Category: Supply Chain

c
23.02.2026

PPWR: The moste important questions and answers for companies

The PPWR (Packaging and Packaging Waste Regulation) introduces comprehensive requirements for companies across the entire packaging value chain. In this article, we answer the key questions about the PPWR and outline which obligations will apply starting in 2026.

The PPWR (Packaging and Packaging Waste Regulation) – also known as the new EU Packaging Regulation – introduces comprehensive requirements for companies across the entire packaging value chain. It covers packaging design, recyclability, labeling, extended producer responsibility (EPR), and packaging waste reduction. Here, you will find the key questions about the PPWR and learn which obligations will apply starting in 2026.

1. What is the PPWR (Packaging and Packaging Waste Regulation)?

The PPWR (Packaging and Packaging Waste Regulation) is a key component of the European Green Deal. As a uniform, directly applicable framework, it replaces the previous Packaging Directive. The regulation aims to strengthen the circular economy across the EU, reduce packaging waste, increase recyclability and material efficiency, and harmonize existing rules throughout the EU.

2. When does the PPWR apply?

The PPWR entered into force on February 11, 2025. It will apply starting August 12, 2026, and will be rolled out in stages through 2040, with key milestones in 2028 and 2030.

3. Who is affected by the PPWR?

The PPWR applies to all packaging and packaged products placed on the EU market. Starting August 12, 2026, goods packaged in non-compliant packaging may no longer be marketed within the EU.
Exceptions and specific provisions apply to packaging for dangerous goods, medical devices, sensitive food contact materials, and innovative packaging, providing flexibility where safety or innovation considerations justify it.

The PPWR has an extremely broad scope. As a result, it affects a wide range of companies, including:

  • Suppliers of packaging or packaging materials
  • Manufacturers of packaging or packaged products
  • Distributors, importers, and fulfillment service providers
  • Brand owners placing packaged goods on the EU market
  • Non-EU suppliers delivering products or packaging to the EU

The following sectors are particularly impacted:

  • FMCG / fast-moving consumer goods (food, beverages, personal care)
  • Retail, e-commerce, and online marketplaces
  • Packaging manufacturing
  • Logistics, fulfillment, and transport packaging
  • Textiles, apparel, and footwear (packaging-related aspects)
  • Hospitality, food service, and take-away (HORECA)

Webinar: PPWR-Compliance

Bei der PPWR gibt es viele offene Rechtsfragen, Unsicherheiten bei Pflichten und Interpretationsspielräume in der Umsetzung. Wir ordnen die regulatorischen Anforderungen ein und zeigen, wie Sie PPWR-Compliance systematisch aufbauen und in bestehende Prozesse integrieren.

12.03.2026 – 11:00 Uhr

Zum Webinar anmelden

4. Which roles does the PPWR define?

The PPWR establishes clear obligations for each economic operator along the supply chain and generally distinguishes between producers, importers, distributors, and suppliers.

Manufacturer

A natural or legal person that manufactures packaging or a packaged product, or has packaging or a packaged product designed or manufactured under its own name or trademark. (This includes packaging manufacturers as well as companies such as Amazon.)

Supplier

Any natural or legal person that supplies packaging or packaging materials to a producer.

Importer

Any natural or legal person established in the EU that places packaging from a non-EU country on the EU market.

Distributor: Any natural or legal person in the supply chain—other than the producer or importer—that makes packaging or packaged products available on the market.

PPWR: To-Dos across the Supply Chain

Who is affected by the PPWR – and what needs to be done by when? Our concise checklist helps you assess the PPWR in a structured way and define the right next steps.

Download now

5. What does the PPWR role “Producer” mean, and how does it differ from “Manufacturer”?

Under the PPWR, “Producer” refers to any producer, importer, or distributor—regardless of where they are established—that places packaging or packaged products on the market in a Member State for the first time. Producers assume additional obligations, including extended producer responsibility (EPR) for collection and recycling. The term should not be confused with “Manufacturer.” The Manufacturer is one of the roles covered under the broader term “Producer.” There is also potential for confusion in German terminology: in the regulatory context, “Hersteller” refers to the entity responsible for first placing packaging on the market, while “Erzeuger” refers to the entity that manufactures packaging or packaged products.

It is important to understand that within a packaging value chain, there is only one Manufacturer, but there may be multiple Producers. Whether a company qualifies as a Producer must be assessed separately for each Member State, depending on who places the packaging or packaged product on the market first.

6. What does “Extended Producer Responsibility” mean in the context of the PPWR?

A key element of the PPWR is the principle of Extended Producer Responsibility (EPR). EPR compliance requires producers to take responsibility not only for manufacturing and distributing their products, but also for managing the end-of-life treatment of the associated packaging.

For example, online retailers based in Germany that sell goods to end customers in Austria must appoint an authorized representative in Austria, register in the national producer register, and pay the applicable fees there.

7. How will EPR fees change under the PPWR?

Starting 18 months after publication of the EU criteria, EPR fees will be modulated based on environmental performance. This means the fees will be structured according to how sustainable the packaging is. For example, lower fees will apply to packaging with higher recyclability.

8. What obligations does the PPWR introduce for companies?

The PPWR introduces extensive sustainability and information requirements for companies across the entire value chain. These obligations cover packaging design and material selection as well as documentation, labeling, traceability, and reporting.

Key obligations—depending on the company’s role—include:

1. Compliance & chemical safety (from 2026)

  • Compliance with limits for substances of concern (e.g., PFAS, heavy metals), especially for food contact materials
  • Conducting conformity assessment procedures
  • Preparing technical documentation
  • Issuing an EU Declaration of Conformity (DoC)

2. Labeling & transparency (from 2028 onward)

  • Harmonized labeling on material composition
  • Information on compostability, take-back schemes, or deposit return systems
  • Labeling of reusable packaging
  • Providing information to authorities and market surveillance bodies
  • Registration and compliance within the framework of extended producer responsibility (EPR)

3. Design and sustainability requirements (phased in through 2040)

  • Minimizing weight, volume, and empty space (maximum 50% for transport and e-commerce packaging from 2030)
  • Ban on certain single-use plastic packaging formats
  • Recyclability requirements (at least 70% from 2030, 80% from 2038)
  • Design for recycling to enable material recovery
  • Minimum recycled content in plastic packaging (10–35% from 2030, up to 65% by 2040)
  • Compliance with binding reuse targets
  • Industrial-scale recyclability (from 2035)

4. Specific requirements for certain packaging types

  • Mandatory compostability for specific applications (e.g., tea bags or fruit labels)
  • Reuse options in take-away settings
  • Allowing customers to use their own containers

9. What specific requirements apply starting in 2026?

If you are the Manufacturer of the packaging or packaged products:

  • You must carry out a conformity assessment procedure and prepare the technical documentation and EU Declaration of Conformity.
  • You may not use substances of concern in packaging materials (e.g., PFAS, heavy metals).
  • You are subject to general labeling requirements.

If you purchase packaging or packaged products downstream from a Manufacturer or from your suppliers, you are subject to due diligence obligations. These include, among other things, verifying compliance of the packaging and ensuring that labeling requirements have been properly fulfilled.

10. What requirements apply regarding empty space and overpackaging?

Starting January 1, 2030, grouped, transport, and e-commerce packaging may contain no more than 50% empty space. Filling material is considered empty space. Packaging weight and volume must be reduced to what is strictly necessary, and cosmetic practices such as double walls or false bottoms are prohibited, with only limited exceptions.

11. What impact does the PPWR have on the supply chain?

The PPWR increases data requirements for suppliers and packaging manufacturers across the entire packaging supply chain. It requires clear allocation of responsibilities within the packaging value chain and leads to greater coordination efforts between procurement, sustainability, quality management, and suppliers. At the same time, risks increase due to incomplete or outdated supplier data. As a result, transparency and a digital, readily accessible data foundation become increasingly important.

12. How should companies prepare for the PPWR now?

Companies should establish transparency at an early stage regarding affected packaging and suppliers, review existing data and supporting documentation, and define clear processes for data collection and maintenance. It is also crucial to involve suppliers in a timely manner and build digital structures to ensure scalable and audit-proof compliance.

Our approach:

  1. Assess PPWR readiness across the supply chain
  2. Raise supplier awareness and provide training – without additional workload
  3. Collect and analyze packaging data in an automated way
  4. Optional advisory services for strategic and operational implementation

Software and consulting services for PPWR compliance

Capture technical documentation and EU Declarations of Conformity from your suppliers in a structured and standardized way with our PPWR module. We are also happy to support you with advisory services on your path to compliance.

Learn more

13. How does the PPWR relate to other ESG requirements?

Supply chain decarbonization

The PPWR promotes recyclable and material-efficient packaging, reducing the use of virgin raw materials and energy-intensive production steps. This creates a direct lever for lowering Scope 3 emissions.

