12 Steps Every ESG and Environmental Compliance Campaign Needs

Article Highlights:

• Not all compliance campaigns are created equal, and companies that implement their programs in a rigorous, strategic fashion are more likely to obtain the data they need to adhere to REACH, RoHS, California Prop 65, the Corporate Sustainability Reporting Directive (CSRD), and other key regulations. 
• Manufacturers that use a supply chain risk management (SCRM) platform like Z2Data will be able to execute their due diligence campaigns with an experienced team that’s working toward achieving compliance for their customers every single day.
• From normalizing data to educating suppliers to conducting risk analysis, the 12 steps outlined below can serve as the foundation for a robust compliance campaign.

The requirements for regulatory compliance are growing for many of the world’s largest and most critical industries. Recent years have seen the environmental compliance landscape evolve significantly, with new regulations around per- and polyfluoroalkyl substances (PFAS); steady expansion to REACH’s Substances of Very High Concern (SVHC) list; and a growing desire to hold corporations accountable for human and environmental harms. Further, obligations associated with ESG (environmental, social, and governance) are on the rise, too, as investors, regulatory agencies, and consumers alike raise their expectations for how businesses should be mitigating their impacts on their surrounding environments.

In order to keep up with the state of regulations in 2025, original equipment manufacturers (OEMs) and other firms need to have a robust compliance process in place. And because of the complex nature of sourcing and manufacturing today, that often means gathering large volumes of data from across their supply chains. But not all compliance campaigns are created equal, and companies that implement their programs in a rigorous, strategic fashion are more likely to obtain the data they need to adhere to REACH, RoHS, California Prop 65, the Corporate Sustainability Reporting Directive (CSRD), and other key regulations. 

The Role of Supply Chain Risk Management in Compliance Campaigning

We’ve compiled 12 steps that we believe are essential to executing a successful compliance outreach campaign within your supply chain. It’s important to remember, however, that many—if not most—companies don’t have the expertise or bandwidth to carry out all these measures on their own. Manufacturers that use a supply chain risk management (SCRM) platform like Z2Data will be able to execute these 12 steps with the leadership of an experienced team that’s working toward achieving compliance for their customers every single day. In a regulatory environment in which companies face legal, financial, and reputational risk for noncompliance, the support and resources of an SCRM tool like Z2Data can be a significant differentiator.  

We’ve compiled 12 steps that we believe are essential to executing a successful compliance outreach campaign within your supply chain.

1. Data Normalization

Before companies reach out to their suppliers for information on parts, materials, and product formulations, among other requests, they need to make sure they have a full grasp of their own internal data. Part of this means undergoing a comprehensive data normalization process, including cleaning internal information and standardizing company names, part titles, and other forms of terminology. 

This step is especially important because of how it helps refine the scope of information an organization needs to obtain from their supply chain. When firms clean up and normalize all their data, they’re able to clearly assess all the intelligence they already have on products, parts, and suppliers. 

2. Supplier Analysis

Learning one’s supplier base is another foundational step that helps pave the way for a streamlined compliance campaign. Companies that identify all suppliers within the scope of the regulation they’re looking to adhere to, and what documentation they need from those suppliers, will be well-positioned to run an efficient campaign. Understanding these details at the beginning of the due diligence process—rather than in the middle, when firms are communicating with their suppliers—is critical to minimizing the total number of exchanges required for each manufacturer. 

3. Combine Public Information With Internal Data

An underrated but invaluable part of the campaigning process is working to obtain as much information as possible before having to reach out to suppliers. This may appear counterintuitive at first, but companies that maximize their data prior to the outreach process lower the pressure and expectations on their suppliers. Over time, this can drive up response rates and foster stronger supply chain relationships. 

One of the most effective strategies for maximizing data prior to campaigning is through publicly available information. Data on parts, products, suppliers, and even sustainability reporting is often available online. The key, however, is to know where—and how deep—to look. SCRM solutions have the proficiency and know-how to search in all the right places, zeroing in on the webpages, datasheets, and files that can boost a company’s compliance intelligence before they even send a single email out to manufacturers. 

4. Collect Supplier Contacts 

While this may be an obvious, seemingly straightforward step, that doesn’t make it an easy one. To conduct supplier outreach, businesses need to find the appropriate contact information for their manufacturers. While many firms have an established point of contact at their supplier, reaching out to that person may only be the first of several steps. Established points of contact may need to pass regulatory compliance requests to other parties within their company, an internal process that could require approvals from multiple stakeholders.

As with several of the other compliance steps, this is a measure that’s best done early in the campaigning process. Scrambling to identify the appropriate point of contact late in an organization’s compliance timeline, when they’re facing impending deadlines and under pressure to obtain documentation quickly, can turn a pedestrian task into an operational crisis. 

5. Supplier Education

Businesses cannot assume that they’re on the same page as their suppliers when it comes to regulations. Manufacturers may not understand REACH, RoHS, the CSRD, or other directives as comprehensively as their customers do. Because of this, original equipment manufacturers (OEMs) need to take it upon themselves to educate their suppliers through phone conversations, emails, and even written guides that lay out their specific obligations. 

As with the procurement of public data, this is a step that benefits greatly from a compliance risk management platform. These tools often have standard practices in place for educating manufacturers, including not only comprehensive reporting guides but also contact with seasoned experts who can guide them through the reporting process. 

6. Supplier Campaigning

This is the actual process of reaching out to manufacturers with requests for data, documentation, and other forms of evidence businesses need for regulatory compliance. While this step is arguably the most straightforward, it’s also often the most challenging and time-consuming. Many suppliers are inundated with compliance requests from their customers on a weekly or even daily basis. Consequently, they’re often in little rush to address every email, call, or other message requesting compliance materials.

