EUDR Compliance: Ensuring Your Products Are Deforestation-Free

Example satellite imagery of deforestation. [Data Source: Planet Labs 2015, 2023]

What is EUDR?

The Regulation on Deforestation-Free Products, more commonly known as the European Union Deforestation Regulation (EUDR), is a set of rules intended to ensure products consumed by EU citizens or exported from the EU do not contribute to deforestation and the associated greenhouse gas emissions and biodiversity loss. The regulation entered into force on 29th June, 2023, from which point relevant traders and operators are given 18 months (until 30th December, 2024) to implement the new requirements. The EUDR forms a part of a wider commitment by the EU to combat deforestation and forest degradation first outlined in 2019 and later reaffirmed through other proposals such as the European Green Deal. (The United Kingdom version is also in the works.) The aim of the EUDR is to prevent the products purchased, consumed, or utilised by Europeans from contributing to deforestation and forest degradation globally and to reduce the carbon emissions from these relevant products by 32 million metric tonnes per year.

Importance of EUDR

Many of the products we consume include ingredients such as wood, rubber, or other animal-/plant-based constituents. These ingredients are grown, raised, or harvested somewhere in the world (often far away due to labour and other costs). The land and resources required to satisfy such large, continual demands often translate into forests being cleared or degraded around the world. These are the forests that would otherwise be capturing and storing carbon and are home to the species integral to a functioning ecosystem that also includes a healthy food chain on which humanity depends. When forests are cleared or degraded, large portions of the carbon in the associated organic matter (in the plant itself and the soil below) are released as greenhouse gases such as carbon dioxide and methane, worsening climate change. The resulting exacerbation of extreme weather patterns would further disrupt the ecosystem, including our own agriculture, through frequent floods, fires, and other severe weather. (We are already seeing such changes in weather patterns today.) The disturbances in the ecosystem also upset the balance that would normally keep pests and diseases in check. Left unchecked, these effects and their interactions would lead to further knock-on effects, resulting in a feedback cycle.

All of these have latent financial costs as well. Climate change-driven natural disasters and biodiversity loss-related disruptions to production (e.g. agriculture for food and raw commodities) hurt the supply chain and drive up costs and prices. The societal damage and human losses not only bring up ethical and moral questions, but also have the tangible effects of geopolitical destabilisation, negatively impacting the business environment.

Moreover, once forests are destroyed or degraded, efforts of reforestation and restoration would not return them to their original carbon capacity and biodiversity for decades, centuries, or longer. Therefore, prevention is key, and this is why the EUDR is an important tool even for the businesses it regulates.

Affected Companies and Brief Overview of Scope

Any person or company that places relevant products on the European market or exports them in the course of business, regardless of quantity or value, is considered an “operator” subject to the obligations of EUDR. This is true even if the operator merely transforms one relevant product into another. The EUDR specifies the following commodity groups as being relevant:

  • Cattle
  • Cocoa
  • Coffee
  • Oil palm
  • Rubber
  • Soya
  • Wood

Each of these categories includes relevant products that are detailed in Annex I of the official text of the regulation. Products not included in the list are not covered by the EUDR. There are also exceptions that are excluded from the EUDR, such as packaging that is not placed on the market in its own right (i.e., “standalone”).

Relevant products placed on the market as a gift or for non-commercial purposes are also covered by the EUDR. All relevant products must satisfy the requirements that they are deforestation-free, have been produced in accordance with the local legislation, and are covered by a “due diligence statement”.

There are slight differences in the due diligence requirements depending on whether the operator belongs to the “micro, small and medium-sized enterprises” (SMEs) category in the EU. Regardless, the overall idea is to collect information on the relevant products (such as the supplier or producer) and the geolocation of the exact locations where the products are grown or produced (including dates). The information serves to prove that the products are deforestation-free. Furthermore, based on the information collected, the risk of non-compliant products needs to be evaluated (such as the presence of forests, deforestation rates, historical compliance). If the risk assessment reveals any risk, operators must undertake and document mitigation measures such that the risk becomes negligible.

Penalties for breaking the rules could be hefty, including (but not limited to) having the products and relevant revenue confiscated and fines totalling a few percent of the operator’s annual EU-wide turnover.

Remote Sensing & Location Intelligence

The information system for submitting due diligence data and statements is currently under development (as of 12th June 2024), but will likely consist of a graphical interface and portals to upload data and information required for the due diligence statements, as well as their application programming interface (API) counterparts. Aside from commercial information, such as the producer(s) and value(s) of the relevant products, the core part of the due diligence comprises the geospatial data about the origin(s) of the products.

