Want to search for the relevant question and answer in your own language? Change the language in the dropdown menu above.


ECHA Accounts

Account management

Can I create a REACH-IT account for learning purposes and remove it afterwards?

No, REACH-IT does not allow, under any circumstances, the creation of accounts for the purpose of testing. The data entered into REACH-IT is binding and may trigger regulatory obligations and cannot be modified or deleted. Testing data may alter the correct functioning of the system, impact statistics and priorities, and cause harm to other registrants and notifiers who submit genuine data.

Can I administer my ECHA user account by myself?
Yes. Any user can perform the following actions:
  • Request for a new password: you need to know the answer to your security question.
  • Recover a forgotten password: you need to know the answer to your security question once you click on the verification link sent to your email address.
  • Recover your username: if you know your email address associated to the account, a message will be delivered to that email address with all the usernames related to that email address.
If your account is locked after several incorrect attempts, you will be able to use the account recovery functionality. Once you provide the answer to the security question, a password will be sent to your email address. You may alternatively contact another user of the same account with "legal entity manager" role, so this user will provide you immediately with a new password.
Remember that you can contact your user administrator to provide you with access or to modify data related to a particular account. If you are the administrator and you cannot perform any of the actions previously mentioned, you can contact the ECHA Helpdesk. When communicating with ECHA Helpdesk, please always include all the possible relative information (e.g. “legal entity manager” account name, UUID). This will help us to resolve your request faster.
Further information can be found in the ECHA Accounts Manual.
What is the meaning of the different roles in ECHA Accounts?

The roles have been designed to allow you to administer the management of your ECHA Account and the level of access to REACH-IT, R4BP 3, ePIC, R4BP 3 and ECHA Cloud Services. Below are the roles linked to ECHA’s IT tools:

For account management

Legal Entity Manager: you can modify the legal entity data, contact data and user data.

Access to an ECHA application

  • Manager: full access to the application selected (REACH-IT, R4BP 3, ePIC)
  • Reader: read-only access to the application selected (REACH-IT, R4BP 3, ePIC)
  • IUCLID SME Full Access: full access to the ECHA Cloud services
  • IUCLID SME Read Only: read–only access to the ECHA Cloud services


What happens if I add a "foreign user" to my legal entity?

You can assign a foreign user to your company to allow a user from a different company to work on behalf of your company. The foreign user must create an account in ECHA Accounts before you are able to include the primary LE UUID of the foreign user in your account. The foreign user will be able to work on your behalf in REACH-IT, R4BP 3, ePIC and ECHA Cloud Services as if they were users of your company.  

If needed, you can disassociate the foreign user from the "Users" tab.

How can I manage my ECHA account?

You can:

  • Access REACH-IT, R4BP 3, ePIC or ECHA Cloud Services and select either the legal entity or username available on the top banner.
  • Access directly the ECHA Accounts portal.
How can I remove access of a particular user in REACH-IT, R4BP 3, ePIC and ECHA Cloud Services?

A user with a "Legal entity Manager" role can edit or remove the manager or reader role of another user. This will prevent the user from accessing to the relevant application. More information can be found in ECHA Accounts manual.

What are the password complexity requirements and password policy?

As mentioned in the ECHA Accounts Manual, the following rules must be applied, when changing/updating a password:

The password must have at least 8 characters and contain three of the following character types: uppercase letter [A to Z], lowercase letter [a to z], number [0-9] and non-alphabetical.

Please also note the following restrictions:

  • The password must not contain parts of the username, first name or last name.
  • The password cannot be the same as the previously used passwords.
  • The password cannot be changed more than once a day. 
I received a One-time-Password (OTP) but I can still not log in to my account.

In order to solve this issue, please:

  1. try to verify your email before using the OTP provided to you by ECHA. If the account is not verified, then you cannot proceed and change the password.
  2. contact the ECHA Helpdesk to re-check and reset your account, in case the e-mail verification fails.
Which type of account can access REACH-IT, R4BP, ECHA Cloud Services, etc.?

