Frequently Asked Questions

The system must classify each entity as operator, placing a regulated product on the EU market or exporting it for the first time or downstream operator, placing on the market a product already covered by a due diligence statement or simplified declaration, and apply the corresponding obligation set, full due diligence and DDS for operators, traceability and record keeping only for downstream operators.

The system must capture product description, HS/CN code, quantity, country of production, supplier identity, and plot level geolocation data for every delivery prior to market placement or export.

The system must store coordinate points for plots under 4 hectares and GeoJSON polygons for plots over 4 hectares and verify each plot against the EUDR deforestation cut-off date of 31 December 2020 using satellite-based monitoring.

The system must support a structured risk assessment workflow per delivery, recording information evidence based on country and commodity risk, documentation gathering, and the mitigation measures applied before a DDS is submitted.

The system must integrate with the EU Information System to submit Due Diligence Statements electronically, generate and store DDS reference numbers for each delivery, and make them available to the first downstream operator in the supply chain, who is the only downstream entity required to collect and retain that reference.

Every importer placing a regulated product on the EU market for the first time is an operator subject to the full EUDR obligation, due diligence, risk assessment, and DDS submission, irrespective of company size; the system must apply the obligation to all importers and enforce the applicable deadlines.

Primary Operators under the amended EUDR are EU established operators who themselves grow, harvest, or raise the regulated commodity they place on the EU market. The system must support their full DDS creation and submission workflow, and additionally accommodate the limited simplification for micro and small primary operators established in a country classified as low risk, who may submit a single one time simplified declaration, generating a declaration identifier, in place of a full DDS for each delivery.

The system must apply a simplified compliance workflow for downstream operators: no due diligence and no DDS submission are required; only the first downstream operator purchasing directly from the operator must collect and retain the DDS reference number or simplified declaration identifier; downstream operators that are not SMEs must also register in the EU Information System; subsequent downstream operators have no EUDR obligation beyond maintaining traceability records and notifying authorities if they encounter evidence of non-compliance.

The system must reflect that, full due diligence and geolocation verification are the responsibility of the primary operator (first placement) only. Downstream tiers do not replicate or verify due diligence data, and the system must therefore maintain a clear chain of reference, DDS reference numbers or simplified declaration identifiers, passing from the primary operator to the first downstream operator, enabling traceability without requiring each tier to hold or validate the underlying supply chain data.

The system must apply mass balance or segregation accounting at batch level to attribute the regulated commodity proportion of each delivery to its verified source plots, maintaining traceability even where physical segregation is not operationally feasible.

The system must flag any change in supplier, sourcing region, or material composition that may affect an existing DDS, and require revalidation of the affected consignment's due diligence data before continued market placement.

When a primary operator or downstream operator encounters concrete evidence that a product does not comply with the EUDR, the system must immediately suspend the transaction and block further market placement of that consignment. The system must require the responsible party to verify that due diligence was properly carried out upstream, record the evidence of non-compliance, and generate a notification to the competent authority of the relevant Member State. The system must retain a complete record of the incident, the evidence gathered, the corrective action taken, and the authority notification, as part of the audit trail required under the regulation.

Competent authorities must act on substantiated concerns submitted by any natural or legal person, including citizens and civil society organisations, regarding non-compliance with the EUDR. The system must provide a structured audit readiness response capability that, upon receipt of an authority notification of an investigation, immediately locks all records associated with the operator, consignment, or product scope identified in the authority request; prevents any modification or deletion of relevant due diligence data, geolocation records, DDS submissions, and supply chain documentation; and generates a consolidated compliance dossier ready for submission to the competent authority within the required timeframe. The system must also log the date and nature of the authority notification, all records provided, and the outcome of the investigation as a permanent entry in the operator audit trail.

The system must maintain a complete, timestamped audit trail per delivery, including geolocation inputs, risk assessment outputs, mitigation evidence, and DDS reference, retained and retrievable for a minimum of five years.

The system must classify entities as large/medium or micro/small using EU Accounting Directive criteria as balance sheet, turnover, headcount, apply the corresponding compliance deadline automatically, and additionally identify micro and small operators that qualify as primary operators (those who themselves grow, harvest, or raise the regulated commodity and are established in a low-risk country) to apply the simplified one-time declaration format in place of a full DDS per consignment.

The system must enforce obligation timelines, 30 December 2026 for large and medium operators, 30 June 2027 for micro and small enterprises, and alert users to approaching submission deadlines for each delivery and for every market. Large and medium operators will drive the scope and timing of compliance readiness.

The system must maintain a current product scope register aligned with EUDR Annex No. 1, mapping each product by HS/CN code to its regulated commodity, and flag any product additions or removals as the Annex is updated.

The system must be designed to integrate the EU Commission's country risk classification set at low, standard, or high, when it is formally adopted and operational. As of the date of this document, the benchmarking system has not been finalised: the European Parliament rejected the Commission's initial proposed classifications, and all countries are being treated under standard risk. The system must currently apply full due diligence requirements across all sourcing countries and be capable of adjusting automatically when an approved benchmark is published.

The system must generate auditable compliance reports for each operator, delivery, and Member State, and include a regulatory update mechanism to incorporate changes to Annex No. 1, country benchmarks, and DDS format requirements without manual reconfiguration.