This guide supports entities to:

• navigate the EU’s Deforestation Regulation (EU) 2023/1115 (EUDR)) 
• go beyond EUDR compliance to commit to higher ambition deforestation- and conversion-free practices
• address deforestation in supply chains and ensure that products are deforestation-free
• gather essential information from suppliers and establish frameworks for due diligence
• use their contracts and contract management processes to operationalise deforestation-free supply chain due diligence, high quality information gathering, reporting and independent verification.

Key definitions

Show key definitions

We use the following defined terms in this guide:

Annex I means Annex I to the EUDR unless defined otherwise in this guide.

Annex II means Annex II to the EUDR unless defined otherwise in this guide.

Commission’s EUDR Guidance means the EU Commission’s non-binding Guidance Document for Regulation on Deforestation-Free Products  published in August 2025. 

Country of Production refers to the country or territory where the Relevant Commodity (including the Relevant Commodity when used in the production of, or contained in a Relevant Product) was produced.

DDS means the Due Diligence Statement required under the EUDR. There is a specific template required for the DDS which must be filed with the EU’s Information System.

Deforestation-free means the EUDR specific definition of ‘deforestation-free’. This means that the Relevant Product contains, has been fed with or has been made using Relevant Commodities that were produced on land that has not been subject to deforestation after 31 December 2020.

In the case of Relevant Products containing or made using wood, it means the wood was harvested from the forest without inducing forest degradation after 31 December 2020.

This December date aligns with international commitments such as those set out in the Sustainable Development Goals.

[Note: The 31 December 2020 cut-off date corresponds with international commitments set out in the Sustainable Development Goals and the New York Declaration on Forests. These international commitments, under which pursue ambitions to halt deforestation, restore degraded forests and substantially increase afforestation and reforestation globally.]

Entity or Entities means any natural or legal person (meaning both individuals and organizations) acting in the course of a commercial activity (for example supplying goods in a business-related context whether in return for payment or free of charge) to commercial or non-commercial consumers, or for use in the operations of the person or organization itself. Non-profit organizations are also capable of carrying out commercial activities.

EUTR means the EU’s Timber Regulation (EU) 995/2010.

Information System refers to the EU’s online filing and data collection system specific to the EUDR. It contains the DDS filed by Entities and will be accessible by regulators and customs authorities, among others. It shall be used by operators and traders, and if applicable, their authorised representatives, for submitting and managing Due Diligence Statements and verifying the validity of reference numbers.

Negligible risk refers to the level of risk that applies to Relevant Commodities and Relevant Products, where, on the basis of a full assessment of product-specific and general information, and, where necessary, of the application of the appropriate mitigation measures, those commodities or products show no cause for concern as being not in compliance with EUDR Article 3, point (a) or (b) (that is, deforestation-free and produced in accordance with the relevant legislation of the Country of Production).

Operator refers to any natural or legal person who, in the course of a commercial activity, places Relevant Products on the EU market or exports them.

Produced means grown, harvested, obtained from or raised on relevant plots of land.

Relevant Commodity or Relevant Commodities refers to cattle, cocoa, coffee, oil palm, rubber, soya and wood.

Relevant Product or Relevant Products refers to products listed in Annex I that contain, have been fed with or have been made using Relevant Commodities.

SME(s) refers to micro-, small- and medium-sized undertakings as defined in Article 3 of Directive 2013/34/EU. The Commission’s FAQs on the EUDR clarify that the assessment should be on an entity-by-entity basis; the definitions for small-, medium-sized and large groups are not relevant.

Currently, SMEs are undertakings whose balance sheet dates do not exceed the limits of at least 2 of the 3 following criteria: 

(a) balance sheet total: EUR 25 million

(b) net turnover: EUR 50 million

(c) average number of employees during the financial year: 250 employees. 

Possible regional variations in scoping thresholds should be considered. 

Small undertakings and micro-undertakings. The following definitions only apply for the purposes of determining whether an Entity benefits from the 1 (one) year transition period. The thresholds set out in the Directive 2013/34/EU as 31 December 2020 for small and micro-undertakings were as follows:

(a) Small undertakings are generally undertakings whose balance sheet dates do not exceed the limits of at least 2 of the 3 following criteria: 

(i) balance sheet total: EUR 4 million

(ii) net turnover: EUR 8 million

(iii) average number of employees during the financial year: 50 employees.

(b) Micro-undertakings are undertakings whose balance sheet dates do not exceed the limits of at least 2 of the 3 following criteria: 

(i) balance sheet total: EUR 350,000

(ii) net turnover: EUR 700,000

(iii) average number of employees during the financial year: 10 employees.

Possible regional variations in scoping thresholds as at 31 December 2020 should be considered. Trader refers to any person in the supply chain other than the Operator who, in the course of a commercial activity, makes Relevant Products available on the EU market.

What is a deforestation-free supply chain and why is high ambition important?

A deforestation-free supply chain means eliminating activities contributing to deforestation or the conversion of natural ecosystems. 

There is increasing reputational and legal pressure on organizations to address deforestation and conversion linked to their activities, as well as to reduce the associated greenhouse gas emissions. 