REACH / RoHS

The PPWR builds on existing chemicals regulations and further specifies substance requirements for packaging, for example by setting limits for PFAS and heavy metals to systematically reduce environmental and health risks.

ESRS E5 – Circular Economy

The PPWR operationalizes ESRS E5 requirements by defining binding criteria for recyclability, material composition, and recoverability of packaging. This enables robust and comparable ESG metrics.

EUDR – Traceability

Similar to the EUDR, the PPWR requires transparent traceability of materials and suppliers to demonstrate regulatory compliance across the supply chain.

Digital Product Passport (DPP)

The PPWR provides key data points for the Digital Product Passport, particularly regarding material composition, substances, recyclability, and compliance. It thus lays the foundation for digital, standardized transparency at product and packaging level.

14. Why should companies implement the PPWR early?

Companies should implement the PPWR at an early stage to reduce compliance, liability, and market access risks, while avoiding last-minute implementation challenges and supply chain bottlenecks. Acting now enables companies to build robust data structures instead of relying on manual, ad hoc solutions and strengthens their positioning toward customers, retailers, and authorities. At the same time, the PPWR can serve as a lever for more efficient and sustainable packaging strategies. Early action also ensures sufficient time for necessary adjustments in research and development, including planning, testing, and scaling.

15. What penalties apply in case of PPWR violations?

In Germany, missing EU Declarations of Conformity, technical documentation, registrations, licensing obligations, or incorrect information may result in fines of up to €200,000. In addition, sales bans may be imposed. Specific penalties for individual PPWR obligations will be further defined through additional legal acts.

Implement PPWR with ease

Starting in 2026, PPWR compliance will become an operational reality—manual Excel spreadsheets will no longer be sufficient. With VERSO, you can digitize data collection, supplier communication, and documentation management in one central platform.

Want to understand your specific obligations? Take the PPWR Check. In just three minutes and a few clicks, you will see what applies to your company—and receive a practical checklist to help you get started.

Take the PPWR Check now

* This information is summarized editorial content and should not be construed as legal advice. VERSO accepts no liability.

This might be also interesting for you:

LKW-Fahrer mit Klemmbrett – Symbolbild für die Dekarbonisierung der Lieferkette
02.12.2025

Decarbonizing the Supply Chain: How To Achieve Climate Goals Along the Supply Chain

Read article
Bild von einem Cyber-Angriff mit Computer und Code.
04.02.2026

NIS-2 in the supply chain

Read article

Subscribe to our newsletter!

Sign up and receive regular news about:

  • Current ESG topics and legislative changes
  • Individual advice from the VERSO experts
  • News about VERSO
  • Sustainability Events and more
Bild von einem Cyber-Angriff mit Computer und Code.
04.02.2026

What does the NIS-2 cyber security directive mean for the supply chain?

NIS-2 tightens the requirements for cyber security – for the first time, the entire supply chain is in focus, from your service providers to cloud providers. Find out which companies are affected and how you can build effective risk management for your supply chain and NIS-2 compliance step by step.

What is the NIS 2 Directive and what does it mean for the supply chain?

With the NIS 2 Directive, the EU is tightening the requirements for companies’ cyber resilience. The focus is not only on a company’s own IT, but also on the entire supply chain: service providers, suppliers and IT or cloud providers are increasingly becoming a gateway for attacks. Companies must therefore be aware of their dependencies, systematically assess risks and implement suitable security measures for partners and service providers. The supply chain is thus becoming a central lever for compliance with the directive and for the company’s digital resilience.

Which institutions and companies are affected by NIS-2?

This no longer only affects traditional operators of critical infrastructure, but also numerous so-called “particularly important” and “important” facilities – including many companies from industry, production, IT, logistics, energy, healthcare and digital services with 50 or more employees or a turnover of EUR 10 million or more. The “particularly important” facilities, shown in the table, have to implement the strictest requirements.

Particularly important facilities Facilities / Examples
Energy Electricity, gas, oil, district heating/cooling, water supply, charging infrastructure for electric vehicles
Transportation & Logistics Air, rail, road and shipping transportation, including shipping companies and port operators
Finance Banks, trading platforms, market infrastructures, insurance companies
Healthcare Hospitals, research institutions, pharmaceutical companies, medical technology
Water supply Drinking water and wastewater management
Digital infrastructure DNS services, operators of top-level domains
Public administration Authorities and other state institutions

Although the “important” facilities – depending on their size and sector – do not have quite as far-reaching obligations and are not classified as critical per se, they must nevertheless act in a NIS-compliant manner. These include:

  • Food production
  • Postal and courier services
  • Chemical industry
  • Manufacturing industry
  • Digital services
  • Research facilities
  • Waste management

When does NIS-2 apply to companies and their supply chains?

All EU member states should have transposed the NIS-2 Directive into national law by October 17, 2024, but many, including Germany, missed the deadline. In Germany, NIS-2 has therefore only been law since December 2025.

Whether in one country sooner or later, the fact is: companies in the EU must now adapt their security measures in the company and in the supply chain to NIS-2. And they need to be careful: NIS-2 affects significantly more companies than its predecessor, NIS-1. In Germany, around 30,000 organizations are covered by NIS-2, while fewer than 2,000 were affected by NIS-2.

The difference between NIS-2 and ISO-27001

In contrast to established information security standards such as ISO/IEC 27001, NIS-2 goes much further: the focus is not only on securing the company’s own IT, but also on holistic risk management that includes the entire corporate environment, including the supply chain.

Aspect ISO 27001 NIS-2
Regulatory status International standard (voluntary) EU directive (mandatory)
Area of application Industry-independent, for organizations of all sizes Specific sectors and companies
Objective Establishment and operation of an information security management system (ISMS) Increasing the cyber security level of critical and important infrastructures in the EU
Information protection Protection of all types of information (digital, physical, cloud) Focus on IT, OT and network security with critical importance
Risk management Systematic information security risk management Extended and deeper requirements for cyber and information security risks
Asset Management Part of the ISMS Significantly expanded and explicitly required
Supply chain & procurement security Generally addressed Explicit and central requirement (suppliers & partners)
Awareness & training Employee training recommended Training courses planned, especially mandatory for management and the Executive Board
Management involvement Responsibility defined, but limited personal liability Strong involvement of top management including personal liability
Degree of coverage Covers approx. 70% of NIS 2 requirements Goes well beyond ISO 27001

What does NIS-2 require of companies and supply chains?

The NIS 2 directive takes cyber security to a new level – organizationally, technically and strategically. Essentially, the requirements can be divided into three central fields of action:

1. establish systematic risk management: Use of technical protective measures such as multi-factor authentication (MFA), documented cryptography guidelines, established incident response and emergency plans, regular training to raise employee awareness

2. clear responsibilities at management level: active co-design and approval of cybersecurity measures, mandatory further training, personal liability in the event of gross breaches of duty

3. binding reporting obligations & business continuity: early warning report within 24 hours in the event of serious incidents, detailed report after 72 hours with root cause analysis and initial countermeasures, final report within one month including long-term preventive measures

NIS-2 requirements for supply chain management

What is particularly relevant with NIS-2 is that the requirements extend into the supply chain. Companies must be able to clearly demonstrate which suppliers and service providers have access to systems, data or critical processes – and how the associated risks are managed. This applies in particular to IT and cloud service providers, software providers, external service providers with system or data access and suppliers with digitally connected processes.

The specific requirements for supply chain management:

Risk management for third parties

Companies must identify risks arising from collaboration with suppliers and service providers – especially where external partners have access to systems, data or critical processes.

  • Example: An external IT service provider has remote access to productive systems or administers cloud infrastructures. Companies must assess what impact a failure, a security incident or inadequate protective measures at this service provider would have.

Evaluation of security measures at suppliers

It is not enough to rely on contractual assurances. Companies must be able to understand which security measures are actually in place at relevant suppliers and whether they match their own risk profile.

  • Example: A software provider confirms “appropriate security measures”. NIS-2 compliance is only achieved when it is clear whether, for example, access controls, patch management, incident response processes or certifications are in place – and how up-to-date they are.

Documentation and verifiability

Assessments, decisions and measures must be documented in a structured manner. In the event of an audit or incident, it is not just what has been implemented that counts, but that risks have been systematically assessed, decisions justified and measures recorded in a comprehensible manner.

  • Example: Why a certain supplier was classified as an “acceptable risk” – or why additional measures are required – must be explained transparently even months later.

Regular checks instead of one-off queries

NIS-2 understands cyber security as an ongoing process. Information from the supply chain must therefore not be collected once, but must be checked and updated regularly.

  • Example: The risk assessment must be adjusted in the event of contract extensions, new system access, changed services or security-relevant incidents – not just at the next audit.

