What Is a Legal Register and Does My Business Need One?

Ensuring your organisation is up-to-date with legislation that impacts its operations, activities and procedures is a fundamental cornerstone in ensuring compliance and meeting global standards such as ISO 14001, ISO 45001 and ISO 27001. A legal register plays a vital role in collating all relevant legislation and regulations, outlining compliance duties and facilitating access to compliance evaluation records.

With the regulatory landscape constantly evolving and changing business needs, a poorly maintained legal register can spell trouble for any business. Without a disciplined approach to creating and maintaining a legal register, it can quickly become an inaccessible, disjointed and ineffective catch-all that fails to keep your organisation informed, up-to-date and compliant.

Creating a legal register correctly will ensure your organisation is up to date with relevant legislation and provides an effective way to ensure compliance without wasting time or resources.

A legal register provides access to current legislation and regulations that your business must comply with. This list of legal instruments is determined by factors such as:

• Location – This concerns legal instruments that affect the geographic areas in which your business operates, such as construction sites in specific countries or premises and environments including offices or warehouses. Activities, such as handling hazardous materials or managing personal data, may be covered by different legislation depending on the location of the activity.
• Operations – This is legislation that covers business activities, such as manufacturing or insurance services. What your business does and how it operates will be affected by different forms of legislation.
• Structure – This includes factors such as the size of your business, the industry sector it operates in, turnover and staffing numbers. Some regulations only apply to specific types or sizes of company, such as corporations or SMEs with a certain number of employees.

Businesses operating within more regulated sectors such as the environment, information security, data protection and health and safety will benefit from implementing a legal register.

Forget binders overflowing with paper documents, copies of legislation and manually created compliance records.

Though it is possible to create a legal register in little more than a spreadsheet, modern legal registers are agile, on-demand document and record-keeping systems – typically stored on a server or as part of a cloud platform – that store legal instruments and compliance records relevant to an organisation and its activities, premises, territories and industry sectors it operates in.

Modern, automated on-demand legal registers such as Activ Comply have streamlined the creation and maintenance of a legal register. To ensure it is up-to-date, Activ Comply provides dedicated access to an in-house legal team that evaluates new legislation and integrates new compliance requirements into the register along with real-time alerts.

Legal registers are usually required as part of ISO management systems, such as environmental (EMS), information security (ISMS) and occupational health and safety management systems (OHS). Some international standards such as ISO 14001, ISO 27001 and ISO 45001 mandate a legal register as part of certification.

While there is no general legal requirement for organisations to build and maintain a legal register, it is good practice and is a major plank in an organisations’ risk management strategy.

A legal register can help ensure organisations can:

• Have clarity about how legislation and regulations affect each part of their business operations.
• Provide effective and controlled access to relevant legislation by leaders, managers, contractors, employees and teams.
• Demonstrate compliance to stakeholders, including investors, customers and enforcement agencies.
• Reduce the risk of legal action, fines and penalties resulting from not adhering to required regulations.
• Meet the legal compliance standards required to achieve ISO certification in certain ISO standards.

It’s tempting to collect all and any regulations that may impact your business into a register. However, that can become unwieldy to use, and a more structured approach to creating an effective register should be followed.

A good legal register should include:

• Relevant legislation – this is legislation that affects your organisation and is usually compiled by a compliance officer or risk manager. Services such as Activ Comply use in-house legal teams to conduct and regularly update this list.
• Compliance details – specific requirements from the legislation or regulation that your business needs to comply with.
• Definitions – clear descriptions of legal and regulatory terms so teams and employees can understand them.
• Legislation documents – either the legislation or links to the legislation or regulations, such as legislation.gov.uk.
• Supplementary information – links to useful sources such as industry analysis.
• Compliance information – records of evaluation assessments against regulations, such as risk assessments and policy or procedure reviews.

It’s important to create a focused, effective legal register, so you should avoid including:

• Information that isn’t directly useful or relevant in detailing and complying with regulations.
• Revoked legislation that is no longer law or has been superseded with updated regulations.
• Irrelevant regulations such as ones that do not apply to your business, such as due to its size or where it operates.

It’s important that the register is regularly updated with new legislation or amendments to regulations, and that those changes are effectively cascaded to relevant teams and locations. New compliance evaluations should be undertaken and recorded when new regulations come into force.

This can be a time-consuming task. In-house risk management, legal or compliance teams are often responsible and need to routinely scour new regulations, trade and industry press and track legal developments. They will need to translate that into the register and manually alert affected areas of the business.

Options such as Activ Comply remove the hassle, cost and time from this process. Its on-demand system uses a team of in-house ISO lawyers that review the thousands of regulatory changes and update your legal register in real-time, sending out alerts and ensuring your business remains compliant.

If your business operates in regulated sectors or conducts regulated activities, then it makes sense to create a legal register.

If you have or are seeking ISO certification, then some ISO standards require that legal regulations are accessible and compliance evaluations are conducted as part of the management system, including:

• ISO 14001 environmental management systems (EMS)
• ISO 45001 occupational health and safety management systems (OHS)
• ISO 27001 information security management system (ISMS)
• ISO 50001 energy management system (EnMS)

Each ISO standard has specific requirements regarding the legal register format. While the ISO specifications don’t reference the term ‘legal register’, this has become the catch-all term to describe the need for an organisation to determine and ensure access to up-to-date legal requirements and compliance obligations.

Even if you’re not seeking ISO certification, a legal register can pay dividends in ensuring compliance, protecting your organisation from regulatory penalties and enhancing its reputation with customers and stakeholders.