Beyond voluntary efforts, the EUDR is an example of internationally relevant legislation driving action. This guide advocates that organizations must go beyond compliance with EUDR to commit to higher ambition efforts and initiatives that support deforestation- and conversion-free supply chains, operations and commercial practices. Examples of these include: 

1. Aligning with and implementing Accountability Framework Initiative’s (AFi) core principles and operational guidance
2. Preventing and mitigating risks and impacts from financial portfolios, for example see Global Canopy’s Deforestation-free Finance guidance 
3. Ensuring sustainable forest management through certification schemes, for example Forest Stewardship Council 
4. Committing to science-based targets for Forests, Land and Agriculture, for example, targets on deforestation- and conversion-free supply chains, and having these targets approved by the Science Based Targets Initiative (SBTi) 
5. Using templates like the OECD Due Diligence Guidance for Responsible Business Conduct and the OECD-FAO’s more specific Business Handbook on Deforestation and Due Diligence in Agricultural Supply Chains
6. Including fair, reasonable and non-discriminatory requirements in their contracts and procurement policies, such as aligning with the Responsible Contracting Project’s Supplier Model Contractual Clauses or European Model Clauses for Responsible and Sustainable Supply Chains.
7. Providing training, knowledge and resources, for example to smallholders, to help support the move to deforestation-free conduct across the industry and better ensure a just and fair transition to a more sustainable economy. 

Legal obligations in the EUDR

Overview 

The EUDR aims to ensure that certain items placed, made available on the EU market or exported from the EU market from 30 December 2025 do not contribute to deforestation and forest degradation worldwide. The legislation aims to: 

1. Reduce the EU’s contribution to global deforestation and biodiversity loss
2. Reduce the EU’s contribution to greenhouse gas emissions, for example, by reducing those associated with the production and consumption of deforestation-linked goods and services.

Scope 

Entities in scope of the EUDR are required to ensure that specific items in scope of the EUDR which they import, export, place or make available on the EU market comply with Article 3. 

Article 3 prohibits the placing or making available on the EU market or exporting from the EU market ‘in-scope products’ unless they:

1. are deforestation-free
2. have been produced in accordance with the relevant legislation of the Country of Production
3. are covered by a Due Diligence Statement (DDS). 

References throughout this guide to Article 3 are to these three requirements unless otherwise stated. 

In-scope products produced inside the EU are subject to the same requirements as products produced outside the EU and then imported into the EU. There is also no de minimis volume or monetary value above which the EUDR applies.

However, the EUDR only applies to a limited number of ‘Relevant Products’. 

For these purposes, ‘Relevant Products’ are goods which both:

1. fall within the customs codes specifically listed in Annex I to the EUDR (Annex I)
2. contain, were fed with or made using one of the 7 ‘Relevant Commodities’, being: cattle, cocoa, coffee, oil palm, rubber, soya and wood.

The Relevant Commodities in their raw forms are also considered Relevant Products and are listed in Annex I.

It’s important that Entities periodically monitor Annex I in case of updates to the list of Relevant Products. Goods which do not fall under the specific customs codes listed in Annex I are not in scope of the EUDR, even if they contain, were fed with, or made using one of the Relevant Commodities. While the EUDR is limited to Relevant Products, many other products, commodities and business operations also drive deforestation. It’s important for Entities to ensure that their operations and value chains are deforestation-free beyond the products in-scope of the EUDR. 

When does the EUDR start to apply to Entities?

The EUDR obligations start to apply to most Entities for Relevant Products placed, made available or exported from the EU market from 30 December 2025. 

Entities that qualified as micro-undertakings or small undertakings on 31 December 2020 under the accounting thresholds that existed at the time have until 30 June 2026 to comply. Compliance timelines for certain timber and timber-linked items are different.  The EUDR generally does not apply to Relevant Products where the Relevant Commodities they comprise, contain, were fed with or were made from were, produced or harvested or (for cattle) born before 29 June 2023.

Key timings for all Relevant Products (excluding certain timber and timber products):

Date Relevant Commodity produced	Date Relevant Product placed on the EU market	Does EUDR apply?
Before 29 June 2023	Before 30 December 2025	No
	On or after 30 December 2025	No
Between 29 June 2023 and 30 December 2025	Before 30 December 2025	No
	On or after 30 December 2025	Yes (obligations may be limited). For example., If a Relevant Product (such as a raw commodity) – being used in another Relevant Product – was placed on the EU market before 30 December 2025, obligations are limited to gathering verifiable evidence that the commodity used was placed on the market before 30 December 2025
On or after 30 December 2025	On or after 30 December 2025	Yes

Timber products produced before 29 June 2023 and covered by the EU’s Timber Regulation (EU) 995/2010 (EUTR), are only required to comply with the EUDR from 31 December 2028. Key timings for these timber and timber products are:

Date wood commodity produced (harvested)	Date EUTR covered timber product placed on the EU market	Does EUDR apply?
Before 29 June 2023	Before 31 December 2028	No (EUTR rules apply). According to the Commission’s EUDR Guidance, if the derived products are not covered by the Annex of the EUTR, those products are exempted from EUTR and EUDR
	On or after 31 December 2028	Yes
Between 29 June 2023 and 30 December 2025	Before 30 December 2025	No (EUTR rules apply). According to the Commission’s EUDR Guidance, if the derived products are not covered by the Annex of the EUTR, those products are exempted from EUTR and EUDR
	On or after 30 December 2025	Yes
On or after 30 December 2025	On or after 30 December 2025	Yes

Who is in scope?

