If you build websites for chemical companies -- or you're running one and trying to figure out what your digital presence actually needs to comply with EU REACH regulations -- you've probably noticed that the requirements keep shifting. The European Chemicals Agency (ECHA) has been steadily tightening the screws on how chemical information gets communicated digitally, and 2026 brings a fresh batch of changes that'll affect everything from your product pages to your Safety Data Sheet (SDS) distribution system.

I've spent the last few years building web platforms for manufacturing and chemical companies, and I can tell you: most chemical company websites are woefully behind on compliance. Not because the companies don't care, but because the intersection of web development and chemical regulation is a weird niche that nobody talks about clearly. Let's fix that.

Table of Contents

What Is REACH and Why Does It Affect Your Website

REACH (Registration, Evaluation, Authorisation, and Restriction of Chemicals) is the EU's regulation for chemical safety, enacted originally in 2006. It governs how chemicals are manufactured, imported, and used within the European Economic Area. If you're selling or distributing chemicals in EU markets, REACH applies to you -- full stop.

But here's what trips people up: REACH isn't just about your lab reports and internal documentation. It has real, enforceable requirements about how you communicate chemical safety information to downstream users, consumers, and the public. And in 2026, your website is a primary channel for that communication.

The regulation requires that:

  • Safety Data Sheets (SDS) are accessible to recipients of chemical substances
  • Information about Substances of Very High Concern (SVHCs) in articles is communicated to consumers upon request (and increasingly proactively)
  • Product information is accurate, up-to-date, and matches your ECHA registrations
  • SCIP (Substances of Concern In articles as such or in complex objects -- Products) notifications are maintained

Your website isn't just a marketing tool anymore. It's a compliance instrument.

Key 2026 REACH Updates That Impact Digital Platforms

The ECHA has been rolling out updates as part of the broader EU Chemicals Strategy for Sustainability (CSS). Here's what's specifically relevant for your digital presence in 2026:

Updated SDS Format Requirements

The revised Annex II of REACH (Commission Regulation (EU) 2020/878) has been fully mandatory since January 1, 2023, but enforcement has ramped up significantly. By 2026, all SDSs distributed through your website must conform to the updated 16-section format, include UFI (Unique Formula Identifier) codes where applicable, and provide nanoform-specific information.

Digital Product Passport (DPP) Alignment

The EU's Digital Product Passport initiative -- part of the Ecodesign for Sustainable Products Regulation (ESPR) -- is rolling out in phases. While chemicals aren't in the first wave (batteries, textiles, and electronics are), chemical companies supplying into these industries need to provide machine-readable substance data that feeds into DPPs. Your website's product data architecture needs to support structured, API-accessible chemical information.

Expanded SVHC Communication Obligations

The SVHC Candidate List keeps growing -- it had over 240 substances as of early 2025 -- and Article 33 obligations now effectively require proactive digital disclosure. Several EU member states have adopted positions that a website qualifies as a valid communication channel for Article 33 notifications, meaning you can't just wait for consumers to ask.

SCIP Database Synchronization

Article 9(1)(i) of the Waste Framework Directive requires suppliers of articles containing SVHCs above 0.1% w/w to notify the SCIP database. In practice, your website's product catalog should reference or link to SCIP notifications, especially for B2B customers who need this data for their own compliance.

Website Requirements for REACH Compliance

Let's get specific about what your website actually needs.

Requirement Description Priority
SDS Download Portal Authenticated or public access to current Safety Data Sheets in PDF and/or structured data format Critical
Product Classification Display CLP/GHS classification info (hazard pictograms, signal words, H/P statements) on product pages Critical
SVHC Disclosure Proactive listing of SVHC content for articles, with concentration data High
SCIP References Links or reference numbers to SCIP database entries High
UFI Display Unique Formula Identifiers on relevant product pages High
Multilingual Support SDS and product info in languages of target EU markets Critical
Version Control Clear versioning and date stamps on all compliance documents High
Contact for Chemical Safety Dedicated contact channel for chemical safety inquiries Critical
Accessibility WCAG 2.1 AA compliance for all safety information pages Medium-High
Data Export / API Machine-readable product data for DPP integration Medium (growing)

Safety Data Sheet Distribution and Digital Access

This is where I see the most technical debt on chemical company websites. The typical setup is a nightmare: PDFs dumped into a folder on a shared drive, maybe synced to the website via some manual upload process that someone in regulatory affairs handles when they remember to.

