EUDR Risk Assessment Template (Article 10)

The EUDR requires every operator to conduct a risk assessment before filing a Due Diligence Statement. Article 10 defines fourteen specific factors that must be evaluated — not just deforestation. Operators who assess only land-use change and conclude their risk assessment is complete expose themselves to enforcement action on the factors they never examined.

What is an Article 10 risk assessment?

Under the EU Deforestation Regulation (Regulation 2023/1115), risk assessment is the second step of the due diligence process, following information collection (Article 9) and preceding risk mitigation (Article 11). Article 10(2) sets out fourteen factors that operators must evaluate when determining whether products are deforestation-free and legally produced. These factors span environmental, legal, governance, human rights, and supply chain dimensions. The assessment must be documented, retained for five years, and made available to competent authorities on request. A narrow assessment addressing only deforestation gives false confidence — the regulation requires comprehensive evaluation across all fourteen factors.

What this template covers

This checklist is structured around five clusters grouping all fourteen Article 10(2) factors. For each factor, document your data sources, findings, and risk conclusion.

Land and environment — Articles 10(2)(b) and 10(2)(k)

• Obtain satellite imagery for each source plot, anchored to the December 31, 2020 cutoff, at resolution sufficient to detect vegetation change
• Cross-reference plot coordinates against at least two independent deforestation alert datasets (e.g., Global Forest Watch, JRC Tropical Moist Forest)
• Assess whether any source plot overlaps with protected areas, high conservation value areas, or peatland
• Review scientific literature and government reports on deforestation risk for each sourcing region
• Document the methodology: data sources, resolution, flagging thresholds, and date ranges assessed
• Record a risk conclusion per source plot — negligible or non-negligible — with supporting rationale (the EUDR requires risk to be negligible before a DDS can be filed; any non-negligible finding triggers Article 11 mitigation)

Legal and governance — Articles 10(2)(a), 10(2)(e), 10(2)(h), 10(2)(i), and 10(2)(l)

• Check the country or subnational risk classification published under the EUDR amending regulation; document the classification level for each sourcing origin
• Assess corruption prevalence using Transparency International CPI or equivalent indices; record the score and year referenced
• Determine whether any sourcing region is subject to armed conflict using the Uppsala Conflict Data Program or equivalent
• Verify whether the sourcing country, any supply chain entity, or any beneficial owner is subject to UN Security Council or EU sanctions
• Check whether competent authorities in any Member State have published non-compliance findings relevant to the commodity, origin, or supplier
• Document the legal framework governing production in each sourcing country, including harvesting, land-use, labor, and environmental laws

Human rights — Articles 10(2)(c), 10(2)(d), and 10(2)(j)

• Assess whether indigenous peoples hold customary or statutory rights over any sourcing area; consult FPIC records where available
• Evaluate whether local community land rights or tenure are contested or unresolved, using land registry records and civil society reports
• Screen for forced labor, child labor, or labor rights violations in the commodity sector and sourcing region, referencing ILO databases and the US DoL List of Goods Produced by Child Labor or Forced Labor
• Record data sources consulted for each human rights factor, the date of review, and findings

Supply chain — Articles 10(2)(f) and 10(2)(g)

• Map the supply chain from source plot to EU market entry, identifying every intermediary, processor, aggregator, and trader
• Identify all mixing points where product from multiple origins is combined; assess whether traceability is maintained through each
• Evaluate whether the number of intermediaries or chain complexity increases the risk of non-compliant product entering the supply
• Assess circumvention risk: determine whether the product transits through countries or free trade zones where re-documentation or origin laundering has been documented
• Document how traceability is maintained at each step — by lot, batch, or consignment — and identify gaps

Third-party evidence — Articles 10(2)(m) and 10(2)(n)

• Identify all certifications, verification schemes, or third-party audits held by suppliers (e.g., FSC, PEFC, RSPO, Rainforest Alliance)
• Assess each certification's scope, validity period, and audit methodology to determine whether it covers the specific product, origin, and time period
• Document explicitly that certifications inform the risk assessment but do not replace the operator's own due diligence obligation under Article 10(3)
• Record any third-party reports, NGO investigations, media reports, or whistleblower information relevant to the sourcing origin or supplier

How to use this template

Step 1: Collect information first. Complete Article 9 information collection before beginning risk assessment. You need geolocation data, supplier documentation, and product identification before assessing risk.