The obligations under the EUDR apply to Entities which qualify as: 

1. Operators (any Entity which places a Relevant Product on the EU market or exports a Relevant Product) or
2. Traders (any Entity in the supply chain other than the Operator who makes a Relevant Product available on the EU market)

It does not matter if the Relevant Product is supplied to a consumer, another Entity or even used by the Entity itself in the course of a commercial activity. Operators and Traders are subject to the EUDR regardless of whether the Relevant Product is made available on the EU market online or by other means.

What about non-EU Entities?

Non-EU Entities qualify as Operators and must comply with the EUDR if they place a Relevant Product on the EU market. For example, this could arise if the non-EU Entity lodges the customs declaration itself.

In such cases the first EU-based Entity that makes the Relevant Product available on the EU market will also be an Operator for the purposes of the EUDR. This means that there will be 2 Operators (one established outside the EU and one established inside the EU). 

In the case of natural persons, ‘established’ means any person whose place of residence is in the EU. For all other Entities, ‘established’ refers to the place where its registered office, central headquarters or permanent business establishment can be found.

Navigating the EUDR

This flowchart provides an overview of some of the key steps Entities must take when working towards complying with the EUDR. It illustrates how an Entity’s obligations can change depending on whether it qualifies as an Operator or a Trader in relation to a Relevant Product. 

Additional information is set out in 4 key steps below. However, it is recommended that Entities seek specialist legal advice to fully understand their obligations under the EUDR. 

Entities committed to combating deforestation and ensuring deforestation-free supply chains can set best-practice market norms by undertaking more ambitious due diligence – such as applying EUDR principles to all goods they source and supply globally – rather than limiting efforts to in-scope Relevant Products placed on, made available in, or exported from the EU market.

Step 1: Identify whether you are in the scope 

Determine if you are an Entity in scope of the EUDR. 

Then determine which of the goods you place, make available on or export from the EU market fall within scope of the EUDR by checking the customs codes listed in Annex I. 

Step 2: Identify your role in the value chain

The obligations that apply depend on whether an Entity is an Operator or a Trader. 

The size of the Entity also matters. SMEs can benefit from lighter requirements. ‘SMEs’ are micro-, small- and medium-sized undertakings as defined in the EU’s Accounting Directive 2013/34/EU, Article 3 (see Key Definitions). 

Step 3: Conduct due diligence

Under the EUDR, the due diligence that Entities are required to conduct varies depending on the role of each Entity in the supply chain and their size (see Overview of Key Obligations table below), and the risk classification of the source country. Entities must also communicate the relevant information along the supply chain to support other Entities’ due diligence efforts in relation to the same goods.

All Operators and non-SME Traders are required to establish and maintain a due diligence system. A due diligence system is a framework of procedures and measures put in place by an Entity to ensure that the Relevant Products the Entity places, makes available on or exports from the EU market comply with Article 3. 

These procedures and measures should cover 3 key areas:

1. supply chain traceability
2. risk assessments 
3. risk mitigation. 

Their design should provide access to information about the sources and suppliers of the Relevant Products being placed on the EU market. This includes information demonstrating that the absence of deforestation and forest degradation and legality requirements are fulfilled, among other things, by both: 

1. identifying the country of production or parts thereof
2. including the geolocation coordinates of relevant plots of land. 

Exercising full due diligence and maintaining a due diligence system for Relevant Products includes measures such as:

1. Collecting specified information, data and documentation required to demonstrate that the Relevant Products (including the associated Relevant Commodities) are compliant. Where a Relevant Product is already covered by a supplier’s DDS which has been submitted, Entities can refer to this DDS as part of their due diligence by collecting the reference numbers and verification numbers of the submitted DDS and verifying via the Information System these numbers. Conducting a risk assessment to establish the risk of the Relevant Products intended for the EU market being non-compliant. 

2. Where this risk assessment reveals that there is a more than negligible risk that a Relevant Product or associated Relevant Commodity is non-compliant with Article 3, an Entity must adopt risk management procedures and measures that are adequate to achieve no or only a negligible risk of non-compliance, for example by requiring additional information or carrying out independent audits.

Entities must refresh their due diligence system at least once a year and whenever the Entity becomes aware of new information which could influence the risk assessment it has conducted and/or its risk mitigation measures planned or in place. Entities must keep a record of their due diligence systems and any updates for at least 5 years. 

Irrespective of their due diligence obligations, all Entities in scope of the EUDR that obtain or are made aware of relevant new information, including substantiated concerns, indicating that a Relevant Product that they have placed, made available on or exported from the EU market is at risk of non-compliance must immediately inform both: 

1.  the relevant regulator
2.  the Traders they supplied downstream.

Step 4: If applicable, submit a Due Diligence Statement  

Entities (except for SME Traders) must not place, make available on or export from the EU market Relevant Products without first submitting a DDS or collecting and in some cases verifying the details of one already submitted. 

Entities are responsible for the DDS that they submit including the statement that the Entity “confirms that due diligence in accordance with Regulation (EU) 2023/1115 was carried out and that no or only a negligible risk was found that the relevant products do not comply with Article 3, point (a) or (b), of that Regulation”.

