Demystification of legal requirements in ISO 14001

Almost all organizations implementing ISO 14001 are aware that legal requirements are the foundation and basic requirement of ISO 14001. But, if you ask somebody to explain precisely legal requirements compliance in the context of ISO 14001, you will receive very few answers.

ISO 14001 is not very helpful, either – its clause 3 “Terms and definitions” has no definition about legal requirement compliance. Principles of Environmental Enforcement (Implementation and Enforcement of Environmental Law (IMPEL), 1992) have defined legal compliance as: “Full implementation of applicable environmental legislation. Compliance occurs when requirements are met and desired changes are achieved.”

On the other hand, ISO 14001 does state that an organization is required to identify and have access to all applicable legal requirements related to its environmental aspects. These requirements must be taken into account when the organization establishes and maintains its EMS.

Steps for compliance with legal requirements

So, let’s see what legal requirement compliance in ISO 14001 is all about.

1. Environmental policy

Environmental Policy should reflect the commitment of top management to comply with applicable legal requirements and other requirements, supported by adequate resources. This commitment is usually in the form of a simple statement, whereas the identification of those requirements is explained in the next section.

Other requirements are voluntary initiatives the organization chooses to comply with (e.g., UN Global Compact-strategic policy initiative for businesses).

2. Legal and other requirements (4.3.2)

Clause 4.3.2 of ISO 14001 states that the organization should know applicable legal requirements related to their activities and services.

The organization may find environmental regulations on the website of government agencies in charge of environmental protection or on other specialized services. In a wide list of regulations you should choose only those that are applicable to your business. (E.g., if you manage heating boiler power above 100kW, then you are subject to the measurement of emissions from stationary sources. Or, another example related to water use: if you use water only for sanitary purposes, you don’t need to have a water license). Sometimes an organization will outsource these activities to external service providers.


3. The objectives and targets (4.3.3)

ISO 14001, in its clause 4.3.3, states that when an organization establishes environmental objectives it should take into account its legal and other requirements.

The organization should plan how to comply with legal requirements. If you find during identification of applicable legal requirements that you are partially in compliance with a specific applicable regulation, or you have completely ignored it, now is the time to set it as a target (e.g., to comply with the directive on measuring emissions from a stationary source in case you manage a boiler with power above 100kW).

In the implementation phase, the organization should have instruments in place for dealing with legal requirements (e.g., sufficient documents to demonstrate compliance, responsibilities and authorities for compliance-related requirements, compliance-related communication process, training and awareness of the compliance-related processes).

4. Evaluation of compliance (4.5.2)

Periodic evaluation of compliance is important, because even if your organization is in compliance today you cannot be sure that it will be in compliance in six months or a year. For example, if “Directive on measuring emissions from stationary source” is applicable for your organization, you should check, e.g., yearly, if the authorized service measures exhaust gases and whether the test result is below the legal limits.

Where a non-compliance with legal requirements is discovered (e.g., results of measuring exhaust gases are outside the legal limit), the organization is required to take immediate corrective action (e.g.,  adjust the parameter of the boiler and repeat measurements, including root cause analysis, correction and measures to prevent recurrence), which may include actions to immediately inform the environmental regulator depending on the specific legal requirements and magnitude of the non-compliance.

5. Management review (4.6)

Clause 4.6 requires the environmental management representative to inform top management through the management review process about results of evaluation of compliance and possible changes in legal requirements. This is to ensure that top management is aware of the risks of potential or actual non-compliance and has taken appropriate steps to meet the commitment to legal compliance.

Steps for compliance with legal requirements

Taken together, these provisions mean that an organization implementing ISO 14001 should systematically identify and manage its compliance obligations by including the elements listed above within its environmental management system.

There have been many examples of organizations that have reached and maintained their legal compliance as a result of implementing and maintaining an EMS that conforms to the standard – while certification of an EMS against the requirements of ISO 14001 is not a guarantee of legal compliance, it is a proven and efficient tool to achieve and maintain such legal compliance.