Here's what a proper SDS distribution system looks like in 2026:

Automated SDS Management

Your SDS documents should live in a structured content management system -- ideally a headless CMS -- with metadata that includes:

  • Substance/mixture name and identifiers (CAS, EC numbers)
  • Revision date and version number
  • Language/locale
  • Target market (which EU member states)
  • Associated UFI codes
  • Regulatory status flags
{
  "sds_id": "SDS-2026-0142",
  "substance_name": "Sodium Hydroxide Solution 50%",
  "cas_number": "1310-73-2",
  "revision_date": "2026-01-15",
  "version": "4.2",
  "languages": ["en", "de", "fr", "it", "es", "pl"],
  "ufi": "N1QV-50TW-F00M-WY7K",
  "svhc_relevant": false,
  "scip_notification": null,
  "pdf_urls": {
    "en": "/sds/sodium-hydroxide-50/en/v4.2.pdf",
    "de": "/sds/sodium-hydroxide-50/de/v4.2.pdf"
  }
}

This structured approach means you can build smart search and filtering on the front end, auto-notify customers when an SDS is updated, and generate audit trails for compliance reviews.

Access Control Considerations

Some SDSs contain proprietary formulation details. You'll need to think about:

  • Public access vs. authenticated customer portals
  • Role-based access (distributor vs. end-user)
  • Download logging for compliance audit trails

We typically implement this with a headless CMS backend (something like Sanity, Contentful, or Strapi) feeding a Next.js frontend with authentication via Auth0 or similar. If you're looking at this kind of architecture, our headless CMS development capabilities page covers the technical approach in detail.

SCIP Database Integration Requirements

The SCIP database has been operational since 2021, but the tooling and expectations around it have matured considerably. In 2026, the expectation isn't just that you've submitted your SCIP notifications -- it's that your digital presence connects the dots for your customers.

Practically speaking:

What Your Website Should Display

For any product (article) containing SVHCs above 0.1% w/w:

  • The SVHC name and CAS number
  • Concentration range
  • Location within the article
  • Safe use instructions
  • Your SCIP notification reference number or a direct link to the SCIP database entry

API Integration

ECHA provides a SCIP dissemination portal. While there's no official public API for querying SCIP data (as of early 2025, ECHA uses IUCLID format for submissions), you can maintain an internal mapping between your product catalog and your SCIP submissions. We've built this as a custom integration layer:

// Example: Mapping products to SCIP notifications
interface SCIPMapping {
  productId: string;
  scipNotificationId: string;
  svhcSubstances: {
    name: string;
    casNumber: string;
    concentrationRange: string;
    articleLocation: string;
  }[];
  safeUseInstructions: string;
  lastUpdated: Date;
}

async function getSCIPDataForProduct(productId: string): Promise<SCIPMapping | null> {
  const mapping = await db.scipMappings.findOne({ productId });
  if (!mapping) return null;
  
  // Check if data is stale (older than 90 days)
  const ninetyDaysAgo = new Date(Date.now() - 90 * 24 * 60 * 60 * 1000);
  if (mapping.lastUpdated < ninetyDaysAgo) {
    await notifyRegulatoryTeam(productId, 'SCIP data review needed');
  }
  
  return mapping;
}

The key point: this shouldn't be a manual process. Your product information management (PIM) system or CMS should track SCIP data as a first-class field, not something buried in a spreadsheet.

Technical Implementation: Building a Compliant Chemical Website

Let me walk through the architecture we'd actually recommend for a chemical company website that takes compliance seriously.

Headless Architecture

A headless approach separates your content management from your presentation layer. This matters for chemical compliance because:

  1. Regulatory content changes frequently. Your regulatory team needs to update SDS documents, SVHC lists, and product classifications without touching code or waiting for a deploy.
  2. Multi-channel distribution. The same product data needs to appear on your website, in your customer portal, via API for DPP integration, and potentially in printed catalogs.
  3. Audit trails. A good headless CMS provides version history out of the box -- essential for demonstrating compliance over time.

We typically build these on Next.js or Astro depending on the interactivity requirements. A product catalog with search, filtering, and authenticated SDS downloads usually points toward Next.js. A more content-heavy informational site might lean toward Astro for its superior static performance.

