UK exits the EU (more EU Notices)

Further EU Notices were issued on 12th March. All Notices are gathered here.

Reminding : EU decentralised agencies also publish information in relation to the UK’s withdrawal from the EU, for example the Community Plant Variety Office, the European Chemicals Agency, the European Medicines Agency and the European Union Intellectual Property Office.

Furthermore, the three European Supervisory Authorities (the European Banking Authority, the European Securities and Markets Authority and the European Insurance and Occupational Pensions Authority) and the Single Supervisory Mechanism have issued opinions and guidance.

Notices are important because they set out the legal position that will operate from March 2019. Transition arrangements that might be agreed may change the requirements.

Waste Crime (UK – E&W)

DEFRA is conducting a consultation on proposals to tackle crime and poor performance in the waste sector, and introduce a new fixed penalty for the householder waste duty of care. The consultation closes on 26th March 2018, and applies to England and Wales. The consultation document is here.

One part of this consultation proposes changes to the waste exemption regime (set out in Schedule 3 of the Environmental Permitting (England and Wales) Regulations 2016 (as amended)).

Waste exemptions are exemptions from the need for an environmental permit for waste recovery and disposal operations. Since exemptions were first introduced in 1994, the government has made extensive use of them (within the EU rules) to provide a light-touch form of regulation for small-scale, low risk waste management activities.

In England and Wales, there are 59 types of exempt waste operations available for the use (U), treatment (T), storage (S) and disposal (D) of waste. Similar provisions exist in Scotland and Northern Ireland (but note the exact exemptions are different).

Apart from exemption T11 for the treatment of waste electrical and electronic equipment (WEEE), it is free to register one or more exemptions at a site. The registration is valid for three years and then automatically expires, and can be re-registered or “renewed” for another three years. Each exemption has conditions setting out the types and quantities of waste that can be managed. The conditions also set out what treatments can be carried out, how the waste must be stored, and which environmental protection measures must be complied with.

Registering an exemption is not the same as applying for and receiving an environmental permit. A permit amounts to “permission” from the regulators to carry a set of particular activities. In contrast, by registering an exemption, the establishment or undertaking is self- certifying that they have read and understood the conditions of the exempt activity and will comply with them. At the point of registration, the regulators do not assess whether the criteria defined in the exemption are met.

The proposals set out for consultation focus on four areas: (pages 40 to 67 of the consultant document)

1. Prohibiting the use of waste exemptions in specified circumstances;

2. Making changes to the ten waste exemptions identified as being associated with the greatest levels of non-compliance and illegality;

3. Requiring additional information to support effective regulation of the regime;

4. Improving the process to register or continue an exemption.

Use the resources set out here to respond to this consultation.

Subscribers (England and Wales) to Cardinal Environment EHS Legislation Registers & Checklists will receive an Email Alert when the EPR changes.

Returning EU powers (UK)

The UK government has today published its provisional analysis of the returning EU powers that will result in the devolved administrations of the UK receiving extensive new powers as the UK exits the EU. This document is here.

The analysis covers 153 areas where EU laws intersect with devolved competence. There are 24 policy areas identified that are subject to more detailed discussion to explore whether legislative common framework arrangements might be needed, in whole or in part.

Please look out for further Blog posts, as the situation evolves.

[the image is a screen grab of the first page of the 24 policy areas, found on page 17 of 21]

Personal Protective Equipment (EU)

Existing PPE Directive 89/686/EEC covers the manufacture and marketing of personal protective equipment. It defines legal obligations to ensure that PPE on the European market provides the highest level of protection against hazards. The CE marking affixed to PPE provides evidence of this protection. Manufacturers or their authorised representative in the EU comply with the technical requirements directly or with European Harmonised Standards. The latter provides a presumption of conformity to the essential health and safety requirements.

Applicable 21 April 2018, Directive 89/686/EEC is repealed by the new Regulation (EU) 2016/425 of the European Parliament and of the Council of 9 March 2016 on personal protective equipment – here.

The new PPE Regulation is aligned to the EU’s New Legislative Framework policy. In addition, it slightly modifies the scope (enlarged to include PPE designed and manufactured for private use to protect against heat) and the risk categorisation of products. It also clarifies the documentary obligations of economic operators.