What we know so far is that the original producer of the relevant materials must be geolocated to the plot-of-land level. The data are expected to be submitted as vectors (polygons) delineating each piece of land associated with the producer, most likely in the GeoJSON format. Here, satellite or drone imagery can help operators identify the locations and boundaries of the producing plots of land, or verify the accuracy and truthfulness of the geolocation data received from the producer.

Moreover, remote-sensing imagery is indispensable when it comes to the verification of whether or not deforestation or forest degradation occurred as a consequence of the production of the relevant products. For example, land use can be distinguished by colours or colour indices using optical imagery. Imagery derived from synthetic-aperture radar (SAR) can provide weather-independent information about the density and thickness of the vegetation. LiDAR imagery can provide information on the height of the vegetation canopy. These types of information all contribute to determining the existence and health of forests.

The EUDR sets the baseline date of 31st December, 2020, after which no deforestation or forest degradation should occur. The EU Observatory provides a global map of forest cover for the year 2020, and subsequent annual maps of forest-cover changes. However, these maps are meant to be additional tools to help companies perform due diligence. The use of these maps does not necessarily guarantee the verification (i.e., they are not legally binding). The safest approach is still to utilise other data sources. By comparing the aforementioned remote-sensing imagery between the production date(s) and the baseline date, one could theoretically verify with more accuracy whether or not forests were harmed. In practice, however, this could be tricky and tedious.

The appearance of land surfaces and vegetation could vary widely between locations on Earth, the regional climate, and even across seasons. The usually large number of land plots and wide geographical distribution of the producers only make the tasks of verification even more challenging. Analytical algorithms, including the usage of machine-learning models (colloquially referred to as “AI” or artificial intelligence), can and should be used to improve the assessment accuracy and speed. In some challenging cases, AI could also provide vegetation species information in order to ascertain that the trees of the forests are consistent with expectations.

Building up the required tools and procedural pipelines to perform due diligence can be a difficult and time-consuming task. In many cases, partnering with another organisation or company with the relevant expertise and experience will be more reliable and cost-efficient.

Conceptual Workflow

How does an operator actually go about performing due diligence? While the information-submission step will depend on the final details of the EU’s dedicated information system, the due diligence itself will mostly follow the conceptual steps below:

1. Initial assessment of the supply chain

  • Determine, based on Annex I of the EUDR, whether or not the product is considered EUDR-relevant.
  • Determine the original producer(s) of the relevant products, which may be part(s) of a larger product or in another relevant form (in the case of a transformed product).
  • Collect data about the product (e.g. product code, country of origin, quantity), their suppliers and producers, evidence of legality of harvest (in the country of origin), and the geo-coordinates of the location of production.

2. Map the producers

  • Verify the truthfulness and accuracy of the data, including the geolocation(s) of the production site(s), by checking against remote-sensing imagery.
  • Utilise a geographical information system (GIS) for this purpose.

3. Analysis, risk assessment, and mitigation

  • Utilise a GIS and a variety of remote-sensing data to check for signs of deforestation or forest degradation since 31st December, 2020.
  • Based on the analysis and other factors such as the track record of the country of origin, assess the risk of deforestation or forest degradation associated with the product(s).
  • Take corrective or mitigation measures based on the findings.
  • Report all of the above to the relevant authorities through the EUDR’s information system or its APIs.
  • Keep all documentation for five years from the submission date.

4. Monitoring and updates

  • Since products are rarely one-offs, regular monitoring and data collection are likely required to ensure continual compliance.

Conceptual workflow towards EUDR compliance

Mapular’s Role

Mapular provides key services to help companies comply with the EUDR efficiently and effectively. Our expertise and solutions are designed to simplify the due diligence process, ensuring compliance while minimising risks. We offer comprehensive services that include geolocation verification, remote-sensing analysis, and risk assessments. Through the use of high-resolution satellite and drone imagery, we can accurately locate production sites and monitor land-use changes to ensure that no deforestation has occurred since 31st December, 2020. Our advanced analytics, including the use of optical imagery, SAR, and LiDAR, help verify land use and forest health. In addition, our machine-learning algorithms assess compliance risks and create detailed due diligence reports that can be submitted to the EUDR information system. With mapular, companies gain access to accurate, efficient, and user-friendly solutions tailored to meet EUDR requirements. For more information and to arrange a consultation, visit our website or contact our sales team. Ensure your business is compliant and contributing to global sustainability efforts with Mapular’s expert services.

