The Ultimate Guide on EUDR Compliance

What must operators and traders do?

The European Deforestation-free Regulation (EUDR) is becoming more and more concrete as its enforcement approaches. Across various industries, companies are compelled to either establish or reinforce their supply chain traceability and due diligence protocols to align with the law.

While concerns have surfaced among member states, producing countries, and international industry groups regarding the applicability of the Regulation, EUDR is here to stay and it is important to start focusing on how to best comply with it.

A question businesses keep asking is: What needs to be done to achieve EUDR compliance? In this blog post, we dig deeper into the mandatory steps to meet the new requirements and face compliance audits with confidence.

But before reading further, make sure to get an understanding of what the Regulation is about and its scope such as which goods are impacted and who are the market players subject to compliance.

EUDR Requirements

The EU Deforestation-free Regulation sets out clear obligations for companies that want to import to, export from, place or make available in the European market specific goods (Article 3). These are:

  • Deforestation-free: The production of goods did not cause deforestation or forest degradation after 30th Dec 2020, regardless of whether the deforestation or forest degradation was legal according to the applicable legislation in the country of production.
  • Legally produced: The goods are produced in accordance with the relevant legislation of the country where the production took place.
  • Due Diligence: The goods are covered by a due diligence statement, that is based on a due diligence risk assessment, to be shared with authorities prior to the shipment of the concerned goods to the European market.

To understand the logic, notice that the third requirement demands companies to submit a due diligence statement, which stems from a due diligence risk assessment and therefore becomes indispensable to prove compliance with the first and the second requirements.

EUDR defines the “relevant legislation of the country of production” as the set of laws pertinent to the country where the goods are produced. As quoted from the official text, the scope of interest is as follows:

  • land use rights,
  • environmental protection,
  • forest-related rules, including forest management and biodiversity conservation where directly related to wood harvesting,
  • third parties’ rights,
  • labour rights,
  • human rights protected under international law,
  • the principle of free, prior and informed consent (FPIC), including as set out in the UN Declaration on the Rights of Indigenous Peoples,
  • tax, anti-corruption, trade and customs regulations.

This means that while the name of the regulation implies a focus on deforestation only, it should be stressed that not only does it address forest degradation, but also that legal production in the country of origin, legal trade and compliance with social and human rights requirements, including anti-corruption laws and respect of indigenous communities, are also in the scope of EUDR.

It is also an important reminder that the companies must not import to, export from, place or make available in the EU market the concerned goods if (Article 4, paragraph 4):

  • The goods do not comply with the legislation (e.g. they caused deforestation or their production was not managed according to the legal framework).
  • The due diligence statement indicates a non-negligible risk connected to those goods.
  • The company did not submit a due diligence statement reporting all necessary information prior to the shipment.

Who must exercise due diligence?

There are two types of market players that EUDR addresses, operators and traders. The former are importers of relevant commodities and products into the European market, exporters of relevant commodities and products from the European market, or companies transforming the relevant commodities and products from one in-scope HS code into another in-scope HS code and placing them on the European market for the first time. The latter are dealers and distributors that do not import, export or transform relevant commodities or products, but are involved in their trade and distribution in the European market.

The responsibility to carry out due diligence falls mainly on operators and non-SME traders, who must assess the risk in their supply chains to ensure that the relevant commodities are not linked to deforestation, forest degradation, or illegal practices. On the other side, SME traders can benefit from a less complicated compliance process, demanding them only to provide the reference number of the due diligence statement, to store the relevant information and to pass it on to the operators or the competent authorities upon request.

In the next paragraphs, we will have a look at the due diligence requirements for operators and non-SME traders, along with related exceptions, while in the final part of the article we will discuss the obligations of SME traders.

What does it mean to exercise due diligence?

