The EU Deforestation Regulation has turned supply chain transparency into a legal prerequisite for placing commodities on the European market. For companies dealing in cattle, cocoa, coffee, palm oil, rubber, soya, or wood, compliance is no longer a policy commitment. It is a documented, geolocated, legally binding obligation enforced through the TRACES NT portal. Choosing the right compliance approach, and the right software to support it, now shapes whether products can be sold in the EU at all. This guide breaks down what EUDR compliance requires, the deadlines that apply, and the criteria to weigh when selecting a solution for your supply chain.

What is EUDR?

The EU Deforestation Regulation (Regulation (EU) 2023/1115), commonly referred to as EUDR, is a European Union law that prohibits the placing or exporting of specified commodities and derived products on the EU market if they are linked to deforestation or forest degradation after 31 December 2020. It replaces the earlier EU Timber Regulation (EUTR) and extends its logic to a broader range of forest-risk commodities.

EUDR covers seven commodity groups: cattle, cocoa, coffee, oil palm, rubber, soya, and wood. Derived products such as chocolate, furniture, paper, tires, and biofuels fall within scope when they contain or have been produced using these commodities. Annex I of the regulation lists the exact tariff codes in scope, which is the definitive reference when scoping internal product portfolios.

The regulation applies to operators and traders that place relevant products on the EU market or export them from it. An operator is the natural or legal person that first places a product on the EU market or exports it, excluding downstream operators. Under the December 2025 amendment (Regulation (EU) 2025/2650), only this first operator is responsible for submitting a full due diligence statement. Downstream operators and traders are no longer required to submit their own DDS, though the first downstream operator must retain and pass on the DDS reference number for traceability. Small and micro operators who qualify as primary operators (i.e. they produce the goods themselves and are established in a low-risk country) benefit from a one-time simplified declaration instead of a full DDS.

Three core obligations define EUDR compliance. First, products must be deforestation-free, meaning the land used for production has not been subject to deforestation or forest degradation after 31 December 2020. Second, production must comply with the relevant legislation of the country of origin, covering land use rights, environmental protection, labor rights, human rights, and tax. Third, each consignment must be covered by a due diligence statement (DDS) submitted through the TRACES NT information system, referencing the geolocation coordinates of every plot of land where the commodity was produced.

Why EUDR compliance matters for your business

EUDR compliance is a market access condition. Without a valid due diligence statement and a reference number from TRACES NT, a consignment cannot legally be placed on the EU market. Customs authorities can block shipments, and competent authorities in member states can order products to be withdrawn, donated, or destroyed.

The penalty regime is deliberately severe. Fines can reach at least 4% of a company's total annual EU-wide turnover, with the cap rising if needed to exceed any economic benefit gained from the infringement. National authorities can also confiscate revenues from the transaction, seize the products themselves, temporarily exclude the company from public procurement and public funding, and impose a temporary ban on placing relevant commodities on the market. Repeat offenders face cumulative sanctions.

Beyond fines, reputational consequences are structural. Competent authorities are required to publish final decisions on non-compliance, which means enforcement actions become part of the public record. Buyers, investors, and lenders increasingly screen for this exposure as part of standard ESG due diligence. A single blocked shipment can cascade into renegotiated contracts and delisted SKUs.

The upside of getting this right extends beyond avoiding penalties. A working EUDR process gives a company geolocated, verifiable visibility into the origins of its most sensitive raw materials. That visibility feeds directly into Corporate Sustainability Reporting Directive (CSRD) disclosures on biodiversity and Scope 3 emissions, into climate transition plans, and into customer and retailer scorecards. Companies that treat EUDR as a data infrastructure project, not just a paperwork exercise, can reuse the same supplier data across multiple frameworks.

{{product-tour-injectable}}

Key requirements of EUDR

EUDR compliance is built around a three-step due diligence process defined in Articles 8 to 11: information gathering, risk assessment, and risk mitigation. Each step must be documented and retained for at least five years, and the output feeds directly into the due diligence statement submitted to TRACES NT.

Reporting scope and organizational boundaries

The scope of the EUDR covers every consignment of a relevant product placed on the EU market or exported from it. There is no minimum threshold by volume. A single pallet of coffee, a container of soy meal, and a shipment of hardwood flooring all trigger the same core obligations, although the administrative intensity scales with company size and role in the supply chain.

Organizational boundaries follow the legal entity that first places the product on the EU market. Group-level coordination is permitted, but the due diligence statement is filed by the operator responsible for that first placement. Non-EU entities may designate an authorised representative established in the EU to file on their behalf. For multinational groups, this often means multiple entities file separate statements, even when sourcing from the same supplier. Mapping which legal entity is the EUDR operator for each product flow is usually the first scoping exercise.

