Want to search for the relevant question and answer in your own language? Change the language in the dropdown menu above.



ECHA Accounts

Account management

Can I create a REACH-IT account for learning purposes and remove it afterwards?

No, REACH-IT does not allow, under any circumstances, the creation of accounts for the purpose of testing. The data entered into REACH-IT is binding and may trigger regulatory obligations and cannot be modified or deleted. Testing data may alter the correct functioning of the system, impact statistics and priorities, and cause harm to other registrants and notifiers who submit genuine data.

Can I administer my ECHA user account by myself?
Yes. Any user can perform the following actions:
  • Request for a new password: you need to know the answer to your security question.
  • Recover a forgotten password: you need to know the answer to your security question once you click on the verification link sent to your email address.
  • Recover your username: if you know your email address associated to the account, a message will be delivered to that email address with all the usernames related to that email address.
If your account is locked after several incorrect attempts, you will be able to use the account recovery functionality. Once you provide the answer to the security question, a password will be sent to your email address. You may alternatively contact another user of the same account with "legal entity manager" role, so this user will provide you immediately with a new password.
Remember that you can contact your user administrator to provide you with access or to modify data related to a particular account. If you are the administrator and you cannot perform any of the actions previously mentioned, you can contact the ECHA Helpdesk. When communicating with ECHA Helpdesk, please always include all the possible relative information (e.g. “legal entity manager” account name, UUID). This will help us to resolve your request faster.
Further information can be found in the ECHA Accounts Manual.
What is the meaning of the different roles in ECHA Accounts?

The roles have been designed to allow you to administer the management of your ECHA Account and the level of access to REACH-IT, R4BP 3, ePIC, R4BP 3 and ECHA Cloud Services. Below are the roles linked to ECHA’s IT tools:

For account management

Legal Entity Manager: you can modify the legal entity data, contact data and user data.

Access to an ECHA application

  • Manager: full access to the application selected (REACH-IT, R4BP 3, ePIC)
  • Reader: read-only access to the application selected (REACH-IT, R4BP 3, ePIC)
  • IUCLID SME Full Access: full access to the ECHA Cloud services
  • IUCLID SME Read Only: read–only access to the ECHA Cloud services


What happens if I add a "foreign user" to my legal entity?

You can assign a foreign user to your company to allow a user from a different company to work on behalf of your company. The foreign user must create an account in ECHA Accounts before you are able to include the primary LE UUID of the foreign user in your account. The foreign user will be able to work on your behalf in REACH-IT, R4BP 3, ePIC and ECHA Cloud Services as if they were users of your company.  

If needed, you can disassociate the foreign user from the "Users" tab.

How can I manage my ECHA account?

You can:

  • Access REACH-IT, R4BP 3, ePIC or ECHA Cloud Services and select either the legal entity or username available on the top banner.
  • Access directly the ECHA Accounts portal.
How can I remove access of a particular user in REACH-IT, R4BP 3, ePIC and ECHA Cloud Services?

A user with a "Legal entity Manager" role can edit or remove the manager or reader role of another user. This will prevent the user from accessing to the relevant application. More information can be found in ECHA Accounts manual.

What are the password complexity requirements and password policy?

As mentioned in the ECHA Accounts Manual, the following rules must be applied, when changing/updating a password:

The password must have at least 8 characters and contain three of the following character types: uppercase letter [A to Z], lowercase letter [a to z], number [0-9] and non-alphabetical.

Please also note the following restrictions:

  • The password must not contain parts of the username, first name or last name.
  • The password cannot be the same as the previously used passwords.
  • The password cannot be changed more than once a day. 
I received a One-time-Password (OTP) but I can still not log in to my account.

In order to solve this issue, please:

  1. try to verify your email before using the OTP provided to you by ECHA. If the account is not verified, then you cannot proceed and change the password.
  2. contact the ECHA Helpdesk to re-check and reset your account, in case the e-mail verification fails.
Which type of account can access REACH-IT, R4BP, ECHA Cloud Services, etc.?

Only the business account associated with a LE/Company/Organisation can access an ECHA IT tool (REACH-IT, R4BP, ePIC, ECHA Cloud Services, etc.). If you do not have access to the ECHA on-line IT tools, after the creation of a new user account you need to continue and promote a personal account to a business account.

If you would like to see a detailed description of this process along with a full explanation of all aspects of ECHA accounts, see the ECHA Accounts manual.

Categories Display