EUDR: MSPO Helps, But Is Not Carte Blanche

The EUDR was back in the headlines recently when an EU–Malaysia statement acknowledged the Malaysian Sustainable Palm Oil (MSPO) certification as “a credible sustainability scheme with a high standard digital traceability system that can facilitate operators’ compliance with the EUDR when sourcing deforestation-free and legal agricommodities from Malaysia.”[1]

MSPO can indeed facilitate compliance. However, certification is not carte blanche under the EUDR: EU operators must still complete plot-level geolocation, verify legality, assess and mitigate risk where needed and file a Due Diligence Statement – for Malaysian producers, this means not only supplying polygon geolocation but equally compiling auditable proof of compliance with Malaysian law at every stage and maintaining segregated, fully traceable supply chains for EU-bound consignments.

The EUDR remains a due-diligence law – not a certification law. This article explains what that means in practice for Malaysian producers and EU buyers – and how to prepare now.

Background to the EUDR

The European Union Deforestation Regulation (EUDR) is entering its operational phase. From 30 December 2025, the EU operator placing goods on the EU market must file a digital Due Diligence Statement (DDS) via the EU’s online EUDR Information System – Malaysian exporters supplying palm oil, natural rubber or timber-based goods must provide the data that enables this filing.

The DDS must confirm that the products are:

• deforestation-free; and
• produced in accordance with relevant Malaysian laws (where produced in Malaysia) – including land tenure and use rights, environmental approvals, labour and OSH standards, tax and customs, and respect for third-party and indigenous rights.

Failure on either limb will, in practice, lead EU buyers to refuse procurement given the risk of product seizure, fines of up to at least 4 % of EU turnover and, in serious cases, exclusion from market participation.

Malaysia is currently treated as standard-risk, which triggers documentary and identity checks on at least 3 % of consignments – compared with 1 % for low-risk origins. The distinction is quantitative rather than qualitative: the core obligations apply to every shipment regardless of risk label, and a lower audit frequency does not create any margin for shortcuts.

⮕ For a deeper dive, see our explainer: EUDR 2025–2026: What Malaysian palm oil, rubber and wood exporters must know and do next.

What the EU–Malaysia statement actually says – and what it does not say

The EU–Malaysia statement does not change any of the above. It does three useful things:

• First, it acknowledges MSPO as a credible sustainability scheme that can facilitate EUDR compliance.
• Second, it welcomes Malaysia’s national centralised system that integrates digital traceability, polygon maps and legality data.
• Third, it commits both sides to continued technical cooperation and industry outreach.

Equally important is what the statement does not do. It does not:

• turn MSPO into carte blanche or create any “green lane” – certification is supportive evidence, not automatic compliance;
• waive either limb of the test – products must be deforestation-free and legal under Malaysian law;
• shift the legal responsibility away from the EU operator – operators must still collect plot-level geolocation, verify compliance with Malaysian law, assess and mitigate risk and file a Due Diligence Statement;
• re-benchmark Malaysia to low risk – standard-risk treatment and the associated minimum 3 % checks continue until the EU’s formal benchmarking changes;
• alter timelines, scope or penalties under the EUDR; or
• change the cut-off date – the EUDR test remains 31 December 2020.

What the EUDR requires in practice

Before a product can be placed on the EU market, the EU operator must:

1. collect plot-level geolocation (polygon) for production areas;
2. verify legality in the country of production;
3. carry out a documented risk assessment and, if needed, risk mitigation; and
4. submit a Due Diligence Statement via the EU Information System (TRACES).

Certification’s role is supportive, not substitutive. The Commission’s guidance is explicit: third-party schemes may be used as supporting evidence in the operator’s risk assessment, but they cannot substitute the operator’s due-diligence obligations – there is no automatic compliance through certification.

Timelines and checks you need to plan for

Following the one-year phase-in extension, obligations apply from 30 December 2025 for large/medium companies and from 30 June 2026 for micro/small enterprises. Member-state authorities plan risk-based checks – 3 % for standard-risk for Malaysia. Until a country is formally benchmarked as “low risk”, full due diligence applies.

MSPO – where it helps vs where EUDR still demands more

MSPO provides credible sustainability assurance and a strong digital traceability backbone that can facilitate EUDR compliance. The EUDR, however, as mentioned above, is a due-diligence regime – not a certification regime.

In practice, EU operators must be able to demonstrate – in a form that would withstand a competent-authority audit – that each consignment is traceable to the plot, is deforestation-free against the legal cut-off and was produced in conformity with numerous Malaysian laws.

On the supply side, Malaysian producers and traders should treat MSPO as the starting framework and ensure that the underlying evidence and data flows meet EUDR evidentiary standards. This means maintaining transparent, segregated chains for EU-bound volumes, keeping production and legality records in an audit-ready state and cooperating swiftly where risks are identified. MSPO can streamline these steps but nothing more.

What Malaysian growers, mills and traders must do immediately – legal first

This subsection focuses on the EUDR’s “produced in accordance with relevant legislation” limb.[2] The other EUDR tasks (plot-level geolocation, risk assessment and mitigation, segregation of EU-bound flows and the Due Diligence Statement) – still apply and should run in parallel, but the priority here is to get the legal compliance file audit-ready.

