Table of Contents
- The compliance manager has four systems open. None of them agree.
- How Regulatory Data Ends Up Fragmented: The Five Accumulation Patterns
- 1. The PLM/ERP/compliance platform triangle
- 2. Supplier declarations accumulate without versioning
- 3. Regulatory intelligence lives outside the compliance system
- 4. Multi-framework compliance creates parallel data structures
- 5. Spreadsheets fill the gaps that systems leave
- Why Fragmentation Is Getting Worse, Not Better
- The regulatory framework count has tripled in ten years
- Product complexity has increased simultaneously
- Regulatory updates are accelerating
- The Five Markers of Fragmented Compliance Data
- Building Compliance Data Architecture That Works
- 1. Establish a live PLM-to-compliance BOM integration
- 2. Implement declaration versioning with clear supersession
- 3. Connect regulatory intelligence to compliance data updates
- 4. Build a unified compliance record per part, not per framework
- 5. Replace spreadsheet compliance infrastructure with system-managed data
- A Self-Check for Your Compliance Data Architecture
- How Regilient addresses data fragmentation
The compliance manager has four systems open. None of them agree.
A product compliance manager is preparing a REACH declaration for a key customer. The engineering BOM is in Teamcenter. The supplier declarations are in a compliance platform that was implemented three years ago. The substance screening results from last year's REACH audit are in a SharePoint folder. The exemption documentation for two RoHS lead components is in an email thread that the original compliance engineer sent before leaving the company.
The BOM in Teamcenter has 847 components. The compliance platform has declarations for 612 of them. Of those 612, 89 were flagged as requiring update after the February 2026 Candidate List addition but the updates haven't been actioned. The SharePoint screening results reference a BOM revision that is three versions behind the current engineering release. The email thread with the exemption documentation is not findable by anyone except the manager who knows what subject line to search for.
This is not a description of a poorly run compliance programme. It is a description of how product compliance data accumulates in a typical manufacturing enterprise over five to ten years of normal operations. The problem is not that the data doesn't exist. It's that no one can tell you with confidence which data is current, which is stale, and which is simply wrong.
According to research on manufacturing product data management, data silos cost manufacturers an average of 25% of engineering time on non-productive data management tasks. For compliance teams, the cost is not just time. It is the integrity of every regulatory declaration, every customer response, and every audit defence that depends on data whose accuracy cannot be verified.
This article examines how regulatory data fragmentation happens, why it is getting worse as regulatory scope expands, and what manufacturers need to build to make compliance data trustworthy again.
How Regulatory Data Ends Up Fragmented: The Five Accumulation Patterns
Data fragmentation in compliance programmes is not the result of bad decisions. It is the result of good decisions made at different times, by different teams, for different purposes, that were never designed to work together.
1. The PLM/ERP/compliance platform triangle
In a typical manufacturing enterprise, product structure and BOM data live in the PLM system. Commercial and procurement data (supplier records, part numbers, pricing) live in the ERP. Regulatory compliance data sits in a third system, a dedicated compliance platform or a compliance module, that is integrated with neither the PLM nor the ERP as tightly as it needs to be.
The result is that a single part can have three different identities: its PLM part number, its ERP purchasing number, and its compliance platform identifier. When the PLM BOM is updated (a component is revised, a sub-assembly is added), the change may propagate to the ERP within hours through an automated integration. But the compliance platform, which doesn't have the same tight integration, may not reflect the change for days, weeks, or at all if the update process is manual.
A compliance declaration made against a stale BOM is not a compliant declaration. It is a document that attests to the regulatory status of a product structure that no longer exists.
2. Supplier declarations accumulate without versioning
A supplier sends a REACH declaration in 2022. The same supplier sends an updated declaration in 2024. A third version arrives in 2025 after the compliance team triggers re-canvassing following a Candidate List update.
If the compliance system doesn't enforce version control and clear supersession, all three declarations may exist simultaneously, attached to the same part, with no indication of which is current. A compliance analyst running a report in 2026 may pull the 2022 declaration without knowing two newer versions exist. If the 2025 version reflects a newly declared SVHC, the report will show the part as compliant when it isn't.
Version control for supplier declarations is not a nice-to-have. It is a foundational data integrity requirement. Yet most compliance programmes manage declarations as file attachments rather than as versioned data objects with clear supersession logic.
3. Regulatory intelligence lives outside the compliance system
When ECHA updates the Candidate List, or the Commission adopts a new RoHS delegated directive, or EPA extends a TSCA reporting deadline, that information needs to flow into the compliance system to trigger the appropriate re-evaluation of affected parts, suppliers, and declarations.
