For compliance teams, the task is building a clear, documented picture of where PFAS may exist across hundreds or thousands of stock keeping units (SKUs). This requires systematic risk assessment, supplier engagement, and structured data collection. 

Where PFAS hide in your supply chain

PFAS can enter products at multiple stages of production. Identifying them requires tracing materials back through the supply chain, often beyond Tier 1 suppliers. 

Start with your Bill of Materials (BOM) 

Begin with your product’s Bill of Materials (BOM). Review each component for surface coatings and treatments, adhesives and sealants, polymer additives, and processing aids—substances used during manufacturing but sometimes omitted from final specifications. 

Many companies discover PFAS in unexpected places. A packaging supplier may use a PFAS-based release agent during production, even though the final material doesn’t contain PFAS as an ingredient. These hidden uses make supply chain transparency critical. 

For example, PPWR’s prohibition of PFAS in food contact packaging starting in August 2026 makes this particularly urgent for companies in that sector. The regulation covers intentionally added PFAS, including substances used in manufacturing processes that don’t appear in the final product. 

When suppliers lack complete PFAS information 

Suppliers often don’t have full visibility into PFAS content, especially at Tier 2 and Tier 3 levels where raw materials originate. Chemical formulations are frequently proprietary, and ingredient lists may only be shared when specifically requested. 

To improve results, be specific in your requests. Ask for PFAS content rather than general material safety information. Provide context about the regulatory deadline and the documentation needed to meet regulatory requirements. If a Tier 1 supplier cannot answer your questions, request introductions to their material suppliers to trace the information upstream. 

Though testing should be reserved for cases where documentation gaps pose real compliance risk, lab testing provides definitive answers for high-priority products when supplier data is unavailable or uncertain. 

Collect and verify PFAS data from suppliers 

Once you’ve identified high-risk products, the next step is gathering evidence of PFAS presence or absence. Structure your supplier engagement around both documentation requests and specific technical questions. 

Key Documentation to request from suppliers 

Safety Data Sheets (SDS)  
SDS list hazardous substances but may exclude PFAS below certain thresholds. Check for substances with “fluoro” in their names or with CAS numbers associated with known PFAS. 

Declarations of Conformity  
Ask suppliers to confirm whether their materials contain PFAS and, if so, at what concentration. For PPWR compliance, for example, food contact packaging must be certified PFAS-free. 

Test reports 
Lab testing can confirm the presence of PFAS when supplier declarations are unavailable or uncertain. Since testing is expensive, prioritize high-risk products or materials where supplier data is incomplete. 

Questions to ask suppliers about PFAS 

When reaching out to suppliers, structure your inquiries around these areas: 

• Does the material contain any per- or polyfluoroalkyl substances (PFAS)? If so, which specific substances and at what concentration? 
• For food contact applications: Is the material intended for this use, and are certifications confirming PFAS absence available? 
• If PFAS are present: What PFAS-free alternatives exist, and what is your timeline for transitioning to compliant formulations? 
• What documentation can you provide to support your declarations (test reports, certificates, formulation details)? 

Document all responses and maintain version control. Regulatory requirements evolve, and you may need to re-verify materials as restrictions expand. 

How to prioritize products for PFAS action 

Resource constraints mean that targeting efforts effectively is essential. Prioritize based on: 

• Regulatory urgency – PPWR food contact packaging (August 2026 deadline) should be addressed first. 
• Volume and revenue impact – High-volume products carry greater regulatory risk. 
• Supplier cooperation – Products with responsive, transparent suppliers are easier to verify. 
• Market access risk – Products sold in multiple jurisdictions may face overlapping restrictions. 

A simple High/Medium/Low classification helps allocate resources effectively. 

Automate PFAS management across your product portfolio 

For companies managing hundreds of SKUs from multiple suppliers, spreadsheets create friction at every step: version control becomes unclear, tracking supplier updates becomes difficult, regulatory changes go unnoticed, and generating audit-ready reports requires manual compilation.  

