EUDR Penalties Explained: Fines, Sanctions, and How Enforcement Actually Works
Most EUDR compliance conversations focus on how to do due diligence. Far fewer focus on what happens when you don't. That gap is dangerous - because the penalty regime under Regulation (EU) 2023/1115 is not a soft backstop. It is a structured, EU-wide enforcement framework with financial, operational, and reputational teeth that can permanently alter a company's market position.
This post covers the penalty regime in full: the fine floor, the non-financial sanctions that often hurt more, who enforces and from when, how checks are selected, and what you can do right now to reduce your exposure.
The 4% Fine: What Article 25 Actually Says
The headline number is well-known. What is less understood is the structure behind it.
The EUDR requires Member States to establish penalties that are "effective, proportionate and dissuasive" under Article 25. Each Member State writes its own national penalty rules - but the regulation sets a hard floor they cannot go below.
For serious infringements, fines must be set at a maximum of at least 4% of the operator's or trader's total annual EU-wide turnover in the previous financial year. Fines must correspond to environmental damage and the value of the relevant commodities or products.
The 4% figure is a minimum ceiling - Member States can go higher. And the fine is calculated on total EU-wide turnover, not just the revenue from the non-compliant product line. For a large commodity trader or food manufacturer, that number can run into tens or hundreds of millions of euros.
Fines are scaled based on environmental harm, financial benefit gained, and prior violations. Specifically, the factors that push a fine upward include:
- The scale of environmental damage caused
- The value of the commodities or products involved
- The financial benefit gained from the infringement (including from stockpiles)
- Whether the company has prior infringements on record
If necessary, fines can be adjusted to surpass the economic benefit gained from the breach. The logic is explicit: non-compliance must never be the cheaper option.
The 4% fine applies to total EU-wide annual turnover — not just the revenue from the product in question. For a €500 million turnover company, a serious infringement could mean a €20 million fine floor. Member States may set the ceiling higher.
Beyond the Fine: The Non-Financial Sanctions
For many operators and traders, the financial penalty is not the most damaging consequence. The non-financial sanctions can be operationally catastrophic - and they can stack on top of each other.
The EUDR's penalty framework includes: confiscation of the relevant products; confiscation of revenues from transactions involving those products; temporary exclusion from public procurement and access to public funding for up to 12 months; and, for serious or repeated infringements, a temporary prohibition from placing, making available, or exporting relevant commodities and products.
Prohibition from exercising simplified due diligence is also imposed in the event of a serious infringement and/or repeated infringements. That last point matters: losing the right to use simplified due diligence forces a company back to full due diligence procedures for every shipment - a significant operational burden.
Multiple penalties can apply together. A single serious infringement could simultaneously trigger a fine, product confiscation, a market ban, and procurement exclusion.
Here is how the full sanction menu compares:
| Sanction | When It Applies | Duration / Scope | Practical Impact |
|---|---|---|---|
| Financial fine | Any infringement (scaled to severity) | One-off; minimum ceiling of 4% EU turnover for serious cases | Direct financial loss; can exceed economic benefit gained |
| Product confiscation | Non-compliant goods identified | Permanent seizure of the shipment | Loss of inventory value; supply chain disruption |
| Revenue confiscation | Profits derived from non-compliant goods (incl. stockpiles) | Covers all revenues from the infringement | Clawback of gains; may exceed fine amount |
| Public procurement exclusion | Infringement confirmed | Up to 12 months | Loss of government contracts and public funding access |
| Market / export ban | Serious or repeated infringement | Temporary; duration set by national authority | Blocked from placing or exporting regulated products in EU |
| Simplified due diligence ban | Serious or repeated infringement | Temporary; duration set by national authority | Full DDS required for every shipment — major operational burden |
| Public naming | Any confirmed infringement | Permanent record on Commission website | Reputational damage; investor, customer, and media exposure |
Authorities are required to report enforcement outcomes to the European Commission, which will publish company names, violations, and penalties - making reputational risk a built-in feature of the enforcement architecture, not an incidental side effect.
In some cases, losing access to the EU market is a much bigger deal than paying a fine. A temporary market ban, even for 90 days, can void long-term supply contracts, trigger penalty clauses with buyers, and force emergency supplier substitutions that take months to unwind.
Who Enforces - and From When
Under the EUDR, EU Member States are responsible for enforcing the law through their designated competent authorities - for example, customs authorities, environmental agencies, or other regulators appointed at the national level.