TL;DR: Common Questions

What is the EUDR and why was it introduced?
The EU Deforestation Regulation (EUDR) is a set of rules to ensure products consumed or exported by the EU do not contribute to deforestation, greenhouse gas emissions, or biodiversity loss. It was introduced to combat global deforestation and support the EU’s environmental goals.

Which companies are required to comply with EUDR?
Any person or company that places relevant products on the European market or exports them, regardless of quantity or value, must comply with EUDR. This includes companies transforming one relevant product into another.

How can companies prove they don’t contribute to deforestation?
Companies must collect and maintain information on their products, including geolocation data of where raw materials were produced. They must perform risk assessments and implement mitigation measures to ensure products are deforestation-free.

What are the penalties for non-compliance with EUDR?
Penalties can include fines proportional to the environmental damage and the value of the products, confiscation of products and revenues, and temporary bans from public procurement processes and market access.

What information must companies collect under EUDR?
Companies must gather data including product descriptions, quantities, production country, geolocation of production plots, supplier and buyer details, and evidence that the products are deforestation-free and comply with local laws.

Any tips for leveraging technology to meet compliance needs?
Utilise remote sensing technologies like satellite and drone imagery to monitor production areas. Implement GIS for managing geolocation data and AI for analysing patterns of deforestation. Partnering with experienced organisations can streamline the compliance process.


The EUDR represents a significant effort to reduce global deforestation, preserve biodiversity, and mitigate climate change. Compliance with EUDR is mandatory for any company placing relevant products on the European market or exporting them from there. Using advanced technologies such as remote sensing, GIS, and AI, companies can effectively monitor and verify their supply chains to ensure they are deforestation-free.

To move towards compliance, companies should start by assessing their supply chains, collecting necessary data, and implementing robust monitoring systems. Establishing clear procedures for ongoing monitoring and data collection is also vital to ensure continued adherence to EUDR requirements.

Do not let the complexities of EUDR compliance overwhelm you. Mapular offers comprehensive services to support this process, including geolocation verification, remote-sensing analysis, and risk assessments. Visit our website or contact our team for a consultation. Together, we can ensure your business remains compliant and contributes to global sustainability. For more information and resources, follow the provided links and contact us today.

Resources and References

Official Documentation

Some Sources on Carbon Stock and Biodiversity

  • Baker, J. C. A., Lang, P. L., Richards, K. R., Webb, A. A., Mills, R. J., Krishnamoorthy, L., & Pendleton, L. (2022). Deforestation-induced climate change reduces carbon storage in remaining tropical forests. Nature Communications, 13, 2916.
  • Chazdon, R. L. (2008). Beyond deforestation: Restoring forests and ecosystem services on degraded lands. Science, 320(5882), 1458–1460.
  • Goldstein, A., Turner, W. R., Spawn, S. A., et al. (2020). Protecting irrecoverable carbon in Earth’s ecosystems. Nature Climate Change, 10, 287–295.
  • Palviainen, M., Laurén, A., Pumpanen, J., Bergeron, Y., Bond-Lamberty, B., Larjavaara, M., et al. (2020). Decadal-scale recovery of carbon stocks after wildfires throughout the boreal forests. Global Biogeochemical Cycles, 34, e2020GB006612.
  • FAO. (2019). The state of the world’s biodiversity for food and agriculture. Food and Agriculture Organization of the United Nations.
  • Ortiz, A. M. D., Outhwaite, C. L., Dalin, C., & Newbold, T. (2021). A review of the interactions between biodiversity, agriculture, climate change, and international trade: Research and policy priorities. One Earth, 4(1), 88–101.

start building your mlp

Envision a world where you hold the key to unveiling groundbreaking insights, enhancing efficiency to unprecedented levels, and making decisions backed by powerful data like never before. It's not a mere daydream; it's the extraordinary reality we offer with our state-of-the-art solutions.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Information in accordance with § 5 TMG:

Mapular UG (haftungsbeschränkt)
c/o TOG The Office Group (Germany) GmbH
Kronenstraße 63
10117 Berlin


Phone: +49 30 20994953


Authorized Representative:

Peter Rose, Geschäftsführer

Commercial Register:

Registration Number: HRB 198464 B
Registration Court: Amtsgericht Charlottenburg



Responsible for the content according to § 55(2) RStV:

Peter Rose

TOG The Office Group
(Germany) GmbH
Kronenstraße 63
10117 Berlin

EU Dispute Resolution

The European Commission provides a platform for online dispute resolution (ODR): Our e-mail address can be found above in the site notice.
We are not willing or obliged to participate in dispute resolution proceedings before a consumer arbitration board.

