An ECHA Account is a means by which ECHA can provide services and downloads within a specific legal framework. When creating an account, the account holder has to agree to specific terms and conditions. In general, ECHA Accounts provide access to the following:

1. ECHA IT tools (REACH-IT, R4BP 3, ePIC, Poison Centres Notifications, ECHA Cloud Services, etc);
2. The right to download and install locally ECHA IT tools, for example IUCLID and Chesar;
3. Additional services on the ECHA website, such as the possibility to receive notification on a substance of interest;
4. User account details

• Personal account: This provides access to options (2), (3) and (4) stated above. Notably, a personal account is not associated with a Legal Entity.
• Business account: This type of account provides access to all the options (1) – (4) stated above. A business account is created by adding the legal entity information to a personal account (e.g. Company name, VAT, address, etc).

A full explanation of ECHA accounts is provided in the manual here.

• Request for a new password: you need to know the answer to your security question.
• Recover a forgotten password: you need to know the answer to your security question once you click on the verification link sent to your email address.
• Recover your username: if you know your email address associated to the account, a message will be delivered to that email address with all the usernames related to that email address.

Users need to have at least one role, i.e. “manager” or “reader”, to access ECHA IT tools. The assigned roles determine the level of access to ECHA Accounts.

For account management
Legal Entity Manager: you can modify the legal entity data (e.g. company name, company address, VAT), contact details and user data (e.g. user email, phone number, etc).

Access to ECHA applications

• Manager: full access to the application selected (REACH-IT, R4BP 3, ePIC)
• Reader: read-only access to the application selected (REACH-IT, R4BP 3, ePIC)
• IUCLID SME Full Access: full access to the ECHA Cloud services
• IUCLID SME Read Only: read–only access to the ECHA Cloud services

A foreign user is an external user from company B who has been appointed by the LE manager from company A to work for company A. A foreign user can perform actions on behalf of the company that grants him permission to use an account from their own ECHA account.

Company B, functioning as foreign user, must create a business account before company A can include the foreign user LE UUID to their account. The foreign user will be able to work on your behalf in REACH-IT, R4BP 3, ePIC and ECHA Cloud Services as if they were users of your company. 

If needed, you can disassociate the foreign user from the "Users" tab.

For further information see the ECHA Accounts manual.

• Introduce your user details
• Verify the e-mail address (access the e-mail address linked to your user account and click on the verification link)
• Create your legal entity (or company details). If you already have a LEOX (previously created in the IUCLID 5 website or in IUCLID 5), you can import your company details

Only a user with a "Legal entity Manager" role can edit or remove the manager or reader role of another user. This will prevent the user from accessing to the relevant application. More information can be found in ECHA Accounts manual.

As mentioned in the ECHA Accounts Manual, the following rules must be applied, when changing/updating a password:

The password must have at least 8 characters and contain three of the following character types: uppercase letter [A to Z], lowercase letter [a to z], number [0-9] and non-alphabetical.

Please also note the following restrictions:

• The password must not contain parts of the username, first name or last name.
• The password cannot be the same as the previously used passwords.
• The password cannot be changed more than once a day. 

In order to solve this issue, please:

1. Try to verify your email before using the OTP provided to you by ECHA. If the account is not verified, then you cannot proceed and change the password.
2. Contact your LE Manager to check your account, roles and reset your password if needed
3. Contact the ECHA Helpdesk to re-check and reset your account, in case the e-mail verification fails.

A company name change needs to be communicated to ECHA using available ECHA applications such as REACH-IT, R4BP 3 or ePIC. The company name can be easily changed by logging in to ECHA Accounts through any of the ECHA applications. See steps below:

1. Log into ECHA Accounts
2. Click on “Accounts, Users & parties”
3. Click on the button “Edit” and “Change name”
4. Modify the company name, agree to the disclaimer and upload a supporting document from a national registry to prove the official name change.

Important note: Under the Biocidal Products Regulation (BPR), a company name change is considered legally valid only once an administrative change on request is authorised by your national authorities. Useful instructions on how to submit an administrative change on request (NA-ADC) via R4BP 3 can be found in the chapter “National authorisation – changes on request” of the Biocides Submission Manual: national authorisations.

Only the business account associated with a LE/Company/Organisation can access an ECHA IT tool (REACH-IT, R4BP, ePIC, ECHA Cloud Services, etc.). If you do not have access to the ECHA on-line IT tools, after the creation of a new user account you need to continue and promote a personal account to a business account.

If you would like to see a detailed description of this process along with a full explanation of all aspects of ECHA accounts, see the ECHA Accounts manual.