EUDR Due Diligence Statement: What It Must Contain

Before your regulated goods clear EU customs, you need a Due Diligence Statement on file. Not as a formality. As a legal prerequisite. Without one, your shipment can be stopped at the border.

This article walks through every field the DDS must contain, what the underlying regulation actually says, and what authorities can ask you to produce after the fact.

What a Due Diligence Statement is and when you need one

A Due Diligence Statement is the document you submit to confirm that a product complies with the EUDR. It declares that you have collected the required supply chain data, assessed the deforestation risk, and where necessary taken steps to reduce it.

You need one for every shipment of a regulated commodity before it enters the EU market. The operative phrase is "before placing on the market." Waiting until the goods are already in your warehouse is too late.

The DDS is submitted through TRACES NT, the EU's official trade control and expert system. Once submitted, each statement receives a unique reference number. That number goes on your customs declaration so border authorities can link the goods to the underlying due diligence record.

If you're not familiar with the full compliance picture yet, our guide on how to comply with the EUDR in 2026 covers the end-to-end process.

Article 9: the information you must collect from suppliers

Article 9 of Regulation (EU) 2023/1115 sets out the data fields every DDS must contain. There are no optional fields. Here is what a completed DDS entry contains, field by field, as you would see it in TRACES NT:

• Reference number: assigned automatically on submission
• Operator details: your company name, address, EU EORI number
• Product: the Combined Nomenclature (CN/HS) code and plain-language description. A description alone is not sufficient; the eight-digit code used in EU customs declarations is required.
• Quantity: weight in kilograms or volume in litres, depending on the product type
• Country of production: the ISO country code for where the commodity was grown or raised. Not the country of export, not where it was processed.
• Geolocation data: coordinates for each production plot, either a single point (plots of 4 ha or smaller) or a closed polygon tracing the boundary (plots larger than 4 ha). All coordinates must be in WGS84 decimal degrees format, accurate to six decimal places. That corresponds to roughly 11 centimetres on the ground. A coordinate like 48.856600, 2.352200 meets the standard; 48.86, 2.35 does not. Polygons must be closed, meaning the final coordinate pair must match the first.
• Harvest date/period: either a specific date or a production year range. This is used to confirm the production predates any deforestation events detected by satellite data.
• Supplier name and address: for each supplier in your direct supply chain, including their registration number where applicable
• Risk assessment outcome: a declaration that the risk is negligible, with the supporting basis
• Mitigation measures (if applicable): description of steps taken when a non-negligible risk was identified

Collecting all of this, especially polygon coordinates at 6-decimal precision, from suppliers in origin countries is the hard part. Most suppliers have never provided data in this format before.

Article 10: how to assess deforestation risk

Once you have the Article 9 data, Article 10 requires you to run a risk assessment before submitting your DDS. You cannot skip this step and go straight to submission.

The risk assessment must take into account the country classification system the European Commission uses. Countries are classified as low, standard, or high risk for deforestation. Low-risk countries allow for a simplified due diligence process. Standard and high-risk countries require more thorough checks.

But country classification is a floor, not a ceiling. Even for a low-risk country, Article 10 requires you to consider the prevalence of illegal production practices, the reliability of your supplier's documentation, and any deforestation indicators visible in satellite imagery.

That last point is where satellite data becomes essential. If Sentinel-2 or comparable imagery shows a canopy loss event on or near one of your production plots after December 31, 2020, that is a deforestation indicator that must be addressed in your risk assessment, not ignored.

Article 10 also requires you to assess how complex your supply chain is. A direct relationship with a single farm is lower risk than buying through multiple intermediaries where the origin of the commodity can be obscured.

Article 11: risk mitigation — what to do when risk is found

If your Article 10 assessment concludes the risk is non-negligible, you cannot proceed. Article 11 requires you to take mitigation measures before placing the product on the market.

What counts as mitigation? The regulation lists several options: obtaining additional documents or data from the supplier, commissioning independent audits, requesting ground-truth evidence such as photographs with GPS coordinates, or conducting satellite-based spot checks on the production area.

The mitigation measure must match the level of risk. A minor discrepancy in plot coordinates is different from a visible deforestation event recorded in satellite data. Authorities can review your risk mitigation reasoning, so it needs to be documented, not just completed.

If mitigation fails (if you cannot bring the risk to negligible) you must not place the product on the market. The regulation is clear on this point.

Record-keeping: how long and what authorities can request

Submitting the DDS is not the end of your obligation. Under the EUDR, you must retain all underlying documentation for five years from the date of submission.

That means keeping the geolocation data, satellite evidence, supplier correspondence, risk assessment records, and any mitigation documentation. Not just the DDS reference number. If a competent authority requests an audit, they can ask for the full supporting file.

Competent authorities are the national bodies in each EU member state responsible for EUDR enforcement. In practice, they can request your records at any time within that five-year window. If you cannot produce them, the burden of proof falls against you.

The five-year rule also means that the data you collect this year needs to be stored in a way you can actually retrieve in 2031. An email thread with your supplier is technically a record, but it's not an audit-ready one.

---

TracePlot's methodology is built around exactly this data chain: collecting Article 9 fields from suppliers (including GPS coordinates to six decimal places), running the Article 10 satellite check using Sentinel-2 imagery, and generating a DDS-ready record you can submit directly in TRACES NT.

TracePlot collects the Article 9 data, runs the Article 10 check, and generates your DDS. Reserve your spot — EUR 49 deposit, plans from EUR 59/month.