As PPWR and REACH deadlines approach, these manual processes become unsustainable. 

The osapiens HUB for Product Compliance (PFAS) addresses these challenges through automation and structured workflows. The platform centralizes supplier data collection via a dedicated portal with guided forms and automated validations, integrates directly with SCIP for single-click substance disclosures, tracks regulatory changes in real time and flags affected products automatically, and maintains version-controlled documentation with centralized certificate and declaration management. 

For organizations facing PPWR’s August 2026 deadline or preparing for broader REACH restrictions, this infrastructure shifts PFAS management from reactive firefighting to proactive risk mitigation. 

Der Beitrag PFAS Compliance: How to Assess Exposure Across Your Product Portfolio erschien zuerst auf osapiens.

This is what an improvised compliance process looks like after 12 to 24 months of responding to individual requests without a shared system. Spreadsheets cannot scale to what is now being asked, cannot be audited, and fall apart the moment the person who built them is unavailable. Getting to something audit-ready does not require a large investment or a dedicated compliance hire. It requires understanding what audit-ready actually means for an SME, and then building toward it in the right sequence. 

What audit-ready actually means for SMEs 

Audit-ready is often misunderstood as meaning perfect. It does not. For an SME, audit-ready means three specific things: 

• Findable. When a customer, auditor, or regulator asks for documentation, you can produce it in minutes, not days, without searching through inboxes or asking colleagues if they remember where something was saved. 
• Consistent. The information you give to one customer matches what you would give to another. There is a single source of truth, not five versions of the same supplier record in five different files. 
• Defensible. You can show where the information came from, when it was collected, and how it was verified. A regulator or auditor examining your records can follow the trail without needing you to explain it verbally. 

A structured process, applied consistently, makes this achievable. Understanding what audit-ready means is the first step. Building toward it systematically is the second. 

How to get audit-ready in four steps 

The path from improvised to audit-ready follows four steps. Each step builds on the previous one, closes a specific gap in your current setup, and can be implemented in weeks, not months. Here is the sequence that works. 

Step 1: Define your scope 

Before collecting any data or updating any system, answer one question precisely: what exactly are you responsible for? This means you identify which products fall under which regulations, which suppliers are in scope, and what role your company plays in each relevant supply chain. 

Companies that skip this step end up collecting data for products that do not need it while missing data for products that do. The result: wasted effort, confused suppliers, and compliance gaps that only become visible during an audit. 

What this can look like in practice: A packaging manufacturer confirms that its rigid plastic containers fall under PPWR recycled content requirements at 30% minimum, that its flexible films need design-for-recycling assessments, and that certain product lines will require participation in deposit-return schemes in specific markets. Three product categories, three different compliance pathways. Scope definition makes this visible before the data collection begins. Dive deeper with the osapiens PPWR guide. 

Once you know what you are responsible for, the next step is to find what you already have. 

Step 2: Centralize what you already have 

The second step is to bring together what already exists. Supplier certificates, compliance questionnaires, product documentation, previous audit responses: most SMEs have more of this than they realize, scattered across email threads, shared drives, and individual desktops. There is no need to start collecting new data from scratch. 

Centralizing this material into a single location, even before it is fully organized, gives you a baseline to work from and prevents duplicating effort when data collection begins. 

What this can look like in practice: A manufacturing company preparing for sustainability reporting spends two days pulling together existing ESG data: energy consumption records, waste management reports, employee training documentation, and supplier sustainability questionnaires from previous customer requests. Half of it turns out to be outdated or incomplete. That is useful information: it shows exactly where the gaps are before the materiality assessment begins, rather than discovering them when the report is due. Understand how to use the VSME standard to get this rolling. 

With your existing material centralized, you can now see exactly where the gaps are. Step 3 closes them. 

Step 3: Build a structured supplier data collection process 

This is where most of the time goes, and where most of the value is created. A structured supplier process means a defined list of what each supplier needs to provide, a consistent format for how they provide it, a way to track who has responded and who has not, and a clear process for following up on gaps. 

