Who really owns EUDR compliance? Why ESG and supply chain teams both have a role (Updated June 2026)

January 5, 2026
7
min read
Who really owns EUDR compliance? Why ESG and supply chain teams both have a role - Coolset
Table of contents

Disclaimer: New EUDR developments - December 2025

In November 2025, the European Parliament and Council backed key changes to the EU Deforestation Regulation (EUDR), including a 12‑month enforcement delay and simplified obligations based on company size and supply chain role.

Key changes proposed:

  • New enforcement timeline: 30 December 2026 for large/medium operators, 30 June 2027 for small/micro operators
  • Simplified DDS: One-time declarations for small and micro primary producers
  • Narrowed scope: Most downstream actors and non‑SME traders would no longer need to submit DDSs
  • New DDS requirement: Estimated annual quantity of regulated products must be included

These updates are not yet legally binding. A final text will be confirmed through trilogue negotiations and formal publication in the EU’s Official Journal. Until then, the current EUDR regulation and deadlines remain in force.

We continue to monitor developments and will update all guidance as the final law is adopted.

Key takeaways:

  • EUDR compliance is a shared responsibility: ESG teams own the due diligence framework, risk methodology, and annual reporting, while supply chain teams are accountable for supplier data collection, product traceability, and DDS coordination before shipments.
  • Core EUDR obligations apply from 30 December 2026 for large and medium operators and non-SME traders, and from 30 June 2027 for micro and small operators.
  • Companies that silo ESG and supply chain functions risk incomplete DDS submissions, blocked shipments, and regulatory fines of up to 4% of EU annual turnover.
  • Coolset's EUDR module gives ESG and supply chain teams a shared platform to manage supplier data and risk assessments.

The EU Deforestation Regulation (EUDR) changes how companies handle sourcing and reporting. Following the amendment adopted on 19 December 2025 ( Regulation (EU) 2025/2650 ), the core obligations now apply from 30 December 2026 for large and medium operators and traders. Micro and small operators have until 30 June 2027 . From those dates, placing or exporting regulated commodities in the EU will require operators to file a Due Diligence Statement, verify supply chain traceability, and assess risk before every shipment.

But the regulation does not specify who inside a company must own this work. That ambiguity is where most implementation problems start. ESG teams often feel they should lead, since sustainability is in their remit. Supply chain teams argue the work is too operational to be managed by a reporting function. Legal and compliance functions may be pulled in when things get complicated, but they’re rarely equipped to run day-to-day due diligence.

EUDR compliance requires both teams. The question is how to divide the work clearly.

What does EUDR require from a company?

EUDR imposes several distinct obligations on operators. Companies must collect and verify supply chain data for every shipment (Article 9). They must assess the deforestation and legality risk of each product (Article 10). They must mitigate non-negligible risks before placing the product on the market (Article 11). They must maintain a documented due diligence system (Article 12). They must submit a Due Diligence Statement to the EU information system before every shipment. And they must keep records for at least five years.

For downstream operators and traders, the obligations are lighter: collect and retain DDS reference numbers from direct upstream suppliers, register in the IS if a non-SME, and flag substantiated concerns to authorities.

These obligations span sourcing, supplier relationships, documentation, technology systems, and regulatory filings. No single function in most companies controls all of them.

Where ESG teams fit

ESG teams are often closest to the regulation’s intent. They track sustainability policies, engage with frameworks like GHG reporting or CSRD, and maintain relationships with external assessors and certification bodies. They also tend to monitor regulatory changes and engage with industry bodies that track EUDR developments.

In practice, ESG teams are well-positioned to:

  • Own the due diligence system: design the framework, document procedures, and ensure annual reviews (Article 12)
  • Define deforestation-free and legality standards against which suppliers are assessed
  • Lead engagement with certification schemes (FSC, RSPO, Rainforest Alliance) and evaluate how they support EUDR evidence requirements
  • Handle escalation and mitigation for non-negligible risk cases
  • Report on EUDR compliance status to leadership and in sustainability disclosures

Where ESG teams struggle is in operationalizing these standards at shipment level. Reviewing every purchase order for geolocation completeness or coordinating supplier document requests across hundreds of transactions is not typically how ESG functions are structured.

Where supply chain teams fit

Supply chain and procurement teams interact with suppliers daily. They have the relationships, the commercial leverage, and the operational context to collect data at scale. They know which suppliers are responsive and which require escalation. They control the purchase order process and can embed EUDR data requirements into onboarding workflows.

Supply chain teams are well-positioned to:

  • Collect Article 9 data from suppliers (geolocation, production dates, legality documentation) as part of procurement workflows
  • Screen new suppliers for EUDR readiness before onboarding
  • Manage DDS reference number collection from upstream operators (for downstream operator roles)
  • Flag data gaps or supplier non-responses before shipments are approved
  • Coordinate with logistics on DDS submission timing relative to shipment release

Where supply chain teams need support is in risk interpretation. Assessing whether a geolocation file is adequate, or whether a given certification covers the legality requirements under Article 2(40), requires policy knowledge that most procurement functions don’t maintain internally.

