EUDR Due Diligence in Practice: A Step-by-Step Guide for SMEs

Knowing that EUDR applies to your business is one thing. Knowing how to actually comply is another. Once you have confirmed that your products fall under the regulation and clarified your role in the supply chain, the next question is practical: what do you need to do, and in what order? 

The following text covers the core structure of EUDR due diligence for first operators, the most common points where SMEs run into difficulties, how purpose-built software changes the equation, and three assumptions that can quietly undermine compliance efforts before they get started. 

The three pillars of EUDR due diligence 

EUDR due diligence is built around three sequential steps, each of which feeds into the next. This structure applies to first operators—companies that import or first place in-scope products on the EU market. Downstream traders have lighter obligations, but understanding this framework helps everyone in the supply chain know what to expect from their partners. 

Pillar 1: Information collection 

The foundation of EUDR compliance is data.  

Before you can assess risk or submit a Due Diligence Statement (DDS), you need to collect specific information about the origin of each relevant commodity. This is where most SMEs spend the majority of their time, and where the process most often stalls. 

For each in-scope product, you need to collect: 

• Supplier information: who produced the commodity and the exact geolocation (GPS coordinates or polygon data) of the plots of land 
• Geolocation data: GPS coordinates or polygon data for the specific plots of land where the commodity originates. This is the most demanding requirement and the most common bottleneck 
• Evidence of legality: documentation showing that production complied with the laws of the country of origin, covering land use rights, environmental regulations, and labor law 
• Country and commodity: the relevant CN codes and countries of origin for each product 

The geolocation requirement deserves particular attention. Unlike most compliance documentation, geo-coordinates cannot simply be provided by a logistics partner or freight forwarder. They must come from the actual producer or farm. For SMEs sourcing from regions with many small-scale farmers, this means building a data collection process that reaches deep into the supply chain, often across language barriers and varying levels of digital literacy. 

The practical implication: start supplier outreach early. 

Pillar 2: Risk assessment 

Once you have collected the relevant information, the next step is to assess the deforestation and legality risk associated with each product. The EUDR does not require zero risk. It requires that you demonstrate you have assessed the risk and taken proportionate action. 

A compliant risk assessment covers three dimensions: 

• Country risk: the EU Commission published its first official country risk classification list in May 2025, assigning countries as low, standard, or high risk. Low-risk countries allow for simplified due diligence. Standard-risk countries require full due diligence. Only four countries are currently classified as high risk. Understanding how to navigate the EU’s EUDR benchmarking system is essential to see what this classification means in practice.  
• Plot-level deforestation check: using the geolocation data collected, you can verify that no deforestation occurred on the relevant plots after December 31, 2020. This is the EUDR’s cut-off date and applies regardless of country risk classification. 
• Legality assessment: a review of whether production in the country of origin complied with applicable national laws, including land tenure, environmental protection, and human rights obligations. 

Conducting this assessment manually requires significant effort. Cross-referencing satellite imagery, national forest maps, and legal frameworks across multiple countries often means weeks of research per commodity—and potentially adding dedicated team members to manage the workload. 

This is where specialized software fundamentally changes the workflow: instead of reviewing every case manually, the system flags only the relevant high-risk cases through embedded compliance checks (cross-validated satellite imagery and legality assessments via publicly available indices). This allows you to focus your time where it matters most, while creating defensible, audit-ready decision-making. 

Pillar 3: Risk mitigation and DDS submission 

If your risk assessment identifies concerns, such as a supplier unable to provide complete geodata, a sourcing region with elevated deforestation indicators, or gaps in legality documentation – you are required to take mitigation measures before placing the product on the market. 

Mitigation measures can include: 

• Requesting additional documentation or independent verification from suppliers 
• Conducting on-site or third-party audits 
• Adjusting sourcing to alternative suppliers or regions with lower risk profiles 
• Temporarily pausing placement of a specific product until data gaps are resolved 

Once mitigation measures are undertaken and your company is confident that there is no risk of deforestation, you can proceed to submit a DDS via the EU’s TRACES NT system. At this stage, documenting the resolved case in your compliance workflow is essential: osapiens HUB’s case management ensures that this specific origin and supplier combination is not flagged again in future assessments, reducing false positives and decreasing the time spent on repeat reviews. 

The DDS generates a reference number that must be passed to your downstream customers. For traders receiving products that have already been placed on the EU market, this reference number and the ability to link products back to it is the core of their own EUDR obligation. 

Where SMEs typically get stuck 

Across these three pillars, a few specific challenges come up repeatedly for smaller businesses: 

• Supplier data gaps 
  Many suppliers, especially smaller producers, may have not previously been asked to provide geolocation data in a structured format. Building the supplier engagement process takes more time than most companies anticipate, particularly when working across language barriers. 
• Scope uncertainty 
  Identifying which specific products and CN codes fall under EUDR scope is not always straightforward, particularly for processed goods with multiple ingredients or complex bills of materials. 
• TRACES navigation 
  The EU’s TRACES NT system is the official platform for DDS submission. While the system is accessible to companies of all sizes, manually filling out DDS submissions is time-consuming and prone to human error. This is where automation creates direct value: integrating your compliance workflow with TRACES NT reduces manual data entry, minimizes errors, and ensures submissions are consistent and audit-ready. 
• Downstream data sharing 
  Once a DDS is submitted, the reference number needs to reach your customers reliably and in a format they can use. Without a structured process, this step creates friction and manual effort at every shipment. 

How a software changes the equation for SMEs 

Each of the challenges above is addressable with the right tooling. A dedicated EUDR platform automates the most time-intensive parts of the process: structured supplier onboarding with multilingual questionnaires, automated deforestation checks against satellite data, automated DDS preparation and direct submission to TRACES, and seamless reference number sharing with downstream partners. 

For an SME with a lean team, this transforms EUDR compliance from a months-long manual project into a manageable ongoing workflow. The right solution does not require a large compliance team or an enterprise software budget. 

osapiens EASY START for EUDR is built specifically for this entry point: covering all EUDR obligations for importers and traders, with guided setup and a free supplier portal included.