Liability for Contents

As service providers, we are liable for our own content on these websites in accordance with Paragraph 7, Sect. 1 of the German Telemedia Act (TMG). However, service providers are not obligated to permanently monitor the information they submit or store, or to search for evidence that indicates illegal activities, in accordance with Paragraphs 8 to 10 of the TMG.

Legal obligations to remove information or block the use of information remain in force. In this case, liability is only possible from the time of knowledge of a specific infringement. Illegal content will be removed immediately upon our becoming aware of it.

Liability for Links

Our offer includes links to external third-party websites over which we have no control. Therefore, we cannot assume any liability for these external contents. The respective provider or operator of the pages is always responsible for the contents of the linked pages.

The linked pages were checked for possible legal violations at the time of linking. No illegal content was found at the time of linking. A permanent control of the content of linked websites is not reasonable without concrete evidence of a violation of the law. If we become aware of any infringements, we will remove such links immediately.


The content and works created by the site operators on these pages are subject to German copyright law. Duplication, processing, distribution, and any form of commercialization of such material beyond the scope of the copyright law require the express written consent of the copyright holder.

Copies and downloads of this site are only permitted for private, non-commercial use. Insofar as the content on this site was not created by the operator, the copyrights of third parties are respected. In particular, content from third parties is marked as such. If you nonetheless become aware of a copyright infringement, we would ask you to notify us accordingly. If we become aware of any legal infringements, we will remove such content immediately.

Copyright Notice

© 2023 Mapular UG (haftungsbeschränkt). All rights reserved.

Status: November 2023

With the following privacy policy, we would like to inform you about how we process your personaldata in accordance with the European Data Protection Regulation (GDPR). This privacy policy appliesto all processing of personal data carried out by us, both in the context of the provision of our servicesand in particular on our websites (hereinafter collectively referred to as "online offer").

1. Controller

Controller in the sense of the GDPR is

Mapular UG (haftungsbeschränkt)
c/o TOG The Office Group (Germany) GmbH
Kronenstraße 63
10117 Berlin

Phone: +49 30 20994953

2. Data Protection Officer

You can reach our data protection officers as follows:

secjur GmbH
Steinhöft 9
20459 Hamburg

Phone: +49 40 228 599 520

You can contact our data protection officer directly at any time with all questions andsuggestions regarding data protection and the exercise of your rights.

3. Definition

This privacy policy is based on the terminology of the GDPR. For your convenience, we wouldlike to explain some important terms in this context in more detail:

  • Personal Data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified,directly or indirectly, in particular by reference to an identifier such as a name, anidentification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or socialidentity of that natural person.
  • Data subject is any identified or identifiable natural person whose personal data areprocessed by the controller.
  • Processing: means any operation or set of operations which is performed on personaldata or on sets of personal data, whether or not by automated means, such ascollection, recording, organization, structuring, storage, adaptation or alteration,retrieval, consultation, use, disclosure by transmission, dissemination or otherwisemaking available, alignment or combination, restriction, erasure or destruction.
  • Recipient means a natural or legal person, public authority, agency or another body,to which the personal data are disclosed, whether a third party or not. However, publicauthorities which may receive personal data in the framework of a particular inquiry inaccordance with Union or Member State law shall not be regarded as recipients; theprocessing of those data by those public authorities shall be in compliance with theapplicable data protection rules according to the purposes of the processing.
  • Third Party means a natural or legal person, public authority, agency or body otherthan the data subject, controller, processor and persons who, under the direct authorityof the controller or processor, are authorized to process personal data.
4. Data for the provision of the website and the creation of the log files

