Managing Environmental Compliance Obligations Under ISO 14001

ISO 14001 Clause 6.1.3

This clause requires the organisation to determine its compliance obligations, how they apply and to document them.

ISO 14001 Clause 6.1.3 - Compliance Obligations

ISO 14001:2026 Clause 6.1.3 requires the organisation to determine and have access to its environmental compliance obligations, work out how they apply, and take them into account in establishing, implementing, maintaining and continually improving the environmental management system.

Compliance obligations come in two forms. There are legal requirements the organisation has to comply with, and other requirements the organisation has to or chooses to comply with. The terminology in the standard treats both with equal weight - once the organisation has identified an obligation, it forms part of the compliance picture regardless of whether its origin is statutory or voluntary.

Legal Requirements

Legal requirements are the obligations imposed by law. For an organisation operating in the UK, environmental legal requirements typically include:

requirements set out in primary legislation such as the Environmental Protection Act 1990 and the Environment Act 2021;
regulations covering specific environmental aspects such as waste management, hazardous substances, oil storage, packaging and producer responsibility;
conditions attached to environmental permits, licences and other authorisations;
guidance and orders issued by regulators such as the Environment Agency, the Scottish Environment Protection Agency (SEPA), Natural Resources Wales, or local authority environmental health teams;
court judgments and administrative tribunal decisions where relevant.

Organisations operating internationally need to identify equivalent legislation in each jurisdiction. The structure is the same but the specific instruments vary considerably between countries.

Other Requirements

Other requirements are the voluntary commitments the organisation has accepted that affect its environmental management. These can include:

customer environmental specifications written into contracts;
industry codes of practice the organisation has signed up to;
voluntary environmental commitments such as net zero pledges or sustainability targets in tender responses;
agreements with community groups, local authorities or non-governmental organisations;
internal organisational standards that go beyond legal minimums;
environmental requirements in supplier or partner agreements.

The organisation chooses whether to adopt these. Once adopted - through a contract signature, a public commitment, or an internal decision - they become compliance obligations and are managed alongside legal requirements.

How Compliance Obligations Apply

Identifying an obligation is the start, not the end. The standard requires the organisation to determine how each obligation applies. A regulation on hazardous waste applies to the organisation's hazardous waste streams - not to the rest of its waste. A permit condition applies to the activity that the permit covers. A customer commitment to use recycled content applies to the products the organisation supplies to that customer.

Working out how each obligation applies in practice is what allows the organisation to design effective controls, set sensible objectives, and evaluate compliance honestly. The legal register is the working document where this happens. For each piece of legislation or other requirement, the register typically records what the requirement is, how it applies to the organisation, and what the organisation does to comply.

The mistake I see most often is treating the legal register as a long list of every environmental statute on the books, with no analysis of relevance. That is not what the clause requires. It asks for the obligations that apply to your organisation, with an explanation of how they apply.

A short, accurate register that says exactly what each requirement means for the business is much more useful than a long generic one that covers everything but explains nothing.

At audit I will pick a couple of items from the legal register and ask how the organisation complies. If the answer is clear and someone can show me the evidence - permits in place, waste transfer notes filed, training records, monitoring data - I am satisfied. If the answer is vague or relies on assumption, that is a finding.

Compliance obligations is the clause that worries people most because it sounds legal. It is not really. You list the rules that apply to your environmental side. You say what each one means for you. You make sure you are doing what they require. Then you check now and again that you are still doing it. The complexity comes from the legislation itself, not from this clause.

Practical Compliance Guidance

Compliance obligations are recorded in a legal register that is reviewed regularly and updated as legislation changes. The IMS1 Manual sets out the procedure for legal compliance in Section 1.6 and references the legal register for the detail.

The following alphaZ documents support compliance with ISO 14001:2026 Clause 6.1.3.

alphaZ document	How to use it
ISO 9001/14001/45001 IMS Toolkit	The full set of integrated management system documents covering the requirements of all three standards, including the IMS1 Manual.
ER9 Legal Register	Full register of UK legal requirements covering environmental, health and safety, employment, data protection and other categories. Records each requirement, its applicability and how compliance is achieved.
F-IMS22 Interested Parties Register	Identifies the interested parties whose requirements may become compliance obligations including customers, regulators and community groups.

Note - all the above files can be downloaded with an alphaZ subscription.

Frequently Asked Questions

Do compliance obligations only cover legal requirements?

No. Compliance obligations include legal requirements the organisation has to comply with, and other requirements the organisation has to or chooses to comply with. Voluntary commitments such as customer agreements, industry codes of practice, and internal organisational standards all become compliance obligations once the organisation has adopted them.

How often should the legal register be reviewed?

Most organisations review the legal register at least annually as part of management review. The register also needs updating whenever new legislation is introduced, existing legislation changes, the organisation's activities change in a way that brings new requirements into scope, or a new permit or licence is granted.

Where do I get information about new and changing legislation?

UK legislation is published at legislation.gov.uk. Regulators such as the Environment Agency, SEPA, Natural Resources Wales and the Health and Safety Executive publish updates and guidance. Trade associations and subscription services provide updates filtered for sector relevance. The organisation needs a defined source it relies on so that updates do not get missed.

Does evaluation of compliance happen at this clause?

No. Clause 6.1.3 covers identifying compliance obligations and how they apply. The evaluation of whether the organisation actually complies takes place under Clause 9.1.2 Evaluation of Compliance. The two clauses work together - 6.1.3 sets up what needs to be complied with, 9.1.2 checks that it is.

UK Legislation

The following primary UK environmental legislation forms the foundation of compliance obligations for most organisations operating in the UK. Specific regulations and permits applicable to a particular organisation will sit alongside these.

Further Resources