Step 2: Work through each cluster systematically. Assign a responsible person and review date to each cluster. Do not skip factors — the regulation requires consideration of all fourteen.

Step 3: Document your risk conclusion per factor and overall. Record data sources consulted, findings, and a determination — negligible or non-negligible. Where risk is non-negligible, the assessment feeds directly into Article 11 risk mitigation. The DDS can only be filed once risk is reduced to negligible.

Step 4: Retain and link to your DDS. The completed risk assessment is the evidentiary backbone of your Due Diligence Statement. Store it with supporting data and methodology notes for the five-year retention period.

How to implement this in your organisation

Assign ownership. Your compliance officer or sustainability manager owns this template and is accountable for ensuring all fourteen Article 10 factors are assessed and documented. Risk managers contribute governance and country-level analysis; procurement and sourcing teams provide supply chain mapping inputs. Refer to the relevant commodity-specific checklist for operational evidence collection details.

Set the review cadence. Reassess the risk evaluation quarterly and immediately when triggered by a new supplier, a new production plot entering the supply base, a country or sub-national risk reclassification by the European Commission, or a material change in sourcing conditions such as new deforestation alerts or conflict escalation.

Define your escalation path. Any factor assessed as non-negligible triggers Article 11 risk mitigation before the DDS can be filed. The responsible team member escalates unresolved non-negligible findings to the export manager within 48 hours, documenting the factor, evidence gap, and proposed mitigation measures.

Connect to existing workflows. Integrate the risk assessment into your supplier onboarding and periodic supplier review processes so each new origin is evaluated before the first consignment ships. Link deforestation screening data, governance indices, and certification records to your existing compliance management system, and store completed risk assessments alongside the DDS evidence package for the mandatory five-year retention period.

Who needs this template

• Compliance officers responsible for building and maintaining EUDR due diligence systems across commodities and origins
• Risk managers evaluating supplier and country-level risk exposure for EUDR-covered supply chains
• EU importers and operators who must file a Due Diligence Statement and demonstrate that a comprehensive risk assessment was performed
• Legal and audit teams reviewing the adequacy of existing due diligence procedures against the full Article 10 requirements

Can I assess only the factors relevant to my commodity?

No. Article 10(2) requires operators to take all fourteen factors into account. Some factors may yield a negligible risk finding for your specific supply chain, but you must still document that you assessed them and explain why the risk is low. Omitting a factor entirely leaves a gap a competent authority can challenge.

Do certifications satisfy the risk assessment requirement?

Article 10(3) is explicit: certifications and third-party verification schemes may be used as part of the risk assessment, but they cannot substitute for the operator's own assessment. You must still evaluate each Article 10 factor independently, even where a certification covers some aspects.

How often must the risk assessment be updated?

The regulation does not prescribe a fixed interval, but operators must ensure their risk assessment reflects current conditions. Material changes — a new conflict in a sourcing region, updated country risk classifications, new deforestation alerts — require reassessment. Best practice is to review at least annually and upon any significant supply chain change.

What happens if one factor shows elevated risk but the rest are negligible?

A single elevated-risk finding does not automatically disqualify a product. It triggers Article 11 risk mitigation obligations: the operator must take adequate measures to bring the risk to a negligible level before the product can be placed on the EU market. If mitigation is not possible, the product cannot proceed.

Building a defensible risk assessment across all fourteen Article 10 factors requires structured evidence collection, consistent methodology, and auditable documentation. ResourceLedger provides the evidence infrastructure to support this process — collecting, verifying, and retaining the data that underpins each risk determination. Book a demo to see how it works for your supply chain.