If you've read through the R2v3 standard and felt like the annexes were almost an afterthought — a few extra pages tacked on at the end — I want to push back on that. In practice, Annexes A through D carry a lot of weight. They're where the standard gets specific about what "responsible recycling" actually looks like on the floor, in your contracts, and in your downstream decisions. Auditors go there. Certifications live or die there.
This guide walks through all four annexes — what they require, how they connect to the core clauses, and where I see facilities stumble most often.
Why the R2v3 Annexes Matter More Than People Think
The R2v3 standard is built on a core framework of management system requirements — policy, planning, objectives, performance evaluation — that will feel familiar to anyone who has worked with ISO 14001 or ISO 45001. That framework is important, but it's relatively generic. The annexes are where R2v3 becomes specific to electronics recycling.
Annex A covers legal and other requirements. Annex B covers the focus materials that demand extra care. Annex C addresses what the standard calls "downstream due diligence." Annex D covers data security and data destruction. Each one layers concrete, auditable obligations onto the management system foundation.
According to SERI (Sustainable Electronics Recycling International), the body that owns and administers R2v3, there are currently over 1,000 R2-certified facilities across more than 40 countries. That's a significant number of operations all working against the same annex requirements — and the variation in how well facilities understand and implement those requirements is wider than most people expect.
Annex A: Legal and Other Requirements
What It Covers
Annex A establishes the framework for how a certified facility identifies, accesses, and keeps current with the legal and other requirements that apply to its operations. This isn't a list of laws the standard is handing you — it's a system requirement to build and maintain your own list.
The key obligation is that facilities must have a documented process for identifying applicable legal requirements across every jurisdiction where they operate and where their downstream partners operate. That includes federal, state, and local regulations, plus any industry standards or contractual obligations the facility has voluntarily adopted.
What Auditors Are Actually Checking
When I walk a facility through an Annex A gap assessment, the questions that surface most often are: Do you have a legal register? Is it current? Who owns it? How do you find out when something changes?
A lot of smaller facilities have a rough mental model of what laws apply to them, but they haven't documented it in a way that would survive an audit. That gap matters. Under Annex A, the facility needs to demonstrate not just awareness but a systematic approach to staying current — because electronics recycling regulations, particularly around hazardous waste and export controls, shift frequently.
One thing worth noting: "other requirements" in Annex A isn't just a throwaway phrase. It captures things like customer contractual requirements, voluntary commitments to other standards (say, ISO 14001 or OHSAS 18001), and industry association obligations. If you've committed to it, it lives in your legal register.
Common Gaps
The most common Annex A finding I see is a legal register that was built at the time of initial certification and hasn't been meaningfully updated since. Regulations in this space — RCRA, state-level e-waste laws, export restrictions under the Basel Convention — do not stand still. A facility that can't demonstrate a regular review cadence is a facility that's going to have trouble at surveillance audits.
Annex B: Focus Materials
What It Covers
Annex B is the heart of R2v3's environmental protection framework. It identifies specific materials — called "focus materials" — that require enhanced handling, tracking, and downstream management because of their hazardous or environmentally sensitive properties.
The R2v3 focus materials list includes:
| Focus Material | Primary Concern | Key Handling Requirement |
|---|---|---|
| Mercury | Neurotoxin, persistent bioaccumulate | Separate collection, specialized downstream |
| Lead | Cumulative toxin, soil/groundwater risk | Controlled processing, documented downstream |
| Batteries (various chemistries) | Fire risk, heavy metals | Segregation, temperature monitoring, downstream |
| CRTs (cathode ray tubes) | Lead-laden glass, regulated waste | Processing or documented reclamation only |
| Toner and ink cartridges | Particulate exposure, chemical content | Containment, downstream accountability |
| PCBs (polychlorinated biphenyls) | Persistent organic pollutant | Strict regulatory compliance, no landfill |
| Refrigerants | Ozone depletion, GHG potential | Certified technician removal, EPA Section 608 |
| Beryllium | Carcinogen, inhalation risk | Engineering controls, worker protection |
What the Standard Requires
For each focus material a facility encounters, Annex B requires the facility to have documented processes for identification, segregation, handling, storage, and downstream disposition. This isn't a one-size-fits-all requirement — the specific controls depend on the material and the processing activity involved.