The difference between this and sending emails is that the process runs the same way every time, does not depend on one person to coordinate it, and produces records that can be audited. For regulated supply chains, this is the operational core of compliance. 

What this can look like in practice: An importer of wood products sends every supplier a structured onboarding form requesting GPS coordinates for harvest plots, chain of custody certificates, and country of origin documentation. The form is the same for every supplier. Responses are tracked in one place. Suppliers who have not responded after two weeks receive an automated reminder. The importer can see at any point which suppliers are complete, which are in progress, and which are blocking shipments. For the specific data points required from SMEs under EUDR, join the weekly EUDR webinar. 

Collecting data is only half the work. Making it audit-proof is the other half. 

Step 4: Connect data to documentation 

The final step is ensuring that the data you collect is linked to the documentation it came from, and that both are stored in a way that survives personnel changes, device failures, and time. A supplier’s geolocation data is only useful if you can show when it was collected and what document it is based on. A recycled content claim is only defensible if it is backed by a certificate that has not expired. 

This is the step that turns a data collection exercise into an auditable compliance record. Without it, you have information. With it, you have evidence. 

What this can look like in practice: A seafood importer maintains linked records for every shipment: catch certificates showing vessel registration and fishing zone, processing facility licenses, and traceability documentation connecting each batch to its origin. When a port authority requests proof that a specific container is IUU-compliant, the system generates a report that pulls all linked records automatically, showing the complete chain of custody from vessel to importer. Learn how to get to that point with the osapiens webinar on traceability. 

How purpose-built software makes compliance scalable 

These four steps work at any scale. At a certain point, however, manual execution stops being viable. Each of the four steps above can be done without software at small scale. The moment volume increases—more suppliers, more products, more regulations, more frequent update cycles—manual processes stop being viable. 

Purpose-built compliance software for SMEs accelerates the four steps and makes each one more consistent and less dependent on individual effort: 

• Scope definition is guided rather than self-directed 
• Document centralization happens in a shared system with version control 
• Supplier onboarding runs through structured workflows with automated follow-up 
• Data and documentation are linked automatically, with audit-ready records maintained throughout 

This is the approach behind osapiens EASY START. Built specifically for SMEs without dedicated compliance teams, it covers for example EUDR, sustainability reporting, fishing regulation, and PPWR compliance in modular packages. The supplier portal is free for your suppliers to use. The output is audit-ready documentation, not another spreadsheet. 

The four-step process outlined above works with or without software. Software makes it scale. For SMEs dealing with growing compliance demands and limited internal capacity, that difference matters. 

Der Beitrag From Excel to Audit-Ready: Building a Compliance Process That Actually Works for SMEs erschien zuerst auf osapiens.

Der Beitrag 90% of Companies No Longer in CSRD Scope Plan to Maintain, Expand Sustainability Reporting: Survey erschien zuerst auf osapiens.

Der Beitrag Osapiens Survey: 90% Of European Companies Continue Sustainability Reporting After EU Omnibus Changes erschien zuerst auf osapiens.

For compliance managers, the challenge is clear: PFAS restrictions are expanding rapidly, and companies must understand where these substances appear in their products and how to demonstrate compliance across multiple regulatory frameworks.

What are PFAS and why do they matter?

PFAS are a large group of synthetic chemicals characterized by strong carbon-fluorine bonds. This molecular structure makes them extremely resistant to heat, water, grease, and degradation (properties that have made them valuable across industries for decades). 

Common applications include: 

• Water-repellent textiles and outdoor gear 
• Grease-resistant food packaging 
• Non-stick cookware 
• Firefighting foams 
• Electronics and semiconductor manufacturing 

However, this same stability creates a significant problem. PFAS degrade extremely slowly in the environment, persisting in soil, groundwater, and ecosystems for extended periods. This has earned them the nickname “forever chemicals.” 

