How RoHS and REACH Compliance Are Audited Across Your PCB Supply Chain
At a Glance
Learn about the auditing process for RoHS and REACH compliance as demanded by regulatory authorities.
In PCB manufacturing, RoHS (Restriction of Hazardous Substances) and REACH (Registration, Evaluation, Authorization, and Restriction of Chemicals) compliance is not a side task but a market access requirement, a quality issue, and a supply chain control problem. That is even more true in automotive, medical, and other high-reliability sectors, where one weak link in material data can stop a shipment, block an OEM approval, or trigger a withdrawal from the market.
Key Takeaways
- Compliance with RoHS and REACH is essential for market access, product quality, and supply chain reliability. Failures can stop shipments or block approvals, especially in high-reliability industries.
- Effective audits go beyond declarations, verifying both material-level evidence and the systems (traceability, change control, supplier management) that ensure ongoing compliance.
- RoHS and REACH require different audit approaches. RoHS focuses on restricted substances and exemptions at the material level, while REACH emphasizes SVHC monitoring, communication, and continuous updates.
- Compliance must be actively managed over time, as exemptions expire, regulations evolve, and supplier or material changes can quickly introduce new risks.
Why Are RoHS and REACH Audits Critical in PCB Supply Chains?
RoHS and REACH audits are critical in PCB supply chains because they are compliance requirements placed on OEMs that want to bring new products to market. Overlook RoHS and REACH, and face a fine from regulatory authorities in your target market. Fortunately, data sources within the electronics industry have done an excellent job of compiling the required compliance information and documentation needed to help prove compliance.
The goal is to prove that the supplier has a repeatable system that can keep products compliant as materials, suppliers, exemptions, and regulations change. The best audits test both things at once: the product evidence and the management system behind it. Industry frameworks such as IECQ QC 080000 were built around exactly this point. They focus on how organizations identify, control, quantify, and report hazardous substances in products and processes, rather than treating compliance as a one-off test.
Question | RoHS | REACH |
|---|---|---|
Where it applies | Electrical & electronic equipment (EEE) | All industries (chemicals in products/articles and processes) |
What it controls | A defined set of restricted substances (currently 10, including lead, cadmium, mercury, hex Cr, PBB/PBDE, and 4 phthalates) | Substances of Very High Concern (SVHCs) on the Candidate List and broader chemical obligations |
How compliance is measured | Homogeneous material level (e.g., solder joint, cable jacket, coating, PCB surface finish) | Article level (and whether SVHCs are present above the threshold + whether you can communicate safe-use info) |
Main threshold | Each restricted substance has a maximum concentration allowed by weight in homogeneous materials | If a Candidate List SVHC is > 0.1% w/w, Article 33 communication duties apply |
Real-life audit focus | Don’t just say ‘RoHS compliant; show the material stack evidence and controls preventing unapproved substitutions. | Show your SVHC surveillance + communication process and how you update when the Candidate List changes. |
What “good evidence” looks like | Declarations plus deeper proof: material-level data, selected test reports, traceability, change control, and exemption tracking | SVHC screening records, Article 33 response workflow, refreshed declarations after list updates, and traceability to locate SVHCs if found |
Change management pressure | Changes matter mainly when materials/process chemicals change, or exemptions expire | High change pressure because the Candidate List changes regularly (a product “clean last quarter” can become a declaration problem after an update) |
Exemptions | Yes: time-limited exemptions reviewed and can expire. Two key buckets: Annex III (broad) and Annex IV (special sectors) | REACH is less about “exemptions” in the same way; it’s more about duties and restrictions/authorization depending on substance and use |
Special callout: Annex IV | Applies only to medical devices (incl. IVD) and monitoring & control instruments, because reliability/patient safety constraints can make substitution harder | No Annex IV equivalent; focus is on SVHC duties and keeping communication current |
Time-bound obligations | Exemptions can expire (so you need a register and a plan) | If asked, you must respond to consumers within 45 days and provide enough information for safe use when SVHC > 0.1% |
The difference between RoHS and REACH really matters in audits:
- RoHS is a restricted substances regime with defined thresholds and exemptions for EEE.
- REACH is a wider chemicals regime that brings duties to know and sometimes substitute.
In practice, that means RoHS audits focus heavily on homogeneous material compliance and exemption control, while REACH audits focus on substance surveillance, supplier communication, Article 33 processes, and change management around the SVHC list. The RoHS mistake people make is that they treat RoHS like a label on the finished product. The REACH mistake people make is that they treat REACH like a one-time declaration.
RoHS and REACH Compliance Auditing for Electronics Products
A compliance audit for electronics products is a structured verification that the materials in a product, as built and as sourced, satisfy the substance restrictions applicable in the target market and sector. The audit process follows a six-step structure, where each step builds the evidentiary and decision-making foundation for the next.
Step 1: Scoping - Define the product family, regulatory baseline, sector-specific requirements, applicable exemptions, and site boundaries before collecting any evidence. Without tight scope, audits become unfocused document chases.
