What Is the EUDR Information System and How Does It Work?

Overview: what is the EU Information System?

The EU Information System for the Deforestation Regulation is a centralised digital platform developed by the European Commission to receive, store, and manage Due Diligence Statements (DDS) submitted by operators and traders under the EUDR. It serves as the single point of submission for all compliance declarations and the primary tool through which competent authorities monitor and enforce the regulation.

The system is built on TRACES NT (Trade Control and Expert System — New Technology), an existing European Commission platform that has been used for years to manage sanitary and phytosanitary controls on imports of animals, food, feed, and plants. By extending TRACES NT rather than building an entirely new system, the Commission leveraged existing infrastructure, security frameworks, and user management capabilities. However, the EUDR module within TRACES NT is purpose-built for deforestation regulation compliance and includes specific functionality for geolocation data handling, risk assessment documentation, and reference number generation.

The legal basis for the system's technical specifications is set out in Implementing Regulation (EU) 2024/3084, which establishes the detailed rules for the functioning of the Information System, including data formats, submission procedures, access rights, and interoperability requirements.

How the system works: step by step

The EU Information System operates through a structured workflow that connects operators, traders, customs authorities, and competent authorities. Here is how the process works from start to finish.

Step 1: Registration

Before submitting any Due Diligence Statement, operators and traders must register on the EU Information System. Registration requires creating an account through the EU Login authentication service (the European Commission's single sign-on system) and then registering your organisation within the TRACES NT platform. During registration, you provide your company details, including legal name, registered address, EORI number (Economic Operators Registration and Identification number), and the Member State in which you operate or through which you place products on the market.

For companies outside the EU that place products on the EU market (for example, a Swiss trader importing coffee into Germany), registration is still required. The system accommodates non-EU entities, though the process may involve additional verification steps. It is advisable to begin the registration process well in advance of your first planned DDS submission, as account activation and organisational verification can take time.

Step 2: Preparing and submitting a Due Diligence Statement

Once registered, operators submit a DDS for each product or batch of products they intend to place on the EU market. The DDS is a structured digital declaration that contains all the information required under Articles 4 and 9 of the EUDR. The submission must be completed before the product is placed on the market — it is not a retrospective filing.

The DDS can be submitted manually through the system's web interface or programmatically through an API (Application Programming Interface) for companies that need to submit large volumes of statements. The API option is particularly relevant for large operators handling hundreds or thousands of shipments per year, as it allows integration with existing enterprise resource planning (ERP) and supply chain management systems.

Step 3: Receiving a reference number

Upon successful submission and validation of a DDS, the system generates a unique DDS reference number. This reference number is the critical link between the compliance declaration and the physical product. It must accompany the product through the entire supply chain — from the operator who submitted the DDS to any downstream traders, and ultimately to customs authorities at the point of import or export.

The reference number serves multiple purposes: it allows customs authorities to verify that a valid DDS exists for a given shipment, it enables downstream traders to fulfil their obligation to retain and present DDS information, and it provides competent authorities with a direct link to the full compliance documentation when conducting checks.

Step 4: Downstream information flow

When an operator provides a product to a downstream trader within the EU, the DDS reference number must be communicated along with the product. The downstream trader does not need to submit their own DDS (unless they are also acting as an operator for a different product), but they must retain the reference number and be able to present it to competent authorities upon request. This creates a chain of traceability that links every product on the EU market back to a specific compliance declaration.

Step 5: Customs integration

The EU Information System is designed to interface with EU customs systems. When regulated products arrive at EU borders, customs authorities can verify the existence and validity of a DDS by checking the reference number against the Information System. Products without a valid DDS reference number may be held at customs until compliance is demonstrated. This integration is a key enforcement mechanism, as it creates a physical checkpoint that prevents non-compliant products from entering the EU market.

What data is submitted in a DDS

The Due Diligence Statement is a comprehensive declaration that requires detailed information about the product, its origin, and the due diligence process. The following data elements must be included in every DDS submission:

• Product description: A clear description of the product being placed on the market, including its nature, composition, and any processing it has undergone.
• Harmonised System (HS) codes: The relevant HS codes that classify the product for customs purposes. These codes determine whether the product falls within the EUDR's scope and are used by customs authorities to identify regulated shipments.
• Quantity: The volume or weight of the product covered by the DDS, expressed in the appropriate unit of measurement.
• Country of production: The country (or countries, in the case of mixed-origin products) where the commodity was produced or harvested.
• Geolocation of production plots: Precise geographic coordinates of the land where the commodity was produced. For plots smaller than four hectares, a single latitude/longitude point in WGS84 format. For plots of four hectares or larger, polygon boundaries delineating the plot perimeter, submitted as GeoJSON. Coordinates must have at least six decimal places of precision.
• Supplier information: Names, addresses, and contact details of all suppliers in the chain from production to the point of EU market placement. This includes producers, intermediaries, processors, and exporters.
• Date or time range of production: The date or period during which the commodity was produced or harvested. This is used to verify that production occurred on land that was not deforested after the 31 December 2020 cutoff date.
• Risk assessment conclusion: The outcome of the operator's risk assessment, confirming that the risk of the product being non-compliant is negligible. If risk mitigation measures were applied, these must also be documented.