A practical split

Most companies that are making EUDR work divide responsibility along a simple axis: supply chain owns data collection, ESG owns risk interpretation and system governance.

Under this model, supply chain teams are responsible for ensuring every supplier provides the required documentation and that every shipment has a DDS reference or a filed statement attached before release. ESG teams are responsible for defining what “adequate” documentation looks like, running risk assessments on flagged shipments, maintaining the due diligence system, and signing off on the compliance declaration in each DDS.

Neither team can do the other’s work well. Procurement teams assessing legal compliance in Brazilian timber supply chains without ESG or legal support will produce inconsistent, underdocumented risk assessments. ESG teams trying to track DDS submissions across thousands of shipments without procurement infrastructure will be overwhelmed and slow.

The cleaner the handoff point, the more reliable the compliance program.

{{custom-cta}}

{{product-tour-injectable}}

What good governance looks like in practice

Good EUDR governance does not require creating a new function. It requires being clear about who decides what.

At minimum, companies should define: who is responsible for supplier data collection and follow-up; who runs the risk assessment for standard- and high-risk supply chains; who has sign-off authority on DDS submissions; who updates the due diligence system when something changes; and who fields authority requests in case of an inspection.

These decisions can be documented in a one-page RACI. The important thing is that they are made explicitly, not assumed.

Companies that work well on EUDR also tend to run a shared data layer. Supply chain teams populate supplier and shipment data into a central system. ESG teams review and approve risk assessments in the same system. DDS submissions are generated automatically from confirmed records. When an authority requests documentation, any team member can pull the full audit trail without needing to reconstruct it from emails.

FAQ

1. Should EUDR compliance sit in ESG or supply chain?

Both. Compliance works best when supply chain owns data collection and ESG owns risk assessment and system governance. Companies that assign EUDR to one function without engaging the other consistently run into data gaps or risk assessment errors.

2. What does EUDR governance look like for a large company?

For large companies, EUDR governance typically involves a steering group with representation from ESG, supply chain, legal, and IT. Day-to-day ownership usually sits in a supply chain or sustainability operations team, with ESG providing policy and standards, and legal stepping in for escalations and authority interactions.

3. Can third parties replace internal coordination?

No. Platforms and certification bodies can support data collection and verification, but legal responsibility for the DDS stays with the operator or non-SME trader. External tools reduce operational burden, but governance, sign-off, and audit-readiness still require clear internal ownership that no third party can substitute.

June 2026 update: Enforcement guidance clarifies ownership further

The May 2026 Guidance Document (3rd edition, COM(2026) 191 final) provides updated direction on how competent authorities should approach enforcement — and this has direct implications for how internal compliance ownership should be structured.

Member States are encouraged to focus inspections and enforcement actions on actors with the most significant due diligence obligations: those first placing products on the EU market. For downstream operators and traders, enforcement actions should be proportionate to their reduced obligations under the revised Regulation. This reinforces the principle that the upstream operator — typically the importer or EU-based first placer — is the primary accountable party under the EUDR.

The Guidance Document also confirms that downstream operators and traders are not required to ascertain that due diligence was carried out upstream, and that their obligation to collect reference numbers is passive. They are not expected to investigate or proactively request information from their supply chain. This distinction matters for internal governance: ESG and compliance teams responsible for managing the DDS submission are the upstream function; supply chain and procurement teams handling incoming shipments from already-declared upstream sources carry a lighter, primarily administrative obligation.

How to operationalize EUDR compliance in 2026

Read our tailored guide, learn how to build traceability and run audit-proof risk assessments

See Coolset in action
Explore Coolset's top features and use cases.
Demo is not supported
on mobile screens
Please come back on a larger screen
to experience this demo.
This is a preview window. Click below to see the demo in a larger view.
See product tour
See product tour
See product tour
See product tour
See product tour
See product tour

↘ Instantly calculate your CBAM cost impact

Use the free calculator to estimate your Carbon Border Adjustment Mechanism costs for any imported goods. Select your product type, volume and country of origin to see projected CBAM charges and understand how upcoming EU rules will shape your import costs and savings through 2034.

↘ Check if your documentation meets PPWR requirements

This free compliance checker scans your packaging documentation and maps it against mandatory PPWR data requirements, giving you a clear view of your compliance status. Get actionable insights on documentation gaps before they become compliance issues.

Unify ESG and supply chain compliance with Coolset

Coolset’s EUDR module gives both teams one platform to collect supplier data, run risk assessments, and generate Due Diligence Statements.

Coolset EUDR compliance solution overview

The leading ESG platform for mid-market enterprises