“I am a downstream operator, so I only need to check the validity of the DDS.”

Sep 4
That is the message many downstream non-SME companies are taking from the Commission’s revised FAQs on the EUDR.

And indeed, the latest FAQs have shifted the meaning of “ascertain.” What originally meant verifying that due diligence “was properly exercised in line with Article 8” is now interpreted as ascertaining that due diligence “was exercised”—by simply confirming that a valid DDS exists upstream.

This interpretation could make sense in theory: once a DDS is submitted, the operator confirms that due diligence was exercised and assumes responsibility. In that light, verifying the validity of the DDS might seem enough. But it may not be so straightforward. 

Responsibility and risk

At the same time as stating that “ascertain” only means checking the validity of a DDS, the FAQs also underline that downstream non-SME operators remain responsible for any non-compliance (indeed, they accept this responsibility when submitting their own DDS). In fact, the FAQs also establish that when there is risk, they will still need to go further and verify that due diligence was properly exercised, requesting evidence and supporting documents.

In conclusion, the role of downstream non-SMEs has been reduced to verifying reference numbers in the Information System—except in those cases where there is a risk of non-compliance.  

The question is: how will you even become aware of this risk if the general obligation is simply to verify the existence of a valid DDS? And what if a “low-risk” product turns out to be non-compliant?  The paradox is clear: you don’t have to verify the proper exercise of due diligence—until a non-compliance is found, at which point you will be held responsible for not having done exactly that.

In practice, it will always be necessary to do what the EUDR itself requires: verify the proper exercise of due diligence, and only in cases where risk is clearly nonexistent should you stop there.