An only representative (OR) who represents more than one non-EU/EEA manufacturer, will have to create a different account for each non-EU/EEA manufacturer they represent. It is possible to use the same company information (e.g. name, VAT, address, etc.) for each OR account. Each OR account can have the same or different contact details.

There are no strict rules in naming OR accounts, but a common convention is to use numerical identifiers attached to the OR name to facilitate the management of accounts linked to different non-EU/EEA manufacturers.

Note that the "Company Size" information in an OR account refers to the company size of the non-EU/EEA manufacturer and not to the company size of the only representative.
If you registered a substance but have indicated the wrong company size in your OR account, refer to Small and Medium-sized Enterprises to correct the mistake.

A user with the "Legal entity manager role" can use a "Foreign user" to access multiple legal entities. More information on how to do this can be found in chapter 6.7 of the ECHA Account manual.

An ECHA Account is a means by which ECHA can provide services and downloads within a specific legal framework. When creating an account, the account holder has to agree to specific terms and conditions. In general, ECHA Accounts provide access to the following:

1. ECHA IT tools (REACH-IT, R4BP 3, ePIC, Poison Centres Notifications, ECHA Cloud Services, etc);
2. The right to download and install locally ECHA IT tools, for example IUCLID and Chesar;
3. Additional services on the ECHA website, such as the possibility to receive notification on a substance of interest;
4. User account details

There are two types of ECHA accounts:

• Personal account: This provides access to options (2), (3) and (4) stated above. Notably, a personal account is not associated with a Legal Entity.
• Business account: This type of account provides access to all the options (1) – (4) stated above. A business account is created by adding the legal entity information to a personal account (e.g. Company name, VAT, address, etc).

A full explanation of ECHA accounts is provided in the manual here.

• Request for a new password: you need to know the answer to your security question.
• Recover a forgotten password: you need to know the answer to your security question once you click on the verification link sent to your email address.
• Recover your username: if you know your email address associated to the account, a message will be delivered to that email address with all the usernames related to that email address.

Users need to have at least one role, i.e. “manager” or “reader”, to access ECHA IT tools. The assigned roles determine the level of access to ECHA Accounts.

For account management

Legal Entity Manager: you can modify the legal entity data (e.g. company name, company address, VAT), contact details and user data (e.g. user email, phone number, etc), add/ remove users to a Legal Entity or modify users’ data, add/ modify contacts to the Legal Entity, add contacts to a Legal Entity.

Access to ECHA applications

• Reader: the roles “REACH Reader”, “BPR Reader”, “PIC Reader” and “Submission Portal Reader” have read-only access. 
• Manager: the roles “REACH Manager”, “BPR Manager”, “PIC Manager” and “Submission Portal Manager” can submit, edit, delete or create data in REACH-IT, ePIC, R4BP and Submission Portal. 
• Read Only: “IUCLID Read Only” and “IUCLID Trial Read Only” have read-only access. 
• Full Access: the roles “IUCLID Full Access” and “IUCLID Trial Full Access” “IUCLID SME Full Access” and “IUCLID Trial Full Access” can submit, edit, delete or create data in ECHA Cloud Services.

A foreign user is an external user from company B who has been appointed by the LE manager from company A to work for company A. A foreign user can perform actions on behalf of the company that grants him permission to use an account from their own ECHA account.

Company B, functioning as foreign user, must create a business account before company A can include the foreign user LE UUID to their account. The foreign user will be able to work on your behalf in REACH-IT, R4BP 3, ePIC and ECHA Cloud Services as if they were users of your company. 

If needed, you can disassociate the foreign user from the "Users" tab.

For further information see the ECHA Accounts manual.

• Introduce your user details
• Verify the e-mail address (access the e-mail address linked to your user account and click on the verification link)
• Create your legal entity (or company details). If you already have a LEOX (previously created in the IUCLID 5 website or in IUCLID 5), you can import your company details

You can:

• Access REACH-IT, R4BP 3, ePIC or ECHA Cloud Services and select either the legal entity or username available on the top right side banner.
• Access directly the ECHA Accounts portal.

Only a user with a "Legal entity Manager" role can edit or remove the manager or reader role of another user. This will prevent the user from accessing to the relevant application. More information can be found in ECHA Accounts manual.

As mentioned in the ECHA Accounts Manual, the following rules must be applied, when changing/updating a password:

The password must have at least 8 characters and contain three of the following character types: uppercase letter [A to Z], lowercase letter [a to z], number [0-9] and non-alphabetical.

Please also note the following restrictions:

• The password must not contain parts of the username, first name or last name.
• The password cannot be the same as the previously used passwords.
• The password cannot be changed more than once a day. 

In order to solve this issue, please:

1. Try to verify your email before using the OTP provided to you by ECHA. If the account is not verified, then you cannot proceed and change the password.
2. Contact your LE Manager to check your account, roles and reset your password if needed
3. Contact the ECHA Helpdesk to re-check and reset your account, in case the e-mail verification fails.

A company name change needs to be communicated to ECHA using available ECHA applications such as REACH-IT, R4BP 3 or ePIC. The company name can be easily changed by logging in to ECHA Accounts through any of the ECHA applications. See steps below:

1. Log into ECHA Accounts
2. Click on “LEGAL ENTITY, GENERAL INFORMATION”
3. Click on the button “Edit” and find the field “Legal Entity Name”
4. Modify the company name, agree to the disclaimer and upload a supporting document from a national registry to prove the official name change.

Important note: Under the Biocidal Products Regulation (BPR), a company name change is considered legally valid only once an administrative change on request is authorised by your national authorities. Useful instructions on how to submit an administrative change on request (NA-ADC) via R4BP 3 can be found in the chapter “National authorisation – changes on request” of the Biocides Submission Manual: national authorisations.

Only the business account associated with a LE/Company/Organisation can access an ECHA IT tool (REACH-IT, R4BP, ePIC, ECHA Cloud Services, etc.). If you do not have access to the ECHA on-line IT tools, after the creation of a new user account you need to continue and promote a personal account to a business account.

If you would like to see a detailed description of this process along with a full explanation of all aspects of ECHA accounts, see the ECHA Accounts manual.