What are the Core Requirements in R2v3?

R2v3 contains eight Core Requirements (CR 1–CR 8) covering: the R2 Management System, Legal & Regulatory Compliance, Environmental Health & Safety, Focus Materials management, Data Security, Facility & Worker Conditions, Financial Responsibility, and Business Transparency & Anti-Corruption. All must be simultaneously satisfied alongside ISO 14001:2015 and ISO 45001:2018.

How does R2v3 data security differ from previous R2 versions?

R2v3 significantly expanded data security requirements under Core Requirement 5. Facilities must now issue Certificates of Data Destruction (CoDD) that include device serial/asset numbers, destruction method, date, and certifying personnel. Destruction methods must align with NIST SP 800-88 or equivalent standards, and all storage media must have an unbroken chain of custody from receipt to final destruction.

What financial assurance is required under R2v3 CR 7?

R2v3 Core Requirement 7 requires facilities to maintain a documented financial assurance mechanism — such as insurance, a letter of credit, or a corporate guarantee — sufficient to cover the cost of responsibly managing all Focus Materials currently on-site. This must be updated at least annually to reflect current inventory levels.

Do I need ISO 14001 and ISO 45001 to get R2v3 certified?

Yes. R2v3 certification requires simultaneous certification to both ISO 14001:2015 (Environmental Management) and ISO 45001:2018 (Occupational Health & Safety). These three standards are audited together by an SERI-accredited certification body. You cannot hold R2v3 certification without the two accompanying ISO certifications.

R2v3 Core Requirements Explained Clause by Clause

Q: What are R2v3 Focus Materials and why do they matter?

Focus Materials are specific electronics components and substances — including CRT glass, mercury-containing equipment, batteries, fluorescent lamps, and toner cartridges — that pose elevated environmental or human health risk. R2v3 Core Requirement 4 mandates documented handling, testing, chain-of-custody tracking, and approved downstream disposition for every Focus Material your facility processes.

Citation Hook: R2v3 (Responsible Recycling, Version 3) is the most rigorous electronics recycling certification standard in North America, governing environmental management, data security, worker health and safety, and downstream accountability across the entire recycling chain.

If you've landed on this page, you're probably staring at the R2v3 standard document and wondering where to start. Good news: I've guided more than 200 electronics recyclers through this exact process — with a 100% first-time audit pass rate — and this clause-by-clause breakdown is the same roadmap I use with clients on day one.

R2v3 replaced R2:2013 and became the only accepted version for new certifications as of July 2023. The standard is more prescriptive, more integrated, and significantly more auditor-scrutinized than its predecessor. Understanding each core requirement — and what auditors are actually looking for — is the difference between a smooth certification and a costly corrective action cycle.

Let's break it down.

What Are the R2v3 "Core Requirements"?

R2v3 is structured around Core Requirements (CR) plus two ancillary standards that every certified facility must simultaneously hold:

ISO 14001:2015 — Environmental Management System
OHSAS 18001 / ISO 45001:2018 — Occupational Health & Safety Management System

The Core Requirements are the R2-specific obligations layered on top of those two management system frameworks. Think of it this way: ISO 14001 tells you how to manage your environmental risks; R2v3 tells you what specific risks in electronics recycling you must address.

Citation Hook: According to SERI (Sustainable Electronics Recycling International), as of 2024 there are over 900 R2-certified facilities in more than 35 countries, making it the globally dominant standard for responsible electronics recycling.

There are eight Core Requirements in R2v3. Here's a high-level map before we go deep:

Core Requirement	Topic	Audit Intensity
CR 1	R2 Management System	High
CR 2	Legal & Regulatory Compliance	High
CR 3	Environmental Health & Safety (EH&S)	Very High
CR 4	R2 Focus Materials	Very High
CR 5	Data Security	High
CR 6	Facility & Worker Conditions	Medium–High
CR 7	Financial Responsibility	Medium
CR 8	Business Transparency & Anti-Corruption	Medium

CR 1: R2 Management System

What it requires: CR 1 is the backbone of your certification. It mandates that your organization establish, document, implement, and continually improve a management system specifically tailored to R2v3 obligations — separate from, but integrated with, your ISO 14001 and ISO 45001 systems.