Access and user roles

The EU Information System supports multiple user roles with different levels of access and functionality:

Operators and traders

These are the primary users of the system. Operators submit DDS and manage their compliance declarations. Traders access the system to verify DDS reference numbers and, in some cases, to submit their own statements. Both operators and traders can view the status of their submissions, update information where permitted, and download copies of their DDS for record-keeping purposes.

Competent authorities

Each EU Member State designates one or more competent authorities responsible for enforcing the EUDR. These authorities have elevated access to the Information System, allowing them to view DDS submissions, conduct risk-based checks, request additional information from operators, and flag non-compliant statements. Competent authorities use the system as their primary enforcement tool, cross-referencing DDS data with satellite imagery, customs records, and other intelligence sources.

Customs authorities

Customs authorities have access to verify the existence and validity of DDS reference numbers at the point of import or export. Their access is focused on verification rather than detailed review — they confirm that a valid DDS exists for a given shipment and that the reference number matches the product being declared.

The European Commission

The Commission maintains oversight of the system, monitors its operation, and has access to aggregated data for policy analysis and reporting purposes. The Commission also manages the country benchmarking system, which classifies countries as low, standard, or high risk based on their deforestation rates and governance frameworks.

Implementing Regulation 2024/3084: the technical rules

The detailed technical specifications for the EU Information System are set out in Implementing Regulation (EU) 2024/3084, adopted by the European Commission in December 2024. This implementing act covers several critical areas:

• Data formats and standards: The regulation specifies the exact data formats for each field in the DDS, including character limits, date formats, coordinate precision requirements, and the structure of GeoJSON submissions for geolocation data.
• Submission procedures: It defines the step-by-step process for submitting a DDS, including validation rules that the system applies before accepting a submission. If a DDS fails validation (for example, due to missing required fields or invalid coordinate formats), the system rejects the submission and provides error messages.
• API specifications: For operators using programmatic submission, the implementing regulation provides the technical specifications for the API, including authentication methods, endpoint URLs, request/response formats, and rate limits.
• Reference number format: The regulation defines the structure and format of DDS reference numbers, ensuring they are unique, traceable, and compatible with customs systems across all Member States.
• Data retention and archiving: It specifies how long DDS data is retained in the system, how archived data can be accessed, and the procedures for data correction or withdrawal.

Data protection and privacy

The EU Information System handles significant volumes of personal and commercial data, and its design reflects the requirements of the General Data Protection Regulation (GDPR) and other EU data protection frameworks. Key data protection aspects include:

• Purpose limitation: Data submitted through the Information System is used exclusively for the purposes of EUDR compliance and enforcement. It cannot be repurposed for other regulatory or commercial objectives without a separate legal basis.
• Access controls: Access to DDS data is strictly controlled based on user roles. Operators can only view their own submissions. Competent authorities can access submissions within their jurisdiction. Cross-border access is governed by cooperation agreements between Member States.
• Data minimisation: The system collects only the data elements required by the regulation. Operators are not asked to provide information beyond what is specified in the EUDR and its implementing acts.
• Security measures: The TRACES NT platform employs encryption, access logging, and other security measures to protect data integrity and confidentiality. The system is hosted within EU infrastructure, ensuring that data remains within EU jurisdiction.
• Rights of data subjects: Individuals whose personal data is included in DDS submissions (for example, named suppliers or producers) retain their GDPR rights, including the right to access, rectification, and erasure, subject to the legal obligations of the regulation.

Preparing for the Information System

Companies should take several practical steps to prepare for using the EU Information System:

1. Register early. Do not wait until your first shipment is ready. Register your organisation on the TRACES NT platform and complete the verification process well in advance.
2. Understand the data requirements. Review the DDS data fields and ensure your internal systems can produce the required information in the correct formats. Pay particular attention to geolocation data formatting and HS code accuracy.
3. Evaluate API integration. If you handle large volumes of shipments, assess whether API-based submission is appropriate for your operations. Work with your IT team or technology provider to plan the integration.
4. Conduct test submissions. When the system opens for testing, submit sample DDS to familiarise your team with the process and identify any data quality issues before enforcement begins.
5. Establish internal workflows. Define who in your organisation is responsible for preparing, reviewing, and submitting DDS. Establish approval workflows and quality control checkpoints to ensure accuracy before submission.

Sources: This article draws on the European Commission's Information System for the Deforestation Regulation documentation and Implementing Regulation (EU) 2024/3084.