Enforcement, Checks, and Penalties Under EUDR and EUTR

Enforcement under the EUTR: the baseline

The EU Timber Regulation (Regulation (EU) No 995/2010) established the first EU-wide framework for combating illegal logging by requiring operators placing timber and timber products on the EU market to exercise due diligence. However, enforcement under the EUTR was widely regarded as inconsistent and, in many cases, inadequate.

Competent authorities under EUTR

Each EU Member State was required to designate one or more competent authorities responsible for enforcing the EUTR. These authorities had the power to conduct checks on operators, review due diligence systems, and impose penalties for non-compliance. However, the level of resourcing, expertise, and enforcement activity varied enormously between Member States. Some countries — notably the Netherlands, Germany, and Sweden — invested significantly in enforcement capacity and conducted regular checks. Others allocated minimal resources to EUTR enforcement, resulting in very few checks and even fewer penalties.

Penalties under EUTR

The EUTR required Member States to establish "effective, proportionate and dissuasive" penalties for non-compliance, but it did not specify minimum penalty levels or harmonise the penalty framework across the EU. This led to a patchwork of national approaches. In some Member States, penalties for EUTR violations were limited to modest administrative fines. In others, criminal sanctions were theoretically available but rarely applied. The European Commission's own assessments acknowledged that the penalty framework was insufficient to deter non-compliance, particularly for large operators for whom the potential fines represented a negligible business cost.

Enforcement gaps

Several structural weaknesses undermined EUTR enforcement:

• No centralised submission system. Operators maintained their due diligence systems internally and were only required to present them upon request. This meant competent authorities had to actively seek out operators and request documentation, rather than having a centralised database of compliance declarations to monitor.
• Limited cross-border coordination. Enforcement was conducted at the national level with limited coordination between Member States. An operator found non-compliant in one country could potentially continue operating through another.
• No mandatory check rates. The EUTR did not specify minimum rates for checks, leaving it to each Member State to determine how many operators to inspect and how frequently.
• Reliance on Monitoring Organisations. Operators could delegate due diligence to recognised Monitoring Organisations, which in some cases created a layer of separation between the operator and the compliance process, making enforcement more complex.

Enforcement under the EUDR: a stronger framework

The EUDR was designed with the explicit goal of addressing the enforcement weaknesses of the EUTR. The result is a significantly more robust, harmonised, and technology-enabled enforcement framework.

Article 25 penalties: the headline numbers

Article 25 of the EUDR establishes a harmonised penalty framework that applies across all Member States. While Member States retain some discretion in implementation, the regulation sets minimum standards that are far more stringent than anything under the EUTR:

• Fines proportionate to environmental damage and product value. Penalties must be proportionate to the environmental damage caused, the value of the products concerned, and the tax losses and economic harm resulting from the infringement. For serious or repeated infringements, the maximum fine must be at least 4% of the operator's or trader's total annual EU-wide turnover.
• Confiscation of products. Competent authorities can order the confiscation of non-compliant products and any revenue earned from their sale.
• Confiscation of revenues. Beyond product confiscation, authorities can seize the financial proceeds derived from transactions involving non-compliant products.
• Exclusion from public procurement. Non-compliant operators and traders can be temporarily excluded from public procurement processes and from access to public funding. This is a particularly powerful deterrent for companies that rely on government contracts.
• Temporary market bans. Competent authorities can temporarily prohibit an operator or trader from placing regulated products on the EU market or exporting them from the EU. The duration of the ban must be proportionate to the severity of the infringement.

Risk-based check rates

Unlike the EUTR, the EUDR establishes mandatory minimum check rates linked to the country risk benchmarking system:

• High-risk countries: Competent authorities must check at least 9% of operators and 9% of the total quantity of products from high-risk countries each year.
• Standard-risk countries: At least 3% of operators and 3% of quantities must be checked annually.
• Low-risk countries: At least 1% of operators and 1% of quantities must be checked annually.

These mandatory minimums ensure a baseline level of enforcement activity across all Member States, addressing one of the key weaknesses of the EUTR. Until the country benchmarking is published, all countries are treated as standard risk, meaning the 3% check rate applies universally.

Competent authority powers under EUDR

The EUDR grants competent authorities a comprehensive set of enforcement powers that go well beyond what was available under the EUTR:

• Access to the EU Information System. Competent authorities can directly access all DDS submissions within their jurisdiction, enabling proactive monitoring rather than reactive investigation.
• Power to request additional information. Authorities can require operators and traders to provide any information or documentation relevant to their compliance, beyond what was submitted in the DDS.
• On-site inspections. Authorities can conduct unannounced inspections of operators' and traders' premises, including offices, warehouses, and production facilities.
• Product sampling and testing. Authorities can take samples of products for laboratory analysis, including species identification, origin verification through isotope analysis, and other forensic techniques.
• Satellite verification. Authorities can independently verify geolocation data against satellite imagery to confirm deforestation-free status, using their own analytical capabilities or those provided by the European Commission.
• Interim measures. Where there is a risk of serious environmental harm, authorities can impose interim measures — including immediate suspension of market placement — before a full investigation is completed.

What checks look like in practice

Understanding the practical mechanics of EUDR checks is essential for compliance planning. While the specific procedures will vary by Member State, the regulation provides a clear framework for how checks are conducted.

Document review

The most common form of check is a review of the operator's DDS and supporting documentation. The competent authority examines the DDS for completeness and consistency, verifies that all required data fields are populated, and cross-references the information against other available data sources. This includes checking that HS codes are correct, that geolocation coordinates are plausible (i.e., they correspond to agricultural or forestry land in the declared country of production), and that the risk assessment methodology is sound.

