s financial stability.
Lawmakers have largely left businesses on their own when it comes to answering the question: “How much is enough to meet legal compliance?”
Only for the implementation of the RoHS Directive have concrete procedural recommendations been issued, in the form of the implementation standard DIN EN IEC 63000. Today, the principles of this standard can also be found in guidance documents from the REACH Helpdesk and in recommendations from various industry associations. Within DIN EN IEC 63000, the following key implementation requirements are defined:
1. Legally Binding Communication of Requirements to Suppliers
Suppliers must be contractually obligated to meet material compliance requirements. Best practices include establishing a company-specific material compliance standard or technical specification that consolidates all applicable requirements and integrates them into purchasing and development documentation. These standards should also be enforced internally to prevent compliance failures.
2. Supplier Communication
Supplier communication can be divided into two key areas. First, the credibility assessment of the supplier’s information in general, and second, the actual communication regarding the purchased items:
a. Credibility Assessment
It goes without saying that a supplier who is unfamiliar with the REACH Regulation—or who does not conduct their own supplier inquiries to monitor compliance—is not in a position to provide reliable, article-specific material compliance declarations in the context of REACH. To assess both the supplier’s competence and their material compliance process, it is necessary to review and evaluate the processes they have in place. Depending on the outcome, suppliers may also need to be supported in further developing their compliance capabilities. If the assessment turns out negative, the information provided by the supplier must not be used in any further compliance processes.
b. Supplier Communication
Supplier communication is now also covered by a formal standard: IEC 62474. According to this standard, it is not sufficient for a supplier to confirm compliance with substance restrictions in general terms or across all products. Instead, the material compliance declaration must refer to a specific material, component, or assembly. These items must be clearly and uniquely identified by a part number and item name. Once the relevant information has been obtained, it must be validated in accordance with IEC TR 62476:2010. This standard specifies that manufacturers must implement a process to assess the credibility and quality of the documentation received from suppliers.
3. Risk Assessment and Analysis
Lawmakers have recognized that it is not always feasible to obtain complete compliance information for every individual component from every supplier. To avoid leaving legal gaps, companies are allowed to perform risk assessments for items where no data is available. The purpose of this assessment is to evaluate whether the parts in question are likely to contain restricted and/or banned substances. If all test results are negative, the findings may be applied to other items with missing data. However, this risk assessment approach is not currently defined by any formal standard and should therefore be based on practical experience in the field of material compliance. By extrapolating measurement results to items without confirmed data, a compliance status is assigned without legally binding supplier declarations—which could be interpreted unfavorably in the event of a claim.
Material compliance requirements are product requirements that carry the same legal weight as other technical or safety-related product obligations. Failure to comply can trigger a wide range of consequences that may quickly place a company in a financially and legally vulnerable position. However, there are proven processes, communication tools, and service offerings available that allow companies to implement material compliance measures efficiently and in line with legal requirements, without excessive resource expenditure.