How companies ensure NIS 2 compliance (also in the supply chain)

NIS-2 can seem complex at first glance, but with a clear roadmap, the requirements can be systematically implemented. This step-by-step guide shows which measures companies should take now – from risk assessment to audit preparation.

Step-by-step guide to NIS-2 compliance: what measures companies should take now — from risk assessment to audit readiness.

1. clarify NIS-2 affectedness

To begin with, you should check whether your company is affected by the scope of the directive. Anyone who is part of the supply chain may also fall under the requirements.

2. carry out a gap analysis

Check risk management and incident response in particular: Are there clear processes for detecting and reporting incidents? Have access rights, encryption and MFA been implemented? How well are your service providers secured and are emergency and recovery plans up to date?

3. develop a risk management strategy

Effective risk management forms the basis of every NIS 2 strategy.
The core components are:

  • Regular risk assessments for early identification of weak points
  • Strong access controls (incl. MFA)
  • Encryption
  • Consistent patch management
  • Regular penetration tests
  • Establish a structured incident response plan and reporting process

Those who proactively implement these measures reduce risks in the long term and strengthen cyber security throughout the company.

4. clarify and strengthen governance and responsibilities

NIS-2 clearly makes cybersecurity a management task. Management is responsible for actively designing, adopting and regularly reviewing security guidelines.

The central elements are:

  • Mandatory training for managers
  • Clearly defined responsibilities (e.g. a designated security officer)
  • a systematic review of the entire security strategy
  • continuously maintained and complete safety documentation

Strong governance not only ensures fewer security risks, but also reduces personal liability risks for management.

5. secure the supply chain

Third-party providers and service providers are increasingly becoming a central cyber risk factor – and with NIS-2, they also have a clear responsibility.

To secure your supply chain, you should in particular:

  • Systematically check the security level and protective measures of your service providers
  • Make NIS 2 and compliance requirements binding in contracts
  • Establish ongoing monitoring and control mechanisms to identify risks at an early stage

This turns the supply chain into an effective protective shield: your company reduces both the real attack surface and the regulatory risk.

Conclusion: NIS-2 does not start in IT, but in the supply chain

NIS-2 makes it clear that cyber risks cannot be managed in isolation in IT. Transparency in the supply chain, uniform assessments and the ability to monitor and verify risks on an ongoing basis are crucial. This is precisely where many companies fail due to manual processes and a lack of structure.

With the VERSO Supply Chain Hub, the NIS-2 guideline and cyber security in the supply chain can be mapped centrally: from structured risk queries with suppliers and a uniform assessment of third parties to the ongoing updating and central documentation of all evidence. In this way, NIS-2 is not only implemented in the supply chain in compliance with regulations, but also in a practicable and scalable manner.

Talk to us

* This information is summarized editorial content and should not be construed as legal advice. VERSO accepts no liability.

This might be also interesting for you:

LKW-Fahrer mit Klemmbrett – Symbolbild für die Dekarbonisierung der Lieferkette
02.12.2025

Decarbonizing the Supply Chain: How To Achieve Climate Goals Along the Supply Chain

Read article
Product
18.11.2025

PCF Automation in 6 Steps

Read article

Subscribe to our newsletter!

Sign up and receive regular news about:

  • Current ESG topics and legislative changes
  • Individual advice from the VERSO experts
  • News about VERSO
  • Sustainability Events and more
Mann schweißt ein Stahlrohr – Symbolbild für den CBAM
30.01.2026

Fit for CBAM: Key Facts and Requirements

As part of the EU’s climate strategy, the Carbon Border Adjustment Mechanism (CBAM) puts a price on CO2 emissions from goods imported into the EU from non-EU countries. The goal is to promote emission reductions and protect the competitiveness of EU industry. This article outlines what companies need to know to ensure CBAM compliance.

Contents

    1. Brief Overview
    2. Covered Goods
    3. Deadlines and To-Dos
    4. CBAM FAQ
    5. Tips for Implementation
    6. Background Knowledge

 

What is CBAM? A Brief Overview

CBAM (Carbon Border Adjustment Mechanism) is the official name of EU Regulation 2023/956. It entered into force on 1 October 2023 and complements the EU Emissions Trading System (EU ETS). Together, they aim to reduce emissions from both goods produced within and imported into the EU.

Objectives of CBAM:

  • Strengthen existing emission reduction measures
  • Encourage companies to reduce emissions rather than relocate production
  • Protect EU-based companies from cost-related competitive disadvantages

Annex I of the CBAM regulation lists the relevant CN codes in detail.

The EU plans to expand the scope of CBAM. By 2030, all products covered under the EU ETS are expected to be included.

Overview of goods covered by CBAM

CBAM Reporting and Certificates: Deadlines and To-Dos

Transitional phase 2023–2025: quarterly reports (“reporting obligation”)

Reports must be submitted within one month after the end of each quarter and include:

  • Company master data
  • CBAM account number
  • Quantity and type of imported goods
  • CBAM-relevant greenhouse gas emissions
    • Specific emissions, not default values
    • Direct and indirect emissions (in line with the CBAM scope during the transitional phase)
  • CO2 price paid in the country of origin

From 2026: annual CBAM declaration – certificates from 2027

Starting 1 January 2026:

From January 1, 2026, emissions from imported CBAM goods will be recorded for the first time for later financial settlement. The actual compensation through CBAM certificates, however, will only take place from 2027 as part of the annual CBAM declaration. A prerequisite is registration as an authorized CBAM declarant, as only authorized declarants are permitted to import CBAM goods from 2026 onward.

From 2027, CBAM certificates can be purchased via a central platform. The price of CBAM certificates is based on the weekly average price of EU ETS certificates.

From the start of the certificate obligation in 2027, a sufficient number of CBAM certificates must be held at all times to cover at least 80 percent of imported CBAM goods. Companies are responsible for calculating the required compensation and corresponding number of certificates themselves. The CBAM module in the VERSO Supply Chain Hub supports this process.

Important: From 2026, only authorized declarants are allowed to import CBAM goods and purchase certificates.

From 2027: first annual CBAM declaration:

From 2027, the CBAM quarterly report will be replaced by the annual CBAM declaration.

    • To be submitted by September 30 of the following year
      (example: the CBAM declaration for 2026 is due on September 30, 2027)
    • Total quantity of imported goods
    • Total amount of embedded emissions for each product group
    • Total number of CBAM certificates allocated to embedded emissions, minus any CO₂ price paid in the country of origin
CBAM Timeline

CBAM FAQ

Where do I submit CBAM reports?

Reports were submitted via the CBAM transitional registry until end of 2025, which you should be able to access via your national customs portal. From 2026 onward, the annual CBAM declaration will be submitted via the central CBAM Registry by authorized declarants.

Are there penalties for non-compliance with CBAM?

Yes. The regulation allows for proportionate and dissuasive penalties. Even during the transition phase, fines between 10 and 50 euros per tonne of unreported CO2 emissions may apply. From the start of the regular CBAM phase, sanctions may also apply in cases of missing registration, incorrect declarations, or failure to surrender CBAM certificates.

Are there thresholds for CBAM reporting?

Yes. If a company exceeds the threshold of 50 tonnes per year, the full CBAM obligations apply.

Can I still use default values in the report?

From 31 July 2024, default values may no longer be used. If you do not yet have real emissions data (e.g. from suppliers), Germany’s Emissions Trading Authority may still allow temporary use of default values if:

  • You document your approach to obtaining real data
  • You demonstrate that you made reasonable efforts to collect the data
  • You provide your explanation in the “Comments” field of the transitional registry

Your submitted report must be internally consistent – review it carefully.

Will the Omnibus proposal change anything?

Adjustments to the CBAM implementation timeline and design were introduced as part of the Omnibus package:

  • Deferred payment obligation: 2026 is the first emissions year, but CBAM certificates must only be purchased and surrendered from 2027 onward.
  • New reporting logic: Quarterly reporting ends in 2025 and is replaced by an annual CBAM declaration from 2026 onward (deadline: September 30).
  • New threshold: The €150 threshold is removed; instead, a quantity threshold of 50 tonnes per year applies.
  • Central registration: From 2026 onward, only authorized CBAM declarants may import CBAM goods.

Tips for CBAM Implementation

CBAM compliance adds administrative effort – particularly around data collection. Close collaboration with suppliers is crucial.

Solutions like the our CBAM Module can support companies by automating data capture, monitoring emissions, managing certificates, and ensuring documentation.

Background knowledge on CBAM

In 2005, the EU ETS was introduced as the EU’s instrument to meet Kyoto Protocol targets. It has undergone multiple reforms – most recently in 2021 as part of the Fit-for-55 package.