Where an Entity is required to submit a DDS, it must be in the format specified in Annex II to the EUDR. The Entity must keep a copy of the DDS for 5 years from the date the DDS is submitted. 

To submit a DDS, Entities need to have registered in the Information System before attempting to submit the DDS electronically. The Information System can be accessed via this EU Login. (See Submitting the DDS below for more information). 

It is important that Entities upload the necessary DDS to the Information System on time. Entities must submit the required DDS before lodging the customs declaration or making the Relevant Product available on the EU market. Entities must also make the DDS reference number available to customs authorities before the goods can be released for free circulation or export. Customs authorities are expected to scan products on entry and reject those without the necessary DDS.

Overview of key obligations

Entity	Product scenario	Due diligence required	Responsible for breach if there is more than a negligible risk of non-compliance with Article 3 (anti-deforestation requirements)	DDS submission required before placing, making available on or exporting from the EU market	Must communicate due diligence information downstream	Ongoing monitoring and notification obligation	Annual due diligence reporting obligation
Non-SME Operators and Traders	No prior placement of the Relevant Product on the EU market	✔ ‘Exercise’ (Arts. 12(1) and 4(1)) Must establish and maintain due diligence systems Full due diligence is required for the Relevant Product	✔ ‘Assume’ (Art. 4(3)) Responsible because conducted the due diligence	✔ ‘Complete and submit’ (Art. 4(2)) Must submit DDS having collected all information necessary to complete DDS	✔ (Art. 4(7)) Must provide all information necessary to demonstrate due diligence to downstream Operators and Traders that Entity has available	✔ (Art. 4(5)) Must report relevant new information they obtain or are made aware of which indicates risk of non-compliance to regulator and downstream suppliers	✔ (Art. 12(3))
	Contained in or made from Relevant Product(s) previously placed on the EU market*	✔ ‘Ascertain’ (Arts. 12(1) and 4(9)) Must establish and maintain due diligence systems Entities may benefit from lighter due diligence obligations but are not prevented from being more ambitious. As a minimum, collect the reference and verification numbers of the DDS submitted upstream and verify the validity of this information	✔ ‘Retain’ (Art. 4(10)) Responsible even though relying on due diligence conducted upstream for purpose of DDS	✔ ‘Include references and submit’ (Art. 4(9)) Must submit DDS having collected all necessary reference numbers and verification numbers for the Relevant Product concerned	✔ (Art. 4(7)) Must provide all information necessary to demonstrate due diligence to downstream Operators and Traders that Entity has available	✔ (Art. 4(5)) Must report relevant new information they obtain or are made aware of which indicates risk of non-compliance to regulator and downstream Traders or Operators	✔ (Art. 12(3))
SME Operator	No prior placement of the Relevant Product on the EU market	✔ ‘Exercise’ (Arts. 12(1) and Art. 4(1)) Must establish and maintain due diligence systems Full due diligence is required for the Relevant Product	✔ ‘Assume’ (Art. 4(3)) Responsible because conducted the due diligence	✔ ‘Complete and submit’ (Art. 4(2)) Must submit DDS having collected all information necessary to complete DDS	✔ (Art. 4(7)) Must provide all information necessary to demonstrate due diligence to downstream Operators and Traders that Entity has available	✔ (Art. 4(5)) Must report relevant new information they obtain or are made aware of which indicates risk of non-compliance to regulator and downstream Traders or Operators	X (Art. 12(3))
	Contained in or made from Relevant Product(s) previously placed on the EU market*	Limited (Arts. 12(1) and 4(8)) Must establish and maintain due diligence systems Collect the reference numbers and verification numbers of DDS submitted upstream	✔ ‘Retain’ (Art. 4(10))** Still retains responsibility for compliance. As a minimum, must be able to provide upstream DDS reference numbers to regulators if requested	X (Art. 4(8))	✔ (Art. 4(7)) Must provide all information necessary to demonstrate due diligence to downstream Operators and Traders that Entity has available	✔ (Art. 4(5)) Must report relevant new information they obtain or are made aware of which indicates risk of non-compliance to regulator and downstream Traders or Operators	X (Art. 12(3))
SME Trader	All	Very Limited (Art. 5(3)) Must collect names, addresses (postal, email and web) of Entities that supplied the Relevant Product to them and those they themselves supplied	X (Art. 5(2)) But must offer all necessary assistance to regulators to facilitate investigations, including premises access and disclosure of relevant documentation and records	X (Art. 5(2))	X (Art. 5(2))	✔ (Art. 5(5)) Must report relevant new information they obtain or are made aware of which indicates risk of non-compliance to regulator and downstream Traders or Operators	X (Art. 12(3))

* This also applies to Entities that re-import into the EU market a Relevant Product previously exported from the EU market.

** Note: It is unclear whether EUDR, Art. 4(10) means that the legal obligation also remains with the downstream SME Operator. The Commission’s EUDR Guidance and other Commission publications are unclear. While the EUDR Compliance publication (January 2025) indicates downstream SME Operators will not be liable, the Commission’s FAQs on the EUDR (updated in April 2025) state that “SME operators further down the supply chain retain legal responsibility in the event of a breach of the [EUDR]”. As the Commission’s publications are non-binding, it remains possible that this retention of liability is interpreted broadly. 

