issue: March 2006 APPLIANCE Magazine Transition to RoHS Transition to RoHS: The Seven Common Pitfalls to Avoid	Share  Printable format  Email this Article  Search
By Bijan Dastmalchi of Symphony Consulting, Inc. and Richard Vermeij of Arena Solutions When it comes to the RoHS (Restriction of Hazardous Substances) Directive, good things do not come to those who wait.

NOTE: This is the full-length version of the condensed paper Seven Steps Towards RoHS Compliance that appeared in condensed form in the March 2006 issue of APPLIANCE magazine.

This directive, which severely limits the use of six hazardous substances - most notably, lead (Pb) - in products shipped to the European Union (EU), is set to take effect in July 2006. Similar requirements will take shape in China, Taiwan, Japan, and other countries in the near future. While July 2006 may seem far away in today’s fast paced business environment, the scope and magnitude of the transition leave little to no room for error. And those companies that are unprepared, or under-prepared, risk getting caught in the supply chain “perfect storm” named RoHS.

So what are the most common pitfalls as companies transition their products? What are the risks and how do they manifest themselves in a company’s bottom line? And who in the supply chain is accountable in an outsourced manufacturing model? Symphony Consulting and Arena Solutions have collaborated to answer these critical questions, and provide a roadmap that companies can use in preparing their response to the RoHS Directive.
We have identified the seven most common pitfalls that can strongly impact the success or failure of transition to RoHS compliance:

1. “Passing the Buck” to Suppliers
2. Exempt vs. Non-exempt Products
3. Resource Allocation
4. Component Compatibility, Identification and Availability
5. Supplier Due Diligence
6. Delayed Action
7. Data Management and Reporting

“Passing the Buck” to Suppliers
The electronics industry’s adoption of an outsourced manufacturing model, coupled with the technology downturn of 2001, have resulted in staff reductions at the original equipment manufacturers (OEMs). As electronics manufacturing services (EMS) companies and other suppliers in the extended supply chain continue to offer services to supplement their manufacturing core competencies, OEMs will continue delegating their operational activities to these companies. With RoHS, however, this becomes a complicated proposition. That’s because OEMs must take full responsibility for the successful transition of products as well as the mitigation of all risks in the supply chain - risks that can lead to revenue shortfall, attributable to either a non-compliance event or lack of product availability.

In fact, the RoHS Directive states that the “Producer,” which is defined as the company that manufactures and sells the product under its brand name, is responsible for compliance under the directive. In some cases, the importer of record can be designated as the “Producer.” However, it is widely believed that the repercussions associated with non-compliance can also adversely impact the company whose logo appears on the product. For example, if a product is found to contain a banned chemical, the OEM’s products may be removed from the market, and the company may face severe fines if the non-compliance event is due to negligence or willful misconduct. Consequently, OEMs are requesting that their suppliers (including EMS companies and component suppliers) submit “Certificates of Compliance” that will confirm their products’ compliance with the RoHS Directive. However, in the event of an inadvertent error on the part of the supplier, the OEM will still be held accountable, and may not only have to remove its products from the shelves, but also have to pay the aforementioned penalties. So the fact that suppliers may prove to be entirely at fault has no bearing on what happens to an OEM’s non-compliant products. Even if suppliers are contractually obligated to replace non-compliant products, nothing can replace the lost revenue opportunity for the OEM.

Therefore, we recommend that OEMs assign their own resources to fully manage – even micromanage – the transition of their products. These resources should be mobilized to the point that OEMs are completely confident that they've mitigated non-compliance issues and product availability risks.

Exempt vs. Non-exempt Products
Exemption is perhaps the most misunderstood and misperceived issue regarding the RoHS Directive. We would like to point out that no electronics hardware manufacturer will be unaffected by this regulation, exempt or not. That’s simply because component suppliers are switching most of their products to become compliant and EMS providers are splitting their capacity between RoHS-compliant and RoHS non-compliant lines. And while some manufacturers may be able to benefit from an exemption, RoHS will still impact their businesses, which is why they must have a solid RoHS strategy.

The RoHS Directive considers products manufactured for certain industries, such as military and medical, to be exempt until further notice. Additionally, specific substances are exempt from certain applications, such as the use of lead in solder for networking infrastructure products. These exemptions, however, provide a false sense of security for the companies that manufacture these exempt products. In fact, we believe that companies that can leverage exemptions will be more adversely impacted than those who must comply with the RoHS Directive in full.