EUDR (Article 8) describes three main actions that operators and non-SME traders must complete to carry out the necessary due diligence. These steps are:

  • Data Collection: Information gathering on the supply chain of your products, including information on the geographical location and the period of primary agricultural or forestry production.
  • Risk Assessment: Evaluate the information collected to assess the risk that your products are associated with deforestation, forest degradation or illegality, including human rights. The assessment can result in non-negligible risk as opposed to no risk being present or negligible risk. In the first case, the company must mitigate the risks identified before placing the assessed goods on the market; in the second and third cases, the goods are compliant with EUDR and can be marketed.
  • Risk Mitigation: Implementing coherent measures to reduce non-negligible risks to negligible or no risk. These measures may include obtaining further information, conducting independent surveys, laboratory analyses, field audits, suppliers’ training and supply chain interventions.

In the next paragraphs, we will take a look at the three steps in more detail.

Data Collection

Article 9 of the EUDR official text describes the information that must be gathered and made accessible to competent authorities upon request to meet due diligence obligations. The collected information must be stored for 5 years to allow future audits. The following list provides a detailed overview of the types of data mandated by the Regulation.

  1. The product description, including trade name, product type, and, for wood-based products, both common and scientific names of the wood species used. It should also list all relevant commodities or products contained or used in their production.
  2. The quantity of products, which should be expressed in kilograms of net mass, with supplementary units as specified in Annex I to Council Regulation (EEC) No 2658/87, against the determined HS code. For all other cases, quantity can be expressed in net mass, volume or number of items.
  3. Country of production and relevant parts concerned.
  4. Geolocation data of all production plots for the commodities used in the product, along with production dates or time ranges. If a relevant product contains relevant commodities sourced from different plots of land, all land plots concerned must be included in the due diligence. Deforestation or forest degradation on any plot automatically disqualifies related commodities/ products. For cattle-related products, geolocation data should include all places where the cattle has been held.
  5. Contact details of all suppliers, including name, postal address, and email address.
  6. Details of recipients, including name, postal address, and email address.
  7. Assurance that the products are deforestation-free, backed up by conclusive and verifiable evidence.
  8. Evidence of compliance with relevant legislation in the country of production, including rights to land use, is required for all relevant commodities.

Theoretically, the necessary information can be gathered through emails and compiled manually by one or more internal resources. However, managing the entire process – including coordinating multiple suppliers, aggregating different information types, ensuring that the data is complete and reliable and organising it to facilitate the next phases requires an incredible amount of time and energy that can be drastically reduced through the assistance of a digital platform.

Tropical forest in morning light with mist

Risk Assessment

What is now to be done with all the data collected? The next phase consists of assessing the risk of non-compliance connected to the concerned products by examining the documents collected.

The risk assessment must be based on the principles listed below:

  1. The risk assigned to the country of production or its parts (Article 29).
  2. Identification of forests within the country of production or its parts.
  3. Presence of indigenous peoples within the country of production or its parts.
  4. Genuine consultation and cooperation with indigenous peoples within the country of production or its parts.
  5. Evaluation of valid claims by indigenous peoples, supported by objective and verifiable evidence, regarding land use or ownership where relevant commodities are produced.
  6. Assessment of deforestation or forest degradation prevalence within the country of production or its parts.
  7. Assessment of the reliability, validity, and sources of information gathered during the first step of data collection, in accordance with Article 9 (1), along with their interlinkages.
  8. Consideration of concerns regarding the country of production and origin, such as corruption levels, document falsification, law enforcement issues, human rights violations, armed conflict, or the presence of UN Security Council or EU Council sanctions.
  9. Evaluation of supply chain complexity and product processing stages, especially challenges in tracing products to specific production plots.
  10. Analysis of risks related to regulation circumvention or mixing with products of unknown origin or from deforested areas.
  11. Consideration of conclusions from Commission expert group meetings supporting Regulation implementation, available in the Commission’s expert group register.
  12. Examination of substantiated concerns under Article 31 and records of non-compliance by operators or traders in the supply chain with Regulation requirements.
  13. Assessment of any information indicating non-compliance risks with relevant products.
  14. Supplementary data on Regulation compliance, potentially sourced from certified or third-party verified schemes, including voluntary schemes recognised by the Commission under Article 30(5) of Directive (EU) 2018/2001, provided they adhere to Article 9 criteria.