Competent authority enforcement obligations begin 30 June 2026 - ahead of the main operator compliance deadline of 30 December 2026 (and 30 June 2027 for micro and small enterprises). This sequencing is deliberate: authorities are expected to be operationally ready to check, audit, and sanction before the full wave of DDS submissions begins.
Member States have already designated their national competent authorities. In Germany, the Federal Office for Agriculture and Food (BLE) is responsible for monitoring DDS and conducting risk checks. In France, the Ministry of Ecological Transition oversees compliance through its environmental inspection units. In the Netherlands, the Netherlands Food and Consumer Product Safety Authority (NVWA) acts as the enforcement body, focusing on import control and verification.
These authorities carry legal authority to audit, investigate, and, where needed, apply penalties. Unlike scheduled financial audits, EUDR inspections can be unannounced - competent authorities may request documentation, review systems, or inspect facilities without prior notice.
How Checks Are Selected: Risk-Based Inspection Rates
Enforcement is not random. The EUDR's benchmarking system - which classifies every country as low, standard, or high risk - directly determines how often your shipments will be inspected.
Minimum inspection rates are set by country risk tier: 9% of operators and volumes for high-risk countries, 3% for standard-risk countries, and 1% for low-risk countries. These are minimum thresholds - competent authorities may exceed them.
Inspections can include documentary checks, review of due diligence statements, verification of geolocation data against satellite imagery, and physical inspections of products and facilities.
The competent authorities use a national risk criterion that considers several factors, including the commodities, complexity of supply chain, and assessed risk of the country of production to carry out the annual checks.
Beyond scheduled checks, substantiated concerns from NGOs or the public can trigger investigations outside regular inspections. This means a company sourcing from a contested region can face an unscheduled audit even if it falls within a low-inspection-rate tier.
The Role of TRACES, DDS Reference Numbers, and Customs
The enforcement infrastructure is digital and coordinated across all 27 Member States.
The EUDR Information System is built on the existing TRACES NT platform and is already live. All DDS submissions are centralised within this system. Competent authorities have full access to review operator-submitted DDS and supporting documents, cross-check product details with customs declarations, and flag incomplete, inaccurate, or suspicious data for follow-up inspection.
Upon successful submission, TRACES generates a unique EUDR reference number. This number must be communicated to customs brokers for inclusion in import declarations. Every shipment of EUDR-regulated commodities must include a valid DDS reference number. Customs will block shipments missing this requirement, leading to delays and potential penalties.
If a DDS is missing, incomplete, or associated with a high-risk source or flagged operator, customs can delay or suspend the release until a competent authority completes its review. This early-stage enforcement prevents non-compliant goods from entering the EU market in the first place.
By June 2028, the EU will launch a fully integrated Single Window Environment - an automated interface connecting national customs systems with the EUDR database. Once in place, customs officers will receive real-time alerts if a DDS is missing or linked to risk indicators.
Combined with the requirement for information sharing between Member States and with the European Commission, the EUDR aims to create a coordinated enforcement framework across the EU. A company flagged in Rotterdam can expect that intelligence to be visible to authorities in Hamburg, Antwerp, and beyond.
What "Serious Infringement" Means in Practice
The regulation reserves its harshest sanctions - market bans, simplified due diligence prohibition - for serious infringements. While Member States define this in national law, the regulation points to several aggravating factors:
- Scale of environmental harm: infringements linked to significant deforestation events
- Repeated violations: a prior infringement record escalates the response
- Deliberate or negligent conduct: submitting false or misleading DDS data
- High-value transactions: large volumes of non-compliant product
What often catches companies off guard is that it isn't always the big, obvious violations that trigger penalties. Sometimes it's the small oversights that end up doing the most damage - something as simple as leaving out a geolocation point in a data file, or submitting documentation a little later than required, can snowball into a major issue once customs authorities or regulators take a closer look.
How to Reduce Your Enforcement Risk
The enforcement framework is designed to be defensible - companies that build clean, documented, audit-ready systems are far less likely to face serious sanctions. Here is what that looks like in practice.
Every shipment needs a valid DDS reference number in TRACES before customs clearance. Missing or incomplete submissions are the most common trigger for customs holds. Ensure geolocation data, CN codes, quantities, and country of production are all present and consistent with your supporting records.