Research shows that certain PFAS can accumulate in living organisms and have been linked to health concerns, including immune system effects and changes in cholesterol levels. Contamination has been detected in drinking water, soil, and food across Europe and beyond. Cleanup efforts are technically complex and costly, driving regulators to take increasingly stringent action. 

EU regulations addressing PFAS 

The European Union regulates PFAS through multiple legal frameworks rather than a single law. This means companies must navigate compliance requirements across several regulations, each with different scopes and timelines. 

Key regulations include: 

• REACH Regulation: Restricts specific PFAS substances and requires authorization for certain uses 
• Packaging and Packaging Waste Regulation (PPWR): Restricts PFAS in food-contact packaging from August 12, 2026 
• POP Regulation: Bans or severely restricts persistent organic pollutants, including PFOS and PFOA 
• Drinking Water Directive: Sets monitoring requirements and maximum PFAS levels 
• EU food safety rules: Establish maximum PFAS levels in certain food products 

A broad “universal PFAS restriction” proposal submitted by Germany, Denmark, the Netherlands, Norway, and Sweden aims to phase out most PFAS uses unless deemed essential and lacking alternatives. While still under review, this proposal signals the long-term regulatory direction. 

Curious about how PPWR impacts PFAS usage in packaging? Learn more in our PPWR compliance guide. 

Why supply chain transparency is key for product compliance 

The biggest compliance challenge isn’t just understanding the regulations. It’s achieving transparency across global supply chains. 

PFAS can enter products at multiple production stages. They may be present in raw materials, surface coatings, additives, or processing aids that suppliers don’t always fully document. This creates several obstacles: 

• Limited supplier disclosure: Formulations may not clearly indicate PFAS content 
• Hidden intermediate uses: PFAS may appear in manufacturing processes but not in final materials 
• Fragmented data: Compliance information is often scattered across spreadsheets, PDFs, and email threads 
• Evolving requirements: Regulatory lists, thresholds, and exemptions continue to change 

For compliance managers, this means traditional data collection methods (spreadsheets, supplier questionnaires, and manual tracking) are no longer sufficient to maintain oversight. 

Preparing for PFAS restrictions 

While PFAS regulations are still evolving, the trajectory is clear: restrictions will expand, monitoring requirements will increase, and companies will need to demonstrate transparency throughout the product lifecycle. 

osapiens HUB for Product Compliance is a centralized platform designed to automate product compliance management across your organization and supplier network. It supports compliance with PFAS, REACH, RoHS, PPWR, the EU Battery Regulation, and other frameworks, and can be adapted to your specific needs, regardless of your company’s size. 

Companies that begin mapping their product portfolios, identifying potential PFAS exposure, and improving supplier data collection now will be better positioned as new restrictions take effect. 

The osapiens PFAS guide 

Understanding where PFAS may appear in your products, how EU regulations apply, and what compliance steps are required can be complex. 

The osapiens PFAS guide provides a comprehensive overview of the regulatory landscape, affected industries, and practical strategies for managing PFAS compliance across the supply chain. 

Der Beitrag PFAS Restrictions Within The EU: What Companies Need to Know erschien zuerst auf osapiens.

Yet one question remains unresolved: How can sustainability reporting be sustained and justified when CSRD compliance is no longer required?

The osapiens report Beyond Compliance: Sustainability Reporting After the Omnibus addresses this directly. Surveying over 400 senior decision-makers across the EU and UK, it examines organizational responses to Omnibus I and what makes sustainability reporting durable beyond regulation. The finding: 90% will continue reporting – but the business case has fundamentally shifted.

Sustainability risks remain financially material and require structured disclosure

The Omnibus I package was introduced to reduce regulatory complexity and balance reporting requirements across sustainability regulations. However, the findings from our latest survey indicate that how sustainability information is used to evaluate risk by markets, partners, and decision-makers has not changed.

Sustainability risks continue to be considered financially material, and the expectation for structured, credible disclosure persists across capital markets, value chains, and business relationships. Even where formal reporting obligations have changed, the demand for reliable sustainability data remains strong.

