EPA Finalizes TSCA CBI Rule

On June 7, 2023, EPA finalized a rule (88 Fed. Reg. 37155) that puts forth new and amended requirements for parties asserting confidential business information (“CBI”) claims under the Toxic Substances Control Act (“TSCA”). The new rule details specific procedures for the regulated community to submit and support CBI claims and for the Agency to review CBI claims and communicate their determinations to submitters. Additionally, the rule reorganizes existing provisions of the CBI regulations.

The following are the most substantial changes to procedures for submitting and supporting CBI claims under TSCA:

Substantiation Requirements Applicable at Time of Submission

The rule requires that confidentiality claims be asserted and substantiated at the time of submission; substantiation data requires submissions of supporting statements and certification, including but not limited to asserting that the party has taken reasonable measures to protect the confidentiality of the information, and a reasonable basis to believe that the information is not readily available through reverse engineering. (40 CFR 703.5(a)).

Supporting Statement and Certification

Certification of CBI claims is required at the times the statements are submitted.  Submitters will be required to answer a number of questions, many or all of which have been used for some time in EPA’s CBI substantiation templates and certain CDX submissions (e.g., CDR).  Submitters should note that certifications are submitted under penalty of perjury; any knowing and willful misrepresentation is subject to criminal penalty pursuant to 18 U.S.C. § 1001.

Electronic Reporting

The final rule mandates that short of very limited exceptions, all CBI claims must be submitted electronically. This requirement is detailed in 40 CFR 703.5(f). Parties should be particularly conscious of this with TSCA Section 8(e) reporting, notifications under TSCA Section 12(b), and polymer exemption notices under TSCA Section 5 because this rule is the first mandating these types of reporting are to be done electronically.

Requirement to Report Health and Safety Information Using Organization for Economic Cooperation and Development (“OECD”) Harmonized Templates

Under the final rule, health and safety information must be provided using OECD harmonized templates. This is in addition to existing requirements that require submitters to provide a full study report. According to the Federal Register notice, the Agency will elaborate on instructions for including OECD harmonized template files (e.g., currently acceptable file types and IUCLID software versions). This requirement can be found at 40 CFR 703.5(g).

Maintenance and Withdrawal of Confidentiality Claims

EPA is requiring that, going forward, company contact information be kept up to date through CDX. When contacting a submitter concerning confidentiality claims, EPA will contact the submitter either through CDX directly or using the contact information provided by the submitter in CDX. When a confidentiality claim is being reviewed, a notice of the review and opportunity to substantiate or re-substantiate the confidentiality claim will be sent to the submitter using the information provided in CDX. Often, this will be done by sending the submitter an email from a CDX account notifying them that a document is available for download from CDX, which is why it is particularly important to have up-to-date information within the CDX platform. The details of this requirement are within 40 CFR 703.5(h).

EPA has also detailed the process for voluntarily withdrawing confidentiality claims submitted either in CDX or by other means. (40 CFR 703.5(i)). For CDX-submitted claims, the submitters must remove confidentiality markings, revise their documents, and resubmit these documents in CDX. For submissions not originally submitted through CDX, there is now a process for withdrawing the CBI claims through CDX using document-identifying details.