Companies must carry out risk assessments at least once per year and be able to illustrate the data collection process, and how the level of risk was determined based on the relevant information and documents.

Risk assessment involves a deep understanding of the Regulation itself, but also an in depth understanding of the documentation provided and the bureaucracy surrounding global primary production and trade. The uncertainty about what and how to verify the data can expose businesses to the risk of compliance failure. On top of that, they must consider several factors, starting from suppliers’ preparedness to adapt their processes to the new legislation, their proactiveness, and inevitable language barriers.

Again, assistance from expert traceability professionals is beneficial to avoid inefficiencies, bad headaches and, especially, non-compliance.

Risk Mitigation

As previously mentioned, risk mitigation measures apply only in cases where the risk assessment resulted in a non-negligible risk. In the case where no risk or negligible risk is found, companies can import to, export from, place to or make available in the EU market the concerned products.

According to Article 11, initiatives that qualify as risk mitigation interventions include obtaining further information, organising independent surveys, laboratory analyses, on-site audits, suppliers’ training, and supply chain modifications, for instance by choosing different suppliers or through capacity building and investments.

EUDR also states that on one side companies must set up a structured risk mitigation system, comprising policies and control procedures, on the other side they must be scrutinised by an independent audit function. Regarding non-SME operators, it is also required to appoint a compliance officer at management level.

Likewise, the risk assessment procedures and risk mitigation measures must be reviewed at least once per year. In addition, companies must be able to prove the rationale of the basis of the decisions making process regarding the risk mitigation initiatives.

It can all feel overwhelming, but with the right processes in place and the right partner by your side, risk mitigation requirements can be streamlined and integrated into the current business operations with little effort or expenditures.

Do you have questions?

Reach out to us by filling in this section and specifying your needs in the message so that we can select the most appropriate expert to get back to you, based on your requirements.

What to do after carrying out due diligence?

Companies carrying out due diligence, i.e. the three-step process explained above, are required to make available a due diligence statement to authorities. The due diligence statement is a purely administrative document that must be submitted through the EU information system by operators, non-SME traders or their authorised representatives.

The EU information system, which has been tested from the middle of December 2023 to the end of January 2024, plays a vital role in simplifying the collection and management of the due diligence statements, given the large amount of documents expected.

In general, a due diligence statement must encompass the aspects described in Annex II of the EUDR official text, along with a confirmation that due diligence has been exercised and no risks or only negligible risks have been identified (Article 4, paragraph 2).

Please keep in mind that some but not all information required in the due diligence system must be included in the due diligence statement. The aspects highlighted in Annex II that must be present are:

  1. Operator’s name and address.
  2. If applicable, the Economic Operators Registration and Identification (EORI) number (see Article 9 of Regulation (EU) No 952/2013).
  3. Information gathered during the data collection phase:
    • The description, including HSC and free text, the trade and scientific (if possible) names of the product the company intends to place on the market or export.
    • The quantity of products, which should be expressed in kilograms of net mass, with supplementary units as specified in Annex I to Council Regulation (EEC) No 2658/87, against the determined HS code. For all other cases, quantity can be expressed in net mass, volume or number of items.
    • Country of production and relevant parts concerned.
    • Geolocation data of all production plots for the commodities used in the product, but there is no need to include production dates or time ranges. If a relevant product contains relevant commodities sourced from different plots of land, all land plots concerned must be included in the due diligence. Deforestation or forest degradation on any plot automatically disqualifies related commodities/ products. For cattle-related products, geolocation data should include all places where the cattle have been held.
  4. The reference number of the existing due diligence statement, in simplified cases (Article 4, paragraphs 8 and 9).
  5. The following statement, quoted directly from the official text: “By submitting this due diligence statement the operator confirms that due diligence in accordance with Regulation (EU) 2023/1115 was carried out and that no or only a negligible risk was found that the relevant products do not comply with Article 3, point (a) or (b), of that Regulation.”.
  6. The following signature format, as stated in the official text:
    • “Signed for and on behalf of:
      Name and function: Signature”

Once the due diligence statement is ready, it can be exported in a standard format and uploaded to the EU information system to be shared with authorities. The due diligence statement is not sufficient by itself to be EUDR compliant. It must be based on a due diligence risk assessment that demonstrates negligible or no risk of deforestation and illegality for the relevant product or commodity.