Only the business account associated with a LE/Company/Organisation can access an ECHA IT tool (REACH-IT, R4BP, ePIC, ECHA Cloud Services, etc.). If you do not have access to the ECHA on-line IT tools, after the creation of a new user account you need to continue and promote a personal account to a business account.

If you would like to see a detailed description of this process along with a full explanation of all aspects of ECHA accounts, see the ECHA Accounts manual.

Company name change

How can I update my company name in ECHA Accounts?

A change of company name may happen as a result of:

  1. Company name change: Administrative purposes where the legal personality of a company remains the same and only the name of the company changes.
  2. Legal personality change: A change of legal entity as a result of a merger, company split, change of only representative or assets sale. 

For clarification on whether a company name or a legal personality change applies, please contact your national helpdesk or BPR competent authorities

For further clarification on your legal entity status according to REACH and CLP, please read the ECHA Practical guide 8: How to report changes in identity of legal entities.

Updating a company name change due to administrative purpose

A company name change needs to be communicated to ECHA using available ECHA applications such as REACH-IT, R4BP 3 or ePIC. The company name can be easily changed by logging in to ECHA Accounts through any of the ECHA applications. See steps below:

  1. Log into ECHA Accounts
  2. Click on “Accounts, Users & parties”
  3. Click on the button “Edit” and “Change name”
  4. Modify the company name, agree to the disclaimer and upload a supporting document from a national registry to prove the official name change.

Important note: Under the Biocidal Products Regulation (BPR), a company name change is considered legally valid only once an administrative change on request is authorised by your national authorities. Useful instructions on how to submit an administrative change on request (NA-ADC) via R4BP 3 can be found in the chapter “National authorisation – changes on request” of the Biocides Submission Manual: national authorisations

Updating a company name change due to Legal entity change (LEC)

A legal entity change entails the transfer of assets from the LEC initiator (account A) to the LEC successor (account B) using ECHA applications. The LEC initiator and successor have distinct legal personalities and, therefore, different accounts (A and B). If the LEC successor has not yet created an account, he will first need to register a new company.

Depending on the regulatory scope, you may need to consider these general guidelines when applying for a legal personality change:

a. REACH and CLP

A legal entity change under REACH and CLP needs to be reported to ECHA and the National Authorities using the REACH-IT legal entity change functionality. The LEC initiator (account A) initiates the process and the LEC successor (account B) validates the transfer. As a result, the assets (e.g. registrations or notifications) will be transferred from account A to account B.

A different process applies for the transfer of applications for authorisation (AfA). Further information on this process can be found in the Q&A 1241.

Additional information on the consequences after a legal entity change can be found in the Q&As 388 and 405.

b. BPR

Under the Biocidal Products Regulation (BPR), an authorisation holder transfer is an administrative change on request. A functionality in R4BP 3 allows the transfer of authorisations (assets) from account A to account B prior to authorisation by the national authorities. Additional information on this process can be found in the video tutorial Processes in R4BP 3: asset transfer via NA/SA-TRS.

For on-going cases pending for authorisation, you can initiate the transfer between accounts to indicate the existence of a new case owner or prospective authorisation holder. Additional instructions can be found in chapter “11.5 Case transfer” of the BSM technical guide: using R4BP 3. Specific provisions apply to the replacement of a participant in the review programme as described in the same manual.

For changes of participants in Article 95, you will need to communicate it to ECHA via the request for corrections of entries on the Article 95 list.

Certain applications, such as technical equivalence or SME verification approval, are valid only for the company who benefited from the decision behind these applications. A new application is required if a different legal entity needs to rely on these application types.

c. PIC

A PIC notification cannot be transferred between two legal entities.
In case of a change of legal personality, the legal successor (i.e new company) will need to submit a new notification via ePIC.

Known issues

Known issue 1: I do not navigate away from a webpage when I click on a button or a blank page is displayed when I select a tab, why?

If you are using Internet Explorer, you may experience this problem due to the compatibility view of your browser. To amend this issue, click on the compatibility view button. You may alternatively decide to use a different web browser i.e. Firefox.

Browser compatibily issue

Known issue 2: I receive the message "please refresh your browser to restart the application". How should I continue?