Key obligations under CR 1:

Scope Definition: You must clearly define which operations, facilities, and material streams fall under R2 certification. Ambiguous scope statements are one of the top reasons I see facilities receive nonconformances on their first audit.
Legal Register: A living document of all applicable federal, state, and local environmental and safety regulations. This must be updated at least annually and whenever new regulations are enacted.
Policy Statement: A documented R2 policy signed by top management that commits to legal compliance, continual improvement, and responsible downstream management.
Objectives & Targets: Measurable environmental and safety objectives with documented progress tracking.
Management Review: Formal, documented top-management review of the R2 program — typically annually at minimum.

What auditors look for: Evidence that the management system is alive, not just documented. Auditors will pull management review minutes, ask operations staff to describe your policy, and verify that objectives have been tracked and updated.

Common pitfall: Facilities that treat CR 1 as a paperwork exercise. If your legal register hasn't been touched in 18 months, that's a finding.

CR 2: Legal & Regulatory Compliance

What it requires: R2v3 CR 2 demands verified, documented compliance with all applicable laws governing the handling, transport, export, and disposal of electronics and their component materials. This isn't a soft commitment — it requires evidence of compliance, not just a policy that says you'll comply.

Key obligations under CR 2:

Export Compliance: If you export used electronics or components, you must comply with all applicable export laws, including U.S. EPA export regulations under 40 CFR Part 261, and the requirements of the receiving country.
Hazardous Waste Determinations: Every material stream must have a documented hazardous waste determination. This includes characterization of Focus Materials (see CR 4).
Permits & Licenses: All required operating permits must be current. Auditors will verify permit numbers, expiration dates, and whether your operations fall within permitted parameters.
Transporter Compliance: You must verify that transporters you use hold all required EPA ID numbers and manifesting credentials.

What auditors look for: Current permits on file, a complete and updated legal register cross-referenced to your actual operations, and documented waste determinations for your material streams.

Common pitfall: Many recyclers assume their broker or downstream vendor handles export compliance. Under R2v3, you are responsible for verifying it — documented due diligence is required.

CR 3: Environmental Health & Safety (EH&S) Focus Areas

What it requires: CR 3 is the most operationally intensive Core Requirement. It addresses the specific environmental and safety hazards inherent in electronics recycling and requires documented controls, testing, and monitoring programs.

Key obligations under CR 3:

EH&S Risk Assessment: A documented assessment of all significant EH&S risks associated with your operations — from shredding dust to chemical exposure.
Air Emissions Monitoring: If your operations generate regulated air emissions (e.g., from CRT processing, smelting, or shredding), you must have documented monitoring in place.
Stormwater Management: Facilities with outdoor storage or processing must have a Stormwater Pollution Prevention Plan (SWPPP) that is current and implemented.
Spill Prevention: Documented spill prevention and response procedures, including training records.
Noise & Dust Controls: Engineering and administrative controls for worker exposure to noise, lead dust, and other hazards endemic to e-scrap processing.
Personal Protective Equipment (PPE): A written PPE program with documented hazard assessments (tied directly to ISO 45001 requirements as well).

What auditors look for: Auditors walk the floor on CR 3. They are looking for consistency between your written procedures and actual observed practice. If your SOP says workers wear N95 respirators when breaking CRTs but auditors see workers without them — that's a major nonconformance.

Citation Hook: Studies by NIOSH have found that electronics recycling workers can be exposed to lead dust concentrations exceeding OSHA's Permissible Exposure Limit (PEL) of 50 µg/m³ without adequate engineering controls, underscoring why CR 3 air quality monitoring is a non-negotiable R2v3 obligation.

Common pitfall: Inadequate linkage between your ISO 45001 hazard identification process and your R2 EH&S risk assessment. These documents should reference each other explicitly.

CR 4: R2 Focus Materials

What it requires: This is the heart of R2v3. Focus Materials are specific categories of electronics components and substances that pose elevated environmental or human health risk. R2v3 defines how each Focus Material must be managed, processed, tested, and tracked.