Your risk assessment (Articles 10/11) is what competent authorities will scrutinise first. It must be specific to each supplier and sourcing area — not a generic template. Document the evidence you relied on, including satellite data, supplier declarations, and certification records.
All supporting documents — geolocation files, risk analyses, supplier contracts, satellite reports — must be kept for a minimum of five years and retrievable within days of an authority request. Scattered records across supplier emails and local drives will not survive an inspection.
Sourcing from standard- or high-risk countries means higher inspection rates (3% and 9% respectively) and more intensive scrutiny. If you source from high-risk origins, expect physical inspections and satellite cross-checks — not just document reviews.
If a competent authority issues a formal notice, you have a deadline to take corrective action. Failure to respond escalates enforcement. Treat any authority contact as a priority — not a routine compliance task.
Deforestation monitoring must be ongoing. If satellite monitoring reveals fresh clearing on a plot linked to an already-filed DDS, you have obligations to act — potentially informing competent authorities and halting further shipments from that source.
Estimate Your Penalty Exposure
Use this calculator to get a rough sense of what a serious EUDR infringement could cost your business. This is illustrative only - actual penalties depend on national law and case-specific factors.
The Bottom Line
Companies should treat EUDR compliance much like other major regulations such as GDPR or AML rules - the cost of non-compliance can far exceed the cost of building a proper due diligence system.
The enforcement architecture is real, coordinated, and already being stood up. Competent authority enforcement obligations begin 30 June 2026. Authorities will be checking before most operators are even required to submit their first DDS. The window to get your house in order is now - not after your first customs hold.
A clean DDS, a defensible risk assessment, and five years of retrievable records are not just compliance boxes to tick. They are your primary defence against sanctions that can block your products from the EU market, claw back your profits, and put your company name on a public list of infringers.
Is the 4% fine a maximum or a minimum?
It is a minimum ceiling — the regulation requires Member States to set the maximum fine at at least 4% of total annual EU-wide turnover for serious infringements. Member States can legislate a higher ceiling. The actual fine imposed in any case will be proportionate to the severity of the infringement, environmental harm, financial benefit gained, and prior violations.
Can multiple sanctions apply at the same time?
Yes. A single serious infringement can simultaneously attract a financial fine, confiscation of the non-compliant products, confiscation of revenues (including from stockpiles), a temporary market/export ban, exclusion from public procurement, and prohibition from using simplified due diligence. There is no rule preventing these from stacking.
When does enforcement actually start?
Competent authority enforcement obligations begin 30 June 2026. The main operator compliance deadline is 30 December 2026 (30 June 2027 for micro and small enterprises). This means authorities will be operationally ready to inspect and sanction before the full DDS submission regime is in force.
How are companies selected for inspection?
Inspections are risk-based. The minimum check rates are 9% of operators and volumes for high-risk countries, 3% for standard-risk, and 1% for low-risk. Competent authorities can exceed these thresholds. Additional triggers include incomplete or suspicious DDS submissions, substantiated concerns raised by NGOs or the public, and prior infringement history.
What happens if my DDS is missing at customs?
Customs will block or suspend the release of the shipment until a competent authority completes its review. A missing DDS reference number is one of the most common triggers for customs holds. Once the EU Single Window Environment is fully integrated (expected by June 2028), customs officers will receive real-time automated alerts for missing or flagged DDS submissions.
Are SMEs exempt from penalties?
No. While micro and small enterprises have a later compliance deadline (30 June 2027) and lighter due diligence obligations, they are not exempt from enforcement if they break the rules. Penalties apply to any operator or trader found to be in infringement, regardless of company size.
Related reading
EUDR Cocoa Compliance: The Practical Guide for Importers, Traders, and Chocolate Makers
Everything cocoa importers, traders, and chocolate manufacturers need to know about EUDR compliance - products in scope, geolocation, mass balance, risk origins, and the December 30, 2026 deadline.
EUDR Operator vs. Trader: How Your Role in the Supply Chain Determines Your Obligations
Are you an EUDR operator or a trader? Your role - not just your size - determines what you must do and when. A plain-English guide to role classification, DDS duties, and the 2025 changes.
EUDR Risk Assessment and Mitigation: How to Complete Articles 10 and 11
Collecting supplier data is step one. Articles 10 and 11 of the EUDR require you to assess that data and mitigate any non-negligible risk before you can legally place products on the EU market.