If you use this website for purely informational purposes without otherwise transmitting data tous (e.g., by registering or using the contact form), we collect via server log files technicallynecessary data that are automatically transmitted to our server, including:
  • Date and time of access 
  • IP address
  • Host name of the accessing computer 
  • Website from which the website was accessed; websites accessed via the website
  • Visited page on our website; Amount of data transferred 
  • Information about the browser type and version used 
  • Operating system 
  • Access status (e.g., whether the web page could be accessed without problems or whether you received an error message) 
  • Use of website functions 
  • Entered search terms 
  • Access frequency of the individual web page 
  • Data volume transferred 
  • Other websites that you visit starting from this website, either by clicking on a link on this website or by directly entering the domain in the input bar in the same window of your browser
The temporary storage of data is necessary for the course of a website visit in order to display our website to you. This processing is technically necessary to ensure the functionality of the website and the security of the information technology systems. The legal basis of the processing is thus Art. 6 para. 1 p. 1 lit. f GDPR, in order to guarantee the provision, security and stability of our website.The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the provision of the website, this is the case when the respective session has ended. The log files are stored up to 24 hours directly and exclusively accessible to administrators. After that, they are only indirectly available via the reconstruction of backup tapes and are finally deleted after four weeks.This website is hosted via the Content Delivery Network (CDN) of Webflow. The provider is Webflow, Inc, 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA (Webflow). Webflow is a tool for creating and hosting websites. A content delivery network is a network of spatially distributed, possibly interconnected servers. The server that is closest to the respective user of the website is always used. The CDN used here includes servers in North America and parts of Europe. Webflow hosts our website using the content delivery networks of Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109. Although the server is located in Ireland, access to personal data from the USA cannot be excluded. When you visit our website, Webflow collects the above data, which is secured under the following guarantees. The European Commission has adopted an adequacy decision pursuant to Art. 45(3) GDPR for the EU-U.S. Data Privacy Framework. Based on this decision, data transfers to organizations located in the U.S. that are certified under the EU-U.S. Data Privacy Framework are permitted, accordingly. Webflow is certified under the EU-U.S. Data Privacy Framework. For more information please contact our data protection officer.
5. Contact form

Through our website you have the possibility to contact us under "Contact us". In the course of contacting you and responding to your inquiry, we process the following personal data from you:
  • First and last name
  • Email address
  • Communication content, if applicable
If you contact us within the framework of an existing contractual relationship or contact us in advance for information about our range of services or our other services, the personal data you provide will be processed for the purpose of processing and responding to your contact request in accordance with Art. 6(1) s. 1 lit. b GDPR. Otherwise, for the protection of our legitimate interests pursuant to Art. 6(1) s. 1 lit. f GDPR to respond to customer/contact inquiries. We delete your personal data as soon as they are no longer required to achieve the purpose for which they were collected. In the context of contact inquiries, this is generally the case when the circumstances indicate that the specific matter has been conclusively processed.

6. Transfer of personal data

In the course of our processing of personal data, personal data may be transferred to or disclosed to other recipients. Recipients of this personal data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and, in particular, conclude appropriate contracts or agreements that serve to protect your personal data with the recipients of your personal data.

7. Data deletion and retention periods

The personal data processed by us will be deleted in accordance with the legal requirements as soon as your consents permitted for processing are revoked or other permissions cease to apply (e.g., if the purpose of processing this data has ceased to apply or it is not required for the purpose). If the personal data are not deleted because they are required for other and legally permissible purposes, their processing will be limited to these purposes. That is, the personal data is blocked and not processed for other purposes. This applies, for example, to personal data that must be retained for reasons of commercial or tax law or whose storage is necessary for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person. As far as our privacy policy contains further information on the retention and deletion of personal data, thse have priority for the respective processing activities.

8. Your rights as a data subject

As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR. If you wish to exercise any of your rights, please contact us via the contact addresses provided above or our data protection officer.

8.1. Right of objection 

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6(1) lit. e or lit. f GDPR; this also applies to profiling based on these provisions. If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
8.2. Right of access to your personal data

You have the right to request confirmation as to whether personal data in question is being processed and to information about this personal data, as well as further information and a copy of the personal data in accordance with the legal requirements.

8.3. Right to rectification

In accordance with the legal requirements, you have the right to request that the personal concerning you be completed or that incorrect personal data concerning you be corrected.

8.4. Right to erasure and restriction of processing

You have the right to demand that personal data concerning you be deleted immediately if one of the reasons provided for by law applies and insofar as the processing or storage is not necessary.

8.5. Restriction of processing

You have the right to demand that we restrict processing if one of the legal requirements is met.

8.6. Right to data portability

You have the right to receive personal data concerning you, which you have provided to us, in a structured, common and machine-readable format in accordance with the legal requirements, or to request that it be transferred to another controller.

8.7. Right of withdrawal for consents

You have the right to revoke any consent you have given at any time.

8.8. Complaint to supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the requirements of the GDPR.

9. Modification and update of the privacy policy

We adapt the privacy policy as soon as the changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g., consent) or other individual notification.

If we continue to develop our website and our offerings or if legal or regulatory requirements change, it may be necessary to amend this privacy policy. You can access the current privacy policy at any time here.