.png)
The EU Deforestation Regulation is entering a new phase. In May 2026, the European Commission published a simplification package. Four documents that together represent the most significant update to EUDR implementation guidance since the regulation came into force. This guide breaks down what the package contains, what has changed for each operator type, and what companies need to do to be ready by the December 2026 deadline.
What the simplification package is, and what it contains
The May 2026 package is made up of four documents.
- Formal review report, which assesses how the regulation has been understood and applied in its early stages.
- Updated guidance document. This is the first version of the guidance that companies can realistically use as the basis for a compliance plan. Earlier iterations were directional; this one is specific enough to act on.
- Fifth iteration of the FAQ. At over 120 pages, it is the most comprehensive to date, with dedicated sections for downstream operators, SMEs, and traders.
- Draft delegated act on product scope, which proposes targeted changes to the list of regulated products in Annex One. This last element is still in draft form and subject to change, but it signals where the Commission intends to tighten or clarify the boundaries of what falls under the regulation.
Together, the four documents give the market something it has been waiting for: a settled, detailed framework against which to measure readiness.
What changes, by operator type
The simplification package does not treat all operators the same. Here is what changed and what stayed the same for each group.
First operators (large and medium companies)
For large and medium first operators, those placing a regulated commodity on the EU market for the first time, the core obligations are unchanged. Full due diligence still applies. That means plot-level geolocation data, a legality assessment covering land tenure, environmental law, labour rights, and FPIC, a full risk assessment, and a due diligence statement (DDS) filed in the TRACES IT system before the goods enter the market. If you are a first operator at scale, the simplification package clarifies the pathway, but does not reduce the workload.
Downstream operators
The most meaningful simplification for the supply chain sits here. Downstream operators, everyone after the first operator in the chain, no longer need to generate their own due diligence. Their obligation is now to retain the DDS from the first operator and pass it on. This removes a significant layer of duplication for traders, processors, and retailers operating downstream of the first point of entry.
Micro and small operators
Micro and small operators (MSOs) receive the most substantial relief in the package. Their pathway has been simplified in several respects: they can provide a postal address rather than GPS coordinates at plot level and they make a one-time declaration to the TRACES IT system rather than filing individual DDS records.
Low-risk country sourcing
For commodities sourced from countries designated as low-risk, the package reduces the number of data fields required and lowers the documentation threshold. This should ease the burden for companies with established supply chains in geographies where deforestation risk is demonstrably lower. However, how national competent authorities will inspect against this clause in practice is still being worked out.
The Dutch NCA (National Competent Authority) has confirmed it is still deliberating on how the low-risk pathway will be audited, so companies should not treat this as a blanket exemption from scrutiny.
Re-imported goods
A specific clarification covers goods that have already entered Europe with a DDS, been exported for further processing, and are then reimported. In this scenario, no new DDS is required, provided nothing has been added to the product in the intervening process. This resolves a significant grey area for companies operating across borders with complex processing chains.
Legality, still the hardest part
When we ran a live poll during our EUDR webinar, 59% of practitioners said legality due diligence remains the most unclear area for their organisation. Not risk assessment. Not the DDS submission process. Not even the operator classification questions that have dominated much of the industry conversation. Legality.
This result reflects the structural difficulty of what the regulation requires. Legality must be assessed at plot level, and it is not a single question. It covers land tenure rights, applicable environmental law (including protected area designations and environmental impact requirements), labour rights and standards, and free, prior, and informed consent (FPIC) for indigenous communities. Every plot, in every sourcing region, assessed against the national legal framework in force at the time of production.
There is no flexibility for difficult-to-map regions or farming systems where precise coordinates are hard to obtain. The Dutch NCA has confirmed this directly: the geolocation requirement applies to all operators regardless of geography. The requirement is the same whether you are sourcing from a large commercial estate in Brazil or smallholder plots in Indonesia.
The challenge for most companies is not that they do not understand what legality requires. It is that proving it with documentation that holds up to inspection requires access to data that has historically been difficult to obtain and even harder to systematically verify. That is the gap that the industry is working to close before December 2026.
What the 2025 dry runs revealed
Before the regulation came fully into force, the Dutch NCA ran a series of dry-run inspections, voluntary exercises in which companies came forward to test their readiness. The results were sobering. Of the twenty companies that participated, only around 20% passed on first inspection. Another 20% passed after making minor adjustments. The remaining 60% were not compliant.
What makes this figure particularly striking is that these were companies that believed they were ready.
The inspection findings identified five recurring failure patterns: treating certification as a substitute for due diligence; collecting documents without analysing them; having no formal due diligence system embedded into the business; being unable to link production location documents to the specific shipment that crossed the border; and receiving and storing documentation without actually investigating it.
New dry runs are underway in 2026. The Dutch NCA has confirmed it is applying the same approach this year, with results to be presented at a stakeholder meeting in The Hague on 23 June.
How to prepare
The companies that will be ready by December 2026 are building their compliance infrastructure now. Here is what that looks like in practice.
Embed due diligence in your purchasing process. Due diligence should not happen after a shipment arrives. It should be a precondition for the purchase decision. Legality evidence, geolocation data, species identification, production dates, these should be confirmed before a contract is signed and before goods leave the country of origin.
Build a chain of custody that links document to shipment. One of the most common failure modes in the Dutch NCA dry runs was an inability to connect the documentation on file to the specific shipment under inspection. Every piece of evidence in your due diligence system needs to be traceable to a specific lot, container, or shipment. Generic supplier-level documentation is not sufficient.
Engage suppliers early on data requirements. Your suppliers need to know exactly what you require, and they need time to gather and provide it. GPS coordinates for plots over four hectares, a single point for smaller plots, deforestation-free evidence referenced to the cut-off date, and legality documentation covering all applicable legal requirements in the source country. The later you communicate these requirements, the less time suppliers have to comply.
Build proactive visibility, not reactive response. The regulation creates a formal mechanism, a substantiated concern, through which third parties can trigger an investigation into your supply chain. Companies that wait for a concern to be raised before investigating their supply chains are operating in a reactive mode that creates significant legal and reputational exposure. Real-time visibility into deforestation risk, protected area status, and legality signals at plot level. shared directly with suppliers so they know what evidence to provide, is the difference between a managed process and a crisis.
Meridia Verify is built for exactly this challenge. It gives operators real-time risk insights at plot level across deforestation, protected areas, and legality, and allows those insights to be shared directly with suppliers so they understand precisely what evidence is required. If you are trying to close the gap between where your supply chain is now and where EUDR compliance requires it to be by December 2026, get in touch to see how Verify works in practice.
.png)
