The EU Deforestation Regulation (EUDR) — Regulation (EU) 2023/1115 — sets out binding due diligence obligations for any operator or trader who places regulated commodities or derived products on the EU market. With the enforcement deadline now firmly established, importers who have not yet built a compliant process are running out of time.
This article breaks down the exact steps your due diligence system must contain, the data you must collect and retain, and the penalties you face if auditors find your process insufficient.
Who Is Legally Required to Comply?
The EUDR distinguishes two categories of economic actors:
- Operators: companies that place regulated products on the EU market for the first time, or export them. They bear full due diligence obligations.
- Traders: companies that make products available within the supply chain without placing them on the market for the first time. Large traders have the same obligations as operators; SME traders have simplified but still real obligations.
If your company imports raw or processed commodities — cacao, coffee, cattle, palm oil, soy, rubber, or wood — from Latin America and sells them in the EU, you are an operator and you must complete full due diligence for every shipment.
The Three Pillars of EUDR Due Diligence
Article 8 of the EUDR defines due diligence as a three-step process: information collection, risk assessment, and risk mitigation. All three steps must be documented and retained for five years.
Step 1 — Collect Geolocation and Supply Chain Information
For every product placed on the EU market, you must collect:
- Geolocation of all plots of land where the commodity was produced. For aggregated shipments involving multiple farms, you need coordinates for each plot. For cattle, you need coordinates of all establishments where the animal was kept.
- Country and sub-national area of production
- Quantity (volume, weight, or units) and trade names
- Name, postal address, and email of the supplier
- Name, postal address, and email of the trader purchasing the product
- Sufficiently conclusive and verifiable information that the commodities comply with the legislation of the country of production, including human rights and indigenous community rights where applicable
This is the part where most importers struggle. Collecting plot-level GPS coordinates from smallholder farmers in Peru, Colombia, or Indonesia requires ground-truthing systems, cooperative partnerships, or technology intermediaries. A single container of cacao can represent hundreds of farm plots.
Step 2 — Conduct a Risk Assessment
With the geolocation data collected, you must assess whether there is a non-negligible risk that:
- The commodity was produced on land deforested or degraded after 31 December 2020
- The commodity was produced in violation of applicable laws of the producing country
Risk assessment must consider: country-level and sub-national risk classification issued by the Commission (expected Q3 2025), the presence of forests and forest types in the area of production, prevalence of illegal production in the region, complexity and length of the supply chain, and the reliability and adequacy of the collected information.
Important: sourcing from a country or region that the Commission classifies as "high risk" means you cannot use simplified due diligence. You must conduct full verification regardless of your supplier's certifications.
Step 3 — Risk Mitigation Measures
If your risk assessment identifies a non-negligible risk, you must implement mitigation before placing the product on the market. Measures can include:
- Obtaining additional information and documentation from suppliers
- Commissioning independent surveys or audits
- Requiring satellite monitoring evidence for specific plots
- Requiring certification under recognised schemes (FSC, RSPO, Rainforest Alliance) — noting that certifications alone are not sufficient; they are evidence, not substitutes for due diligence
- Suspending the supply relationship until evidence of compliance is obtained
The Due Diligence Statement
Before placing the product on the EU market, operators must submit a due diligence statement through the EU Information System (expected to be operational H2 2025). The statement includes a reference number that must accompany the product through the supply chain. Traders downstream can rely on your statement, but they must verify it is valid and that the product matches.
What Documentation Must You Retain?
All due diligence records must be retained for a minimum of five years and made available to competent authorities upon request. This includes:
- The complete due diligence statement and its supporting evidence
- All geolocation data used in the assessment
- The risk assessment methodology and outcome
- All mitigation measures taken and their outcomes
- Any communications with suppliers regarding compliance
Penalties for Non-Compliance
Competent authorities in each EU member state are responsible for enforcement. Penalties must be effective, proportionate, and dissuasive. The regulation requires member states to impose fines of at least 4% of the operator's total annual EU turnover for serious violations. Other penalties include temporary exclusion from public procurement, confiscation of products and revenues, and temporary prohibition from placing products on the EU market.
For an importer with €50M in EU revenues, a 4% fine means a €2M penalty — per violation. Companies with multi-product portfolios face multiplicative risk.
Country Risk Classification: What to Expect
The European Commission will publish a country benchmarking system classifying countries and sub-national areas into three risk tiers: low, standard, and high. Operators sourcing from low-risk countries may apply simplified due diligence (reduced information requirements). Operators sourcing from high-risk countries — which will likely include parts of Brazil, Indonesia, and potentially others — must conduct enhanced due diligence with no simplifications.
For most Latin American suppliers, until the benchmarking is published, you should assume standard risk at minimum and build your system accordingly.
How Terralyr Automates EUDR Due Diligence
Terralyr's EUDR module automates the three due diligence steps for Latin American supply chains. The platform ingests supplier GPS data, cross-references it against Global Forest Watch baselines and satellite-derived deforestation alerts from 2015 to present, computes parcel-level risk scores, and generates audit-ready documentation packages including the required geolocation evidence and risk assessment rationale.
For large operators managing hundreds of suppliers, this reduces the due diligence cycle from weeks to hours. For commodity traders building supply chain transparency from scratch, it provides the technology backbone without requiring in-house GIS expertise.
The window to build a compliant system before enforcement begins is narrowing. Importers who begin now will have time to identify supply chain gaps, work with producers to close them, and document the process. Those who wait risk either failing compliance checks or being forced to cut compliant suppliers from their portfolio.