The ETS operates as a cap-and-trade system: companies receive an emissions allowance and must buy more if they exceed it.

This created a challenge: to avoid EU regulations and costs, some companies moved their CO2-intensive production to countries with lower or no carbon pricing – a practice known as “carbon leakage”.

*This information is summarized editorial content and should not be considered legal advice. VERSO assumes no liability. 

LKW-Fahrer mit Klemmbrett – Symbolbild für die Dekarbonisierung der Lieferkette
02.12.2025

Supply Chain Decarbonization: How To Achieve Your Climate Goals

Engage suppliers and strategically reduce supply chain emissions – your step-by-step guide to supply chain decarbonization.

Around 80% of a company’s emissions originate in the supply chain, making it a key focus on the path to net zero. But setting climate targets alone isn’t enough. The real challenge is achieving them. This article explores how to make supply chain decarbonization a reality – by turning targets into actions.

Why Is It So Important To Decarbonize Your Supply Chain?

Let’s look at two key reasons why decarbonizing the supply chain should be a top priority for businesses.

Climate Action Is No Longer Optional

Regulations such as CSDDD, EUDR, and CBAM demand greater supply chain transparency, while CSRD’s ESRS E1 standard (Climate Change and Climate Protection) requires companies to set and track emission reduction targets – including Scope 3.

Overview on Scopes 1-3

That’s the compliance side. But focusing only on regulations means dealing with bureaucracy without unlocking real business value.

Supply Chain Decarbonization Future-proofs Your Business

Even if your company isn’t legally required to take climate action, proactively reducing emissions pays off.

Three Reasons to act now: 

  1. Climate risks disrupt supply chains. Extreme weather events are becoming more frequent, damaging factories, transport routes, and infrastructure. The result? Delays, shortages, and financial losses.
  2. Sustainable products drive competitive advantage. A Capgemini study found that 79% of consumers want to make more sustainable purchasing choices, and 66% actively look for eco-friendly products and services.
  3. ESG commitments are now a key factor in procurement. Large corporations subject to CSRD or CSDDD will require clear ESG data from suppliers. According to the Business Development Bank of Canada, 92% of large companies will demand ESG disclosures from their vendors.

How to assess and decarbonize your supply chain 

Step 1: Estimate Scope 3 Emissions

Start by mapping out your supplier network and compiling a spend list and product categories. This helps you estimate emissions across your supply chain.

If precise data is unavailable, start with industry benchmarks and refine your estimates as supplier-specific data becomes available.

Step 2: Identify Hotspots & Assess Supplier Climate Maturity

Next, evaluate which suppliers contribute the most emissions and how advanced their climate strategies are. The VERSO Supply Chain Hub automates this assessment.

Supplier Climate Maturity Levels: 

  • No climate strategy: No decarbonization measures in place. 
  • Low maturity: Some CO₂ reduction efforts, but no structured plan. 
  • Intermediate maturity: Concrete reduction measures exist but aren’t fully embedded in business operations. 
  • High maturity: Decarbonization is systematically integrated into corporate strategy. 
  • Best practice leader: Sustainability has long been a priority, with innovative approaches and industry-leading standards.

Key Assessment Indicators: 

  • Raw material sourcing
  • Energy & resource efficiency
  • Use of renewable energy in production & transport
  • Verified CO₂ offset projects
  • Voluntary sustainability reporting

By identifying emission hotspots and assessing supplier maturity, you can prioritize action where it’s needed most.

Step 3: Set Climate Targets & Engage Suppliers 

Define science-based climate targets aligned with the Paris Agreement and backed by climate research. The Science Based Targets initiative (SBTi) offers industry-specific guidance.

Once goals are set, it’s time to engage your suppliers. The SBTi recommends a five-step approach: 

  1. Communicate climate expectations to suppliers. 
  2. Collaborate to align on shared goals. 
  3. Support suppliers with knowledge and resources. 
  4. Monitor progress through transparent data tracking. 
  5. Scale and refine strategies over time. 

Pro tip: Involve suppliers from the start to foster collaboration. Decarbonization is a team effort! 

Step 4: Implement & Scale Your Climate Strategy

To reach long-term supply chain climate goals, companies must actively support their suppliers in implementing sustainable practices. 

Ways to Drive Climate Progress in Your Supply Chain: 

  • Provide knowledge & resources: Trainings and tools can improve supplier climate maturity.
  • Create competitive pressure: Large corporations increasingly demand ESG data, and reporting requirements will expand significantly in the coming years.

Regularly review progress, optimize processes, and keep climate action on the agenda in supplier meetings.

Transparency and accountability are key. Make it clear to your suppliers: Those who don’t commit to sustainability may risk losing business.

That said, low-maturity suppliers won’t transform overnight. But they should demonstrate intent to shift toward sustainable production and logistics. In the long run, climate action strengthens not only the environment but also supply chain resilience.

How to Make Supply Chain Decarbonization Easier

The larger and more complex your supply chain, the harder it is to track emissions and manage climate action. Fragmented data and limited resources create major challenges for procurement teams.

So, how can you achieve your supply chain climate goals efficiently? 

With the right tools! The VERSO Climate Hub and VERSO Supply Chain Hub simplify supply chain decarbonization:

  • VERSO Supply Chain Hub automates supplier climate maturity assessments and collects supplier-specific CO₂ footprints. These insights feed into the Climate Hub, refining your strategy and tracking reductions.
  • Built-in reporting tools generate compliant reports for GRI/CSRD, CDP, and SBTi.
Manage your Supply Chai Emissions with VERSO

Get in touch with us. Together, we’ll find the right strategy to help your company reach its net zero goals!

Contact Our Team

* This information is summarized editorial content and should not be considered legal advice. VERSO assumes no liability. 

Product
18.11.2025

PCF Automation in 6 Steps

The calculation of a Product Carbon Footprint (PCF) is becoming increasingly important for many companies. Automation can be a real game changer here. These six steps show how to move effectively from a manual PCF assessment toward full process automation.

The calculation of product emissions — a Product Carbon Footprint (PCF) — is becoming increasingly important for many companies. With a wide product portfolio, this quickly turns into a major challenge.

Automation can be a real game changer here. To unlock automation potential within your organization, it helps to break the entire PCF process into small, understandable steps. These six steps show how to move effectively from a manual PCF process toward full process automation.

1. Clarify the basics: What is reported, to whom, and based on which standard?

Before you move into the practical phase, you should be able to answer a few key questions:

  • Who receives the PCF data — customers, authorities, or internal stakeholders?
  • How should the data be presented — as a report, a digital interface, or an audit result?
  • Which standards guide the reporting — GHG Protocol, ISO 14067, or other norms?

These questions define the methodological framework. They determine how deep the calculation needs to go (e.g., cradle-to-gate or cradle-to-grave) and which system boundaries apply.

2. Understand your role in the value chain

Your position within the value chain defines which data is relevant:

  • Companies delivering to a single customer often need standardized downstream data.
  • Companies at the end of the value chain must prepare information for final products and end customers.
  • Suppliers in between need both: incoming data collection and outgoing data transmission.

This classification helps identify the right interfaces and automate them later on.

3. No automation without data quality

Automation depends entirely on the data foundation. Companies need to ask:

  • Where do the data points come from — ERP systems, production data, supplier information?
  • How can they be structured in a product-level and usable format?
  • How can you ensure that the data is complete, consistent, and up to date?

Only when these questions are resolved is it worth moving toward technical automation. Otherwise, errors multiply instead of decreasing.

4. From databases to supplier data: Evaluate emissions correctly

A central step in calculating a Product Carbon Footprint is linking material data to emissions. There are two approaches:

  1. Emission factors from databases: easy to access, but based on averages.
  2. Factors based on data from your own supply chain: more complex, yet far more precise.

Many companies rely on databases in the short term. There are already many reliable sources with filtering options to find the most accurate factor possible. At VERSO, for example, we give you access to about 50 databases with over 200,000 emission factors.

In the long run, though, there is no alternative to supply chain data for real transparency and comparability. You should therefore request emission data or individual PCFs from your suppliers as soon as possible. You can also do this via the VERSO Supply Chain Hub. You then transfer the data directly into your PCF in the VERSO Climate Hub.

5. Automate step by step — instead of rushing ahead

Automation should definitely be the goal. However, many companies begin automating before the right foundations are in place. Often, materials are simply linked to emission factors — which may save time, but does not deliver reliable results.

A better approach: first build a solid methodological concept, structure processes in modules, and automate step by step. A modular system helps you start with a few well-defined processes. You can then transfer rules and calculation logic to additional products over time.

6. From partial to full automation

Once the methodology and data quality are right, automation can expand step by step:

  • Automated data transfers between internal systems (ERP) and PCF software
  • Intelligent and automated allocation of emission factors to materials
  • Fully automated calculation processes
  • Automated management and updates of emission factors

The goal: end-to-end, reliable PCF calculations — without manual intervention.
This frees teams to focus on what matters: reducing emissions, implementing measures, and improving products.