The result is a push-and-pull dynamic that forces OEMs and other firms seeking compliance data to be persistent and diligent in their campaigning. Companies need to be systematic in their approach to outreach, documenting their efforts and following up in a standardized fashion. A single email or call often won’t suffice, and compliance professionals must be prepared to practice persistence throughout the campaigning process.

7. Document Validation 

After companies have reached out to all their suppliers, the next step is verifying the documentation they’ve received. This may entail examining full material declarations (FMDs), specification sheets, technical drawings, and other highly specialized documents to ensure that they contain the data that will ultimately help businesses determine their product compliance (and, in some cases, that will be submitted to the appropriate regulatory agencies).

8. Reporting and Submissions 

Regulations impose their requirements on businesses in different ways. For the Restriction of Hazardous Substances (RoHS), for example, companies need to keep the concentrations of 10 substances below specific thresholds in all electrical and electronic equipment (EEE). Businesses typically demonstrate their adherence to RoHS through a certification of conformity (CoC) or a declaration of conformity (DoC). 

Obligations for SCIP—Substances of Concern in articles as such or in complex objects—on the other hand, require businesses to submit specific information to a European Chemicals Agency (ECHA) database. During this stage of the compliance process, organizations will carry out whatever step is required for the regulation they’re seeking to comply with. Depending on the regulation, this could take the form of producing a CoC, submitting information to an agency database, or executing another type of regulatory reporting. 

9. Risk Analysis 

Risk analysis is one of the single-most important steps in any compliance campaign. After a business has finished their supplier campaigning and gathered all the information available to them through manufacturers, publicly available data, and their own internal records, they’ll typically categorize their parts and products into three different groups: “compliant,” “noncompliant,” and “no status.” Compliant, of course, is good. Noncompliant, meanwhile, is not, and it comes with a clear directive: do everything necessary to achieve compliance for the product currently in violation of an existing regulation.

After a business has finished their supplier campaigning and gathered all the information available to them through manufacturers, publicly available data, and their own internal records, they’ll typically categorize their parts and products into three different groups: “compliant,” “noncompliant,” and “no status.”

Parts and products with “no status” means that there isn’t sufficient information to determine a compliance status. These items present a trickier proposition. If a product has a high likelihood of being compliant—even though the company doesn’t have all the data to confirm it—then pouring resources into verifying that compliance status may not be a wise allocation of company bandwidth. In contrast, for parts and products with a higher probability of noncompliance, finding a way to obtain all the information to make a definitive determination should be seen as an operational imperative. 

The hard part, however, is making the distinction between parts that have a high probability of being compliant and those that do not. This type of analysis takes deep-seated expertise, including the ability to pore over scientific and engineering documentation, product formulations, and chemical characteristics to render an accurate assessment. Here, again, a SCRM or compliance tool can make a meaningful difference. In the case of Z2Data, the software’s compliance solution comes with the support of experts who possess strong scientific backgrounds. These professionals can help businesses understand how their parts fit into the larger context of regulations like RoHS, REACH, SCIP, and TSCA, and what their risk exposure looks like. 

10. Alerts 

Whether a company is conducting their compliance campaign independently or working with an outside firm, they should have a system for alerting the organization when a part is found to be noncompliant. These triggers should be automated, too: manually informing all stakeholders of a compliance violation is slow and unpredictable, and a compliance violation should be communicated to all relevant parties as quickly as possible.

11. Identifying Crosses for Noncompliant Parts 

For companies operating in the electronic supply chain, navigating noncompliance will likely mean focusing on ways to swap out individual components without compromising the entire design of a product. One of the most proven ways to do that is by searching for crosses, or alternative parts, that are close matches to the noncompliant component. 

Noncompliant statuses should be addressed with a sense of urgency proportionate to the stakes of a regulatory violation. But engineers and procurement professionals can still act with thoughtfulness and precision when seeking the best possible crosses from a form-fit-function perspective. Team members should be willing to invest time in identifying the least disruptive avenue for rectifying the situation and achieving compliance; pinpointing viable crosses is a proven strategy for doing this. 

12. Supply Chain Risk Management

A final step that companies should consider carrying out during the last phase of their compliance campaign is supply chain risk management. Specifically, OEMs may want to consider collaborating with their suppliers to implement concrete risk mitigation actions to reduce the risks associated with noncompliance in the future. Some examples of these measures include:

• Having suppliers implement an alert system that notifies customers when a part has fallen out of compliance.
• Establishing a standardized procedure that allows tier 1 manufacturers and their OEMs to work together to address compliance violations as soon as they arise. 

Meet All Your Compliance Requirements With Z2Data

While the 12 steps outlined above can serve as the foundation for a robust compliance campaign, it’s unreasonable to expect most companies to be able to execute these measures on their own. Retrieving all available public information, educating suppliers on regulations and documentation requirements, and conducting a thorough risk analysis often exceeds the available bandwidth and expertise for many organizations. In these cases, firms that want to meet their compliance goals in a timely, effective manner can partner with SCRM platform Z2Data. 

Z2Data combines software, databases, and services to offer customers full compliance coverage. The solution covers over 180 major global regulations, including but not limited to:

• REACH
• RoHS
• Cal Prop 65
• SCIP
• PFAS
• EUDR
• EU Battery Regulation
• CSRD
• CSDDD
• UFLPA

To learn more about Z2Data and its extensive compliance offerings, schedule a free trial with one of our product experts.