As Andreas Rasche, Professor and Associate Dean at Copenhagen Business School, explains:

“The Omnibus has changed how sustainability reporting obligations apply, but it has not necessarily removed the underlying rationale for reporting. Stakeholder expectations for sustainability reporting still exist – from business partners, investors, banks, and from society more broadly.”

For companies, this creates a more confronting decision environment. Sustainability reporting can no longer be justified by regulatory obligation alone; its role and value must be clearly anchored within competing business priorities.

>> For a detailed breakdown of what Omnibus I changed, and what it didn’t, see our overview on sustainability reporting after the Omnibus here.

Companies choose continuity in sustainability reporting post-Omnibus

Despite the reduction in regulatory pressure, the survey results clearly show a preference for continuity in sustainability reporting. This directly contradicts the expectation of a post-Omnibus pullback in reporting activity.

According to the osapiens survey:

• 90% of organizations excluded from formal scope of CSRD plan to maintain or expand sustainability reporting
• 86% are confident they can continue reporting aligned with CSRD-level expectations
• Nearly 90% expect increased investment in reporting tools and automation in the next 12 months
• 90% already integrate sustainability reporting with financial reporting, partially or fully

These results suggest that sustainability reporting has moved beyond a narrow compliance function. For many organizations, reporting is no longer treated as a standalone exercise, but as part of broader planning, governance, and management processes.

As Rasche observes:

“The results show a clear preference for reporting continuity, even as policy shifts have caused uncertainty. This reflects the fact that many organizations have already embedded sustainability reporting into planning, governance, and internal decision-making.”

Continuity of reporting intent and activity, however, does not imply that reporting capabilities are protected from future resourcing, prioritization, or governance pressures – a gap that becomes critical over time.

High sustainability reporting intent meets declining resource allocation

One of the report’s most critical findings is the growing gap between intention and resourcing.

While most organizations plan to continue reporting, 84% expect reduced regulatory scrutiny to result in fewer resources being allocated to sustainability reporting over time. Budget constraints, fragmented data landscapes, and unclear ownership already pose challenges, and these risks increase when reporting is no longer externally enforced. This creates what the report describes as a “sustainability paradox”: reporting remains valuable, but increasingly fragile.

Rasche is explicit about the implications. If firms can no longer rely on compliance alone to justify sustainability reporting, “they must really consider the purpose of voluntary action and decide what role sustainability reporting plays in how they run the business”.

In other words, without a defined internal business case, sustainability reporting is likely to be deprioritized and stripped of dedicated resources over time – even if its importance is widely acknowledged.

Sustainability reporting: From regulatory obligation to decision infrastructure

One reason many organizations hesitate to roll back reporting is that sustainability data is already used far beyond formal disclosures. The survey shows it plays a key role in:

• operational and resource planning
• supply chain risk assessment
• financial planning and investment decisions
• innovation and process design

Nearly half of respondents identify improved visibility into operational, climate, and supply-chain risks as the greatest benefit of sustainability reporting.

Once sustainability data becomes embedded in high-impact decisions, removing it introduces blind spots into planning, risk assessment, and investment decisions. At that point, sustainability reporting functions as decision infrastructure, and scaling it back affects decision quality with tangible operational and financial consequences.

Voluntary reporting frameworks fill the gap

Post-Omnibus, organizations are not stepping away from structured sustainability reporting. Survey results show continued alignment with established reporting frameworks, even where formal CSRD obligations no longer apply.

Among respondents:

• 49% reference the European Sustainability Reporting Standards (ESRS)
• 42% align with the VSME framework
• 35% respond to bilateral disclosure requirements set by investors, banks, or key customers

These figures demonstrate that organizations continue to rely on structured reporting frameworks rather than ad hoc disclosure. For organizations not yet subject to the CSRD, or lacking the resources to implement full CSRD-aligned reporting, the VSME provides a scalable entry point for structured sustainability reporting (explained in detail here).

