Is it an NC if Legal register contained outdated legislation?

The organization is required to identify legal and other requirements relevant to its operations. It of course is expected that current requirements be identified. Not doing so would typically result in nonconformance issued to 4.3.2 of ISO 14001:2004.

 

Neither 17021 or 19011 is going to be of any use for questions like this. 17021 is for rules registrars must follow, and 19011 addresses competence. Even the Technical Committee's web site ISO/TC 207/SC 1 does not specifically answer your question. Registrars may have internal procedures and/or provide training on the question, but the client has little or no visibility to that.

It leaves us, then, to ask ourselves "Why would we want to list outdated regulatory requirements?"
- Are the permits written to previous version(s)?
- Do municipalities apply additional requirements that do not match federal regulations?
- Are the requirements' changes in a phase-in period?
- Is the site "grandfathered" in writing to a previous requirement?

There may be other factors, but I can't think of any. Absent any of these or likewise documented exceptions, I would expect a first, second or third party auditor to issue nonconformance if an organization is not adhering to current requirements. It isn't just about the standard. It is about the law, and oh yes the standard asks us (in so many words) to recognize and obey the law.

 

I have noticed that the question was originally asked under the 2004 version of the standard.

Therefore, 4.3.2 Legal and other requirements applies. It requires a procedure (it does not say the procedure must be documented) to identify, have access to and determine how legal and other requirements apply to your environmental aspects.

The register (list) does not need to be a controlled document either. I have seen clients use an aspects and impacts "register" with a column added to list applicable legal/other codes, and compliance calendars with the same approach. Such documents can be tools: "living documents" with limited access and Track Changes turned on to identify who changed which cell and when. A process owner can make updates when receiving news of a change in requirements - there is no need, indeed it is not acceptable to wait for a 2 or 3 year periodic review such as documented procedures very often have. If the law changes and is enacted/if your permit changes etc., a controlled document's periodic review schedule will not (should not) save you from a nonconformity.

I have seen the compliance calendar used as a very good type of Evaluation of compliance checklist. Its process owner can periodically (I usually see it done annually) review the codes to see if the required process controls, measurements and reporting are current in their definition, have been performed properly and in a timely way, even if required training (such as for handling hazardous waste) has been kept up. This activity, which is done periodically but is not required to be done all at one time, is called Evaluation of compliance as per 4.5.2. A record of the evaluations can be kept on a separate tab, in internal audit records (why not do some of this evaluation of compliance as part of internal audit?) and even during Management Review if the persons are knowledgeable enough and have the needed time and information to do so.