Content Model Design

Here's a simplified content model for a REACH-compliant product catalog:

Product
├── name: string
├── slug: string
├── cas_numbers: string[]
├── ec_numbers: string[]
├── reach_registration_number: string
├── clp_classification
│   ├── hazard_class: string
│   ├── hazard_category: string
│   ├── hazard_statements: string[]
│   ├── precautionary_statements: string[]
│   ├── signal_word: "Danger" | "Warning" | null
│   └── pictograms: GHSPictogram[]
├── svhc_data
│   ├── contains_svhc: boolean
│   ├── substances: SVHCSubstance[]
│   └── safe_use_instructions: richtext
├── scip_data
│   ├── notification_id: string
│   └── last_verified: date
├── sds_documents: SDSDocument[]
├── ufi_code: string | null
├── technical_data_sheets: Document[]
└── regulatory_status
    ├── eu_status: string
    ├── uk_reach_status: string
    └── restrictions: Restriction[]

This model ensures that every piece of compliance data has a home, is queryable, and can be rendered on product pages automatically.

Search and Filtering

Chemical buyers search by CAS number, EC number, product name, and application area. Your search needs to handle all of these. We've had good results with Algolia or Meilisearch for this -- they handle chemical nomenclature well if you configure synonyms properly.

Accessibility and Multilingual Requirements

REACH Article 31(5) requires that SDSs be supplied in the official language(s) of the member state(s) where the substance or mixture is placed on the market. This isn't optional.

For a company selling across the EU, that means supporting up to 24 official languages. In practice, most companies focus on the markets where they have significant sales -- typically 6-12 languages.

Implementation Approach

We handle this with locale-based routing in Next.js:

// next.config.js
module.exports = {
  i18n: {
    locales: ['en', 'de', 'fr', 'it', 'es', 'pl', 'nl', 'cs', 'pt', 'ro'],
    defaultLocale: 'en',
  },
};

The CMS stores translated content per locale, and SDS documents are tagged with their language. The product page automatically shows the correct SDS download links based on the user's locale.

Accessibility is also non-negotiable. The European Accessibility Act (EAA), taking full effect in June 2025, requires digital products and services to meet WCAG 2.1 Level AA. Chemical safety information absolutely falls under this -- people with disabilities need to access hazard information just like everyone else.

Pay special attention to:

  • Alt text for GHS pictograms (screen readers need to convey "Flammable" not just "image")
  • Proper heading hierarchy in SDS viewers
  • Keyboard navigation for product catalogs
  • Sufficient color contrast for hazard warning colors

Common Compliance Mistakes We See on Chemical Websites

After auditing dozens of chemical company websites, here are the patterns that keep showing up:

  1. Outdated SDS documents. The #1 issue. Companies update their SDS internally but forget to push the new version to the website. Automate this.

  2. Missing CLP information on product pages. Your product page shows the marketing description but not the hazard classification. That's a compliance gap.

  3. No SVHC disclosure for articles. If you sell articles (not just substances/mixtures), you might think REACH doesn't apply to your product pages. It does.

  4. PDF-only SDS distribution. PDFs are fine, but they're not machine-readable. As DPP requirements expand, you'll need structured data too.

  5. No version control visibility. Users should be able to see when an SDS was last revised and what version they're downloading.

  6. Single-language websites selling across EU markets. If you're selling sodium hypochlorite to a customer in Poland, they're entitled to an SDS in Polish.

  7. Broken or gated access to safety information. Some companies put SDS downloads behind registration walls with complex approval processes. Safety information should be readily accessible.

Penalties and Enforcement in 2026

Enforcement of REACH is handled at the member state level, which means penalties vary. But they're not trivial.

Member State Typical Fine Range for REACH Violations Notes
Germany €50,000 – €500,000+ Criminal liability possible for serious violations
France Up to €75,000 per infraction Doubled for repeat offenses
Netherlands Up to €900,000 RIVM conducts active web monitoring
Italy €15,000 – €90,000 Per substance/violation
UK (UK REACH) Unlimited fines possible HSE enforcement, separate from EU REACH

Worth noting: the Netherlands' RIVM (National Institute for Public Health and the Environment) has been particularly active in monitoring websites for compliance. They've publicly stated they use web scraping to check product pages against ECHA registration data. Your website isn't invisible to regulators.