As a European Regulation (not a Directive) it is directly binding on a Member State (and on operators marketing to a Member State) without enactment of national law (although national law may be additionally enacted).

Brexit : PPE is covered by the EU Notice on Industrial Goods here. (I have posted a number of times with links to EU Notices)

Brexit in the UK, this new EU PPE Regulation applies from 21 April 2018, after Brexit it applies via the EU (Withdrawal) Bill. NB: the EU (Withdrawal) Bill is not yet enacted.

Subscribers to Cardinal Environment EHS Legislation Registers and Checklists will be sent an Email Alert of the addition of this new EU Regulation to the PPE Register and Checklist component in their websystems.

General Data Protection Regulation (EU)

The General Data Protection Regulation (2016/679) is here. Article 5 sets out the principles.

This GDPR applies from 25th May 2018 and overrides national law (although in some instances new national law may additionally be brought in).

[Brexit : the GDPR applies in the UK from 25th May 2018 – after Brexit, the GDPR will apply in the UK via the EU (Withdrawal) Bill – see separate Blog post – the EU (Withdrawal) Bill is not yet enacted]

[UK : separately (and not to be confused) a new UK Data Protection Bill is almost enacted – see Explanatory Notes here]

The general data protection regulation (GDPR) is part of the EU data protection reform package.


• a single set of EU-wide rules — it repeals the pre-existing European Directive 95/46/EC;

• a data protection officer, responsible for data protection, must be designated by public authorities and by businesses which process data on a large scale;

• one-stop-shop — businesses will deal with one single supervisory authority (in the EU country in which they are mainly based);

• EU rules for non-EU companies — companies based outside the EU must apply the same rules when offering services or goods, or monitoring the behaviour of individuals, within the EU;

• privacy-friendly techniques must be used, such as pseudonymisation (when identifying fields within a data record are replaced by one or more artificial identifiers) and encryption (when data is coded in such a way that only authorised parties can read it);

• removal of notifications — the new data protection rules will scrap most notification obligations and the costs associated with these, one of the aims of the data protection regulation is to remove obstacles to free flow of personal data within the EU;

• impact assessments — businesses must carry out impact assessments when data processing may result in a high risk for the rights and freedoms of individuals;

• record-keeping — SMEs are not required to keep records of processing activities, unless the processing is regular or likely to result in a risk to the rights and freedoms of the person whose data is being processed.


The UK Information Commissioner’s Office (ICO) has a useful updated guide in English here.

ICO guidance for small organisations is here.

UK exits the EU (more EU Notices)

The European Commission has published four further EU Notices to Stakeholders and Companies. I posted earlier with the website where all such EU Commission Notices are compiled. Here it is again – Link.

Please remember the EU agencies are also publishing Notices. I posted earlier about this. Here is the ECHA support available – Link.

UK-EU Withdrawal Treaty (draft)

UPDATE (19th March) : an updated colour coded Withdrawal Treaty draft is published here. This contains the results of the EU-UK discussions held 16-19 March. The next step is the Council of the EU heads of Member States meeting 22/23 March, where it is anticipated a further statement will be made. I will summarise the agreed points at that time.

Please note : at this point 25% of the document is not agreed between the EU-UK. The areas not agreed relate to governance and the Irish Border.

UPDATE (15th March) : an updated Withdrawal Treaty draft (123 pages) is published here. This has now been sent to the UK authorities for the negotiation.

The EU Commission has now published its draft of the UK-EU Withdrawal Treaty – it is here.

It will now be discussed over the coming weeks with the European Council (Article 50) and the Brexit Steering Group of the European Parliament before transmission to the UK authorities for negotiation.

As expected, this is a complex and lengthy document, with Annexes and Protocols that form part of the Treaty draft. Part 4 sets out the clauses relating to the Transition Period (I Blog posted separately about the Transition Period clauses).

I will update this Blog post here with summary points, as they become agreed with the UK authorities. Please remember to refer back to this Blog and not wait for posts in your inbox, as updates on a particular post are not reissued as emails.