‍⮕ Facilitate compliance and download Aqran Vijandran's Legal Compliance Dossier Checklist.

This emphasis is deliberate: in Malaysia, the “no-deforestation” limb is, in many supply chains, closer to operational readiness due to MSPO’s traceability upgrades and ongoing polygon-mapping work, whereas the “relevant legislation” limb spans multiple statutes and agencies and is where dossiers most often fall short.

Accordingly, the immediate task for Malaysian companies is to compile auditable proof of compliance with Malaysian law at every stage, while the geolocation, risk assessment/mitigation, segregation and DDS workstreams continue in parallel.

Here are the legal-first, do-now steps every Malaysian company in the palm oil industry, which intends to form part of EU supply chains beyond 2025 should take:

1. Map your legal footprint: list every estate, smallholder cluster, outgrower, mill and trading entity feeding EU-bound consignments. For each, name the applicable Malaysian regimes and authorities (land, environment, forestry, labour/OSH, tax/customs, anti-corruption, indigenous rights).

2. Prove land use rights: assemble titles or use-right documents, boundary surveys matching your polygons, estate plans, land rent/payment receipts, and any approvals for conversion. Where relevant, add Indigenous People or customary rights evidence and settlement agreements.

3. Lock down environmental compliance: collect required approvals and licences (including EIA where thresholds apply), operating permits, discharge consents, scheduled-waste registers, monitoring reports and inspection outcomes. Put expiry and renewal dates on a single tracker.‍

4. Document third-party and indigenous rights: maintain a clear record of stakeholder engagement, consent where required, grievance handling and outcomes. Where the principle of free, prior and informed consent (FPIC) is applicable, keep meeting notices, attendance, minutes, maps reviewed with communities and signed consent forms.

5. Labour and human-rights compliance: keep contracts, age/identity checks, payroll and minimum-wage evidence, working-time and overtime records, accommodation and OSH documentation, EPF/SOCSO contribution proofs and zero forced-/child-labour attestations supported by audits and worker interviews.

6. Tax, trade and customs: file proof of registrations and current filings, cess/levy payments where relevant, export licences or permits, HS classifications, certificates and shipping documentation. Ensure names, addresses and entity numbers match across all documents.

7. Anti-corruption controls in practice: implement and evidence “adequate procedures”: risk assessment, policy, training, gift/hospitality registers, third-party due diligence for agents and contractors, contractual anti-bribery clauses and a functioning whistleblowing channel.

Make it stick – contracts, remediation and governance

1. Flow-down and supplier commitments: update purchase and offtake contracts to require timely legal documents, access for verification and cooperation in remediation. Collect signed representations and warranties from upstream suppliers and refresh them periodically.

2. Remediation protocol: define how you pause or segregate volumes, investigate, correct and document fixes if a non-conformance appears. Keep evidence of corrective and preventive actions, and criteria for safely resuming supply.

3. Governance, attestations and retention: have management sign a legal-compliance declaration for EU buyers, assign a single owner for the dossier and adopt a five-year retention policy to mirror EUDR record-keeping expectations.

Myth vs Fact

Myth: “MSPO certification means my product is EUDR-compliant.”

Fact: certification can support your file, but operators must still exercise EUDR due diligence and file a Due Diligence Statement – no automatic all-clear.

Myth: “If I am MSPO-certified, I do not need plot polygons.”

Fact: Geolocation to the plot is a mandatory element of EUDR due diligence.

Myth: “Mixed or mass-balance chains are fine if certified.”

Fact: EUDR requires traceability that demonstrates the product placed on the EU market is deforestation-free and legal – mixing with unknown origin undermines that proof.

Short FAQ

Q: Does the EUDR apply to palm oil only?

A: no – it covers seven commodities (cattle, cocoa, coffee, palm oil, rubber, soy and wood) and specified derived products.

Q: when do obligations start?

A: obligations start on 30 December 2025 for large/medium companies from the EU – 30 June 2026 for micro/small enterprises.

Q: will “low-risk” status eliminate due diligence?

A: no – even if Malaysia obtains low risk status in the future, this only simplifies due diligence (no risk assessment/mitigation). However, information collection and a Due Diligence Statement still apply.

How we can help – EUDR audit readiness for Malaysia–EU trade

Need your EUDR legal file in shape? We map your obligations under Malaysian law, compile a single Legal Compliance Dossier per site and close gaps – contracts, FPIC and third-party records, labour and OSH, tax/customs and anti-corruption – with governance and five-year retention built in. Contact us to schedule a focused legal-readiness check for your EU-bound supply.

⮕ To start your journey to EUDR compliance immediately, download Aqran Vijandran's Legal Compliance Dossier Checklist.

‍

[1]           Delegation of the European Union to Malaysia, EU and Malaysia agree to strengthen their partnership and continue their joint efforts against deforestation, 5.9.2025, available at https://www.eeas.europa.eu/delegations/malaysia/eu-and-malaysia-agree-strengthen-their-partnership-and-continue-their-joint-efforts-against_en (last accessed on 2025-09-15).

[2]           See Article 2(40) of the EUDR for details.

‍