The ECHA Forum (Forum for Exchange of Information on Enforcement) also coordinates EU-wide enforcement projects. REF-12 and REF-13 specifically included checks on online sales and digital communication of chemical safety information.

Choosing the Right Web Architecture for Compliance

If you're building a new chemical company website or overhauling an existing one, architecture matters more than you might think.

A traditional WordPress site with a bunch of plugins bolted on can work for small product catalogs, but it starts to creak under the weight of multilingual SDS management, structured product data, and API requirements. I've seen companies outgrow WordPress within a year of taking compliance seriously.

A headless architecture gives you:

  • Content modeling that matches your regulatory data structure
  • API-first data access for DPP integration and B2B data exchange
  • Performance (static generation for product pages means fast load times globally)
  • Security (no monolithic CMS to attack)
  • Flexibility to render the same data across web, PDF generation, and data feeds

We build these kinds of platforms regularly. If you're evaluating options, our pricing page gives you a sense of investment levels, and you can always reach out directly to talk through your specific situation.

FAQ

Does REACH apply to my website if I only sell within the UK?

If you only sell within the UK, you fall under UK REACH, which is administered by the HSE (Health and Safety Executive) rather than ECHA. The requirements are largely similar but not identical -- the UK has its own SVHC Candidate List and registration timelines. If you sell into both the EU and UK, you need to comply with both regimes, and your website should ideally make clear which regulatory framework applies to which products and markets.

Do I need to display GHS pictograms on my website product pages?

Yes, if you're advertising or offering chemical substances and mixtures for sale, CLP Regulation (EC) No 1272/2008 Article 48 requires that the advertisement mentions the hazard classes and pictograms. This has been enforced specifically in the context of online sales. Your product pages need hazard pictograms, signal words, and hazard statements at minimum.

How often do I need to update Safety Data Sheets on my website?

REACH Article 31(9) requires SDS updates "without delay" when new information affecting risk management becomes available, when an authorisation is granted or refused, or when a restriction is imposed. In practice, you should have a process that syncs your SDS management system to your website within 24-48 hours of any revision. Annual reviews of all published SDSs are considered best practice.

Can I require users to register before downloading an SDS?

Technically, REACH requires that SDSs be provided to recipients of substances and mixtures -- which means your customers. There's no obligation to make SDSs publicly downloadable. However, many enforcement authorities look unfavorably on unnecessary barriers to safety information access. A light registration (email) is generally acceptable; a multi-step approval process is not. For the general public, Article 33 SVHC information should be available without registration.

What is the Digital Product Passport and how does it affect chemical companies?

The Digital Product Passport (DPP) is part of the EU's Ecodesign for Sustainable Products Regulation. It requires products sold in the EU to carry a digital record of their composition, environmental impact, and lifecycle data. While chemicals aren't in the first implementation wave (expected 2026-2027 for batteries), chemical suppliers need to provide substance data that feeds into their customers' DPPs. This means your product data needs to be available in structured, machine-readable formats -- not just PDFs.

Do I need separate websites for EU and UK REACH compliance?

You don't need separate websites, but you do need to clearly differentiate which regulatory information applies to which market. Many companies handle this with locale-based routing (eu.company.com vs uk.company.com) or clear market selectors. SDS documents will differ between EU and UK markets because of different regulatory references, classification nuances, and emergency contact numbers.

What's the SCIP database and do I need to link to it from my website?

SCIP (Substances of Concern In articles as such or in complex objects -- Products) is an ECHA database where companies must notify articles containing SVHCs above 0.1% w/w. There's no legal requirement to link to SCIP from your website, but doing so is considered best practice and makes your customers' compliance easier. Many B2B procurement teams now expect SCIP reference numbers to be available on supplier product pages.

How do I handle REACH compliance for a website with thousands of products?

Automation is the only realistic answer. You need a structured product information management (PIM) system or headless CMS that stores regulatory data as structured fields -- not free text. Batch import from your ERP or regulatory management system, automated validation rules (flag products missing required fields), and templated product pages that pull compliance data dynamically. We've built catalogs with 10,000+ chemical products using this approach, and it works -- but it requires upfront investment in data architecture. Manual management stops being viable around 50-100 products.