In most enterprises, regulatory intelligence is tracked separately: a team member monitors regulatory sources (ECHA, EPA, the Official Journal), compiles updates in a tracking spreadsheet, and manually triggers the corresponding compliance actions. The regulatory intelligence and the compliance data never share a system. The result is a lag between when a regulation changes and when the compliance data is updated to reflect the change. During that lag, the compliance data is technically wrong: it reflects a regulatory baseline that no longer applies.
4. Multi-framework compliance creates parallel data structures
As the number of regulatory frameworks requiring supplier data has grown (REACH, RoHS, PFAS, conflict minerals, EMRT, TSCA, California Prop 65, EU Battery Regulation, PPWR), each new framework has typically been added to the compliance programme as a parallel workstream. A compliance platform that was implemented for REACH and RoHS gets extended to cover conflict minerals. A separate workflow gets built for PFAS. Battery regulation data collection runs as a project in a shared folder.
Each extension builds its own data structure, its own supplier outreach process, and its own reporting output. The data for the same part or supplier across different frameworks is never integrated into a unified product compliance record. A part that appears compliant in the REACH workstream may have outstanding flags in the RoHS workstream and an incomplete response in the conflict minerals workstream, but no single view shows this simultaneously.
5. Spreadsheets fill the gaps that systems leave
Every compliance programme has spreadsheets. They exist not because compliance managers prefer spreadsheets, but because the system integration gaps between PLM, ERP, and compliance platforms are real, and spreadsheets are the lowest-friction way to bridge them.
A spreadsheet tracking exemption expiry dates for 200 RoHS components. A spreadsheet mapping supplier conflict minerals response status across three reporting cycles. A spreadsheet cross-referencing IMDS submission IDs to BOM part numbers that the PLM doesn't expose in the right format. Each spreadsheet represents a piece of compliance infrastructure that exists outside any system, maintained by an individual, and invisible to anyone else unless shared manually.
When the person who owns the spreadsheet leaves the company, the spreadsheet's institutional knowledge leaves with them. When the underlying data it references changes, the spreadsheet may not be updated. When an auditor requests documentation, the spreadsheet cannot produce a verifiable audit trail.
Why Fragmentation Is Getting Worse, Not Better
The regulatory framework count has tripled in ten years
A compliance programme in 2015 might have managed REACH, RoHS, and conflict minerals. In 2026, the same programme manages REACH (including SCIP), RoHS (including the 2025-2026 exemption restructuring), PFAS (multiple national and EU regulations), conflict minerals (CMRT, EMRT, AMRT), TSCA, California Prop 65, EU Battery Regulation, PPWR, EUDR, and increasingly CSRD scope 3 data. Each additional framework adds a new data collection workflow, a new reporting output, and a new source of fragmentation if not integrated into a unified compliance data model.
Product complexity has increased simultaneously
The average number of components in a manufactured product has risen as supply chains have globalised. A complex automotive or electronics product may have 5,000 to 50,000 individual components, each requiring compliance data across multiple frameworks. The BOM that compliance data must map to is larger and more frequently revised than it was a decade ago.
Regulatory updates are accelerating
ECHA updates the Candidate List roughly twice a year. RoHS delegated directives restructure exemptions every few years. PFAS restrictions add new regulated substances at an increasing cadence. Each regulatory update should trigger a re-evaluation of affected compliance data across the BOM. In a fragmented data environment, those re-evaluations are manual, delayed, and incomplete.
The Five Markers of Fragmented Compliance Data
Compliance teams can assess their own data fragmentation by checking for these five patterns:
Marker 1: BOM version misalignment. The BOM version in the compliance system is different from the current engineering BOM in the PLM. This is the most common and most dangerous fragmentation pattern, because it means compliance data is attached to a product structure that doesn't reflect the current product.
Marker 2: Duplicate or unversioned supplier declarations. Multiple declarations for the same part from the same supplier, with no clear indication of which is current and which is superseded. Older declarations are not marked as inactive.
Marker 3: Regulatory intelligence lag. The compliance data has not been updated to reflect a regulatory change that occurred more than 30 days ago. Substance lists, exemption status, or threshold values in the compliance system are behind the current official source.
Marker 4: Framework silos. Compliance data for different regulatory frameworks (REACH, RoHS, PFAS, conflict minerals) is stored in separate workstreams or tools with no unified view of a single part's overall compliance status across frameworks.
Marker 5: Spreadsheet dependence. Critical compliance data (exemption tracking, response rate monitoring, regulatory deadline calendars, cross-referencing between systems) lives in spreadsheets maintained by individuals rather than in the compliance system itself.
If three or more of these markers are present, the compliance programme is operating with data it cannot fully trust.