Exercising due diligence in practice

All Operators and non-SME Traders are required to establish and keep up to date a due diligence system to ensure continued compliance with the EUDR. Real progress against deforestation requires every Entity to move beyond compliance and to identify and, where necessary, address deforestation risks throughout their supply chains

The due diligence requirements set out in the EUDR require Operators and non-SME Traders to collect information, verify and analyse that information, and then carry out a risk assessment. If the risk that a Relevant Product may not be compliant with Article 3 is more than negligible (for example, there is a more than negligible risk that the good is not deforestation-free and produced according to the laws of the country), then the Entity must adopt mitigation measures to eliminate such risk.

Check the risk classification of the country of sourcing

The EU has developed a benchmarking system which classifies countries or regions as high, standard or low risk according to the level of risk of producing commodities in those countries that are not deforestation-free. The first risk-classification regulation was adopted in May 2025. The country classification process is intended to be dynamic, so Entities are encouraged to regularly check the classifications website. 

Note: there have been objections raised to the benchmarking system so we recommend carefully checking the latest version.

Entities must identify whether their sourcing country is classified as high, standard, or low risk. If sourcing only from low-risk areas, Entities qualify for simplified due diligence obligations. 

Simplified due diligence means that Entities still need to collect information for due diligence purposes, but are not required to take steps to conduct risk assessments or mitigate risks unless they are made aware of any relevant information that suggests that the Relevant Product they are handling is not deforestation-free and EUDR compliant. Even when a source country is classified as low risk, it’s important that Entities strive to conduct more comprehensive due diligence to better ensure their supply chains are deforestation-free.  

The risk classification is also relevant to the extent of compliance checks that Member States’ competent authorities foresee: 1 percent for those sourcing from ‘low risk’ countries, 3 percent for ‘standard risk’ and 9 percent for ‘high risk’.

Operators and non-SME Traders are required to have in place adequate and proportionate policies, controls and procedures to mitigate and effectively manage the risks of non-compliance where non-compliance is identified.

For non-SME Operators and non-SME Traders, this includes requirements to:

1. Appoint a compliance officer at the Entity’s management level to be responsible for EUDR compliance
2. Include in the Entity’s policies, controls and procedures ‘model risk management practices’ to mitigate and manage effectively the risks of non-compliance
3. Have in place internal control and record keeping procedures
4. Have in place an independent audit function to check internal policies, controls and procedures. 

For Entities benefiting from the simplified due diligence process (for example, those that source from low-risk jurisdictions) these requirements (for example to appoint a compliance officer) will not apply unless the Entity becomes aware of information that indicates that the Relevant Products they are handling: 

1. may not be deforestation-free 
2. may not have been produced in accordance with relevant legislation of the Country of Production. 

Operators sourcing from low-risk countries may still wish to update their policies to include appropriate and proportionate risk management even if they benefit from simplified due diligence obligations. 

Although the EUDR does not define the meaning of model risk management practices, consider using templates like OECD Due Diligence Guidance for Responsible Business Conduct and the OECD-FAO’s more specific Business Handbook on Deforestation and Due Diligence in Agricultural Supply Chains.

Collect information to determine compliance

Due diligence requires Operators and non-SME Traders to collect information, documents and data to assess if the product(s) is or are deforestation-free and produced according to the laws of the country. This requirement also applies to those Entities benefiting from the simplified due diligence process. 

If they cannot collect the required information, they must not place (or make available) the Relevant Product on the EU market.

For each Relevant Product, Operators and non-SME Traders must gather the following information:

1. A description of the Relevant Product, including the trade name and type of Relevant Product. For Relevant Products that are made of wood and wood derivatives, the Relevant Product description must include the common name of the species and its full scientific name.
2. A list of all the Relevant Products as well as the Relevant Commodities themselves contained in or used to make or feed the Relevant Product if applicable.
3. The quantity of Relevant Product(s) (kilogramme of net mass and other units as required by EU customs law).
4. The Country of Production. 
5. The geolocation of all plots of land on which the Relevant Commodities contained in, or used to make the Relevant Product were produced, as well as the date or time range of production. Where a Relevant Product contains or has been made with Relevant Commodities produced on different plots of land, the geolocation of all different plots of land must be included.
6. The name, address and email of those that supplied the Relevant Product to the Entity.
7. The name, address and email of any business or person supplied with the Relevant Product.
8. Adequately conclusive and verifiable information:
   • that the Relevant Products are deforestation-free
   • that the Relevant Commodities have been produced in accordance with the relevant legislation of the Country of Production, including any arrangement conferring the right to use the respective area for the purposes of the production of the Relevant Commodity. 

Consider and comply with legislation in Country of Production 

Relevant Products can only be placed on the EU market if they comply with all 3 requirements of Article 3. Entities will need to consider several areas of law applicable in the Country of Production when assessing whether a Relevant Commodity has been produced in compliance with the EUDR. Entities must consider:

1. Land use rights
2. Environmental protection
3. Forest-related rules including forest management and biodiversity conservation
4. Third parties’ rights 
5. Labor rights and human rights
6. The principle of free, prior and informed consent including set out in the UN Declaration on the Rights of Indigenous Peoples 
7. Tax, anti-corruption, trade and customs regulations.

Particular focus should be given to the local requirements linked to the protection of forests, the reduction of greenhouse gas emissions and the protection of biodiversity. Note that the legislation of countries where further steps of the manufacturing process have taken place are not relevant.