Conclusion: Automate with intention

PCF automation succeeds when methodology and data quality come first. Clear goals, roles, and standards, structured data sources, and gradual automation lead to robust results with less effort. A modular approach supports automation, transparency, and comparability — all the way to end-to-end PCF calculation without manual input.

We are happy to support you with software and consulting.

Guide: Calculate the PCF in 7 steps

Determine the emissions of your products in 7 steps: This guide takes you through the PCF calculation in an understandable way.

Download guide

* This information is summarized editorial content and should not be construed as legal advice. VERSO accepts no liability.

This might be also interesting for you:

Eine Hand mit Arbeitshandschuhen hält eine gerade produzierte Glasflasche – Symbolbild für den PCF
03.07.2025

Understanding and Calculating PCF

Read article
Corporate Carbon Footprint berechnen und reduzieren
26.06.2025

How is the Corporate Carbon Footprint (CCF) calculated?

Read article

Subscribe to our newsletter!

Sign up and receive regular news about:

  • Current ESG topics and legislative changes
  • Individual advice from the VERSO experts
  • News about VERSO
  • Sustainability Events and more

Sign up now!

Schlafender Kauz in einem abgestorbenen Baum. Symbolbild für die EUDR
17.07.2025

From Spruce to Veneer: What the EUDR Means for the Timber Industry

The EUDR is bringing major changes to the wood and paper sector. Starting December 30, 2025, only timber products with a proven legal and deforestation-free origin will be allowed on the EU market. This article breaks down what that means in practice – for forest owners, sawmills, print shops, furniture manufacturers, publishers, and distributors alike. The rules will differ depending on your role, but no one is fully exempt.

Contents

  1. EUDR, EUTR, FLEGT, FSC/PEFC: What’s Changing?
  2. Which Wood Products are Affected?
  3. General Implementation Process
  4. Implementation Guide for the Wood and Paper Industry

Key Takeaways

From December 30 on, businesses in the timber industry may only place products on the EU market if their origin is both legal and free from deforestation. The exact obligations depend on your market role and company size. Importers and traders operating in the EU must submit a due diligence statement. Downstream SMEs benefit from certain simplifications but still bear responsibility in specific cases. Products that have already passed due diligence can be further processed or sold using the associated reference number – as long as the original due diligence was properly carried out.

EUDR, EUTR, FLEGT, FSC/PEFC: What’s Changing?

In short: The EUTR will be replaced, while FLEGT and FSC/PEFC remain relevant.

For businesses in the timber sector, the EUDR isn’t entirely unfamiliar. The EU Timber Regulation (EUTR) already prohibited the import and processing of illegally harvested timber within the EU. So what exactly is new – and what does this mean for FLEGT agreements?

EUTR

The EUTR will be replaced by the EUDR starting December 30, 2025. However, there is a transition period for EUTR-compliant products manufactured before June 29, 2023, but placed on the market after December 30, 2025. For these products, the EUDR will apply from January 1, 2029.
Compared to the EUTR, the EUDR expands the scope of due diligence and includes a broader range of timber products.

FLEGT

The EUDR distinguishes between legality risks and deforestation risks. FLEGT licenses – part of a permit system for timber imports from partner countries – will continue to serve as proof of legality, at least for now.

FSC/PEFC

Like FLEGT, FSC and PEFC certifications provide information about sustainable forest management. Under the EUDR, these certificates are considered indicators that products are legal and deforestation-free. However, they do not replace the obligation to gather relevant data and submit a due diligence statement.

Wood in All Its Forms: What’s Covered by the EUDR?

The EUDR applies to both raw and processed wood. Here’s a comprehensive list of wood-based products covered by the regulation:

  • Firewood, wood chips, sawdust, etc.
  • Charcoal
  • Roundwood
  • Wood for barrel hoops, stakes, etc.
  • Wood wool, wood flour
  • Wooden railway sleepers
  • Sawn or planed wood >6 mm thick
  • Veneer sheets, plywood layers ≤ 6 mm
  • Moulded wood, including planed or sanded
  • Particle board, fiberboard, OSB, etc.
  • Plywood, veneered wood, laminated wood
  • Densified wood
  • Wooden frames, wooden packaging, pallets, etc.
  • Cooperage products
  • Wooden tool handles, shoe lasts, etc.
  • Carpentry products, flooring, etc.
  • Tableware, kitchenware, wooden seating furniture and parts, wooden furniture and components
  • Marquetry, wooden boxes, decorative items
  • Pulp and paper, printed matter, drawings, books, etc.
  • Prefabricated wooden buildings

In other words: from sawmills and furniture manufacturers to book retailers – many players in the value chain must comply with the EUDR.

But how do you approach compliance with such a wide range of starting points? The next section outlines a general roadmap for implementing the EUDR, followed by practical examples tailored to the timber industry.

EUDR Compliance: The Essentials

In principle, the process is the same for all companies:

  1. Define your EUDR role. Are you a trader or an operator? Our EUDR Check can help you clarify your status.
  2. Collect the necessary data. You need a clear overview of your raw materials and products. As a manufacturer, you must know exactly which materials flow into your final product. If you’re an importer, this means gathering geolocation data for the forest areas involved. Downstream companies will need reference or verification numbers. Especially if you don’t separate your stock by origin, this step can get tricky – so take care to be thorough.
  3. Conduct a risk assessment. You may only place products on the market if they carry no or only negligible risk of deforestation and illegality.
  4. Mitigate identified risks. Ideally in close cooperation with your suppliers.
  5. Document your process and submit a due diligence statement. In addition, companies that don’t qualify as SMEs under the EUDR must publish an annual report on their EUDR compliance.

You can find a detailed explanation of each step in our practical guide to EUDR compliance.

Practical guide EUDR: From data collection to due diligence declaration

Step by step to EUDR compliance – with helpful checklists, infographics and practical FAQs.

Download EUDR Guide

… and Here’s What EUDR Compliance Looks Like in the Timber Industry

To support implementation, the EU has published an EUDR Compliance Guide with various practical scenarios. The following four examples provide guidance for companies that manufacture or trade wood-based products:

Scenario 1: From Tree to Paper Product

Initial situation:
A forest owner sells standing trees to a large timber company. After harvesting, the forest owner transfers ownership of the roundwood to the company, thereby placing it on the EU market for the first time.

The forest owner qualifies as an upstream SME operator and is responsible for ensuring that the wood is both legal and deforestation-free in line with the EUDR. A due diligence statement must be submitted via the EU information system – the forest owner may authorize the timber company to act as their representative. However, legal responsibility remains with the forest owner.

Processing and export:
The timber company harvests the trees, processes part of the wood into paper products at its own paper mill, and exports some of these products outside the EU. Because the wood has undergone further processing, the resulting products are again considered relevant under the regulation. The company must submit its own due diligence statement but may refer to the forest owner’s previously submitted statement (including the reference number).

Distribution within the EU:
A paper distribution company sells the paper to print shops within the EU. Although the paper has already been placed on the market, the distributor is a non-SME trader and therefore subject to the same obligations as an operator. This means the distribution company must also submit a due diligence statement to the system. It may refer to the earlier statement as long as it can prove that due diligence was properly conducted.

Conclusion:
Throughout the entire supply chain – from forest to shelf – both operators and traders must meet their EUDR obligations. Early submitted due diligence statements can be reused, but they do not relieve any party of their responsibility for verification and documentation.

Scenario 2: From Sawmill to Furniture Store

Initial situation:
An SME sawmill processes logs into sawn timber and sells the material to furniture manufacturers within the EU.
Although the sawmill places a new product on the market, it is not required to conduct its own due diligence, as it only processes pre-verified wood. However, it must retain the reference number from the original due diligence statement, which serves as proof of traceability.

Further processing:
Two furniture companies purchase the sawn timber and use it to manufacture furniture. By doing so, they place new relevant products on the market. This makes them operators under the EUDR, and they must ensure clear documentation of the origin of all raw materials – even across multiple processing steps. This includes linking incoming deliveries to the final products and referencing the relevant upstream due diligence statements (DDS) in their own DDS.

The following obligations apply based on company size:

  • The larger company must submit its own due diligence statement but may refer to the earlier DDS from the timber supplier. It remains responsible for full EUDR compliance.
  • The smaller company is exempt from submitting its own DDS but must still retain the corresponding reference number.

Caution with mixed sources:
If the furniture manufacturers also use timber that has not yet been verified – for example, from their own imports – they are fully responsible for EUDR compliance. In this case, they must submit their own due diligence statement, including all required information such as geolocation data.