In evaluating these exemption issues, OEMs need to first ask what exemptions apply to them. For example, manufacturers of servers, storage arrays, and telecommunications infrastructure equipment will be allowed to continue manufacturing products that contain lead in their solder joints as we stated earlier. This is because the long-term reliability of lead-free solder joints is unknown, and can introduce an uncertain level of risk that may cause problems in mission-critical applications. That doesn't mean, however, that these OEMs are relieved of their responsibilities for removing the other five hazardous substances that may be used in their products. Additionally, the use of lead in non- solder applications, such as cable insulation material, is not considered to be exempt for the products mentioned above.

Moreover, many U.S.-based OEMs build products that are not shipped to the EU, and therefore assume their products are exempt. However, countries such as China, Taiwan, and Japan, along with 27 U.S. states are currently developing legislation that will follow the example of EU. A case in point is California, which will adopt the EU’s RoHS Directive in January 2007 (only six months after the EU’s effective date) across a narrower scope of “covered electronic devices.”

Exempt OEMs who may have no interest in making their products compliant before this time should think about the repercussions of RoHS throughout the supply chain. For example, how will product availability be impacted when EMS companies and component suppliers split their capacity between RoHS-compliant and non-compliant manufacturing lines? Which lead-containing components will be rendered obsolete? What will be the supply conditions as RoHS-compliant components are introduced to market?

It’s important to realize that RoHS is here to stay, and that it will only gain momentum over time. Companies should accept this reality and develop a RoHS migration strategy for all of their products. Those companies that are exempt may have the slight advantage of planning their transition based on the economics of manufacturing, rather than a directive’s deadline. But all OEMs, exempt or not, should listen to their customers and monitor their competitors. Already, several companies have been shocked to discover that their customers are not only requiring compliance independent of the legislation, but are doing so sooner than the dates dictated by the EU. Some competitors are also capturing the opportunity to classify their products as “green” purely for marketing reasons. Toshiba, for example, recently released its first RoHS-compliant laptop well ahead of the EU’s deadline, gaining the praise of various environmental groups.

Resource Allocation
In evaluating large, mid-sized, small, and start-up companies, it is evident that RoHS-readiness is highly size-dependent. While most large companies have completed their plans and are in the execution mode, the majority of mid-sized and small companies are just beginning the planning phase. Meanwhile, the majority of start-up companies have yet to begin planning. And while some start-ups have begun the self-education process, few have taken concrete steps towards evaluating their products and supply chain.

Why is there such a wide gap? The reason is simple: resource availability. Although RoHS compliance is not yet an operational urgency that will require immediate “firefighting,” we believe that this will change as component availability problems begin to surface as early as Q4 of 2005.

Aside from lack of resources, we believe that most OEMs’ approach to allocating resources is not well considered. In over 80 percent of the cases, an individual contributor in component, quality, or materials engineering must spend a portion of his or her resources simply to understand the legislation and begin scrubbing bills-of-materials (BOMs) to facilitate transition. But this approach is a recipe for disaster. Companies must realize that managing the RoHS transition requires focused and dedicated resources with cross-functional participation, as well as collaboration with suppliers and customers.

Organizations must educate themselves across functions and departments on the RoHS Directive, and understand its impact on their products and supply chain. In fact, at this early stage, the executives themselves must be educated in parallel to, or ahead of, the rest of the organization. Executives need to understand the wide-ranging organizational impact of RoHS, assign financial and human resources, and help clear the path to execution and compliance.

Ultimately, the issue of RoHS compliance is one of supply chain management and transition coordination, requiring executive-level sponsorship and operational execution - not just BOM- scrubbing. It requires communication with customers, suppliers, and internal stakeholders to ensure that, once a plan is in place, it is executable with minimal disruptions. OEMs can approach RoHS in a piecemeal fashion and end up spending more time and money. Or they can do it once and do it right. We obviously advocate the latter approach.

Component Compatibility, Identification and Availability
Perhaps the highest volume of activity resulting from RoHS will be in the area of component change management. Companies are expected to be on the receiving end of an unprecedented level of part change notices, which will be sent by component manufacturers. Since there are no industry standards driving the change from non-compliant to compliant components, each component manufacturer has taken a different approach to managing this transition.

According to a research study conducted by Avnet and Technology Forecasters, approximately 72 percent of the component suppliers surveyed stated that they intend to create new manufacturer part numbers to identify lead-free parts. However, the terms “RoHS-compliant” and “lead-free” are not the same, as we will discuss in more detail below. Other suppliers have determined that they will identify the changeover based on date code, while the balance have no concrete plans beyond placing a label on the shipping carton in which products are shipped. This inconsistency in component identification is only one part of the problem, because the manufacturing facility receiving these components will still need to undergo a thorough audit, as we will discuss in the next section.