The R2v3 Focus Materials are:

Focus Material	Primary Concern	Key Handling Requirement
CRT Devices & Glass	Lead, Barium	Documented testing; approved downstream only
Mercury-Containing Equipment	Mercury vapor	Intact removal; certified recycler downstream
Batteries (all chemistries)	Fire, heavy metals	Segregation; fire suppression procedures
Toner Cartridges	Particulate exposure	Contained processing
Lamps (fluorescent, HID)	Mercury	Intact management; EPA lamp standard compliance
PCBs with Capacitors pre-1979	PCBs (polychlorinated biphenyls)	Hazardous waste management
Whole Devices containing Focus Materials	Compound risk	Tracking through the downstream

Key obligations under CR 4:

Documented Downstream Due Diligence: For every Focus Material you send downstream, you must have a documented vendor qualification — including confirmation that the downstream facility meets R2v3 or equivalent environmental standards.
Tested Quality Grades: R2v3 introduces specific testing and grading requirements for electronics being resold for reuse. Devices must be tested to documented functionality standards before being remarketed.
Chain of Custody: You must be able to trace every Focus Material from receipt through final disposition. This requires robust data tracking — weights, downstream vendor, date, and disposition type.
No Landfill or Incineration for Focus Materials: R2v3 explicitly prohibits disposal of Focus Materials in landfills or municipal incinerators (with limited exceptions for residual contamination).

What auditors look for: Transaction records. Auditors will pull specific Focus Material transactions and trace them end-to-end. They will request downstream vendor qualification files and verify they are current (within 12 months). They will also look at your testing records for remarketed devices.

Common pitfall: Downstream vendor qualification files that are outdated or incomplete. I've seen facilities lose their certification — or come very close — because a key downstream vendor's R2 certificate had lapsed and no one caught it.

CR 5: Data Security

What it requires: CR 5 mandates a documented data security program that protects the personal and organizational data stored on electronic devices and storage media processed by your facility. This is an area where R2v3 significantly expanded on prior versions.

Key obligations under CR 5:

Data Security Policy: A written, management-approved policy covering all storage media processed.
Data Destruction Methods: Documented procedures for each method used — overwriting (to NIST SP 800-88 or equivalent standard), degaussing, or physical destruction. R2v3 requires that destruction methods be appropriate to the sensitivity of the media.
Certificate of Data Destruction (CoDD): You must issue CoDD documents to customers. These must include specific data points: device serial/asset number, method of destruction, date, and name of the person certifying destruction.
Chain of Custody for Storage Media: All storage media must be tracked from receipt to final destruction. Gaps in chain of custody are a serious finding.
Employee Training: All personnel who handle storage media must be trained on your data security procedures — with documented training records.
Audits of Data Security Process: Internal audits must specifically cover your data security program at least annually.

What auditors look for: They will request sample CoDD documents and verify they contain all required fields. They will trace specific media through your system. They may also ask employees — on the floor, without warning — to describe your data destruction procedure.

Common pitfall: Issuing generic CoDD documents that lack serial/asset numbers or method-specific language. These are non-conforming on their face.

CR 6: Facility & Worker Conditions

What it requires: CR 6 addresses the physical conditions of your facility and the welfare of your workers. While some of this overlaps with ISO 45001 obligations, CR 6 adds R2-specific requirements around facility organization, security, and working conditions.

Key obligations under CR 6:

Facility Security: Documented access controls for areas where Focus Materials, storage media, and high-value electronics are handled. This includes visitor logs, locked storage, and surveillance systems where appropriate.
Housekeeping Standards: Facilities must be maintained in a manner that prevents cross-contamination of material streams and reduces EH&S risk. Auditors look at 5S or equivalent organizational systems.
Worker Rights & Conditions: R2v3 explicitly references International Labour Organization (ILO) standards. You must document that workers are not subject to forced labor, child labor, or unsafe working conditions.
Training Programs: Documented training for all workers on EH&S hazards, data security, and Focus Material handling — with records retained.

What auditors look for: A clean, organized, secure facility where workers can articulate their roles in the R2 program. Auditors pay particular attention to Focus Material storage areas.

CR 7: Financial Responsibility

What it requires: CR 7 requires that your organization demonstrate financial responsibility for the environmental obligations associated with your operations — specifically, the potential costs of managing Focus Materials if your business were to cease operations.

