All Insights
EUDR10 min readFebruary 10, 2026

EUDR Cocoa Compliance for Importers: A Readiness Guide

If you import cocoa into the EU, EUDR makes you directly responsible for verifying deforestation-free origin — not just your suppliers. This guide explains your obligations, what to demand from suppliers, and how to prepare your due diligence system.

Assess your compliance readiness

See how OriginTrace handles your specific commodity and target markets.

Most of the discussion around the EU Deforestation Regulation focuses on exporters in producing countries — the farmers, cooperatives, and trading companies in Ghana, Ivory Coast, or Nigeria who are scrambling to collect GPS data. But the regulation places equally significant obligations on the other end of the supply chain: the companies that import cocoa into the European Union.

If your business brings cocoa beans, cocoa butter, cocoa powder, chocolate, or any other cocoa-derived product into the EU, you are an "operator" under EUDR. That means the legal responsibility for verifying deforestation-free origin rests with you — not just with your supplier.

Operators vs Traders under EUDR

Under EUDR, an "operator" is any business that places covered commodities on the EU market for the first time or exports them. A "trader" is any business further down the supply chain that makes the product available. Both have obligations — operators face the heaviest requirements, traders have lighter but still real obligations.

What EUDR Requires from Cocoa Importers Specifically

The regulation requires you to conduct due diligence before each import and to be able to demonstrate that you have done so. The three-step due diligence process is:

  1. 1Information collection: gather all relevant information about the cocoa — geolocation of all farms in the supply chain, documentation confirming legal production in the country of origin, and information about the supply chain entities involved.
  2. 2Risk assessment: evaluate the risk that the cocoa does not comply with EUDR requirements, based on country and region of production, complexity of the supply chain, and any concerns about the reliability of the information provided.
  3. 3Risk mitigation: if the risk assessment identifies non-negligible risk, implement measures to mitigate it before proceeding with the import — or do not import.

The Due Diligence Statement: Your Primary Compliance Document

For each shipment of covered cocoa products you import, you must submit a due diligence statement (DDS) to the EU Information System (EU TRACES) before the goods are placed on the market. This statement references the GPS data from the source farms, the supply chain entities involved, and your assessment that the cocoa is deforestation-free and legally produced.

The DDS is the document that Customs authorities check when your container arrives at a European port. If a DDS is missing, the shipment cannot be cleared. If the DDS contains inaccurate data, you are exposed to enforcement action — including fines of up to 4% of annual EU turnover under the most serious provisions.

You Cannot Simply Pass Responsibility to Your Supplier

EUDR explicitly makes the importer responsible for conducting their own due diligence. Receiving a certificate from your supplier is not sufficient — you must independently assess the risk and verify the information. If your supplier provides false data and you import based on it, you bear legal exposure unless you can demonstrate you took reasonable steps to verify the information.

What You Must Demand from Your Cocoa Suppliers

Your supplier is your primary source of the GPS and supply chain data you need to complete your due diligence. The minimum you should require from any cocoa supplier selling to your EU business is:

  • GPS coordinates (preferably polygon coordinates) for every farm that contributed to the shipment volume
  • Farmer identity data linked to each set of GPS coordinates — names and ID numbers
  • A batch-level traceability report showing how the cocoa moved from farms through collection, processing, and export
  • A statement from the supplier confirming the land was not deforested after 31 December 2020
  • Supporting evidence that the cocoa was legally produced under the laws of the country of origin
  • The supplier's own due diligence documentation

In practice, the best suppliers are now providing this data through a supplier portal or as a data export from their traceability platform — a structured file that you can use directly in your own due diligence system rather than manually reviewing hundreds of paper documents.

How to Assess Cocoa Origin Risk

EUDR's risk classification system divides countries into three tiers: low, standard, and high risk. Currently, most West African cocoa-producing countries fall into the standard risk category, meaning you must conduct full due diligence but are not subject to enhanced scrutiny. If a country is classified as high risk, you face more intensive obligations including potential on-site checks.

Beyond country-level risk, you also need to assess supply chain risk — which means asking yourself:

  • How many intermediaries are between the farm and the export? Each additional step increases the risk of data loss or misrepresentation.
  • Does the supplier have a digital traceability system, or are they relying on paper records?
  • What is the GPS polygon coverage rate — what percentage of farms in the supply base are mapped?
  • Has the supplier previously had issues with deforestation flags or regulatory non-compliance?
  • Is the origin region known to have active deforestation pressure?

Building Your Internal Due Diligence System

EUDR compliance for importers requires an internal system, not just a set of documents. The system needs to:

  1. 1Track each shipment from origin country through to EU market placement
  2. 2Store the GPS data and supply chain documentation for each shipment, accessible for audit
  3. 3Record your risk assessment reasoning for each shipment
  4. 4Generate and submit DDS to EU TRACES
  5. 5Maintain records for a minimum of 5 years
  6. 6Alert you when documentation is missing or expiring

Large commodity traders and chocolate manufacturers have compliance teams and enterprise software platforms for this. Mid-sized importers often lack these resources, which is where purpose-built compliance platforms can provide the structure at a fraction of the cost of a custom enterprise solution.

Due Diligence Record Keeping: What to Keep and for How Long

DocumentWhat It ContainsRetention Period
Due diligence statementDDS reference, GPS data, supply chain entities5 years minimum
GPS polygon dataCoordinates of each source farm5 years minimum
Supplier traceability reportBatch-level data from farm to export5 years minimum
Risk assessment recordYour documented assessment and conclusion5 years minimum
Risk mitigation evidenceActions taken where risk was identified5 years minimum
Certificates of originIssued by competent authority in producing country5 years minimum

Supplier Qualification and Ongoing Monitoring

EUDR is not a one-time compliance exercise. Each shipment requires a fresh due diligence process. However, you can streamline ongoing compliance by pre-qualifying your suppliers and establishing a monitoring framework:

  • Conduct a detailed initial assessment of each supplier's traceability system before the first purchase
  • Require suppliers to maintain a digital traceability platform that gives you access to their supply chain data
  • Establish a data format agreement — agree upfront what format the supplier will provide GPS and supply chain data in, so you can process it systematically
  • Set up periodic reviews — at least annually — of each supplier's GPS coverage rate, system integrity, and any new deforestation concerns in their origin areas
  • Require notification if any supplier changes their sourcing geography — new areas bring new deforestation risk profiles

Preparing for EUDR Audits

EU Member State competent authorities have the power to conduct checks on operators and traders. While the enforcement mechanism is still being fully established, the direction of travel is clear: compliance documentation will be checked, and businesses that cannot produce their due diligence records face consequences.

When an auditor asks to see your EUDR compliance records for a specific cocoa shipment, you should be able to produce: the DDS reference number and submission confirmation, the GPS data underlying the DDS, your risk assessment record, and the supplier documentation you relied on. If this data is scattered across email attachments, spreadsheets, and shared drives, assembling it under audit pressure is difficult. Centralised storage from the point of the first import is the only reliable approach.

Give Your Buyers Full Traceability Access

OriginTrace includes a Buyer Portal that gives your EU customers direct access to supply chain data, GPS evidence, and DDS documentation — exactly what their compliance teams need.

Topics

EUDRCocoaImportersDue DiligenceEU ComplianceSupply Chain

More Insights

China GACC Compliance Deadline: What Food Exporters Must Do Before 1 June 2026

EUDR Compliance Tools for Cocoa Exporters: A Practical Guide

EUDR Compliance in 2026: What Every Exporter Needs to Know Right Now