Compatibility in form, fit, function, and manufacturing process is another critical problem. Manufacturers must address a host of key questions. Is a RoHS-compliant component the same as a lead-free component? What defines RoHS compliance and according to whose criteria? For instance, a board mount component may be designated as “lead-free,” but will it withstand the higher temperature profile of the reflow oven in a RoHS-compliant surface mount manufacturing process? The component might be compliant from an environmental standpoint, but not compatible with the higher temperature manufacturing process.

Finally, the issue of availability comes into play. As component suppliers begin to prune their legacy products, many components will no longer be available in a non-compliant form. Small and medium- size companies will be hardest hit, as they will have limited power in dictating what a supplier continues to manufacture for a small-volume product. In contrast, large OEMs will flex their purchasing muscles to secure enough supply of lead-containing components until the new RoHS compliant components are available, or until their component qualifications are complete.

Consequently, OEM companies will need to manage compatibility, identification, and availability risks systematically in the supply chain, and take immediate steps towards transition. We emphasize the term “systematically,” as it may only take one missed component to necessitate rework, or even cause shipment delays. Keeping track of these changes on a Microsoft Excel spreadsheet - the typical approach at many companies - will inevitably lead to mistakes and countless, wasted hours of human effort. Instead, companies must leverage robust product data and compliance management tools that are designed to manage the volume of change to which they will be exposed.

Additionally, OEMs must develop an availability strategy product by product, addressing key issues such as finished-goods-inventory buffers or component safety stock that may be necessary to facilitate transition. During a time of such great change, ensuring that products are available to meet customer commitments requires some level of inventory investment. Yet savvy companies are highly sensitive to keeping excess inventory, which is why OEMs must establish product and component buffers based on a thorough analysis of the forecasted requirements and the availability of RoHS-complaint and noncompliant components and manufacturing capacity.

Supplier Due Diligence
The RoHS Directive requires that companies exercise due diligence by validating that their supply chain partners are shipping RoHS-compliant products. To meet this need, OEMs are now frantically collecting “Certificates of Compliance” from their suppliers to provide to EU authorities upon request. However, OEMs incorrectly assume that, once they have collected these documents, they are clear of the due diligence requirements. In fact, nothing could be further from the truth. These certificates are informational only, and do not pass responsibility from the “Producer” (i.e. the OEM) to the supplier. Nonetheless, “Certificates of Compliance” are vitally important documents that OEMs must receive from suppliers - simply in order to understand the chemical composition of the supplier’s components. Moreover, these certificates can be used to confirm chemical composition if EU authorities pose any questions or concerns to the OEM.

These certificates, however, are not enough for a company to demonstrate that it has met the due diligence requirements of the legislation. That’s because all suppliers are not equal in terms of the risk they pose to an OEM. Consequently, an OEM must apply a consistent methodology in classifying its suppliers as “high risk,” “medium risk,” and “low risk.” The OEM must also take necessary steps to demonstrate due diligence. For example, the risk associated with a brand-name semiconductor manufacturer is not the same as that of a small “mom-and-pop” cable assembly shop in China. Therefore, if lead or cadmium is found to be present (beyond the acceptable levels) in such a cable assembly, showing a “Certificate of Compliance” from the supplier does not release the ”Producer” of the responsibility for compliance. So an OEM may still suffer penalties such as having its products removed from the shelves, or paying severe fines - even if it was an honest mistake. But what penalty can be worse than disruption or loss of revenue? Moreover, it is widely believed that once an OEM ends up on the “radar screen” of the EU compliance authorities, it is likely that its products will continue to be subjected to on-going inspections.

The “Certificate of Compliance” can be thought of as a good first step, which will enable OEMs to collect documentation on a component or product from a given supplier. The next critical step is for OEMs to conduct an on-site audit for critical or high-risk suppliers. The purpose of this audit should be to uncover potential gaps in the supplier’s factory, where non-compliant components and raw materials may slip through the cracks. For medium-risk suppliers, OEMs should require a supplier self-audit of the factory in which products are produced. Such audits should cover critical areas, including: receiving and inspection, printed circuit board assembly, inventory and materials management, RMA service and repair, quality systems, and shipping and order fulfillment.

Delayed Action
As of the writing of this white paper (November 11, 2005), the RoHS deadline is only eight months away. Despite this deadline, many executives believe they have enough time to address the challenges posed by RoHS. Unfortunately, there are several reasons why this is false.