There's also a tracking requirement. For focus materials, facilities must be able to demonstrate — with records — where the material went and what happened to it. This connects directly to Annex C's downstream due diligence requirements, which I'll get to shortly.
What Makes Annex B Tricky in Practice
Annex B is where I see the most non-conformances at initial certification audits, and in my view, it's usually because facilities underestimate the inventory and tracking burden. It's not enough to say "we send our batteries to XYZ recycler." You need documented procedures for how you identify battery chemistries, how you segregate them, how you store them safely (including fire suppression and temperature controls where applicable), and what downstream accountability you've established for each chemistry type.
Lithium-ion batteries get particular attention right now, and appropriately so. Fire incidents at e-waste facilities involving lithium-ion batteries are a real and documented risk — SERI has issued guidance specifically addressing this. Facilities that haven't updated their Annex B procedures to account for the volume of lithium-ion material in today's e-waste stream are taking on meaningful audit exposure.
Annex C: Downstream Due Diligence
What It Covers
Annex C is where R2v3 extends its reach beyond a facility's own four walls. The core idea is straightforward: you are responsible for what happens to the materials you send downstream. Choosing a downstream partner is not a get-out-of-jail-free card if that partner is doing something environmentally harmful or legally problematic.
The standard requires certified facilities to conduct documented due diligence on all downstream vendors — meaning every facility that receives materials from you, whether for reuse, resale, recycling, or final disposition. That due diligence needs to be ongoing, not just a one-time check at vendor onboarding.
The R2v3 Downstream Hierarchy
R2v3 Annex C operates within an environmental preference hierarchy. The standard isn't neutral on what should happen to used electronics — it has a ranked preference order:
- Reuse — extend the life of functional equipment
- Repair — restore non-functional equipment to working condition
- Remanufacture — rebuild to original specifications
- Recycle — recover materials for new products
- Recover — energy recovery as a last resort
- Dispose — only when no other option exists
This hierarchy matters because it shapes how facilities should be making downstream decisions. Sending working equipment to shredding when it could be refurbished is not just a missed revenue opportunity — under R2v3, it's a process that doesn't align with the standard's intent.
What Due Diligence Actually Requires
Annex C due diligence is not just asking a downstream partner to fill out a questionnaire. The standard requires:
- Verification of legal operating status — permits, licenses, and registrations relevant to the materials they receive
- Assessment of environmental performance — not just self-attestation, but evidence of actual practices
- Review of health and safety practices — especially for materials that pose worker exposure risks
- Documentation of certifications — R2, e-Stewards, ISO 14001, or other applicable third-party certifications
- Periodic reassessment — due diligence is a living process, not a one-time event
The standard also requires facilities to prioritize downstream vendors that hold their own R2 or equivalent certification when such vendors are reasonably available. This creates a virtuous circle in the industry — certified facilities create demand for certified downstream partners.
The Export Question
Export of used electronics and focus materials is one of the more complex areas in Annex C. The R2v3 standard does not prohibit export, but it places significant requirements on facilities that export materials. Downstream due diligence for export situations must account for the legal requirements in the receiving country, not just the country of origin. This is where Basel Convention compliance, country-specific import restrictions, and SERI's country risk assessments all come into play.
In my experience working with facilities that export, the documentation burden for Annex C compliance in an export scenario is substantially higher than for domestic downstream. Facilities that haven't built that capacity often find themselves either out of compliance or avoiding export markets they could legitimately serve.
Annex D: Data Security and Data Destruction
What It Covers
Annex D addresses one of the most commercially sensitive aspects of electronics recycling: what happens to the data on the devices you receive. For most facilities, data security isn't just an R2v3 compliance issue — it's a core customer proposition and, in many jurisdictions, a legal obligation.
