Legal spotlight: Early lessons to be learned from REACH enforcement

Since our legal column in the Spring (CW Briefing April 2009), there have been significant developments with REACH enforcement writes Mayer Brown’s Jean-Philippe Montfort. Here he discusses what these are and what they should mean for companies’ compliance preparations.

Legislation on penalties applicable for breaches of the Regulation has been adopted and is now in place in virtually all Member States and we understand that the European Commission is due to publish shortly a comparative study of the national provisions on this area. These provisions vary considerably and it will be interesting to see if the publication of the study will prompt more convergence.

We also identified some of the key issues that companies were facing to prepare for enforcement action under REACH. Six months later, we can now begin to benefit from the experience gained through early enforcement actions in several Member States.

Well prepared inspectors

REACH enforcement activities have taken place in many Member States in the last few months, sometimes even before the national law was in force. In most cases these were pre-announced visits where companies were given a reasonable notice, say 30 days to prepare for the inspection. In some cases a questionnaire was sent in advance to the company with the list of information that the authorities would like to receive. In some countries the first inspection was an initial contact to ensure the company was aware of its REACH obligations and had competent people involved and systems in place to ensure compliance. Now, inspections are becoming more specific, with inspectors being well prepared to request company/site specific information, either through their knowledge of the companies/sites from pre-REACH inspection activities or from researching data on the internet prior to the inspection.

As part of its work programme for 2008-2010, the European Chemicals Agency (ECHA) Enforcement Forum launched its first coordinated REACH enforcement project back in April 2009, focusing on pre-registration, registration and safety data sheets.

The main focus of inspections has so far been on manufacturers’ and importers’ compliance with their pre-registration and safety data sheet obligations, as these are the two main REACH provisions that are enforceable today (see pages 1-4 ).

Downstream users targeted

But in some countries, such as France, downstream users have also been targeted in enforcement actions, with companies asked to confirm that their EU suppliers (manufactures/importers) have pre-registered the substances supplied to them. In a number of cases, inspected companies were asked to show how they ensured compliance with the restrictions in place. As far as we are aware, there has been no real focus yet on communication down the supply chain on substances of very high concern (SVHCs) in articles. However, as reported in Chemical Watch, NGOs in Sweden recently questioned footwear suppliers about compliance with Article 33, with poor results (8 CW 16 September 2008). These findings may encourage Article 33 compliance checks by the authorities in the near future.

The French experience

A typical inspection in France involves:

• A request for a site presentation to include the persons in charge of REACH compliance and their respective missions and the compliance processes in place.
• A review of company licences and certification information such as ISO 9001.
• Review of the company’s list of substances that are subject to registration, as well as justification of exemptions and proof of pre-registration through ECHA submission reports. Importantly, inspectors have also asked to see lists of substances subject to restrictions, as well as lists of (SVHCs) in company products, which most companies would not have thought to keep.
• Downstream users have been asked to provide certificates of REACH compliance from suppliers. In some cases, companies were asked to provide lists of raw materials and suppliers for the last three years, which seems to go well beyond the REACH mandate. Indeed, the provisions on “no data, no market” relate to the manufacture, importation and placing on the market of substances, not their receipt in the EU from EU producers or importers. REACH does not contain any provisions that require downstream users to police whether their suppliers are REACH compliant. Of course, they have a vested interest in ensuring they are, to avoid market disruption, but we believe EU authorities should not use downstream users to serve as enforcement auxiliaries by extending to them record keeping obligations they do not have.
• Review of the company’s safety data sheets and those received from its suppliers as well as requests for documented procedures to ensure their accessibility to employees.

Variable enforcement

Member States appear to have different strategies related to enforcement. In some countries, local inspectors have been targeting major companies, while in some other countries such as the UK, authorities are seeking to target priority substances and companies that are suspected of breaching their REACH obligations with respect to these substances. Moreover, the authorities in the UK are acting reactively as well as proactively by following up on complaints, confessions and referrals, with over 100 such cases in 2009 (CW Briefing September 2009).

So far, we are not aware of companies that have been subject to fines or other penalties, although companies that have been penalised are unlikely to advertise the fact. In many countries the enforcement system is tiered, with companies first being notified of the infringement and given a time period to ensure compliance, for example, in the form of an “improvement notice” in the UK. In time, inevitably some companies will not be able to comply with their registration obligations and will face sanctions unless they can find alternative supply channels, such as importing via a new legal entity, and convince the authorities not to prosecute them for past offences. But some countries, for example the UK, have a policy of “naming and shaming” non-compliant companies by publishing their names on the enforcement authority’s website. See http://www.hse.gov.uk/notices.

One key variable among Member States is their method of integrating customs authorities into their REACH enforcement programmes. Customs authorities have specific extensive powers under their national legislation and may order companies introducing products and containers into the EU to demonstrate compliance before these products are allowed to pass customs. The problem is that there is no documentation related to REACH compliance that can be easily shown to appease customs authorities. This may lead customs authorities to either only act upon the request of other authorities targeting specific products or importers, or to possibly take proactive measures which could easily lead to arbitrary decisions to block imported products. The consistent integration of customs authorities is one of the key task allocated to the Forum.

Practical recommendations

Top lessons for companies from the experience of REACH enforcement so far are:

• Ensure documentation is ready: Firstly, in line with Article 36 of REACH, companies should collect all the information they have available demonstrating compliance with the REACH obligations that apply to them. This information should be available on- site, either in hard copy or through the company intranet. There are pros and cons to each option. A hard copy will make it easier for the authorities to take copies. Access to the company intranet site may make it easier for authorities to see the list of available information but it may also prompt questions that authorities had not previously thought to ask! Companies should carefully consider what they are ready to show to enforcement authorities.
• Prepare an inspection manual: Companies with multiple sites face the challenge of ensuring that each site is prepared to face an inspection. In the majority of cases so far, inspections will take place upon notice, but most national laws allow inspections to take place unannounced. An inspection manual may help. It would typically specify which person within the company should be informed of an upcoming inspection, who should prepare and attend the inspection, ‘dos and don’ts’ during the inspection, whether and how to respond to inspectors’ requests for specific information or documents and what to do after the inspection.
• Know local requirements/priorities: In preparing their inspection manuals, companies should also review the national legislation in place where they operate to make sure they understand the rights and obligations of the local authorities and their policy priorities, if these are published. Depending upon the authorities involved the powers may vary.
• Protect confidential information: In principle, there should be no confidentiality towards authorities and they should be able to obtain the information needed to verify compliance. In practice, however, authorities sometimes demand to receive and take away complete listings of all the substances produced, imported and purchased in the EU with names of suppliers. If these documents fall into the wrong hands, this may have very serious consequences. In our view, asking for a complete set of information goes beyond requirements and companies should resist these requests. Article 36 requires companies to “submit” or “make available” information upon request. This does not necessarily imply that authorities should be allowed to “take away” complete information sets. Of course, national legislation should be reviewed to verify the powers of the authorities in place. At the very least, companies should make sure that any information provided to authorities is marked “confidential business information” and make clear to the authorities their responsibility to safeguard it.
• Stand up for your rights: If necessary, consider administrative and legal remedies to resist exaggerated demands that may unduly affect your company.