Conclusion:
EUDR obligations vary depending on a company’s role in the supply chain and its size. Companies working exclusively with pre-verified materials benefit from simplifications – but they must always be able to prove the origin and EUDR compliance of their products.

Scenario 3: Newspaper from Forests You Own

Initial situation:
A paper manufacturer based in the EU produces newsprint using wood sourced from its own forests and places it on the EU market.
As a large operator, the manufacturer must ensure that the paper is both legal and deforestation-free. For every batch placed on the market, it must submit a due diligence statement through the central information system. If all products come from the same origin, a single statement can cover multiple shipments over a period of up to one year.

Further processing:
A publishing company purchases the paper, prints newspapers, and places them on the market for the first time. As a large operator, the publisher must also submit its own due diligence statement. It may refer to the statement submitted by the paper manufacturer, provided it verifies that the original statement is complete and accurate. In this case, one statement can also cover several issues of the newspaper (e.g. on a quarterly basis).
A second, smaller publisher also uses paper from the same manufacturer to print newspapers. Since the paper has already been verified and the publisher qualifies as an SME, it is not required to submit a due diligence statement. However, it must retain the reference numbers from the existing statement.

Retail sales:
The newspapers are then sold to two retailers:

  • The large retailer is treated as an operator and must submit its own due diligence statement. It may refer to the publisher’s statement, but only after verifying its validity. One statement may apply to multiple deliveries.
  • The small retailer is not required to submit a statement but must document the supply chain and retain the relevant reference numbers. It is not responsible for the product’s compliance.

Conclusion:
Whether you’re a producer, processor, trader, or publisher: under the EUDR, obligations depend on both your role in the supply chain and the size of your company. SMEs using pre-verified materials benefit from certain simplifications. Larger companies, however, must submit their own statements and carry full responsibility for compliance.

Scenario 4: Imported Paper and In-House Newspaper Production

Initial situation:
A small EU-based publishing company imports paper from a non-EU country, uses it to print newspapers, and distributes them within the EU.
Although the publisher qualifies as an SME, it is the first to place the paper on the EU market, making it an operator under the EUDR. This means the publisher must prove that the paper is legal and deforestation-free and submit a due diligence statement via the central information system. If the paper comes from the same origin over time, a single statement can cover multiple batches for up to one year.

Processing into newspapers:
The publisher uses the imported paper to produce newspapers and places them on the EU market. As an SME working with pre-verified material, it is not required to submit a new due diligence statement for the newspapers. However, it must retain the reference numbers from the existing statement.

Distribution by a wholesaler:
A larger wholesaler purchases the newspapers and distributes them further. Even though the product itself remains unchanged, the wholesaler must submit its own due diligence statement for the newspapers. It may refer to the publisher’s existing statement, but only after verifying its completeness and accuracy. A single statement can also cover multiple deliveries over time, as long as all products meet EUDR requirements.

Conclusion:
Smaller operators benefit from certain simplifications but still hold responsibility in specific roles – especially when importing. Larger traders must take responsibility for verifying and documenting compliance, even for seemingly “finished” products like newspapers.

Obligations Vary – VERSO Supports You in Every Scenario

Anyone placing wood or wood-based products on the EU market must prove their origin and rule out deforestation risks – whether you’re a small furniture retailer or a global paper company. What matters now is knowing your market role, collecting the right data, and taking ownership instead of passing responsibility down the chain.

Our EUDR software solution helps you stay compliant. Automated, efficient, and reliable.

Automate Your EUDR Compliance

Capture supplier data, assess risks and generate your Due Diligence Statement (DDS) automatically – with a tool that integrates seamlessly into your processes.

Learn More

*This information is summarized editorial content and should not be considered legal advice. VERSO assumes no liability. 

Näherinnen in einer Textilfabrik – Symbolbild für die Zwangsarbeit-Verordnung für Lieferketten
22.05.2025

Forced Labour Regulation: What It Means for Your Supply Chain

A new EU regulation on forced labour will take effect in 2027 and expand on existing rules under the CSDDD. Here’s what it’s all about – and what companies need to prepare for.

Key Takeaways

Starting December 14, 2027, products made using forced labour may no longer be imported, exported or sold within the EU. This applies across all industries, regardless of company size or turnover. Supply chain managers will need to take a closer look at their suppliers and strengthen their due diligence processes.

What is the Forced Labour Regulation?

In late 2024, the EU adopted the “Regulation on prohibiting products made with forced labour on the Union market” – also known as the Forced Labour Regulation. It will apply from December 14, 2027.

Its goal is simple: Any product linked to forced labour must not enter or circulate within the EU market. This includes imports, exports and domestic sales.

Just like the EUDR and CBAM, the regulation takes a product-based approach. It doesn’t matter how big your company is or what sector you’re in – if a product in your supply chain involves forced labour, the regulation applies.

The new rules build on and complement existing human rights laws like the German Supply Chain Act (LkSG) and the upcoming CSDDD.

What Counts as “Forced Labour”?

The regulation uses the definition provided by the International Labour Organization (ILO):

“all work or service which is exacted from any person under the threat of a penalty and for which the person has not offered himself or herself voluntarily.”

The ILO lists several warning signs, including:

  • Exploiting vulnerable people
  • Deception
  • Restricting workers’ freedom of movement
  • Isolation
  • Physical or sexual abuse
  • Threats and intimidation
  • Confiscating ID documents
  • Withholding wages
  • Debt bondage
  • Poor or unsafe working and living conditions
  • Excessive overtime

What Does This Mean for Supply Chain Managers?

In short: You’ll need to expand your due diligence processes and include the ILO’s forced labour indicators in your risk assessments.

The Forced Labour Regulation is primarily addressed to national and EU authorities. These authorities are responsible for identifying potential risks and must provide guidance on high-risk regions as well as support services (see also: EU Council – Explanation of the Investigation Procedure). To support this, the EU will set up a dedicated “EU Forced Labour Single Portal.”

If authorities identify signs of forced labour in a company’s supply chain, further investigations will follow.

To comply with the new regulation and demonstrate that your supply chains are free from forced labour, your company will need:

  • Supply chain transparency – Gain a clear overview of potentially high-risk products, suppliers and manufacturers.
  • Active supplier management – Collaborate with your suppliers to eliminate forced labour risks in your supply chains.
  • Enhanced due diligence processes – Build on the structures you already have in place for existing regulations. Resources such as the ILO Helpdesk for Business on International Labour Standards can support your efforts.

How Does the Forced Labour Regulation Differ from the CSDDD?

As a supply chain regulation, the CSDDD already includes human rights requirements and obliges companies to identify and address human rights risks in their supply chains. So why introduce a separate Forced Labour Regulation?

The key difference lies in scope and focus.

  • Unlike the CSDDD, the Forced Labour Regulation applies across all sectors and is not limited to companies with a certain turnover or number of employees. This gives it a significantly broader reach.
  • At the same time, it is much more specific: while the CSDDD addresses overall sustainability in supply chains, the Forced Labour Regulation focuses solely on forced labour.
  • And while the CSDDD relies on penalties, liability claims and public disclosure of violations, the Forced Labour Regulation goes a step further – products linked to forced labour are categorically banned from the EU market.

What VERSO Can Do to Help You Identify and Prevent Forced Labour

Since 2010, VERSO has supported SMEs in turning sustainability goals into real progress. With the VERSO Supply Chain Hub, you gain full visibility across your supplier network, assess risks, take action where it matters, and document your efforts reliably.

Feel free to reach out to us directly. We’d be happy to discuss how VERSO can help you identify and eliminate forced labour risks in your supply chain.

Contact us

*This information is summarized editorial content and should not be considered legal advice. VERSO assumes no liability. 

Baumstamm mit Efeublättern als Symbolbild für die EUDR
04.04.2025

EUDR Explained: Key Requirements, Deadlines, and Compliance Guide for Companies

The EUDR aims to strictly regulate trade in products contributing to deforestation. But what exactly does this mean for affected companies, and how can you prepare? In this article, we answer the most important questions about the EUDR and share practical tips for implementation.

Contents

  1. EUDR explained
  2. Timeline
  3. Affected Companies
  4. Affected Products
  5. Implementation Strategy
  6. Sanctions
  7. Background Information
  8. Download: EUDR Compliance Guide

What is the EUDR? A brief overview

The EUDR introduces extensive due diligence obligations. Companies must ensure their products are deforestation-free. The focus is on transparency and traceability throughout the supply chain — businesses must be able to track a product’s journey from origin to market without gaps.

The EUDR requires companies to collect detailed data. As Klaus Wiesen, our supply chain expert, explains: “Given the complexity, it’s clear that software is a must for implementation. That already applies to the LkSG, but even more so for the EUDR — a pragmatic approach is nearly impossible without digital tools.”