The annex requires certified facilities to have documented processes for:
- Receiving and tracking data-bearing devices from intake through final disposition
- Data sanitization or destruction for each category of device
- Verification and certification that sanitization or destruction was completed
- Chain of custody documentation throughout the process
The R2v3 Data Destruction Framework
R2v3 Annex D references recognized data sanitization standards as the basis for acceptable methods. The primary reference point is NIST SP 800-88, "Guidelines for Media Sanitization," which categorizes sanitization into three levels: Clear, Purge, and Destroy. Under R2v3, the appropriate level depends on the sensitivity classification of the device and the downstream disposition path.
| Disposition Path | Typical Sanitization Level | Common Method |
|---|---|---|
| Reuse / Resale | Purge | NIST-compliant software wipe, degauss |
| Recycling (shred) | Destroy | Physical shredding to spec |
| Recycling (no shred) | Purge | NIST-compliant wipe + verification |
| Devices with non-rewritable media | Destroy | Physical destruction, documented |
One thing Annex D makes explicit that I think is often underappreciated: the chain of custody requirement doesn't start at the data sanitization station — it starts at intake. A facility can have the best data destruction process in the industry, but if a device goes missing between receiving and processing, the chain of custody has failed. Auditors will follow the device from intake log to destruction certificate, and any gap in that chain is a finding.
What Customers Actually Need
This is worth saying directly: many of your customers — corporate IT departments, healthcare providers, financial institutions, government agencies — have their own data security compliance obligations that sit on top of R2v3's requirements. HIPAA, SOC 2, FACTA, state privacy laws. When those customers are evaluating an R2v3-certified facility, they're often looking at Annex D compliance as a proxy for your ability to meet their specific requirements.
So Annex D is one of those areas where doing the minimum to pass an audit and actually serving your customers well can diverge. I've worked with facilities that are technically compliant with Annex D but whose documentation is thin enough that a sophisticated corporate customer would have concerns. The facilities that do this well treat Annex D as a customer service function, not just a compliance checkbox.
How the Four Annexes Connect to Each Other
One of the things I find facilities miss when they're preparing for certification is how tightly the four annexes are woven together. They're not independent modules — they form a chain.
Annex A (legal requirements) informs what Annex B (focus materials) handling must look like, because the controls on specific materials are often legally mandated. Annex B determines what materials need elevated downstream scrutiny under Annex C, because focus materials require extra accountability in the downstream chain. And Annex D's data security requirements connect back to Annex A when you consider the data protection laws that apply to the customers you serve.
When a facility treats each annex as a separate compliance checklist, the connections get missed and the gaps show up in unexpected places. When they're understood as a system, the preparation is more coherent and the audit goes better.
Preparing for an Annex-Focused Audit
If you're approaching R2v3 certification — or a surveillance audit — and you want to know where to focus your preparation time, here's how I'd prioritize it based on what I see in actual audits:
Highest audit exposure: - Annex B focus material tracking, especially lithium-ion batteries - Annex C downstream due diligence documentation completeness - Annex D chain of custody from intake through destruction certificate
Frequently underestimated: - Annex A legal register currency — when was it last reviewed, and by whom? - Annex C export documentation for facilities that move materials internationally - Annex D sanitization verification records for purge-level methods
The facilities that struggle are usually ones where these requirements are managed as administrative tasks by a compliance coordinator who doesn't have real authority over operations. The facilities that consistently pass — and I've helped more than 200 of them get there with a 100% first-time pass rate — treat the annexes as operational standards that shape how work actually gets done on the floor, not just how paperwork gets filed.
Getting Expert Help with R2v3 Annexes
The annexes aren't especially complicated once you understand what they're trying to accomplish. They want to know that you've identified your obligations, that you're handling hazardous materials responsibly, that you're holding your downstream partners accountable, and that you're protecting the data your customers trust you with. That's a reasonable set of asks.
Where it gets hard is in the implementation — building systems that actually produce the documentation auditors expect, training staff so that compliance is a byproduct of normal operations rather than a scramble before every audit, and keeping everything current as regulations and your business change.
If you're working through R2v3 certification and want a clear-eyed assessment of where your annex compliance stands, contact Certify Consulting or explore our R2v3 certification resources on theR2consultant.com for more detail on specific requirements.
Last updated: 2026-05-26
Jared Clark
Principal Consultant, Certify Consulting
Jared Clark is the founder of Certify Consulting, helping organizations achieve and maintain compliance with international standards and regulatory requirements.