Documentation that may help provide verifiable information on compliance for the purposes of the due diligence exercise and the DDS includes: 

1. Official documents issued by countries’ authorities, such as administrative permits
2. Documents showing contractual obligations, including contracts and agreements with indigenous peoples or local communities
3. Complementary information issued by public and private certification or other third-party verified schemes
4. Judicial decisions
5. Impact assessments, management plans, environmental audit reports

The following additional documents can be useful too:

1. Documents showing Entity policies and codes of conduct
2. Voluntary self-declaration of producers of Relevant Commodities in which a producer declares that the product was produced in compliance with the legislation of the Country of Production
3. Social responsibility agreements between private actors and third-party rights holders
4. Specific reports on tenure and rights claims and conflicts

Conduct a risk assessment

All information collected must be analysed and verified by Operators and non-SME Traders. They must evaluate their content and reliability to establish whether there is a risk that the Relevant Products the Entity intends to place or make available on the EU market or export from the EU are non-compliant with EUDR.

When conducting their risk assessment, it’s important for Operators and non-SME Traders to take reasonable measures to ensure such documents are genuine, depending on their assessment of the general situation in the Country of Production. This includes, for example, checking for risks of corruption and illegalities. 

While certification and third-party verification schemes can be used voluntarily by Operators and non-SME Traders, they are not a substitute for the Entity’s own responsibility to conduct due diligence. For Entities benefiting from the simplified due diligence process (for example, those that source from low-risk jurisdictions), this obligation will not apply unless the Entity becomes aware of information that indicates the Relevant Products they are handling: 

1. may not be deforestation-free 
2. may not have been produced in accordance with the laws of the Country of Production.

Entities are encouraged to conduct robust and proportionate due diligence irrespective of the classification of their source countries. This is because the classifications fail to cover areas that are publicly known to be areas of high deforestation activity. 

For Entities required to conduct a risk assessment, these should be conducted for each Relevant Product in the Entity’s supply chain at least annually. This assessment process should be documented. Entities will need to be able to show how the information gathered was checked against the risk assessment criteria set out below and how they determined the degree of risk.

When conducting a risk assessment Entities must take into account, in particular the following criteria: 

1. The presence of forest in the Country of Production or specific region and the prevalence of deforestation or forest degradation in that same area.
2. The presence of indigenous peoples in the Country of Production or specific region and the level of consultation and good faith cooperation with such peoples (including the existence of substantiated claims by indigenous peoples regarding the use or ownership of the area of production being considered).
3. The source, reliability, validity and links to other available documentation of the information collected during the information collection stage.
4. Whether there are any concerns about the Country of Production or specific region (for example, corruption, data falsification, lack of law enforcement, human rights violations reported, armed conflict or the presence of sanctions imposed by the EU or the UN Security Council, or conclusions of Commission’s expert group meetings).
5. How complex the supply chain is and whether there is a risk of supply chain actors circumventing the requirements (for example, by mixing known Relevant Products with Relevant Products of an unknown origin).
6. Any information that would point to a risk that the Relevant Products are non-compliant (including any history of non-compliance from supply chain actors in the value chain and any substantiated concerns that the Entity might become aware of).
7. Whether all documents showing compliance with applicable local laws were made available by the supplier and whether they are verifiable. This may include working with certification or other third-party verified schemes (for example, for wood products Forest Law Enforcement, Governance and Trade licences (FLEGT licenses) from an operational licensing scheme would be sufficient to evidence compliance with local laws).
8. What level of risk has been assigned to the relevant Country of Production or specific region (once they are classified). 

This list is not exhaustive. Entities are encouraged to implement more ambitious due diligence systems to ensure that all Relevant Products they supply or export are EUDR compliant. Ambitious companies should consider implementing these processes to cover other goods that do not currently qualify as Relevant Products.

Take steps to mitigate any risks of non-compliance 

Where the risk assessment identifies more than a negligible risk, Operators and non-SME Traders must adopt procedures and measures to mitigate the risk before placing the products on the EU market or exporting them from the EU market. These procedures and measures must be ‘adequate to achieve no or only a negligible risk’ (Article 11 EUDR).

This requirement to take risk mitigation steps also applies to Entities benefiting from the simplified due diligence process (for example, those that source from low-risk jurisdictions). This applies if the Entity has become aware of information that indicates the Relevant Products they are handling may not be deforestation-free and may not have been produced in accordance with relevant local laws.

What measures are appropriate and adequate will depend on the nature of the risk identified. The EUDR does not require specific steps to be taken. Instead, it gives the following examples of measures an Entity could take to address the risk of non-compliance:

1. Require additional information, data or documents
2. Carry out independent surveys or audits
3. Take other measures (such as increasing deforestation monitoring efforts, or engaging in good faith consultations with indigenous communities or those that have raised substantiated concerns)
4. Take steps to support compliance of those in your supply chain, in particular smallholders, through capacity building and investment.

It’s important for Entities to document any steps they take, the reasons they took such steps and why they considered them to be ‘adequate’. Entities may need to be able to demonstrate to enforcement authorities how decisions on risk mitigation procedures and measures were taken.

Submitting the Due Diligence Statement 

An Entity must submit a DDS (a mandatory document) via the Information System before placing or making available Relevant Products on the EU market, or exporting them from the EU. 

