Regsurance

Menu
Sign Up For EPR/PPT Guide

REACH Registration Is Not a One-Time Event – The Update Triggers That Create Silent Non-Compliance

Many companies treat REACH registration like a milestone

  • You register once
  • You get a registration number
  • You move on

Under EU REACH, that mindset is a compliance risk. REACH registration comes with an ongoing legal duty to keep the registration dossier current. If your dossier is outdated, you can be non-compliant even though you are “registered”.

That is what creates silent non-compliance.

What the law actually requires

After registration, the registrant must update the registration dossier on their own initiative, without undue delay, when relevant new information arises.

To make “without undue delay” enforceable, the EU adopted Commission Implementing Regulation (EU) 2020/1435, which sets concrete deadlines for different update scenarios.

Two points matter operationally

  • The deadlines are upper limits, not “targets”. Exceeding them can automatically be treated as an undue delay.
  • These deadlines apply to the Article 22(1) updates. They do not replace other REACH timelines, including deadlines set by ECHA decisions or other REACH titles.

The update triggers that most often create silent non-compliance

Below are the triggers that repeatedly show up in audits, customer due diligence, and enforcement actions, mapped to what they look like in real operations.

1 – Changes in legal entity identity or registrant status

Typical real-world triggers

  • Company name or address changes
  • Merger, split, acquisition, internal restructuring
  • Change of Only Representative
  • Change in company size status (SME to non-SME) affecting fees

Deadline

  • Update within 3 months from when the change takes effect

2 – Changes in substance composition

Typical real-world triggers

  • New supplier introduces a new impurity profile
  • Manufacturing route changes and shifts constituent ranges
  • UVCB process changes that alter identity boundaries

Deadline

  • Update within 3 months from when manufacture or import begins with that composition change

3 – Tonnage band changes and cessation of manufacture or import

Typical real-world triggers

  • Sales growth moves you into a higher tonnage band
  • A new customer contract pushes volume over a threshold mid-year
  • You stop importing or manufacturing a substance

Deadline

  • Higher tonnage band
    • Generally 3 months from reaching the higher band
    • If Annex VII or VIII testing is needed, 3 months from receiving the final test reports, with required early action on lab contracting
  • Cessation
    • 3 months from the date manufacture or import ceased

Operational reality

If you cannot confidently reconstruct your per-legal-entity volumes per substance, you are exposed.

Industry best practice is automated volume tracking and at least an annual tonnage band assessment per registration.

4 – New identified uses and new uses advised against

Typical real-world triggers

  • A downstream user discloses a new use that changes exposure
  • You start supporting a new use with exposure scenarios
  • You identify a use that you must advise against due to risk

Deadline

  • 3 months from the relevant trigger point, based on whether it is a new identified use or a new use advised against

5 – New knowledge on risks to human health or the environment

Typical real-world triggers

  • New hazard data from new studies or literature
  • Internal toxicology findings
  • New information received through consortia or data-sharing

Deadline

  • 6 months from when you become aware, or when you may reasonably be expected to have become aware

6 – Changes in classification and labelling

This is one of the most common silent failures because it is externally visible and easy to cross-check.

Typical real-world triggers

  • A harmonised classification is added, modified, or deleted under CLP Annex VI
  • Your self-classification changes after reassessment

Deadline

  • Harmonised classification change
    • Update by the date the change applies
  • Other classification change scenarios also have defined timelines

A practical warning sign

If your SDS classification differs from what your REACH dossier indicates, you should assume you are discoverable.

A public example of enforcement-style targeting

A reported ECHA campaign focused on registrations that did not match harmonised classification and resulted in many updates and referrals to national enforcement authorities.

7 – Updates to the Chemical Safety Report and guidance on safe use

Typical real-world triggers

  • DNEL or PNEC changes
  • Exposure scenario revisions due to new use patterns
  • Risk management measures updated

Deadline

  • 12 months from when the need to update is identified

8 – Testing proposals for Annex IX or X requirements

Typical real-world triggers

  • Data gaps identified that require higher-tier studies
  • You need to submit a testing proposal before testing

Deadline

  • Generally 6 months from identifying the need
  • Some grouped strategy situations allow 12 months

9 – Changes in confidentiality and access to information

Typical real-world triggers

  • You change what information is publicly visible in the registration

Deadline

  • 3 months from when the change occurred

Examples that make the exposure tangible

Example 1 – “We restructured the group, but we forgot REACH”

Scenario
A European entity is merged into another group company.
The legal entity holding the REACH registrations changes.

What breaks

  • Your registrant identity information becomes inaccurate
  • Customers and authorities see mismatches across corporate identifiers

What you must do

  • Update the registration in line with the “identity or status” trigger

Deadline

  • Update within 3 months from when the change takes effect

Example 2 – “Supplier change quietly changed the impurity profile”

Scenario
You source the same substance name and CAS, but the new supplier’s impurity range shifts outside the boundary composition used in the joint submission.

What breaks

  • Composition information in IUCLID is no longer valid
  • Hazard assessment and classification assumptions may no longer be justified

What you must do

  • Assess boundary composition coverage
  • Update composition information, and if needed coordinate with the lead registrant to adjust the joint submission boundary

Deadline

  • Update within 3 months from when import or manufacture begins with the changed composition

Example 3 – “Tonnage band increase mid-year”

Scenario
Your imports go from 9 tpa to 12 tpa due to a new customer contract in September.

