Are Your Suppliers Submitting Bad RoHS Certificates of Compliance?

Article Highlights:

• A RoHS Certificate of Compliance is a document issued from a supplier stating that a product, component, or material complies with the substance restrictions defined under the EU RoHS Directive. The certificate typically declares that restricted substances such as lead, mercury, cadmium, hexavalent chromium, PBBs, PBDEs, and specific phthalates are either absent or below RoHS’s legal concentration thresholds.
• The more traceable and product-specific the documentation is, the more defensible the compliance position becomes when stress-tested during audits and regulatory investigations.
• A certificate alone rarely provides enough evidence for high-risk components or complex assemblies. Suppliers unable or unwilling to provide supporting documentation—including IPC 1752 declarations, IEC 62474 data, or laboratory test reports—may have limited visibility into their own supply chains.

For many manufacturers, collecting RoHS certificates of compliance from suppliers has become a routine part of supply chain management. Procurement teams request the certificates during the onboarding process. Compliance teams then store them in spreadsheets or document repositories. Engineering teams may later reference them during product development and for customer inquiries. And in many organizations, the presence of these CoC documents is treated as sufficient proof of compliance.

That assumption, however, is becoming increasingly dangerous. As global supply chains grow more complex and environmental product compliance regulations continue to evolve, regulators and customers are demanding stronger evidence that products truly comply with substance restrictions. The European Union’s Restriction of Hazardous Substances directive, commonly known as RoHS, remains one of the most important environmental compliance directives regulating electronics manufacturers worldwide. 

Despite its obvious importance, however, many companies continue to rely on RoHS certificates of compliance without going through the proper verification steps. These organizations often fail to determine whether the documentation is accurate, current, or even applicable to the specific products being purchased.

Certificates That Can’t Be Trusted

One of the key overlooked problems with accepting RoHS certificates of compliance at face value is that not all of these documents are created equally. Some contain outdated directive references. Others lack product-specific information. And some suppliers issue generic, blanket statements that provide little legal or technical value, and would not hold up under regulatory scrutiny. In more serious cases, suppliers may provide inaccurate or misleading documentation because they don’t fully understand the regulation themselves, or because they lack proper compliance management processes.

Organizations that accept these supplier certificates without a critical eye or screening process are exposing themselves to significant risk. A bad RoHS Certificate of Compliance can lead to a host of different negative outcomes, including: 

• Failed customer audits
• Shipment delays
• Regulatory investigations
• Product recalls
• Reputational damage

In highly regulated industries, the inability to consistently supply defensible compliance documentation can also jeopardize customer relationships and market access.

Companies that treat RoHS compliance as a proactive documentation verification process—rather than a simple check mark—are better positioned to reduce their regulatory exposure and strengthen supply chain resilience.

What Is a RoHS Certificate of Compliance?

A RoHS Certificate of Compliance is a document issued by a supplier stating that a product, component, or material complies with the substance restrictions defined under the EU RoHS directive. The certificate typically declares that restricted substances such as lead, mercury, cadmium, hexavalent chromium, PBBs, PBDEs, and specific phthalates are either absent or below RoHS’s legal concentration thresholds.

Although the term “RoHS certificate” is widely used throughout the electronics industry, there continues to be confusion surrounding what the document actually represents. Many companies use the term interchangeably with RoHS declarations, laboratory test reports, or EU declarations of conformity, even though these documents serve different purposes.

A RoHS certificate of compliance is generally a supplier statement confirming their compliance status. It is not necessarily legally required under EU law. A RoHS declaration may contain similar information, but is often less formalized, appearing in supplier documentation portals or specification sheets.

A laboratory test report is distinct for even more obvious reasons: it generally contains results from materials testing, including XRF screenings or wet chemistry analyses. Test reports may provide evidence supporting compliance claims, but usually apply only to specific samples tested at a single point in time.

Finally, an EU declaration of conformity is a broader legal document issued by manufacturers to confirm compliance with applicable EU directives and regulations. For finished products bearing a CE marking, the declaration of conformity may include RoHS among several other applicable directives.

Many organizations misunderstand these distinctions, and mistakenly assume that any document containing the phrase “RoHS compliant” is sufficient evidence of compliance. In reality, however, the strength and reliability of RoHS documentation depends heavily on the quality, specificity, traceability, and supporting evidence substantiating the supplier’s claim.

Many organizations misunderstand these distinctions, and mistakenly assume that any document containing the phrase “RoHS compliant” is sufficient evidence of compliance.

What Information Should a RoHS Certificate of Compliance Include?

A valid RoHS Certificate of Compliance should contain a few indispensable facts:

• Identifying information on the supplier
• The product being covered
• The applicable regulation
• The basis for the compliance claim

Generic or incomplete certificates create ambiguity that weakens audit defensibility and increases regulatory risk should the document come under scrutiny by the EU or the European Chemicals Agency (ECHA).

In addition, the document should clearly identify both the supplier issuing the certificate and the manufacturer associated with the product (if they’re different). Full company names and contact information help establish traceability and accountability within the supply chain.

Product identification is equally important. Certificates should reference specific part numbers, model numbers, or material identifiers. Vague product descriptions such as “electronic components” or “all products supplied” create uncertainty about what products are actually covered by the declaration.

The certificate should also reference the applicable RoHS legislation. Most modern declarations should reference Directive 2011/65/EU, along with Directive (EU) 2015/863, which added four phthalates to the restricted substance list. Suppliers still referencing Directive 2002/95/EC may be relying on outdated templates or legacy compliance processes, jeopardizing the legitimacy of the CoC. 