Key decisions shaping sustainability reporting

The Omnibus has shifted responsibility inward. Organizations now have to decide:

• what sustainability reporting enables internally
• where it supports risk management, valuation, or commercial access
• and how much reporting capability they are willing to protect without regulatory pressure

Explore the Full Report and Resources

Access the full report and webinar recording

The complete report Beyond Compliance: Sustainability Reporting After the Omnibus includes:

• detailed survey findings from 403 decision-makers
• a framework for building a durable business case for sustainability reporting
• six actionable steps to build your sustainability reporting roadmap

The findings have also been discussed in a webinar featuring Andreas Rasche and osapiens leadership, exploring what the Omnibus means in practice for the future of sustainability reporting.

>> Streamline your sustainability reporting with osapiens: discover how the osapiens HUB Reporting Cockpit consolidates sustainability KPIs across multiple frameworks into a single, audit-ready platform.

Der Beitrag Sustainability Reporting After the Omnibus: When Compliance is no Longer the Reason to Report erschien zuerst auf osapiens.

This is the situation many SMEs across the EU are finding themselves in. Some are directly in scope of the EUDR, CSRD, or PPWR because of what they produce, import, or sell. Others are feeling the pressure indirectly, through customers, partners, or investors who need compliant data from their supply chains to meet their own obligations. Either way, the question is the same: how do you meet requirements that were largely designed for companies with dedicated compliance teams, when you are working with a fraction of those resources? Understand what advantages reporting holds and how a software specialized for SMEs can help you get a head start. 

Why EU compliance is now an SME issue 

For most of the past decade, sustainability compliance was a large-company problem. SMEs were occasionally asked to fill in a supplier survey, but the real obligations sat with the corporations at the top of the supply chain. 

That structural separation no longer holds. Three things have shifted: 

• Regulations now have direct SME scope. The EUDR applies to every importer of forest-risk commodities, regardless of size. The PPWR applies to every company placing packaged goods on the EU market. Exemptions exist at the margins, but the baseline obligation is broad. 
• Large-company deadlines create upstream pressure. When a large retailer or manufacturer faces a compliance deadline, they need data from their suppliers. That pressure arrives at the SME level months or years before the SME’s own legal deadline. 
• Non-compliance has market consequences before it has legal ones. A customer that cannot get the data it needs from a supplier does not wait for a regulator. It finds a different supplier. 

The result is that the compliance timeline most SMEs are actually on is not the one printed in the regulation. It is the one their customers are operating to. 

EUDR, CSRD, VSME, and PPWR: What each one means for your business 

The specific requirements differ, but the underlying dynamic is consistent across all three regulations. Each requires structured data about products and supply chains, documented in a verifiable format, and available on demand to customers, auditors, or regulators. 

• EUDR: importers of cattle, cocoa, coffee, palm oil, rubber, soy, and wood products must collect geolocation data, conduct risk assessments, and submit Due Diligence Statements. Deadline: December 30, 2026, for medium and large operators; June 30, 2027, for small and micro companies. 
• CSRD/VSME: large companies must report on sustainability performance across their full value chains. Even after Omnibus simplifications, SMEs supplying CSRD-reporting companies will face data requests on emissions, labor conditions, and environmental impact as part of their customers’ reporting. Read here to learn the differences of CSRD and VSME and how to kick-start with VSME. 
• PPWR: mandatory recycled content requirements, packaging minimization rules, and labeling obligations apply to all packaging placed on the EU market. SMEs selling packaged goods need to understand which requirements apply to their categories and from when. 

None of these are optional for companies operating in the EU market. And none are achievable with ad-hoc responses to individual customer requests. 

The real cost of waiting: Why SMEs shouldn’t delay compliance 

The most common response among SMEs encountering these regulations for the first time is to wait. The deadline feels far away; the requirements feel designed for someone else, and the team is already stretched. 

