~9 months
Until EUDR enforcement for large operators (December 30, 2026). Supply chain mapping and data collection alone typically takes 3–6 months for mid-size operators.

Most compliance guides describe what EUDR requires. This one focuses on what to do — in order — to get a wood or timber supply chain compliant before enforcement begins. The five steps below are sequenced to front-load the work that takes longest and parallelize where possible.

Step 1

Map Every Tier of Your Supply Chain

EUDR compliance starts with a complete picture of where your wood comes from. Not just your direct suppliers — every tier, down to the harvest site. This is the step most companies underestimate, and it is where the most time is lost.

For each product you sell into or source from the EU, you need to document:

  • Direct suppliers and their country of origin
  • The processing steps between harvest and your purchase point
  • Which products contain which wood species (multi-species blending is common in panels and engineered wood)
  • Approximate harvest regions (province or district level, ahead of GPS)

The goal at this stage is a complete product-origin matrix. You are not collecting GPS data yet — you are identifying which supply chains need GPS data and which suppliers can provide it.

Action: Build a spreadsheet with columns: Product SKU | Species | Direct Supplier | Country of Origin | Harvest Region (known/unknown) | Certifications Held (FSC, PEFC, etc.). This becomes your due diligence workplan.
Step 2

Assess Risk by Country and Product Category

Once you have your supply chain map, the next step is applying EUDR's risk framework. The European Commission benchmarks source countries into three tiers:

  • Low-risk: Simplified due diligence — less documentation burden
  • Standard-risk: Full due diligence statement required for each shipment
  • High-risk: Enhanced due diligence — expect closer scrutiny at EU customs

Run every supply chain origin through the current benchmark list. For each standard or high-risk origin, you need a gap analysis: what documentation do you currently have, and what's missing?

Common gaps at this stage:

  • GPS coordinates unavailable — supplier has only administrative-level location data
  • Legal harvest permits are in local language with no certified translation
  • Chain of custody breaks between forest owner and first mill
  • No documentation predating December 31, 2020 for land use status
Action: For each supply chain flagged as standard or high-risk, create a compliance gap card: what you have, what's missing, which supplier is responsible for filling the gap, and a deadline.
Step 3

Collect Geolocation Data from Source

This is the hardest step operationally, and the one where most supply chains fail initial EUDR audits. The regulation requires GPS coordinates or polygon data for the plot of land where the product was produced — not the mill, not the port of export, but the actual forest.

For large plantations or commercial forestry operations, this data often exists in forest management systems. For smallholder suppliers — common in Southeast Asia, West Africa, and parts of Latin America — it frequently does not exist in a digital format.

Practical collection approaches:

  • Supplier-side GPS apps: Provide suppliers with mobile apps that record GPS at point of harvest. Simple to deploy; requires supplier cooperation and training.
  • Satellite verification services: Third parties cross-reference claimed harvest locations against satellite imagery to confirm forest cover status at cut-off date.
  • Tokenized registration platforms: Systems like URTI record GPS on-chain at point of registration, creating immutable timestamps that satisfy EUDR's tamper-proof evidence requirement.

Whatever method you use, the data needs to be timestamped and attributable to a specific harvest event — not just a general region.

Action: Identify which suppliers can provide GPS data independently and which need a system or tool to collect it. Prioritize high-risk origin suppliers first — this is where enforcement scrutiny will focus.
Step 4

Build the Due Diligence Statement Workflow

Due diligence statements must be submitted through the EU's information system before each shipment crosses an EU border. Building a workflow for this before it becomes mandatory is the difference between a manageable compliance function and a weekly crisis.

A compliant workflow covers:

  • Data aggregation — pulling geolocation, legal permits, and risk assessment for each shipment
  • Statement generation — formatting data into the EU portal's required schema
  • Submission — via the EU TRACES system or approved third-party connector
  • Record retention — EUDR requires five years of due diligence records
  • Audit trail — evidence that risk assessment was actually performed, not rubber-stamped

Companies with automated supply chain traceability systems (like tokenized provenance platforms) can auto-generate most of a due diligence statement from existing records. Companies relying on manual documentation need a structured process to ensure nothing is missed per shipment.

Action: Map your current shipment workflow and identify where EUDR data collection fits. If preparation per shipment would take more than 2 hours, the manual process is not scalable — evaluate automated options now rather than at enforcement deadline.
Step 5

Test Under Real Conditions Before the Deadline

The EU information system for EUDR submissions opened for testing in late 2024. Do not wait until December 2026 to submit your first statement. Early testing reveals integration issues, data format problems, and classification questions that take time to resolve.

Before the enforcement deadline, run the full compliance workflow for at least three shipments:

  • One low-risk origin (to confirm simplified due diligence is correctly handled)
  • One standard-risk origin (full workflow test)
  • One complex multi-species or multi-origin shipment (stress test for data aggregation)

Also test your record retention system. EUDR requires that due diligence records be accessible for five years — including the risk assessment rationale, not just the submitted statement.

Action: Schedule compliance system testing for Q3 2026 at the latest — that gives a 3-month buffer before enforcement to fix issues and re-test. Companies using tokenized infrastructure can test earlier because their provenance data is already in digital form.

The One Thing Most Companies Get Wrong

The most common EUDR preparation mistake is treating it as a documentation project rather than a data infrastructure project. Companies spend months collecting PDFs, translating certificates, and building SharePoint folders — then discover at testing that the EU portal requires structured digital data, not document uploads.

EUDR compliance is fundamentally a data collection problem. The companies that solve it once — by implementing systems that capture geolocation and provenance data at source — spend very little on ongoing compliance. The companies that treat it as a documentation exercise will spend that time every single shipment.

Quick Reference: EUDR Readiness Checklist
  • Complete supply chain map to harvest-site level
  • Risk classification for all source countries
  • Compliance gap analysis per supply chain
  • GPS/geolocation data collection system in place
  • Legal harvest documentation (with translations where needed)
  • Due diligence statement workflow documented and tested
  • EU TRACES system access and test submission completed
  • 5-year record retention system operational
  • Supplier contracts updated with EUDR data-sharing obligations
  • Internal staff trained on submission process

Talk to the URTI Team About Your Supply Chain

We work with timber companies at every stage of EUDR readiness — from initial supply chain mapping to full tokenized compliance infrastructure. Tell us where you are in the process and we'll show you the fastest path to compliance.

Get in Touch →