The start of application of the EU Deforestation Regulation ("EUDR") is approaching: From 30 December 2025, large and medium-sized companies will have to comply with the provisions of the EUDR. From 30 June 2026, the scope of application will then be extended to small and micro-enterprises. The EUDR requires companies to ensure that certain products (“relevant products”) that contain relevant commodities or have been produced using such commodities are (i) deforestation-free, (ii) produced in accordance with the national legislation of the country of production, and (iii) covered by a due diligence statement. To ensure this, companies must establish a due diligence system. They must also collect comprehensive information, assess risks, and mitigate them where necessary (see Articles 9–11 EUDR). For further details, please refer to our Overview of the EU Deforestation Regulation.
While companies are faced with the challenge of identifying all relevant products and their own role under the EUDR by the end of the year, obtaining the necessary information, and establishing a due diligence system, preparations for the application of the EUDR are also underway at the regulatory level: The competent authority in Germany, the Federal Office for Agriculture and Food (“BLE”), recently presented how compliance with the EUDR will be monitored in the future.
How does the BLE monitor compliance?
To implement the EUDR, companies will have to regularly register products in the EU information system by means of a due diligence statement. The BLE then retrieves the data entered in the EU information system and analyzes and evaluates it in its own "EUDR IT system". Based on the evaluations, an annual control plan will be drawn up and the companies to be audited will be selected.
Selected companies will then be contacted by letter and asked to register on the "service portal". As part of the registration process, company-specific data must be provided, in particular whether the company is considered an SME or a non-SME. This is crucial information, as depending on whether the company is considered an SME or a non-SME, the scope of EUDR obligations may be expanded or reduced, and thus the audit standard may also change from the authority's perspective.
Furthermore, companies must also provide information on the due diligence system they have established based on a questionnaire in the service portal.
Please note: At this stage, the BLE expects the specific upload of documents proving that a due diligence system was established in the company.
In addition, spot checks are also carried out to obtain specific information on individual products that have been entered into the EU information system. The following information must be provided in relation to the spot checks:
- General information on the product subject to the spot check, by supplementing the information in the EU information system and by asking further questions to record the specific obligations (questions on this subject include, for example, "Are you currently still the owner of the product?" or "Are you referring to an existing due diligence statement for this spot-check in accordance with Article 4(8) or (9) EUDR?").
- Information requirements, by providing collected information that the product is deforestation-free and has been produced in accordance with the national legislation of the country of production.
- Risk assessment information, consisting of (where necessary) questions on the implementation and verification of the risk assessment and on the implementation of risk mitigation measures.
- Risk mitigation, consisting of information on risk mitigation measures.
The BLE checks and evaluates the responses submitted digitally. In the event of discrepancies, in-depth on-site inspections and analyses of material samples may follow.
What are the consequences of non-compliance?
Identified violations can be sanctioned by the BLE. According to the EUDR, member states must enact "effective, proportionate, and dissuasive" regulations on penalties. A German implementation law is already available in draft form. The EUDR generally provides for the following penalties in the event of violations (see Art. 25 EUDR):
- Fines
- Confiscation of the relevant products
- Confiscation of revenue from the relevant products
- Exclusion from procurement procedures
- Prohibition of placing on the market or making available on the Union market and export
- Prohibition on the application of simplified due diligence
There are also reputational risks. The EU Commission will publish on the internet any violations of the EUDR committed by companies and established by a court of law. In particular, the EU Commission will disclose the name of the company and the conduct that caused the violation.
What is the advice?
In addition to challenges with regard to the collection of information in accordance with Art. 9 EUDR (e.g., collection of geolocation data, evidence for legally compliant production, etc.), companies should also focus on establishing a due diligence system and be able to prove this with relevant documents. As explained above, the BLE expects such documents to be submitted in the event of an EUDR control.
To introduce a due diligence system, internal codes of conduct should be introduced or adapted with regard to the EUDR, whereby such codes should clearly define obligations and establish binding responsibilities (e.g., also in the form of a delegation policy; this is particularly important with regard to the Environmental Crime Directive and to avoid accusations of "organizational fault"). It is also advisable to introduce EUDR-specific approval processes to ensure that "no EUDR risk is purchased" in the first place.
We would be happy to assist you in drafting such documents or provide you with our EUDR toolbox, which contains templates of this kind. Please feel free to contact us.