What breaks

  • Your dossier may lack information required for the higher tonnage band
  • Your CSR obligations may change depending on tonnage and classification

What you must do

  • Trigger a tonnage band change workflow
  • Identify additional data requirements
  • If new testing is required, manage the timeline so the dossier update is submitted correctly

Deadline

  • Update within 3 months from reaching the higher tonnage band, with special rules where new test reports are needed

Example 4 – “Harmonised classification changed, but our dossier did not”

Scenario
A harmonised classification update enters into force under CLP Annex VI.
Your SDS is updated, but your REACH registration dossier is not.

What breaks

  • Your registration is no longer aligned with binding classification
  • This is easy to detect externally and can trigger scrutiny

What you must do

  • Update classification and labelling information in your REACH registration

Deadline

  • Update by the date the classification change applies

Latest case study – why “someone else handles it” is not a defence

A recent Court of Justice of the European Union judgment (C-654/22, 11 April 2024) involved a dispute on who is the “importer” for REACH purposes and a fine imposed by Belgian authorities.

Two compliance takeaways are directly relevant to silent non-compliance

  • Authorities will enforce based on how “responsibility for import” is allocated in fact, not how businesses assume it works
  • Even when another operator has taken responsibility, operators must exercise due diligence and have a legitimate expectation that the party responsible has the capability to meet REACH obligations, including the ongoing duty to update dossiers

This is the operational message

REACH risk does not stop at “do we have a registration number”.

It continues as “is the registration continuously true”.

How to build an audit-ready dossier update control model

If you want something that holds up in customer audits and authority inspections, build a control framework that treats dossier updates like a governed process, not an occasional admin task.

A workable model usually includes

  • Clear ownership
    • Named dossier owner per substance per legal entity
    • Defined responsibilities across regulatory, procurement, R&D, and EHS
  • Trigger capture mechanisms
    • Change control for suppliers, impurities, process, and sites
    • Commercial volume tracking per substance per legal entity
    • Use-intelligence intake from downstream users
    • Classification watch and alignment between SDS and dossier
  • Deadline logic embedded in workflow
    • 3-month, 6-month, 12-month timers that start from the legally relevant event date
  • Joint submission coordination
    • Lead registrant dependency tracking
    • Documented communication trails for co-registrant updates
  • Evidence trail by default
    • Why the trigger was or was not applicable
    • What was updated, when, and under which “update reason” in IUCLID best practice

How RegSurance can help

RegSurance supports companies that need REACH registration to remain continuously compliant, not just “filed once”.

Typical support areas include

  • Dossier update governance setup
    • Role mapping, SOPs, trigger definitions, and escalation rules aligned to the legal deadlines
  • Operational trigger mapping
    • Supplier change control integration
    • Tonnage band tracking logic and reporting routines
  • REACH and SDS alignment checks
    • Classification consistency and change impact assessments
  • Joint submission update coordination
    • Lead member dependency management and update sequencing
  • Audit-ready evidence trail
    • A controlled record of what changed, why, and how you met the deadline logic

If you are also evaluating a scalable approach, our cloud-based platform is designed to help companies capture triggers, manage deadlines, structure IUCLID-ready data, and keep an inspection-grade evidence trail across substances, entities, and markets.

FAQ

Is there a single rule of thumb for REACH dossier updates

Yes. Assume you must update whenever the dossier is no longer accurate, and treat the 2020/1435 deadlines as enforceable outer limits.

What is the most common silent non-compliance pattern

Mismatch between real-world classification or use conditions and what the REACH dossier states. Harmonised classification changes are a frequent trigger because they have a clear “by the applicable date” deadline.

If we have stopped importing, can we ignore the dossier

No. Cessation is itself an update event with a defined timeline.

Do we need to update when tonnage decreases

The rules can be nuanced and fact-dependent. Industry guidance highlights that approaches such as relying only on calendar-year logic have been scrutinised in appeal decisions. Treat tonnage changes as a controlled decision with documented rationale.

Who is responsible for updates in a joint submission

Each registrant remains responsible for their own compliance. Some updates depend on the lead registrant and have special timing rules for members.

If the lead registrant does not update, are we safe

No. You may have dependency constraints, but you still need to demonstrate governance, escalation, and documented action to achieve compliance within the permitted structure.

Are the 3-month and 12-month deadlines flexible

They are designed as upper limits. Exceeding them can be treated as an undue delay.

What is the minimum evidence we should keep for audit readiness

  • Trigger date and trigger type
  • Impact assessment
  • Decision record
  • Update submission date
  • Proof of coordination where joint submission dependencies exist

What if we rely on another party to register the substance

You still need due diligence. A 2024 CJEU judgment emphasises that operators must be able to legitimately expect that the responsible party has the capability to fulfil REACH obligations, including updating duties.

How quickly can a company put an update-control model in place

A basic governance and trigger-capture framework can be implemented quickly, but a truly audit-ready model requires integration with procurement, volume tracking, and SDS governance, plus clear joint submission coordination logic.

Disclaimer

This blog is provided for general information purposes only and does not constitute legal advice. REACH obligations are fact-specific and depend on substance identity, supply chain roles, tonnage, uses, and national enforcement practice. You should obtain professional advice on your specific situation before taking or refraining from any action.