Issue dates and revision histories are critical because RoHS compliance is not a static one-time achievement. Regulations evolve, exemptions expire, and supplier manufacturing processes change over time. Documentation without dates or revisions provides little assurance that the information on the certificate remains current.

A valid certificate should also include an authorized signature or approval from a responsible representative within the supplier organization. Unsigned certificates or automatically generated statements without accountability may not withstand customer or regulatory scrutiny.

The declaration itself should explicitly state compliance with RoHS-restricted substance thresholds. Ideally, the document should also reference supporting technical documentation, including material declarations, supplier surveys, homogenous material assessments, or laboratory testing reports.

The more traceable and product-specific the documentation is, the more defensible the compliance position becomes when stress-tested during audits and regulatory investigations.

Red Flags That a Supplier's RoHS Certificate May Be Unreliable

Missing Part Numbers or Vague Product Descriptions

One of the most common indicators of unreliable RoHS documentation is the absence of clear identifying information about the product. Certificates that reference broad product categories instead of specific part numbers create uncertainty about what items were actually evaluated. A statement claiming compliance for “all products supplied” may sound comprehensive, but it often lacks the specificity necessary for audit defense.

Without traceable product identification, companies may struggle to prove that the exact components used in their products were covered by the supplier declaration.

No Issue Date or Expired Documentation

RoHS certificates should always contain issue dates and, ideally, full revision histories. Undated documents provide no indication of whether the information reflects current regulatory requirements or current manufacturing conditions.

Expired documentation is particularly problematic—especially when suppliers have changed raw materials, manufacturing sites, or subtier manufacturers since the original declaration was issued. Compliance statuses can change over time, as exemptions expire or new restricted substances are added. RoHS certificates need to reflect the dynamic nature of both the regulation and the manufacturing processes of the supplier.

References to Outdated RoHS Directives

Suppliers still referencing obsolete directives, such as 2002/95/EC, may not have updated their compliance programs to reflect current requirements. This can indicate broader weaknesses in regulatory monitoring and environmental compliance management within the company.

No Authorized Signature

Certificates lacking signatures or identifiable approval authorities raise questions about accountability and internal review processes. If a compliance expert or other professional at the company is unwilling to put their name on the document, then that casts doubt on its strength and credibility. 

A valid compliance statement should demonstrate that someone within the organization has formally reviewed and approved the declaration and is therefore willing to stand behind it with their own signature. Unsigned documents generated automatically through supplier portals, on the other hand, may not carry sufficient legal or evidentiary weight during audits.

Generic Statements Lacking Product Specificity

Some suppliers issue blanket statements declaring that all company products comply with RoHS requirements. While certainly convenient for the supplier, these declarations often lack the technical detail and specificity necessary to support specific product claims.

Different product families often utilize different materials, manufacturing stages, and subtier suppliers during the production process. Without product-level traceability, generic declarations fail to accurately represent actual compliance conditions.

Lack of Test Reports and Other Supporting Materials

A certificate alone rarely provides enough evidence for high-risk components or complex assemblies. Suppliers unable or unwilling to provide supporting documentation—including IPC 1752 declarations, IEC 62474 data, or laboratory test reports—may have limited visibility into their own supply chains.

The absence of supporting evidence is particularly concerning for components containing metals, plastics, coatings, solder materials, cables, or flame retardants that historically present elevated compliance risks. In these cases, customers should carefully screen RoHS certificates of compliance to verify that those documents are corroborated by the necessary supporting evidence. 

Discrepancies Across Compliance Documents

Conflicting information between certificates, material declarations, specification sheets, and test reports is another major warning sign. For example, one document may reference RoHS 3 compliance, while another excludes phthalates from its scope. Part numbers, revision levels, or exemption references may also differ across documents.

These inconsistencies often indicate weak document control processes or incomplete supplier compliance programs. They also put the customer in a difficult position, forcing them to reconcile documents with conflicting information.

Conflicting information between certificates, material declarations, specification sheets, and test reports is another major warning sign.

Subpar RoHS Certificates Create Serious Business Risks

Flawed supplier compliance documentation can create significant downstream consequences throughout the lifecycle of a product. 

Among these myriad consequences, regulatory violations are the most obvious concern. If authorities determine that products exceed restricted substance limits, manufacturers may face fines, import restrictions, recalls, or immediate loss of market access. And companies can’t simply transfer liability to suppliers by claiming they relied on their certificates.

Bad compliance documentation also creates operational risks. Missing or unreliable compliance evidence can delay product launches, especially when customers request additional verification late in the qualification process. Engineering teams may be forced to replace components or redesign assemblies if supplier data cannot support compliance claims quickly enough.

Contract manufacturers and downstream customers are also increasingly pushing compliance responsibilities upstream. Suppliers may receive urgent requests for updated declarations, full material disclosures, or supporting analytical data during customer compliance reviews, increasing the pressure on those manufacturers to have credible certificates of compliance ready to send to supply chain partners. 

Suffice it to say, the financial impact of these issues often extends far beyond the cost of compliance itself. Fortunately, businesses operating in today’s challenging regulatory landscape can draw on the visibility and expertise of compliance software like Z2. Z2 works with businesses in industries ranging from automotive to aerospace and defense to electronics manufacturing to achieve compliance with over 180 global regulations spanning chemical, product, trade, and ESG, and including REACH, RoHS, EUDR, SCIP, California Proposition 65, and PFAS. 

By partnering with Z2, businesses are able to:

• Understand their full regulatory data requirements.
• Rely on a team of experts to carry out supply chain due diligence.
• Participate in a full compliance risk analysis.
• Receive reports and declarations for all their compliance obligations.

To learn more about Z2Data’s compliance services, schedule a free trial with one of our product experts.