Setting up and maintaining a due diligence system

Following the constraints imposed by EUDR, all companies that must comply with the new regulation must put in place a structured due diligence system to exercise due diligence. The system must be reviewed at least once per year and updated based on necessary improvements. These updates, and all documentation collected through or related to the due diligence system must be stored for a minimum of five years and shared with authorities when demanded.

Non-SME companies are required to publicly report on their due diligence systems, comprising also the actions taken to fulfil the obligations outlined in Article 8. With the aim to avoid double reporting, if these companies are already subject to other EU or member state legislations addressing human or environmental rights, they can integrate the necessary documents for EUDR compliance as part of their reporting for those legislations.

The EUDR reporting must include the following information:

  • A summary of the data gathered during the initial data collection process, including a description of the consultation process with the local indigenous or civil communities in the country of production, where applicable.
  • The result of the conducted risk assessment and the undertaken risk mitigation measures, as well as the documentation of the criteria used to evaluate the level of risk.

Exceptions related to operators’ requirements

SME operators benefit from an exception (paragraph 8 of Article 4, EUDR), stating that they are not required to issue a due diligence statement for relevant products or commodities for which a due diligence statement has already been submitted to authorities. They shall only present the reference number of the due diligence statement if requested by competent authorities. 

There exists a second exception that is worth mentioning. To avoid double due diligence, EUDR declares that in case of non-SME operators further down the supply chain, meaning those companies that are not importers or exporters but ‘transformers’ of relevant products and commodities, can use the due diligence carried out earlier in the supply chain by other operators and submit the relevant reference number for the parts of their relevant products that were already subject to due diligence. 

In both cases, not only do companies remain obliged to ascertain that due diligence was performed, but it is of the utmost importance that they are also able to track this data and easily retrieve it when needed. 

Simplified due diligence

The responsibilities imposed on operators, non-SME traders, and authorities are contingent upon the risk assessment of the production country or region, determined by a benchmarking system administered by the EU Commission. This system categorises countries into low, standard, or high-risk zones based on their likelihood of producing raw materials or goods that aren’t free from deforestation or fail to adhere to the production country’s legislation. Consequently, this classification influences the severity of due diligence obligations, with requirements being streamlined for products originating from low-risk regions and tightened for those from high-risk regions.

In the case of low-risk regions and countries, operators can benefit from simplified due diligence. This consists of avoiding the risk assessment and risk mitigation steps if it emerges from the data collection that the country which the companies are sourcing from is low-risk. In particular, operators only need to store documentation that proves the negligible risk that EUDR has been infringed and that the relevant products have been mixed with goods from standard- or high-risk countries.

At the time of writing this article, it is still unclear whether the EU benchmarking system will address the deforestation and all legality requirements of EUDR or if it will only cover deforestation or parts of the legality requirements.

What must SME traders do?

As we mentioned, the burden of EUDR compliance lies mostly on the shoulders of the operators and non-SME traders, which are considered equally due to their market influence. SME traders, on the other hand, can expect a more simplified responsibility.

The step in common is the data collection activities, in this case, related to the name, trade name or trade-mark, physical address, email address and, when applicable, the website of all operators and traders who supplied the concerned goods to them or to whom they supplied the concerned goods, alongside the reference number of related due diligence statements.

Radix Tree For All Industries

RADIX Tree is the end-to-end solution that allows you to manage your EUDR compliance in one single place.

At Global Traceability Solutions, we solve regulatory and supply chain complexity with a simple yet effective solution, RADIX Tree, an intuitive platform that combines flexibility with smart automation, while being able to manage simultaneously multi-compliance frameworks. It allows you to map your entire supply chain, offering you full control of your order pipelines and traceability data.

If you want to learn more about how RADIX Tree can help you comply with EUDR and other supply chain regulations, we can provide a free demo (from 30 min to 1 h) to explain our approach and how the tool works.