First, the dynamics of an outsourced supply chain, and the lead-time associated with each value-added step, leave no room for error. The combined effect of channel lead-times, transformation lead-times, and component lead-times (particularly in the case of semiconductors), coupled with transition planning and execution, means the EU’s deadline is very quickly approaching.

Second, many OEMs are holding onto a false sense of security. As the deadline approaches, customers and retailers alike are cushioning their schedules and shortening the runway to compliance by as much as three to six months in order to flush-out non-compliant products from their inventories. Therefore, they may be the ones who determine how drastic the effect of the RoHS deadline is on OEMs.

Third, some companies are hoping that the legislation deadline will be extended, or that EU authorities will not have the bandwidth to inspect all products shipped for compliance. However, it’s unlikely the RoHS deadline will be extended. Smart, savvy companies know better than to bet their revenues on an extension. Also, OEMs must realize that their products will not necessarily pass through a RoHS inspection, nor do they need to file with the EU to designate a product as RoHS-compliant. Merely shipping products to the EU implies that an OEM is claiming compliance.

In short, when it comes to RoHS compliance, we believe that hope is not a sound business strategy.

Data Management and Reporting
As stated earlier, RoHS regulations clearly make the OEM responsible and liable for meeting RoHS requirements. The OEM must demonstrate compliance by submitting appropriate technical documentation to the EU law-enforcement bodies. In order to do so, proper data management will be critical.

In the worst-case scenario, the size of a company’s data could nearly double. Additionally, with RoHS regulations in place, companies will need to manage one or two new documents per RoHS-compliant part number. Omitting a single item in the review process may cause an entire product shipment to be non-compliant. It is important to remember that inspectors will not necessarily understand the structure of each and every product that OEMs ship to the EU. However, inspectors will be well trained in scanning for information completeness and accuracy, focusing on parts that typically require attention (for example, jumpers, BGAs, substitutes, and solder used for PCBAs).

Moreover, some lead-time almost always separates the date of manufacture of a product and its shipping dates. During this lead-time, the product may go through several revisions. That’s why it is critical to keep track of a product’s revision history. Tracking revisions accurately shouldn't be a responsibility that falls to the EMS. Rather, tracking changes is so fundamental to the product configuration and associated compliance, that it’s imperative for OEMs to track this vital data themselves.

Here are a few suggestions with respect to data management and reporting:

• Track RoHS requirements top-down. After identifying and separating transition products from non-transition products, traverse the BOM tree and tag the parts that have RoHS requirements (i.e. those that are exempt and those wherein the requirements do not apply). “Where-used” analysis can help identify shared components and enable OEMs to evaluate whether or not the part needs to be split off.

• Capture any relevant compliance data. For each purchased part, review the Approved Manufacturer List (AML) and find compatible and RoHS-compliant substitutes. Compliant substitutes may be available from the same manufacturer, or a different manufacturer. If not, the product may require redesign. Based on the supplier risk factors discussed earlier, capture the compliance data, ranging from a “Certificate of Compliance” or “Materials Declarations,” to a complete supplier audit report, and associate it with the specific manufacturer part.

• Change part numbers for modified AMLs. To clearly communicate the RoHS transitions for parts to your suppliers, determine when and where to use part number changes.

• Track RoHS compliance bottom-up. Track the compliance status of the complete end-product by rolling up the compliance status of the individual components that make up the product.

• Track progress and risk as functions of part criticality. Product designs typically contain a number of critical parts, either due to design parameters or sourcing restrictions. By classifying components based on criticality, OEMs can generate an overview of compliance status for each class. This information helps OEMs to understand potential redesign exposure and allocate resources accordingly.

• Enable reporting on an “as-built” configuration basis. OEMs have a limited time window in which to submit the technical documentation to substantiate a compliance claim. The compliance data needs to be related to the actual shipped product, not the current build. The OEM therefore needs to have a mechanism to capture compliance on a revision basis, as well as the ability to generate reports based on past revisions.

Conclusions
The RoHS Directive is a fundamental change in how products are manufactured. And its reach is expected to expand well beyond the EU. Already, China, Taiwan, and Japan, along with several U.S. states have adopted, or plan to adopt, similar legislation to ban the use of hazardous chemicals in electronic products. The impact of this directive may cause what we believe to be a “perfect storm” in the supply chain. Ultimately, RoHS will clearly delineate those companies who embrace it from those who resist it - that is, those who weather the storm and those who do not. As stated throughout this paper, RoHS requires sound, well-considered and proactive measures. In the case of the RoHS Directive, good things will not come to those who wait.