This error message may be received if you have not logged out from ECHA Accounts after a long time or you follow an unexpected workflow. To solve this issue, click on the "Back" button of your web browser or refresh the page. If the problem persists, close the browser session and access again.

Known issue 3: I navigate from ePIC to ECHA Accounts and I receive the message "the identity provider could not process the authentication request". How can I continue?
To solve this issue, you will need to:
  • click on the "Back" button of your web browser;
  • select the link in the web browser and press enter; and
  • select "account, users and parties".
Sign up

How can I sign up?
You can select the option "Register a company" either in the REACH-IT portal, R4BP 3 portal, ePIC portal or the ECHA Cloud Services portal. You will need to:
  • Introduce your user details
  • Verify the e-mail address (access the e-mail address linked to your user account and click on the verification link)
  • Create your legal entity (or company details). If you already have a LEOX (previously created in the IUCLID 5 website or in IUCLID 5), you can import your company details
Understanding ECHA Accounts

What is an ECHA Account?

An ECHA Account is a means by which ECHA can provide services and downloads within a specific legal framework. When creating an account, the account holder has to agree to specific terms and conditions. In general, ECHA Accounts provide access to the following:

  1. ECHA IT tools (REACH-IT, R4BP 3, ePIC, Poison Centres Notifications, ECHA Cloud Services, etc);
  2. The right to download and install locally ECHA IT tools, for example IUCLID and Chesar;
  3. Additional services on the ECHA website, such as the possibility to receive notification on a substance of interest;
  4. User account details
There are two types of ECHA accounts:
  • Personal account: This provides access to options (2), (3) and (4) stated above. Notably, a personal account is not associated with a Legal Entity.
  • Business account: This type of account provides access to all the options (1) – (4) stated above. A business account is created by promoting a personal account to a business account. Therefore, a personal account must be created first. The promotion process requires either to create a new legal entity after the personal account creation, or to contact (offline) the Legal Entity Manager of an existing legal entity to include the new account in the legal entity.

A full explanation of ECHA accounts is provided in the manual here.

I had two accounts; one in REACH-IT and one in ECHA accounts converted by ECHA. What happened to my accounts?

ECHA has updated data in ECHA accounts based on the timestamps of the changes in both systems. New REACH-IT user accounts created after conversion have been converted to new ECHA user accounts and REACH-IT user roles have been merged to users in ECHA accounts.

We have tried our utmost to ensure smooth migration to ECHA accounts. However, in case you notice something lost or not migrated, please contact ECHA Helpdesk for further assistance.

You need to complete these steps only once to access the relevant ECHA IT system:

  • You need to provide your former REACH-IT username and password to log in to ePIC R4BP 3 or REACH-IT 3
  • Set a new password
  • Verify your email – if not done previously in REACH-IT.
  • Define the answer to the security question – if not done previously in REACH-IT.

Further details on the steps to carry out the account conversion can be found in chapter 8 of the ECHA Accounts manual.

I had an account on the website of IUCLID, Chesar, or Poison-Centres before 15th November 2018. What should I do?

On 15th November 2018, ECHA changed the method of logging in to the IUCLID, Chesar, and Poison-Centres websites to allow only ECHA Accounts to access them. It is no longer possible to log in to the IUCLID and Chesar websites using the accounts previously created on those websites.

If you have an ECHA account used to access any of the on-line tools provided by ECHA, the account credentials can now be used to log in to the IUCLID and Chesar websites. The on-line tools include: REACH-IT, R4BP 3, ePIC, Poison Centres Notifications Portal, and the ECHA Cloud Services.

If you do not have an ECHA account, and you want to access either the Chesar or the IUCLID website to download software, you will have to create an ECHA account first. This can be done from the ECHA website by following the steps:

  • Click on “sign in” (top right hand corner)
  • Select “personal or other account”
  • Click on “sign-up”

Once the account has been created, you will receive a verification email. You will be able to sign in to your account once the email has been verified.

If you want to continue receiving news alerts via email for either IUCLID or Chesar, you must log in with an ECHA Account, and activate the relevant options under My Account from within the appropriate website(s).

For more information consult ECHA account Q&A's

Categories Display