The DDS is a statement which confirms that the goods comply with the EUDR and provides certain information to allow traceability. 

Operators or Traders can mandate an authorised representative to submit a DDS on their behalf but responsibility for product compliance remains with them. 

Groups of Entities (for example, corporate groups) may mandate one of their members to submit the DDS on behalf of all members of the group as an authorized representative. They must be established in the EU.  An authorized representative can use a single account to submit and manage the DDS on behalf of all entities it represents. Alternatively, each Entity in the group must create a separate and individual account in the Information System.

The DDS must include:

1. the Entity’s name and address
2.  if importing or exporting Relevant Products, the Entity’s Economic Operators Registration and Identification (EORI) number
3. the Harmonised System code (the customs code), a free-text description, including the trade name and quantity of the Relevant Product the Entity intends to place on the market or export in kilograms of net mass
4. if the DDS concerns Relevant Products that contain or have been made using wood, the full scientific name must also be given
5. if importing or exporting Relevant Products, the quantity must also be expressed in the supplementary unit set out in Annex I to the Council’s Common Customs Tariff Regulation 2658/87 against the relevant Harmonised System code. If the Relevant Product does not have a supplementary unit requirement, express the quantity in net mass specifying a percentage estimate or deviation or, where applicable, volume or number of items
6. the Country of Production and the geolocation of all plots of land where the Relevant Commodities were produced. For plots of land of a size below 4 hectares, geolocation can be described with one latitude and longitude point only and not provided by means of polygons
7. for Relevant Products that contain or have been made using cattle, the geolocation must refer to all establishments where the cattle were kept
8. Where the Relevant Product contains or has been made using Relevant Commodities produced in different plots of land, the geolocation of all plots of land where the Relevant Commodities that the Relevant Product contains, or has been made using, were produced
9. For Entities referring to an existing DDS relating to the Relevant Product, the reference number of such DDS.

Report on due diligence

Non-SME Operators and non-SME Traders (including those benefiting from the simplified due diligence process) must publicly report annually (including online) on their due diligence processes. 

Operators further down the supply chain are those who either transform a product listed in Annex I (which has already been subjected to due diligence) into another product listed in Annex I or export a product listed in Annex I (which has already been subjected to due diligence).

Integrate deforestation-free supply chain due diligence practices into commercial contracts and contract management

Review and update existing contracts with suppliers

It’s important for organizations, and Entities to which the EUDR applies, to review their commercial contracts with supply chain partners to ensure that they adequately address deforestation due diligence. This includes contract clauses that: 

1. reflect an Entity’s deforestation due diligence obligations under the EUDR 
2. go beyond compliance with EUDR to commit to more ambitious implementation of deforestation due diligence in supply chains.

Contract clauses can be used to place obligations on suppliers to: 

1. ensure their products are deforestation-free
2. apportion liability between the parties
3. give customers a range of contractual remedies if products are not aligned  with EUDR. These include information and audit rights, suspension and termination rights and, where appropriate, an indemnity to cover losses suffered by the customer.  

Many supply contracts will already include many of these as general provisions. However, Entities will need to review these carefully and supplement them to ensure they align with – and go beyond compliance with – their regulatory obligations.

Building these contractual provisions into commercial contracts up-front sets clear expectations, ensures parties are aligned, and helps in-scope Entities meet  and go beyond performing their regulatory obligations to deliver best practice implementation. 

Fair and responsible contracting and exit 

Entities need to adopt fair, reasonable and non-discriminatory contractual clauses, particularly when contracting with SMEs and smallholders. These clauses must align with national ‘unfair contract terms’ legislation and international standards like the OECD Due Diligence Guidance for Responsible Business Conduct. This could include adopting principles of collaboration and shared responsibility, ensuring fair apportionment of liability between the parties, and building in contractual provisions on responsible disengagement.  

Working together – contracts as a framework for agreeing a common approach and shared responsibility

It’s important for the parties to ensure that their contracts include obligations on the parties to work together as far as possible to address any breaches and instances of non-compliant products. Also, that they have adequate remediation periods with termination being a last resort. 

Entities should avoid trying to shift the compliance burden onto their suppliers, particularly if they are SMEs or smallholders.

Supplier engagement, training and support 

It’s important for Entities to provide targeted and proportionate support by providing or enabling access to capacity-building, training or upgrading management systems. 

Additionally, where compliance with the code of conduct or proposed risk mitigation measures may jeopardise the viability of the SME or smallholder, Entities could provide targeted and proportionate financial support, such as direct financing, low-interest loans, guarantees of continued sourcing, or assistance in securing financing. 

Collaboration 

Subject to competition law, Entities could consider collaborating with others, such as same sector actors who share similar supply chains, to help increase the Entity’s ability to prevent or mitigate the risk of deforestation. Such lawful collaboration may be particularly appropriate where no other measure is suitable or effective.

Contract clauses 

This section addresses the different types of contractual provisions that could be used to support an Entity and supplier counterparties to establish best practice implementation of their deforestation due diligence obligations. 

Warranties 

A contract could include a clear obligation on the supplier to warrant that Relevant Products they supply are EUDR compliant. This is in the interests of both parties as it sets clear expectations and legal obligations at the outset. 

