Due diligence system

A due diligence system is a risk management system. If you place timber or timber products on the EU market, you must comply with due diligence.

A due diligence system consists of three elements: access to information, risk assessment and risk mitigation. If you find that the risk of illegality with regard to timber and timber products is higher than negligible on the basis of risk assessment, you must engage in measures to mitigate the risk.

Note: Import from certain contracting countries (VPA countries) requires a FLEGT licence. In that case, a separate due diligence system is not necessary. Further information about the FLEGT licence scheme.

If you are a Finnish forest owner and sell timber, your forest use declaration and certificate of inspection and measurement on delivery are considered a due diligence system. Retaining the certificate of inspection and measurement on delivery for five years is sufficient. The Finnish Forest Centre retains your forest use declaration.

A due diligence system must contain the following elements

1. a) Measures and procedures providing access to the following information concerning the operator’s supply of timber or timber products placed on the market:

• Description, including the trade name and type of product as well as the common name of tree species and, where applicable, its full scientific name
• Country of harvest and, where applicable:
  • sub-national region where the timber was harvested
  • concession of harvest
• Quantity (expressed in volume, weight or number of units)
• Name and address of the supplier to the operator
• Name and address of the trader to whom the timber and timber products have been supplied
• Documents and other information indicating the compliance of the timber and timber products with the applicable legislation.

1. b) Risk assessment procedures enabling the operator to analyse and evaluate the risk of illegally harvested timber or timber products derived from such timber being placed on the market.

The procedures must take into account the information in point (a) as well as relevant risk assessment criteria, including:

• Assurance of compliance with the applicable legislation. The assurance may include certification or other third-party-verified schemes which cover compliance with the applicable legislation
• Prevalence of illegal harvesting of certain tree species
• Prevalence of illegal harvesting or practices in the country of harvest and/or sub-national region where the timber was harvested, including consideration of the prevalence of armed conflict
• Sanctions imposed by the UN Security Council or the Council of the European Union on timber imports or exports
• Complexity of the supply chain of timber and timber products.

1. c) Risk mitigation procedures which consist of a set of adequate and proportionate measures and procedures for effectively minimising the risk. The risk mitigation procedures may also include requirements for additional information or documents and/or a third-party inspection unless the risk identified through the risk assessment procedures referred to in point (b) is negligible.

Application of a due diligence system

The EU’s Implementing Regulation (EU 607/2012) regulates the detailed rules of an appropriate due diligence system. According to the regulation, the due diligence systems for each different timber type or timber product must be assessed at least every 12 months if the timber or timber product supplier, timber type, harvest country, state-internal area or timber harvest permits do not change. For example, if the timber delivery area or supplier changes, the due diligence system must be re-applied.

The delivery information collected by the operator and the documentation on the risk mitigation procedures must be retained for 5 years. In addition, the operator must be able to demonstrate how the compiled information has been inspected, how the decision concerning the applied risk mitigation procedures was made and how the scale of the risk was defined.

The operator may use their system or systems provided by EC-approved monitoring organisations. The operator must regularly maintain and assess their due diligence system unless the operator uses a system provided by a monitoring organisation.