Key obligations under CR 7:

Financial Assurance Mechanism: You must have a documented mechanism — such as an insurance policy, letter of credit, trust fund, or corporate guarantee — that covers the estimated cost of responsibly managing all Focus Materials currently on-site.
Inventory Valuation: Annual (at minimum) documented estimate of the quantity and cost to manage all Focus Materials currently held at your facility.
Disclosure: The financial assurance documentation must be available to your certification body on request.

What auditors look for: A current (within 12 months), documented financial assurance mechanism that is plausibly sufficient to cover your on-hand Focus Material inventory. They will cross-reference your inventory records to your financial assurance amount.

Common pitfall: Facilities that have a financial assurance document but haven't updated the coverage amount in years, while their business has grown significantly. The coverage must reflect current inventory levels.

CR 8: Business Transparency & Anti-Corruption

What it requires: CR 8 is the newest and most distinct Core Requirement in R2v3. It requires certified facilities to operate with transparency and to have documented anti-corruption controls — a reflection of R2's global reach and the importance of supply chain integrity in the electronics recycling sector.

Key obligations under CR 8:

Anti-Corruption Policy: A documented policy prohibiting bribery, fraud, and corrupt practices — signed by top management and communicated to all employees.
Conflict of Interest Disclosures: Documented procedures for identifying and managing conflicts of interest, particularly in vendor selection and downstream qualification.
Transparency in Reporting: Accurate and transparent reporting to your certification body, including timely disclosure of significant changes in operations, ownership, or legal status.
Whistleblower Protections: A mechanism — such as an anonymous hotline or reporting process — for employees to report potential violations without fear of retaliation.

What auditors look for: A genuine, communicated anti-corruption policy with evidence that it's been trained on and implemented. Auditors will also look for any red flags in your downstream vendor selection process that might suggest undisclosed relationships.

How the Core Requirements Work Together

One of the most important things I tell every client at Certify Consulting is this: the Core Requirements are not a checklist — they're an integrated system. Your ISO 14001 environmental management system must reference your CR 2 legal register. Your ISO 45001 hazard analysis must feed your CR 3 risk assessment. Your CR 4 downstream due diligence must connect to your CR 7 financial assurance inventory.

Auditors — particularly experienced ones — look for this integration. A facility where each requirement exists in its own silo, with no cross-references, is a facility that hasn't truly implemented R2v3.

Citation Hook: Facilities that integrate their R2v3 Core Requirements into a unified management system — rather than maintaining siloed documentation — consistently demonstrate lower rates of major nonconformances at initial certification audits, according to patterns observed across SERI-accredited certification body audits.

R2v3 Audit Readiness: A Pre-Audit Checklist

Before your Stage 2 audit, run through this checklist to pressure-test your readiness:

Checkpoint	CR	Status
Scope statement is specific and accurate	CR 1	☐
Legal register updated within last 12 months	CR 1, CR 2	☐
All permits current and on file	CR 2	☐
Hazardous waste determinations documented for all streams	CR 2	☐
EH&S risk assessment completed and current	CR 3	☐
Air/noise/dust monitoring records in file	CR 3	☐
All Focus Material downstream vendors qualified within 12 months	CR 4	☐
Focus Material chain of custody records complete	CR 4	☐
Data destruction CoDD template contains all required fields	CR 5	☐
Storage media chain of custody records complete	CR 5	☐
Facility access controls documented and functional	CR 6	☐
Financial assurance mechanism current and sufficient	CR 7	☐
Anti-corruption policy signed, trained, and filed	CR 8	☐

Working With an R2v3 Consultant

R2v3 is achievable — but it is not simple. The integration of three simultaneous standards (R2v3, ISO 14001, ISO 45001), the specificity of Focus Material tracking, and the operational rigor of CR 3 and CR 5 make this one of the most complex certifications in the recycling industry.

At Certify Consulting, I work with facilities at every stage — from pre-assessment gap analysis through certification and ongoing surveillance audit support. Whether you're building your management system from scratch or preparing for a recertification audit, a structured, clause-by-clause approach is the fastest path to certification.

Learn more about our R2v3 certification consulting services or explore our R2v3 gap assessment process to understand exactly where your facility stands today.

Last updated: 2026-04-10