ISO 14001:2015 replaced the former “legal and other requirements” with the broader term compliance obligations, encompassing both mandatory legal requirements and voluntary commitments. Clause 6.1.3 requires organizations to identify, access, and determine how these obligations apply to their environmental aspects, and to take them into account when establishing, implementing, maintaining, and continually improving the EMS.
Types of Compliance Obligations
Mandatory (Legal) Requirements
- Federal environmental statutes (Clean Air Act, Clean Water Act, RCRA, CERCLA, EPCRA)
- State and local environmental regulations and permits
- Consent orders, enforcement actions, and court orders
- Permits, licenses, and authorizations
Voluntary Commitments
- Industry codes of practice and best management practices
- Contractual requirements with customers or suppliers
- Voluntary environmental programs (EPA voluntary programs, industry initiatives)
- Organizational policies and standards that exceed regulatory requirements
- Agreements with community groups or environmental organizations
Building a Compliance Register
While the standard doesn’t prescribe a specific format, a compliance register (or legal register) is the most common approach. Effective registers include the obligation name and citation, applicable aspects and activities, specific requirements, responsible person, evaluation method and frequency, status, and next review date. The register must be a living document updated when regulations change, new permits are issued, or organizational activities evolve.
Integration with EMS Planning
Compliance obligations must be taken into account when establishing environmental objectives, implementing operational controls, conducting risk assessment (Clause 6.1), and planning monitoring and measurement. They are also a required input to management review.
Evaluation of Compliance
Clause 9.1.2 requires a dedicated process to evaluate fulfillment of compliance obligations. This process determines evaluation frequency based on obligation importance and risk, evaluates compliance status, takes action when noncompliance is identified, and maintains documented records of evaluation results. See the Monitoring and Measurement page for detailed evaluation guidance.
Common Pitfalls
- Incomplete identification of applicable regulations
- Not tracking voluntary commitments alongside legal requirements
- Static compliance register not updated when regulations change
- Compliance evaluation frequency insufficient for high-risk obligations
- Not connecting compliance obligations to specific operational controls