Under the December 2025 amendment (Regulation (EU) 2025/2650), the obligation to submit a due diligence statement rests exclusively with the first operator in the supply chain. Downstream operators and traders — regardless of size — are no longer required to submit their own statement. Only the first downstream operator must retain and pass on the DDS reference number for traceability purposes. Micro and small primary operators established in low-risk countries submit a one-time simplified declaration instead of a full DDS. Understanding where your company sits in this taxonomy is essential before selecting tools or designing workflows. The sector and role breakdown provides a detailed mapping.

Data requirements

Article 9 specifies the information every operator must collect before placing a product on the market. The list is prescriptive. Missing one element invalidates the due diligence statement.

• Product description, quantity, HS code, and supplier and customer details.
• Country of production, and where relevant, parts of the country.
• Geolocation coordinates of all plots of land where the relevant commodities were produced, expressed as latitude and longitude with at least six decimal places. For plots larger than four hectares, polygon data is required.
• Date or time range of production.
• Adequate and verifiable information that the commodities are deforestation-free, typically satellite imagery, land-use maps, or field verification.
• Adequate and verifiable information that production complied with the relevant legislation of the country of origin.

The geolocation requirement is the most operationally demanding element. For commodities with long, fragmented upstream chains, such as cocoa sourced from smallholders in West Africa or palm oil from independent mills in Southeast Asia, collecting plot-level coordinates for every batch requires supplier onboarding at a scale most procurement teams have never attempted. Certification schemes such as FSC, RSPO, and Rainforest Alliance do not automatically satisfy EUDR, although they can support the underlying data collection. The guide to EUDR certification schemes explains what each one covers and where the gaps are.

Risk assessment and mitigation

Once the data is collected, operators must assess the risk of non-compliance on a plot-by-plot basis. The regulation sets out specific criteria in Article 10, including the country benchmarking system (which classifies countries or parts of countries as low, standard, or high risk), the prevalence of deforestation, the presence of indigenous peoples, concerns over corruption, and the complexity of the supply chain.

Where risk is more than negligible, operators must take mitigation measures before placing the product on the market. These can include additional data collection, independent audits, supplier capacity-building, or, in the final instance, disengagement. The risk assessment and any mitigation steps must be documented and reviewed at least annually, and more frequently if the risk landscape changes.

How to prepare for EUDR compliance

EUDR compliance is best approached as a structured program with clear milestones rather than a last-minute documentation sprint. The following five-step sequence works for most mid-market operators.

1. Scope the product portfolio. Map every SKU against Annex I HS codes. Identify which legal entity places each product on the EU market. Flag composite products that contain in-scope commodities as ingredients, since these are often missed in initial scoping.
2. Map the supply chain to plot level. Work upstream from direct suppliers to the producers and plots of origin. Document the chain of custody, including any mixing points such as mills, refineries, or consolidation warehouses. For fragmented supply chains, prioritize the highest-volume commodities first.
3. Collect geolocation and legality evidence. Issue data requests to suppliers, specifying the required coordinates, date ranges, and supporting legal documents. Expect multiple rounds of clarification, especially in the first cycle. Use supplier portals or structured templates to avoid reconciling spreadsheets by hand.
4. Run risk assessment and mitigation. Overlay geolocation data against deforestation alerts and land-use baselines from sources such as Global Forest Watch or the EU Observatory on Deforestation. Document mitigation actions for every non-negligible risk.
5. Submit due diligence statements through TRACES NT. For every consignment, generate the DDS, obtain the reference number, and pass it downstream. Retain all supporting evidence for at least five years.

Common challenges cluster around three areas. Supplier responsiveness is often the bottleneck, especially when working through distributors that do not have direct relationships with producers. Data quality varies wildly, with geolocation formats, reference systems, and plot definitions inconsistent across regions. And TRACES NT integration is technically straightforward but operationally demanding at volume, since each consignment requires a separate statement. Supply chain due diligence as a broader discipline, covered in the complete guide to supply chain due diligence, provides the wider context for building these processes once and reusing them across CSRD and the Corporate Sustainability Due Diligence Directive (CSDDD).

{{custom-cta}}

EUDR timeline and deadlines

The EUDR application dates have been revised twice since the regulation entered into force in June 2023. The original deadline of 30 December 2024 was first extended by 12 months under Regulation (EU) 2024/3234, and then extended again under Regulation (EU) 2025/2650 following ongoing concerns about the readiness of the EU information system and administrative burdens on smaller operators. The current schedule is as follows.