The problem is that the work compliance requires does not compress well. Supplier outreach, geolocation data collection, documentation systems, internal process changes: each of these takes time, and they largely must happen in sequence. 

There is also a subtler cost. The SMEs that struggle most are not those who lack resources. They are the ones who underestimated how long the preparation phase actually takes, and found themselves rushing while their suppliers were already fielding the same requests from a dozen other customers. Read about common sustainability traps, valid for other regulations as well. 

What compliance brings: Concrete benefits by regulation 

Getting compliance right is not only about avoiding penalties or keeping existing customers. Done systematically, each regulation opens up beneficial aspects. 

If you get EUDR preparation right 

• You can respond to customer data requests the same week they arrive, instead of spending weeks chasing suppliers for information that should already be on file. 
• Your supply chain becomes auditable end-to-end. Geolocation data, risk assessments, and DDS reference numbers are stored in one place, not scattered across inboxes and spreadsheets. 
• You become the easier supplier to work with. As large retailers and manufacturers tighten EUDR requirements, the SME that is already compliant gets prioritized. The one that is still setting up its process gets deprioritized or replaced. 

If you get sustainability reporting right 

• You stop answering the same questionnaire ten different ways. Structured emissions and sustainability data means your CSRD customers get consistent, credible answers, and your team is not recreating the work for every new request. 
• You become visible to investors and procurement teams that screen on sustainability. SMEs with documented sustainability performance are increasingly preferred in tenders, partner selection, and financing decisions. 
• You build the data foundation for your own reporting obligations. Collecting scope 1, 2, and 3 data for a customer today means you are already ahead if your own reporting requirements expand tomorrow. 

If you get PPWR preparation right 

• You avoid costly last-minute redesigns. Packaging that does not meet recycled content or minimization requirements cannot be placed on the EU market. Companies that assess their packaging now have time to adjust. Those that wait face rushed changes or market access problems. 
• You can use compliance as a selling point. Retailers and brand owners are under pressure to demonstrate sustainable packaging across their product ranges. An SME supplier that can document PPWR-compliant packaging becomes a preferred partner. 
• You reduce the risk of diverging requirements across EU markets. PPWR sets a common EU baseline, but member state implementations can vary. Getting the documentation infrastructure in place now means adapting to local requirements without rebuilding from scratch. 

The companies that benefit most from early compliance investment are the ones that recognized it as an operational improvement with regulatory requirements attached. 

Getting started with EU compliance as an SME: A practical entry point 

Compliance for SMEs does not need to look like compliance for large companies. It does not require a sustainability department, a dedicated legal team, or a year-long implementation project. However, it does require a shift from a reactive to a structured approach — replacing the inbox and the spreadsheet with something that actually holds up under scrutiny. 

osapiens EASY START is built for exactly this entry point. It covers EUDR, CSRD/VSME, PPWR, and maintenance compliance in modular packages sized for SMEs, with guided workflows that do not assume a background in regulatory compliance. Explore the full range of EASY START solutions, or speak to an expert about your starting point. 

Der Beitrag EU Sustainability Regulations and SMEs: What’s Changed, What’s at Stake erschien zuerst auf osapiens.

1. How does the legal assessment work? 

osapiens HUB for EUDR covers all risk dimensions required by the EU Deforestation Regulation. This includes both: 

• Deforestation and forest degradation risk, and 
• Legal risk, meaning whether commodities were produced in line with relevant laws in the country of origin. 

To do this, osapiens HUB for EUDR uses a wide range of trusted data sources and performs an automated legal compliance check based on EUDR requirements. These sources include national and regional statistics, geo-referenced risk data, and publications from governments and NGOs, covering areas such as child labor, taxation, and corruption. 

If increased risk is detected, the system also considers risk-mitigating factors such as recognized product or supplier certifications (e.g. FSC, PEFC, Rainforest Alliance) or previously completed supplier questionnaires. 

The legal risk assessment is fully embedded into the due diligence workflow and continuously updated in line with regulatory guidance, input from legal experts, and the latest available data sources. 