Building Compliance Data Architecture That Works
1. Establish a live PLM-to-compliance BOM integration
The compliance system's BOM must reflect the current engineering BOM in real time, not on a periodic sync schedule. Every component revision, part addition, and assembly change in the PLM should automatically propagate to the compliance system, triggering an impact assessment: does this change affect any existing compliance declarations? Does it introduce new substances that require screening?
Without a live BOM integration, every compliance declaration is potentially out of date the moment an engineering change is approved.
2. Implement declaration versioning with clear supersession
Every supplier declaration should be stored as a versioned data object, not a file attachment. When a newer declaration is received, the older version is superseded (not deleted) and the compliance record reflects only the current version in active status. Version history is retained for audit purposes. Reports always draw from current-status declarations.
3. Connect regulatory intelligence to compliance data updates
Regulatory monitoring should not be a separate spreadsheet activity. When the Candidate List is updated, the compliance system should automatically identify all parts in the BOM that contain newly listed substances above 0.1% w/w and flag them for re-evaluation. When a RoHS exemption expires, the system should flag all components relying on that exemption. Regulatory intelligence and compliance data should share a system, not a handoff.
4. Build a unified compliance record per part, not per framework
For every BOM component, maintain a single compliance record that surfaces its status across all applicable frameworks simultaneously: REACH status (SVHC presence, SCIP notification status), RoHS status (substance concentrations, exemption basis), conflict minerals status (CMRT coverage, smelter validation), PFAS exposure, and any other applicable frameworks. A compliance analyst should be able to select any part and see its complete multi-framework compliance picture in a single view.
5. Replace spreadsheet compliance infrastructure with system-managed data
Every piece of compliance data that currently lives in a spreadsheet should have a defined home in the compliance system with a clear owner, a clear update trigger, and a clear retention and audit trail requirement. Exemption expiry dates should be managed in the system with automated alerts. Supplier response rates should be tracked in the system. Regulatory deadline calendars should be maintained in the system. Spreadsheets should not be the primary record for any compliance-critical data.
A Self-Check for Your Compliance Data Architecture
Six questions to assess your current data integrity:
- BOM alignment: Is the BOM version in your compliance system the same as the current engineering BOM in your PLM, and how quickly does a BOM change propagate to compliance data?
- Declaration versioning: When a supplier provides an updated declaration, is the previous version automatically superseded, and is your reporting drawing from current-status declarations only?
- Regulatory lag: What is the current lag between an official regulatory update (Candidate List, delegated directive, EPA announcement) and the corresponding update in your compliance data?
- Unified view: Can you select any BOM component and see its compliance status across all applicable frameworks (REACH, RoHS, PFAS, conflict minerals) in a single view?
- Spreadsheet dependency: How many pieces of compliance-critical data currently live in spreadsheets maintained by individuals, and what happens to that data when those individuals leave?
- Audit confidence: If a regulator or customer auditor asked you to demonstrate the compliance status of your most complex product as of today, could you produce a complete, current, verified answer from your system, without manual data assembly?
If more than two answers reveal gaps, the compliance data your team relies on is not as trustworthy as your declarations and reports imply.
How Regilient addresses data fragmentation
Regulatory data fragmentation is not solved by buying another system. It is solved by redesigning how compliance data flows between the systems that already exist, and adding the regulatory intelligence layer that connects regulatory updates to compliance data in real time. Regilient's agentic sustainability platform addresses data fragmentation at the architectural level:
- Live BOM integration with PLM systems that propagates engineering changes to compliance data in real time, with automatic impact assessment on existing declarations and substance screening
- Versioned declaration management that supersedes outdated supplier data, maintains audit trails, and ensures reports always draw from current-status records
- Regulatory intelligence integration that connects ECHA Candidate List updates, RoHS delegated directive changes, EPA announcements, and other regulatory events directly to compliance data re-evaluation workflows
- Unified multi-framework compliance records that surface a single part's status across REACH, RoHS, PFAS, conflict minerals, TSCA, and other applicable frameworks in one view
- Compliance data governance that replaces spreadsheet-based tracking of exemptions, deadlines, and response rates with system-managed data with defined owners, update triggers, and audit trails
The compliance teams that produce accurate, current, audit-ready product data are not the ones who work harder to manage fragmented systems. They are the ones who designed their data architecture to prevent fragmentation from accumulating in the first place. The teams that didn't will spend an increasing share of their capacity managing data integrity problems instead of managing regulatory risk.
Book a Regilient demo to see how agentic compliance data management connects PLM, supplier declarations, and regulatory intelligence into a single, trustworthy product compliance record.
Regilient provides agentic sustainability software for product compliance, supplier engagement, and regulatory intelligence across REACH, RoHS, PFAS, CMRT, SCIP, and global chemical regulations.