• 30 December 2024: Original application date for large and medium operators, postponed by 12 months under Regulation (EU) 2024/3234.
• 30 December 2026: Full application for large and medium-sized operators and traders under the December 2025 amendment. From this date, no relevant product can be placed on the EU market without a valid due diligence statement.
• 30 June 2027: Full application for micro and small operators and traders.

The country benchmarking system, which classifies producer countries as low, standard, or high risk, was published by the European Commission in May 2025. Low-risk countries benefit from a simplified due diligence regime, under which operators are not required to conduct a full risk assessment and mitigation process, although they must still collect and submit the underlying data.

Between now and the application date, companies should assume that guidance will continue to evolve. The Commission has issued several rounds of FAQs clarifying scope, the treatment of composite products, and the mechanics of information system submissions. Building a solution flexible enough to absorb clarifications without rebuilding workflows is a practical design principle.

How to choose the right EUDR solution

A credible EUDR solution has to do three things at once: collect plot-level data from a fragmented supplier base, assess that data against deforestation and legality risk, and generate compliant due diligence statements in a format accepted by TRACES NT. Most point tools cover one of these well and the other two poorly. The evaluation criteria below help separate complete solutions from partial ones.

• Geolocation handling. Can the tool ingest coordinates, polygons, and shapefiles in multiple formats and reconcile them against deforestation baselines? Does it validate geometry automatically?
• Supplier engagement. Is there a dedicated supplier portal with multi-language support, or are data requests handled by email and spreadsheets? How is supplier identity verified?
• Deforestation risk analysis. Does the tool integrate authoritative datasets such as Global Forest Watch, JRC Global Forest Cover, or the EU Observatory? Can it produce plot-level risk scores with supporting imagery?
• TRACES NT integration. Does the tool generate DDS payloads in the required XML schema and support API submission, or does it stop at a CSV export that still has to be uploaded manually?
• Audit trail and record retention. Every decision, data point, and mitigation action has to be retrievable for at least five years. Native versioning and timestamped evidence storage matter more than they appear at first glance.
• Interoperability with CSRD, CSDDD and EcoVadis. The same supplier data feeds multiple frameworks. A tool locked to EUDR alone creates duplication within 12 months.

Market alternatives include specialist geospatial platforms, broader ESG suites, and traceability tools originally designed for specific commodities. Comparative breakdowns of the LiveEO TradeAware alternatives and Osapiens alternatives set out where each approach works and where it does not.

How Coolset supports EUDR compliance

Coolset provides an EUDR module designed for compliance-first teams at mid-market EU companies. The module combines supplier onboarding, geolocation validation, deforestation risk scoring against authoritative datasets, and direct TRACES NT submission within a single workflow. Supplier data collected for EUDR flows into the same platform that handles CSRD double materiality, Scope 3 emissions, and EcoVadis responses, which removes duplicate data entry across frameworks.

Risk assessment is automated at the plot level, with every flagged parcel linked to the satellite imagery and land-use evidence that triggered the alert. Mitigation workflows, audit trails, and five-year record retention are built in, so the documentation required by competent authorities is produced as a byproduct of the operational process rather than as a separate reporting exercise.

Frequently asked questions

What is the EUDR compliance deadline?

Large and medium-sized operators and traders must comply with EUDR from 30 December 2026. Micro and small operators and traders established before 31 December 2020 have until 30 June 2027. These dates reflect the 12-month postponement adopted under Regulation (EU) 2024/3234.

Does an EUDR compliance certificate exist?

No. EUDR does not issue a compliance certificate. Compliance is evidenced by a due diligence statement submitted through the TRACES NT portal, which generates a reference number that accompanies the consignment. Certification schemes such as FSC or RSPO can support underlying data collection but do not replace the DDS.

Which commodities are covered by EUDR?

EUDR covers seven commodity groups: cattle, cocoa, coffee, oil palm, rubber, soya, and wood. It also covers derived products listed in Annex I, including leather, chocolate, furniture, paper, tires, and biofuels. The exact scope is defined by the tariff codes in Annex I, which should be used when screening product portfolios.

What penalties apply for non-compliance with EUDR?

Penalties include fines of at least 4% of a company's total annual EU turnover, confiscation of products and revenues, temporary exclusion from public procurement and funding, and a temporary ban on placing relevant commodities on the market. Final decisions are published by competent authorities, which creates additional reputational exposure.

Do certification schemes like FSC or RSPO satisfy EUDR?

No. Third-party certification does not by itself satisfy EUDR. Operators remain responsible for the due diligence statement, including plot-level geolocation and legality evidence. Certification can support data collection and risk assessment, but the regulation requires operator-level verification and documentation regardless of scheme membership.