When will the EUDR come into force?

Starting December 30, 2026, the EUDR enters its application phase for large and medium-sized companies. Small companies have until June 30, 2027 to implement the regulation.

Starting December 30, 2026 Starting June 30, 2027
Large and medium-sized companies meeting at least two of these criteria:

– More than 50 employees

– More than €10 million revenue

– More than €5 million balance sheet total

 Small and micro-enterprises meeting at least two of these criteria:

– Fewer than 50 employees

– Less than €10 million revenue

– Less than €5 million balance sheet total

 

Overview on EUDR Deadlines

Who is affected by the EUDR?

The EUDR is product-based and applies to all companies trading EUDR-relevant commodities and products derived from them.

The regulation differentiates between roles within the market, which determines specific obligations — see Determine your EUDR market role below.

Operator Trader
Companies placing EUDR-relevant products on or exporting from the EU market for the first time Companies making EUDR-relevant products available on the EU market

Which products are covered by the EUDR?

The regulation applies to the following commodities and their derived products:

  • Wood
  • Palm oil
  • Coffee
  • Cocoa
  • Cattle
  • Soy
  • Rubber

There are no thresholds or volume limits. The list of covered commodities is expected to expand over time.

Exemptions:

  • 100% recycled materials
  • Packaging materials solely used for support, protection, or transportation
  • User manuals
  • Bamboo products
  • Products manufactured before the EUDR’s reference date (June 29, 2023), except for wood products
Overview on products covered by the EUDR

What conditions must products fulfill under the EUDR?

Starting with the implementation phase: Import, trade and export of the above-mentioned raw materials and their derived products on the EU internal market are only permitted, if these three conditions are met:

  • Deforestation-free: The products were manufactured without converting natural forest into agricultural land or tree plantations after 31.12.2020. This also applies if deforestation was considered legal in the country of origin!
  • Production in accordance with the relevant rights of the country of origin: This concerns both environmental protection and human rights. Species protection measures, anti-corruption measures, labor rights, the UN Declaration on the Rights of Indigenous Peoples, trade law, etc. have been complied with.
  • Due diligence declaration available: A risk assessment has been carried out for the product, the due diligence obligations have been complied with and there is no or only a negligible risk of deforestation.

What requirements apply to the different market roles?

The EU Deforestation Regulation categorizes affected companies as Traders and Operators, and as SMEs and non-SMEs (note: the EUDR uses its own criteria for this).

This leads to different requirements – for example:

  • Operators are required under the EUDR to conduct a risk assessment, mitigate risks, and submit a due diligence statement through the EU system “TRACES.”
  • Traders may rely on this due diligence statement. Large traders must additionally verify the completed risk assessment on a sample basis.
  • The EUDR also introduces documentation and reporting obligations.
  • For SMEs (according to the EUDR definition), implementation is simplified through a reduced set of obligations. They must provide fewer details on their upstream and downstream supply chain and are not required to submit a public EUDR report.

The new proposal by the European Parliament now includes several changes to these roles. The following new requirements apply:

  • Downstream Operators or Traders as a new category with simplified obligations: First downstream Operators and Traders no longer need to conduct due diligence validation of their upstream suppliers and do not need to prepare their own due diligence statements (DDS). They must continue to collect and retain the DDS of their suppliers, but they are not required to pass these statements on to further downstream Operators or Traders (their customers).
  • Small and micro primary Operators in low-risk countries (e.g., small forest owners in the EU): This would also be a new category with simplified rules. A one-time simplified declaration is possible – without geolocation data, only stating a postal address. The goal is to reduce the burden on small farmers within the EU.
  • For Operators importing products (first placers on the market), nothing would change.

Use our free check to quickly determine which category your company falls into and which obligations apply to you.

Start EUDR Check

How can importers prepare? Practical steps for EUDR implementation

Step 1: Collect EUDR data

Gather detailed information about your products and raw materials — including descriptions, volumes, suppliers, and countries of origin.

The EUDR requires geo-location data for every plot where relevant commodities are produced, including production dates — retroactively from December 31, 2020.

Ensure proof that all legal rights are respected in the country of origin.

Step 2: Conduct risk assessment

Evaluate the deforestation risk for any new product or commodity.

Factors include:

  • Country of origin
  • Deforestation trends
  • Political and social conditions
  • Supply chain complexity

The EU will provide a benchmarking system categorizing countries by risk level. Only products with no or negligible risk may enter the EU market.

Step 3: Mitigate risks

If risks are identified, work with suppliers to reduce them. Develop new codes of conduct, strategies, and control measures. Verify compliance via supplier audits or documentation

Step 4: Document and report

Companies must maintain detailed records and submit reports.

For every batch, a due diligence statement or EUDR compliance confirmation must be included — customs will verify compliance based on risk assessments.

Except for SMEs, companies must also publicly report on risk assessments, due diligence processes, and mitigation measures. If your company is subject to the CSRD, you can integrate EUDR reporting into your sustainability report.

What are the EUDR sanctions?

Violations or non-compliance may result in:

  • Confiscation of unlawful profits
  • Fines proportional to the damage caused, minimum 4% of annual turnover
  • Seizure of goods or products
  • Temporary import bans
  • Exclusion from public funding or tenders
  • Public naming and shaming of the company and its violation

Background on the EUDR

In the past 30 years, global deforestation has wiped out an area larger than the EU. Forest loss accelerates climate change and biodiversity loss.

The EUDR follows the EU Timber Regulation (EUTR) from 2013, which was criticized for weak enforcement. As part of the European Green Deal, the EUDR strengthens these efforts.

From 2025 onwards, it will be prohibited to place, make available, or export certain products in the EU market if they are linked to deforestation or forest degradation since January 2021 — regardless of whether the forest is in Germany, Romania, or Brazil.

EUDR Compliance Guide: From Data Collection to Due Diligence Statement

Don’t get lost in the EUDR. Download our free guide with handy checklists, infographics, and FAQs!

Download Guide

*This information is summarized editorial content and should not be considered legal advice. VERSO assumes no liability. 

Subscribe to our newsletter!

Sign up and receive regular news about:

  • Pragmatic all-in-one solution for ESG reporting, climate and supply chain management
  • Best practices in the areas of ESG and sustainable supply chains
  • Developed with expertise from 12+ years of sustainability management
  • Sustainability events and much more.

Get to know the software!

ESG in der Lieferkette
14.02.2025

ESG in the supply chain: 19+1 to-dos

Requirements as far as the eye can see: Where should you best start to establish ESG compliance along the supply chain and unlock the many ESG opportunities for your company? This article shows you how – with 19 to-dos and one bonus tip.

For procurement and supply chain managers, regulations such as the LkSG, CSDDD, CSRD, EUDR, and CBAM mean more documentation requirements, higher transparency demands, and increasing pressure on suppliers.

Despite all these challenges, ESG compliance in the supply chain is an opportunity to identify risks early, reduce costs, and strengthen your own market position. With the right strategy, sustainability can shift from a cost center to a profit center.

But where should you start? This practical checklist with 19 actionable to-dos and one bonus tip provides clarity.

Feel free to share this article if you found it helpful.

Review and prioritize ESG regulations

1. Assess which ESG regulations may affect your supply chain

Supply chain regulations applicable in 2025 Supply chain regulations applicable after 2025
LkSG Forced Labour Regulation
CSRD CSDDD
EUDR ESPR / Digital Product Passport
EU-Taxonomy Right to Repair
CBAM
EU-ETS
Additional regulations such as the EU Battery Regulation or the Circular Economy Act

2. Review which regulations apply to your company and when – some regulations (e.g., CSRD, CSDDD, and EUDR) are implemented in phases

3. For most companies, CSRD, LkSG/CSDDD, CBAM, and EUDR are currently the most relevant

Read more:

Collect ESG data in the supply chain and increase transparency

4. Obtain up-to-date supplier master data and define points of contact

5. Use standardized ESG questionnaires for suppliers and verify them through targeted audits

6. Capture Scope 3 emissions and identify hotspots

7. Define climate targets for the supply chain and implement a climate strategy

Read more:

Identify and manage ESG risks

8. Review suppliers for human rights, environmental, and climate-related risks (abstract, concrete, and event-driven risk analysis)

9. Establish measures for risk prevention and implement remedial actions

10. Establish a holistic, future-proof management system for supply chain risks

Strengthen supplier management for long-term ESG compliance

11. Embed ESG criteria in supplier contracts and communicate a Code of Conduct

12. Assess the ESG maturity level of suppliers

13. Provide training and support for suppliers to improve ESG standards

14. Regularly review supplier ESG performance

Review IT systems and optimize data management

15. Review the interoperability of your IT systems

16. Implement digital ESG data management to ensure full transparency and communication with suppliers

Check off ESG reporting and ensure compliance

17. Consolidate data and standardize reporting processes

18. Ensure regular reporting and leverage synergies: Some BAFA requirements (LkSG) overlap with the ESRS (CSRD), EUDR, and CBAM data and can be reused for CSRD reporting

19. Involve external auditors (e.g., certified public accountants) at an early stage

Bonus tip: How to achieve ESG compliance in the supply chain with less effort

Admittedly, ESG requirements for supply chain managers are demanding. However, with the right strategy, they can be addressed efficiently. Use this checklist as a starting point to make your supply chain ESG-compliant. A more detailed breakdown is available in our practical guide to sustainable supply chains.