Raising the need for such warranties in: 

1. supplier engagement initiatives
2. supplier procurement processes
3. contract negotiation stages 

help minimise future friction and the risk of non-compliance when the supplier performs the contract. It is also an opportunity to identify where suppliers may need additional support with meeting these obligations.

Provision of information and data quality

The contract should include obligations on suppliers to provide the necessary information and data to their customers to enable them to assess the risk of deforestation. 

These contractual provisions should be closely aligned with the information requirements under Article 9 EUDR (see above), either by referring to them or lifting the requirements directly into the contract itself. 

These information requirements should include obligations on suppliers to provide the geolocation data for all Relevant Products supplied, and documents demonstrating that those products have been produced in compliance with relevant legislation in the country of production.

The contract should also include warranties and undertakings from the supplier regarding the completeness and accuracy of the information and data provided. It’s important that these are backed  up by contractual remedies (for example, termination rights and possibly an indemnity) to give the customer redress if the information turns out to be incorrect.

Entities should also consider building these information requirements into supplier due diligence questionnaires and RFPs (requests for proposals) as part of the initial tendering and screening process. This helps to ensure that any new suppliers will be able to provide the information and data necessary to satisfy the due diligence obligations under the EUDR, and to help identify any potentially high-risk suppliers at the outset. 

Finally, the contract could also include an explicit obligation on suppliers to provide the DDS reference numbers for any Relevant Products that have already been subject to due diligence. This is particularly important for Entities further down the supply chain that will be relying on these statements for their own compliance.

Notification of non-compliance with the EUDR

The contract could include provisions requiring the parties to notify one another  of non-compliance, for example, if it transpires that a supplier’s products are linked to deforestation. 

The contract could include requirements on the supplier to investigate and provide information to the customer to help it properly assess the extent of any breach and determine appropriate next steps. When contracting with SMEs or smallholders, any timescales for the notification of breaches and information-sharing need to be reasonable and align with best practice on responsible business conduct. 

Audit rights

The contract could include audit rights enabling the customer (or its appointed third-party representative) to verify that products comply with the contract, including with the EUDR warranty given above. 

Any such audit should be conducted during business hours and on reasonable notice. Parties should also specify which of them is responsible for the costs of the audit which may be apportioned based on the audit outcome. For example, it might be reasonable to require the supplier to reimburse the customer’s audit costs if the audit reveals that the supplier’s products are not compliant with the EUDR. However, it’s critical that responsible business and contracting practices are followed so that suppliers are not required to pay additional costs on unfair terms. 

Remediation and responsible disengagement

In accordance with the general principles of responsible disengagement under the OECD Due Diligence Guidance for Responsible Business Conduct (see Q39), it’s important that the parties consider including a remediation period during which they will work to rectify any non-compliance – rather than triggering an immediate termination right. This is particularly important where the supplier is an SME or smallholder. 

The contract could require the parties to agree a remediation plan to, for example: 

1. source alternative products
2. separate a supplier’s non-compliant products from compliant ones
3. improve traceability systems or 
4. engage with stakeholders further up the supply chain to address the underlying issue.  

The parties will need to build in reasonable timelines for this remediation process and set out clear quantitative and qualitative indicators to determine when remediation steps have been completed so there is certainty over this.

When contracting with SMEs or smallholders, it’s important that termination of the contract is considered a last resort only when remediation attempts have failed, and always with consideration to the potential adverse impacts on the supplier, local communities and livelihoods. 

See clause 5 of the Responsible Contracting Project’s Supplier Model Contract Clauses for an example of a high-ambition remediation clause.

Termination and consequences 

The contract could include a right to terminate for ‘material breach’ and this should be defined broadly to cover breaches of the EUDR warranty above, as well as any breaches of the information, data quality, notification and remediation obligations. The contract could also clearly set out the consequences of termination, such as the collection/return of non-compliant products and reimbursement to the customer of payments already made. 

Indemnity

The parties could consider including an indemnity to cover losses suffered by the customer in relation to non-compliant products, or breaches of the EUDR where these are caused by the supplier.  

Including an indemnity needs to be considered on a case-by-case basis, taking into account the nature or size of the supplier and the relative bargaining power between the parties to ensure the customer’s remedies are proportionate and reasonable on the facts of the deal. 

Where the supplier is an SME or smallholder, and including an indemnity of this nature may be deemed ‘unfair’ (in light of the respective bargaining positions of the parties), the parties may consider including clauses that outline a collaborative or negotiated resolution of any losses arising from a breach (such as under the remediation provisions above), as opposed to onerous indemnity provisions.

Useful resources

1. European Commission’s Regulation on Deforestation-free Products
2. European Commission’s EUDR Guidance Document (August 2025), Guidance (April 2015) and FAQs
3. European Commission’s Expert Group/Multi-Stakeholder Platform on Protecting and Restoring the World’s Forests
4. The Responsible Contracting Project’s Supplier Model Contract Clauses
5. OECD Due Diligence Guidance for Responsible Business Conduct
6. Business Handbook on Deforestation and Due Diligence in Agricultural Supply Chains
7. Accountability Framework Initiative (AFi) Core Principles and Operational Guidance
8. EU’s Observatory on deforestation and forest degradation
9. Global Canopy’s Deforestation-free Finance
10. Global Forest Watch
11. Copernicus 
12. trase.earth