Satellite verification

Competent authorities — or the European Commission on their behalf — can verify the geolocation data submitted in a DDS against satellite imagery. This involves overlaying the declared coordinates or polygon boundaries on historical satellite data to confirm that the land was not deforested after 31 December 2020. Satellite verification is a powerful enforcement tool because it provides objective, independently verifiable evidence that does not depend on the operator's own documentation.

On-site inspections

For more in-depth checks, competent authorities may conduct physical inspections of an operator's or trader's premises. These inspections can include reviewing internal compliance systems, examining record-keeping practices, interviewing staff responsible for due diligence, and verifying that the company's actual practices match what is described in their DDS and risk assessment documentation. On-site inspections may be announced or unannounced, depending on the circumstances and the Member State's enforcement procedures.

Product testing

In cases where there are doubts about the identity or origin of a product, competent authorities can take samples for laboratory analysis. For timber products, this might include wood species identification through anatomical or DNA analysis. For agricultural commodities, isotope analysis can help verify the geographic origin of a product. Product testing provides a forensic layer of verification that can detect fraud or misrepresentation in the supply chain.

The role of substantiated concerns

The EUDR introduces a formal mechanism for third parties to raise compliance concerns. Any natural or legal person — including NGOs, civil society organisations, journalists, competitors, or members of the public — can submit a substantiated concern to a competent authority. A substantiated concern is a credible allegation, supported by evidence, that a specific operator or trader is not complying with the EUDR.

When a competent authority receives a substantiated concern, it is required to assess the information and, if warranted, initiate a check. This mechanism significantly expands the enforcement ecosystem beyond the capacity of competent authorities alone. It means that operators and traders are subject to scrutiny not only from government inspectors but also from a wide range of civil society actors who monitor deforestation, supply chain transparency, and corporate compliance.

The practical implication for businesses is that compliance failures are more likely to be detected under the EUDR than under the EUTR. Companies should assume that their supply chains are being monitored by external stakeholders and that any credible evidence of non-compliance will be reported to competent authorities.

Temporary and interim measures

The EUDR empowers competent authorities to impose temporary measures where there is evidence or reasonable suspicion of non-compliance. These measures can be imposed before a full investigation is completed and are designed to prevent further environmental harm while the case is being assessed. Temporary measures may include:

• Seizure of products: Competent authorities can seize non-compliant products to prevent them from being sold or distributed.
• Suspension of market placement: Authorities can order an operator to immediately stop placing specific products on the EU market until compliance is demonstrated.
• Customs holds: Products at EU borders can be held by customs authorities pending verification of DDS validity and compliance status.

These interim measures can have immediate and significant commercial consequences, including delayed shipments, lost sales, and reputational damage. Companies that maintain robust compliance systems and can quickly demonstrate their compliance status are better positioned to resolve interim measures rapidly.

Public naming of non-compliant operators

The EUDR includes provisions for the public disclosure of enforcement actions. Competent authorities may publish information about operators and traders found to be non-compliant, including the nature of the infringement and the penalties imposed. This "naming and shaming" mechanism adds a reputational dimension to the enforcement framework that goes beyond financial penalties.

For companies that sell to consumers or that operate in markets where sustainability credentials are commercially important, public disclosure of non-compliance can cause significant brand damage. This is particularly relevant for companies in the food, fashion, and furniture sectors, where consumer awareness of deforestation issues is high and growing.

Why internal controls matter more under EUDR

The combination of mandatory DDS submission, risk-based checks, satellite verification, substantiated concerns, and severe penalties creates an enforcement environment that is fundamentally different from the EUTR. Under the EUTR, a company with weak internal controls might go years without being checked. Under the EUDR, the probability of detection is significantly higher, and the consequences of non-compliance are far more severe.

This means that internal compliance controls are no longer a "nice to have" — they are a business-critical function. Companies should invest in:

• Robust data quality processes to ensure that geolocation data, supplier information, and product descriptions are accurate before DDS submission.
• Regular internal audits of their due diligence systems to identify and correct weaknesses before competent authorities do.
• Staff training to ensure that everyone involved in procurement, compliance, and logistics understands their role in the EUDR compliance process.
• Incident response procedures for handling discovered non-compliance, substantiated concerns, and competent authority inquiries promptly and effectively.
• Technology solutions that automate geolocation verification, satellite monitoring, and DDS submission to reduce the risk of human error and increase the efficiency of the compliance process.

Comparing EUTR and EUDR enforcement: a summary

The shift from EUTR to EUDR enforcement can be summarised across several key dimensions:

• Penalty severity: EUTR penalties varied by Member State and were often modest. EUDR penalties can reach 4% of annual EU-wide turnover, with additional measures including confiscation, procurement exclusion, and market bans.
• Check rates: EUTR had no mandatory minimums. EUDR mandates 1–9% check rates depending on country risk classification.
• Transparency: EUTR enforcement was largely opaque. EUDR includes provisions for public disclosure of non-compliance.
• Technology: EUTR relied on document-based checks. EUDR incorporates satellite verification and a centralised digital submission system.
• Third-party involvement: EUTR had limited mechanisms for external reporting. EUDR formalises the substantiated concerns process, enabling civil society participation in enforcement.
• Scope: EUTR covered only timber. EUDR covers seven commodity groups and their derived products, dramatically expanding the enforcement surface.

The message for businesses is clear: the EUDR enforcement framework is designed to be effective, and companies should plan their compliance strategies accordingly. The cost of non-compliance — financial, operational, and reputational — is significantly higher than under the EUTR, and the probability of detection is substantially greater.

Sources: This article draws on the full text of Regulation (EU) 2023/1115 (EUDR) and Regulation (EU) No 995/2010 (EUTR).