We think that EUDR's legality test is the harder, less-built half of the regulation. The EU's own inspectors call it unsolved, and the same test governs the UK's deforestation law and the US Lacey Act.

A coffee plot can pass every deforestation check EUDR throws at it, no tree-cover loss since the 31 December 2020 cut-off, a clean satellite verdict, and the shipment can still be illegal.

The plot might sit inside a protected area, or on land the producer has no title to, or have been produced in breach of local land or labour law. Article 3 of the regulation sets two conditions for selling into the EU: a commodity has to be deforestation-free, and it has to be produced in accordance with the laws of the country of origin. The commodity itself is legal to grow and trade; what makes a specific plot non-compliant is where and how it was produced, not what it is. For three years the budgets and the vendor demos have gone almost entirely to the first condition: geolocation capture, satellite alerts, polygon checks. Legality got a questionnaire and a folder for certificates. Both conditions carry the same penalty, fines up to 4% of EU-wide turnover, and both have to hold for the same shipment. We’ve one thing learned over the course of many client and partner discussions: the legality test is the one most operators have not actually built.

Inspectors have identified that legality is the unsolved problem for EUDR

Legality has a precise meaning. The regulation defines "relevant legislation of the country of production" as eight areas of law: land-use rights, environmental protection, forest-related rules, third parties' rights, labour rights, human rights, the free, prior and informed consent of Indigenous peoples, and tax, anti-corruption, trade and customs rules. A commodity fails the legality test if it breaches any one of them, whatever the imagery shows.

In 2025 several EU competent authorities, the Netherlands' NVWA among them, ran with real operators. The pattern they reported was consistent. Companies could produce evidence that their sources were deforestation-free, then stalled on legality. The European Forest Institute, which documented the exercises, recorded the authorities' own finding that "simply collecting data and documents is not enough," and that "in most places, there are no documented or centralised records of land-use rights or of other relevant legal issues." Many legal requirements, the report added, are prohibitions that "cannot be proven with a document" in the first place.

This is a substantive problem for large operators as the December deadline approaches. Forest Trends , analysing 2013 to 2019, found that about 69% of the tropical forest loss driven by commercial agriculture was illegal, conducted in violation of national laws, with Brazil above 95%. A legality screen is the part of the regulation that catches most of the actual harm.

How might we design the world’s best legality screens?

Only some of that data we’d need to build a screen is mature. About 17.6% of the world's land sits inside documented protected areas, a single global layer you can overlay directly. The harder truth is that the legal-rights data is thin exactly where it matters. The World Bank's long-standing estimate is that only about 30% of the world's population holds legally registered rights to its land, which leaves roughly 70% without documented title. Indigenous peoples and local communities customarily hold more than half the world's land and have legally recognised rights to about a tenth of it . LandMark , the main global map of Indigenous and community land, covers around 30% of it and says plainly that the rest is missing.

So legality splits in two. One half is observable, where the plot is and what it overlaps, and that is a mapping problem you can largely automate. The other half, labour conditions, whether consent was given, tax and corruption, is not a map question, and pretending it is leaves you relying on a supplier's paperwork you cannot independently check, often a permit or attestation in a language you do not read and whose validity you have no way to confirm. An honest screen runs the two differently: an overlay for the spatial laws, and dated, sourced evidence for the rest.

What a technology - enabled legality screen looks like in practice

Article 10 defines fourteen risk criteria, and our legality screen addresses each one with a named dataset and a stated method, so every finding traces to a source. This helps protect our users in the face of an audit. Our approach leverages LLMs to assesses hundreds of sources that would otherwise take months to aggregate and comb through.

Some of the criteria are pure geography. Whether a plot or supply shed overlaps a protected area is a spatial join against the World Database on Protected Areas; whether it overlaps an Indigenous territory is a join against Native Land Digital's global boundaries. Both run automatically and the same way every time.

Other criteria are about governance. They come from five independently maintained indices: Transparency International's Corruption Perceptions Index, the World Bank's Worldwide Governance Indicators, Freedom House's Freedom in the World, the UCDP/PRIO armed-conflict data, and the Global Sanctions Database for EU and UN measures. Each maps to a specific Article 10 concern, corruption, weak enforcement, conflict, sanctions, and contributes calibrated points to the score.

The screen also maps the full body of law that applies to that commodity in that jurisdiction, then looks for incidents tied to those specific laws, down to the sourcing region and the individual supplier. The adverse coverage it surfaces sorts into three levels. Some signals are national, about the commodity across a country, such as illegal logging in Ghana linked to its cocoa trade. Others point to a sourcing region, such as a land-rights dispute in a particular district. A third kind attaches to the facility itself, where a named producer or site has been cited. Naming the level tells the operator whether the question sits with a country, a region, or a single supplier.

A few criteria cannot be automated at all. Whether the free, prior and informed consent of an Indigenous community was actually obtained is a documented process, so the screen flags where that consent is required and leaves the operator to supply the record. The design rule is to identify risk, not manufacture false assurance.

We produce a graded legality score, low, medium or high, with the contributing criteria itemised (low under four points, high at eight or more). It is a structured, auditable basis for the operator's determination, and it shows which criteria drove the result. The deforestation check stays separate: a per-plot satellite call against the 2020 cut-off, run as a six-system ensemble, the one part of the assessment that returns a binary verdict instead of a graded score.

The screen surfaces the risk; the operator still collects and defends the underlying documents. And because the engine is organised around which laws apply where, it is not tied to EUDR. Point it at another regime and the law list changes while the method holds: the same machinery has been run against the US Lacey Act, the Fair Labor Standards Act, the Clean Water Act and the FCPA on a non-EUDR supply chain.

If you’d like to learn more about how we’ve built our legality screening tests or leverage the product in your supply chain, reach out to us here .

Or, subscribe to our newsletter to get the latest on supply chain risk management, EUDR, deforestation, water stress, and the latest trends in geospatial AI.