Step 2: Compliance BOM - Build a material-level BOM that maps homogeneous materials and article boundaries, covering laminates, surface finishes, solder alloys, coatings, polymers, and all substances where restricted content concentrates. This is distinct from the engineering BOM.
Step 3: Evidence collection - Gather current supplier declarations, IEC 62474 data, test reports, IMDS records, exemption justifications, and lot-level traceability documentation.
Step 4: Risk-based challenge - Focus sampling where chemistry risk is highest: surface finishes, solder mask systems, legacy materials, cable polymers, and components relying solely on supplier self-declaration. Verify exemption scope, expiry dates, and engineering rationale.
Step 5: On-site process verification - Confirm that approved materials are on the production floor, lot controls support upstream traceability, change control requires substance review, and all functions reference the same compliance data source.
Step 6: Closure and follow-up - Document findings as a risk view with corrective actions, owners, due dates, and triggers for re-review tied to regulatory list updates, supplier changes, or exemption expiry.
The audit output should feed directly into a defined re-review cadence, linked to REACH candidate list publication dates, RoHS exemption expiry schedules, and supply chain change notifications. This keeps the compliance position current between formal audit cycles.
Compliance Audits and the Design Engineer's Role
Most compliance audits fail at the same point: the gap between documented material declarations and what actually ships. For design engineers, the audit is not a quality exercise performed on your behalf. It is a verification that your material selections, exemption assumptions, and BOM documentation survive contact with the supply chain.
Auditors apply risk-based challenge logic. They focus on areas where non-compliance is most likely and hardest to detect:
- Legacy materials carried forward under expiring exemptions (RoHS Annex III/IV)
- Surface finishes and solder alloys where supplier substitution is common
- Sub-tier declarations that lack full material disclosure
- Change control processes that release new revisions without substance review
If your design documentation does not address these areas explicitly, the audit finding lands on engineering, not purchasing.
Audit Phase | Design-Team Responsibility |
Scope and risk ranking | Identify high-risk materials and exemption dependencies in the BOM |
Document review | Provide current cBOM, exemption rationale, and declaration traceability |
Process verification | Confirm change control includes substance review before release |
Closure and follow-up | Own corrective actions on material documentation gaps |
Audit findings decay fast. The SVHC candidate list updates twice per year. Exemptions expire on fixed dates. Supplier site changes can alter product chemistry without triggering your change control unless you have built that trigger in. Set re-review cadence tied to regulatory calendar dates and supplier change notifications, not arbitrary annual schedules.
Final Thoughts
A strong RoHS and REACH audit in PCB manufacturing is not a paper exercise. It is a disciplined test of whether the supplier can turn chemistry, declarations, traceability, and change control into a reliable operating system. The best audits go beyond “show me your certificate.” They ask: Do you know your material truth? Can you prove it at homogeneous material and article level? Can you maintain it when suppliers change, exemptions move, and the SVHC list grows?
Bridge compliance and design with Altium Agile. Keep material data, change control, and audit evidence aligned from design through release so nothing slips between systems. Connect your BOM, supplier inputs, and compliance workflows in one place, with traceability built in. Reduce rework and audit risk by managing RoHS and REACH continuously, not as a one-time check.
Frequently Asked Questions
What is the main purpose of a RoHS audit?
To verify that restricted substances do not exceed legal limits at the homogeneous material level and that the supplier has systems to maintain compliance over time.
How is a RoHS audit different from a REACH audit?
A RoHS audit focuses on restricted substances and exemptions in EEE, while a REACH audit focuses on SVHC identification, communication, and change management under Article 33.
What is an Annex IV RoHS exemption?
An Annex IV exemption allows restricted substances in specific medical or monitoring applications where substitution is not yet feasible and is subject to expiry and review.
Why do RoHS exemptions need ongoing tracking?
Because exemptions are time-limited and may expire, exposing products to sudden non-compliance if not actively managed.
What standards support RoHS and REACH audit readiness?
IECQ QC 080000 supports hazardous substance process management, while IEC 62474 supports structured material declarations across electronics supply chains.
About Author
Table of Contents
- Key Takeaways
- Why Are RoHS and REACH Audits Critical in PCB Supply Chains?
- RoHS and REACH Compliance Auditing for Electronics Products
- Compliance Audits and the Design Engineer's Role
- Final Thoughts
- Frequently Asked Questions
- What is the main purpose of a RoHS audit?
- How is a RoHS audit different from a REACH audit?
- What is an Annex IV RoHS exemption?
- Why do RoHS exemptions need ongoing tracking?
- What standards support RoHS and REACH audit readiness?
Control Without Complexity
- Scale with connection, compliance, and control
- Empower teams without added complexity
- Integrate seamlessly with existing systems
- Secure teams with structured workflows
Contact Us
Thank you, you are now subscribed to updates.
