Ecesis EHS Software

ISO 45001
Legal and Other
Requirements

Clause 6.1.3 of ISO 45001:2018 requires organizations to determine and have access to current legal requirements and other requirements applicable to their OH&S hazards, risks, and management system. Maintaining an accurate and current register of these obligations is essential for both compliance and certification.

What the Standard Requires

Organizations must determine and have access to up-to-date legal requirements and other requirements applicable to their hazards and OH&S risks, determine how these requirements apply to the organization, and take these requirements into account when establishing, implementing, maintaining, and continually improving the OHSMS. This information must be maintained as documented information and kept up to date.

Types of Legal Requirements

Common Sources of Legal and Other Requirements

  • Federal OSHA regulations: 29 CFR 1910 (General Industry), 29 CFR 1926 (Construction), specific standards for hazard communication, lockout/tagout, confined spaces, fall protection, etc.
  • State OSHA plans: States with approved state plans may have additional or more stringent requirements
  • Workers' compensation requirements: State-specific reporting and documentation obligations
  • Industry-specific regulations: MSHA (mining), DOT (transportation), EPA (chemical safety), NRC (nuclear)
  • Local codes: Fire codes, building codes, municipal safety ordinances
  • Other requirements: Collective bargaining agreements, industry standards (ANSI, NFPA), customer requirements, voluntary commitments, insurance requirements

Building and Maintaining a Compliance Register

A compliance obligations register should list each requirement, the source authority, the specific clauses that apply, the activities or hazards affected, the person responsible for compliance, and the evaluation frequency. Link specific requirements to the hazards, activities, and locations they apply to.

Best Practices for Clause 6.1.3

  • Maintain a centralized compliance obligations register
  • Subscribe to regulatory update services to stay current
  • Assign responsibility for monitoring changes in legal requirements
  • Review the register when regulations change, new activities are introduced, or hazard profiles shift
  • Ensure workers have access to applicable requirements relevant to their work
  • Schedule compliance evaluations per Clause 9.1.2

Common Pitfalls

  • Maintaining an outdated register that does not reflect current regulations
  • Listing requirements without determining how they specifically apply
  • Ignoring “other requirements” such as voluntary commitments and industry standards
  • Not linking legal requirements to specific hazards and operational controls
How Ecesis ISO 45001 Software Helps: Ecesis provides a centralized compliance obligations register with automated reminders, evaluation scheduling, and integration with task tracking to ensure all requirements are met on time. Learn more about our ISO 45001 software →
Related Resources
ISO 45001 Implementation Guide ISO 45001 Software Context of the Organization Leadership & Policy Worker Participation Hazard Identification OH&S Objectives

What Is Ecesis?

Ecesis is a leading EHS Software Solution that has been helping companies around the world reach their EHS goals since 1993.

Get in Touch

1499 West 120th Avenue
Suite 110
Westminster, CO 80234
(720) 547-5102 (866) 733-6912 Click To Email Us

Connect With Us

EHS Software on LinkedIn EHS Software on Facebook EHS Blog

Copyright © 2026 EnviroData Solutions, Inc.

Terms of Use    Privacy Statement    Cookies