Our bonus tip: The VERSO Supply Chain Hub creates transparency and supports you efficiently in implementing the LkSG, CSRD, CBAM, and EUDR – automated and legally compliant.

Practical guide to sustainable supply chains

This guide provides an overview of all key obligations and requirements across 17 pages.

Get the guide
* This information is summarized editorial content and should not be construed as legal advice. VERSO accepts no liability.

This might be also interesting for you:

CSRD und Lieferkette - Was der Einkauf beachten muss
17.06.2024

CSRD and supply chain: What purchasing needs to consider

Read article
Blog Fahrradbranche Lieferkette
09.09.2024

Compliance in the supply chain: How the bicycle industry is mastering the task

Read article

Subscribe to our newsletter

Sign up and receive regular news about:

  • Current ESG topics and legislative changes
  • Individual advice from the VERSO experts
  • News about VERSO
  • Sustainability Events and more

Sign up now!

Blog Fahrradbranche Lieferkette
09.09.2024

Compliance in the supply chain: How the bicycle industry is mastering the task

Sustainability regulatory obligations are increasing and compliance in the supply chain is becoming ever more important. Read our article to find out how companies fullfil the ESG requirements for the supply chain and how VERSO specifically supports the bicycle industry in this task.

The economy is undergoing a profound change. More and more companies are integrating sustainability into their business models. This topic is also becoming increasingly important in the bicycle industry – especially in relation to the supply chain, as this is where the greatest risks and the greatest impact of bicycle manufacturers lie.

Two factors play a key role. Firstly, many companies are launching sustainable initiatives to improve their environmental footprint. This enables them to generate business value and Competitive advantages.

On the other hand, regulatory pressure is growing – including throughtheCSRD reporting obligation, the CO2-border-adjustment mechanism CBAM and the EUDR regulation for deforestation-free supply chains. Compliance with sustainability requirements is becoming mandatory.

CSRD, EUDR and CBAM: New requirements for compliance in the supply chain

There are numerous new requirements in the area of sustainability that also affect the bicycle industry. The CSRD, the EU directive on sustainability reporting, plays a major role. Companies have to provide extensive ESG information – and not only consider their own company, but also the supply chain. We have summarised what exactly is required in our blog post „CSRD and the supply chain”. However, the industry is also confronted with new obligations arising from the use of certain raw materials. For example, companies are subject to the EUDR because rubber is used for bicycle tyres. By using CO2-intensive materials such as aluminium or steel, companies may also be affected by CBAM. Both regulations include an assessment of certain raw materials as well as a documentation and reporting obligation. Those who create transparency here and thus address the risks identified have created the basis for fulfilling almost all requirements and compliance in the supply chain.

Compliance in the supply chain: the challenge of a complex supply chain

Cycling is – apart from walking – the most environmentally friendly form of transport: emission-free, quiet, efficient and climate-friendly. However, this only applies to pedalling. When it comes to the production of bicycles, especially e-bikes, the balance is somewhat different.

In addition to emissions – including CO2-intensive materials – the use of high-risk materials also plays a role. “Raw materials for motors, electronics and batteries are associated with major sustainability risks,” explains Klaus Wiesen, Head of Sustainable Supply Chain at VERSO. In addition, the bicycle industry often has complex supply chains. This makes it all the more important to create transparency with regard to these issues and reduce risks.

The complexity of the supply chain results from the large number of players involved in the production of the numerous components of a bicycle or e-bike. These players are distributed internationally, which results in different framework conditions and long transport routes.

Compared to conventional bicycles, e-bikes bring additional challenges. New technologies and raw materials for the drive and battery have become relevant in production. Here, bicycle manufacturers are competing with industries such as the IT sector, with which they previously had little contact.

CSRD and supply chain: these disclosures are required

The CSRD obliges companies to provide extensive information on the supply chain. Find out what information is required and what opportunities and risks arise from the EU directive.

To the blog post

The growing importance of transparency and data management

“Transparency in the supply chain is the key to complying with current and future regulations,” emphasises Klaus Wiesen. Many VERSO customers have voluntarily established corresponding processes before they are obliged to do so by regulations such as the Supply Chain Act (LkSG).

Riese Müller is a pioneer in the bicycle industry and aims to be the most sustainable company in the e-bike sector by 2025. With the VERSO Supply Chain Hub the company creates the necessary transparency in the supply chain and promotes its suppliers in terms of sustainability. Riese Müller is also improving risk management and supply chain mapping to ensure compliance in the supply chain.

However, not all companies in the bicycle industry are that advanced. A key problem is the collection and management of data along the supply chain. Smaller manufacturers in particular have some catching up to do.

“Many companies have hardly collected any structured data, which now presents them with considerable challenges if they want to fulfil the requirements of CSRD, CBAM, EUDR and other regulations,” says Klaus Wiesen. This is where VERSO comes in and offers solutions to support companies in realigning their processes and fulfilling the requirements.

Compliance in the supply chain: benefiting from the network

VERSO is the bicycle industry’s leading platform for sustainability in the supply chain. Their customers include German companies such as Riese Müller as well as international manufacturers – for example from the Netherlands, Switzerland and the USA.

“As there is a large overlap in the supplier base in the bicycle industry, our customers benefit from the networks created and stored in our software,” explains Klaus Wiesen. All customers also benefit from learning effects from previous projects. VERSO integrates new regulations into its software at an early stage to ensure future compliance in the supply chain.

EUDR: Everything you need to know

The EU regulation for deforestation-free supply chains (EUDR) aims to prevent the ongoing deforestation of forests. In our article, we answer the most important questions about the EUDR.

To the blog post

Leveraging supply chain ompliance as a chance for the bicycle industry

The regulations are not only associated with additional tasks. They also open up new opportunities for companies.

One example is risk management. Companies in the bicycle industry have suffered particularly badly from supply bottlenecks in the past. Resilience in the supply chain has therefore become an important issue. By identifying risks (e.g. political instability, natural disasters or human rights violations), a company can take measures to minimize or avoid the impact of these risks. This ensures robust supply chains.

Bicycle manufacturers’ customers often attach great importance to sustainability. Those who fulfill the compliance requirements show that their company takes responsibility for ethical and environmentally friendly standards in the supply chain. This creates trust, provides a competitive advantage and contributes to the long-term success and good reputation of the brand.

Avoiding reputational damage and penalties also plays a role. Companies that do not fulfill their regulatory obligations must expect sanctions. We have summarised possible penalties in the blog post Sanctions at a glance: The cost of mistakes in reporting and implementing sustainability” for an easy overview.

Holistic sustainability management at VERSO

In order to fulfill the requirements, companies should prepare for the new regulations at an early stage. Thanks to our expertise in the bicycle industry (among others) VERSO is the ideal partner. “With the VERSO Supply Chain Hub we have been supporting our customers for years with transparency in the supply chain and the fulfillment of their due diligence obligations. Our software solution enables optimized preparation for current and future regulations,’ emphasizes Klaus Wiesen.

The supply chain harbors the greatest risks and has the greatest impact in the bicycle industry. However, a holistic view of a company is necessary, particularly with regard to CSRD. This includes the upstream and downstream value chain as well as the company’s own business activities. VERSO offers an all-in-one solution here.

With the VERSO ESG Hub you can collect all relevant data and create a meaningful sustainability report. With the Climate Hub the corporate carbon footprint is calculated and a climate strategy is mapped. The VERSO sustainability experts will support you throughout the entire process. Furthermore, you can gain additional know-how about sustainability in our VERSO Academy courses.

Book a demo

This might also interest you:

Mann schweißt ein Stahlrohr – Symbolbild für den CBAM
30.01.2026

The most important questions and answers on CBAM

Read article
Klaus Wiesen, Head of Sustainable Supply Chains bei VERSO
05.01.2023

The importance and future of sustainable supply chains: Interview with Klaus Wiesen

Read article

Subscribe to our newsletter!

Sign up and receive regular news about:

  • Pragmatic all-in-one solution for ESG reporting, climate and supply chain management
  • Individual advice from the VERSO experts
  • Developed with expertise from 12+ years of sustainability management
  • Trusted by 250+ customers