2. What data is required from suppliers to be EUDR-compliant?

As an importer, you gather specific details about each product or batch from your suppliers, including: 

• The geolocation of the production site 
• The harvesting or production dates 
• For wood products: the exact species name 

Additionally, you obtain any supporting evidence demonstrating that the products are deforestation-free and comply with all relevant legal requirements. The exact scope depends on your role in the supply chain and the products involved. 
 
-> Not sure where to start with data collection? Our EUDR Checklist for Importers walks you through every step, from geolocation capture to supplier data requests and risk evaluation, so you can close data gaps fast and build a repeatable process across your supplier base. 

3. What happens if a risky plot is detected? 

If a risky plot is detected, osapiens automatically initiates a risk mitigation process. This includes sending out risk-specific questionnaires to your suppliers and collecting available certifications. 

If automated mitigation measures are not successful, the tool automatically alerts a responsible person in your organization and opens a case for further action. All risk mitigation steps are tracked in an integrated change log, keeping the process fully traceable for audits. 

The mitigation process enables you to: 

• Collect additional evidence and documentation 
• Collaborate directly with suppliers via the Supplier Portal 
• Review satellite imagery and contextual information together with your supplier 
• Document mitigation steps and outcomes 

Once resolved, mitigation outcomes can be reused (Case Management) for recurring scenarios, reducing repeated false positives and manual effort over time. 

4. Do I as a user get any results of the forest cover check? 

The deforestation analysis is fully automated and built into the end-to-end EUDR workflow. If no risk is found, the process continues automatically. If a risk is detected, automated mitigation steps are triggered. User action is only required in edge cases where those steps did not lead to risk reduction. 

At the same time, you always have visibility. osapiens presents the results of the deforestation analysis in a user-friendly visualization, including access to satellite imagery showing how a land plot has changed over time. For every plot, you can see: 

• Whether forest was present at the cut-off date, including satellite imagery across time 
• How the plot was classified under EUDR definitions 
• Whether further analysis or mitigation is required 

This transparency supports defensible, audit-ready compliance decisions. 

5. How can my customer access the batch and DDS data if they already have an osapiens account? How is their osapiens account linked to the data we generate? 

If your customer has an osapiens account, data can be shared seamlessly via the osapiens Data Network. Suppliers can share EUDR assessments, DDS reference numbers, and product data directly with their connected customers. Data sharing happens from tenant to tenant and is controlled by explicit permissions. This is how your customer’s account is directly linked to the data you generate. 

This avoids duplicate data collection, improves consistency across the supply chain, and enables seamless data sharing without any additional integration or onboarding efforts. The direct exchange between osapiens systems means compliance data flows reliably across the entire supply chain, with no manual intervention required. 

6. How does osapiens HUB for EUDR work for companies with multiple ERP systems, and how is data collection, including purchase orders, handled across them? 

osapiens HUB for EUDR supports the parallel integration of multiple ERP systems. It enables the collection and exchange of key data across all of them, including product master data, purchase orders, supplier master data, and transactions, via: 

• REST APIs 
• Preconfigured ERP connectors (e.g. SAP) 
• Structured templates 

This means that regardless of how many ERPs your organization runs, purchase orders and all relevant product and supplier data are automatically pulled into a single, centralized EUDR compliance process. No data gets lost between systems, and no manual consolidation is needed.  

In addition, the platform provides enterprise-grade capabilities for user access and rights management, data structuring, and governance. This allows companies with complex IT landscapes to centralize their EUDR compliance without disrupting existing infrastructure. 

-> Evaluating EUDR software? Our Strategic Guide to Selecting an EUDR Software covers the six critical dimensions to assess, from integration and automation to enterprise readiness and future-proofing. 

7. What steps are needed to import the results of your risk analysis into a company-specific risk management system? 

Risk assessment results can be exported or integrated via APIs into company-specific risk management systems, enabling organizations to: 

• Align EUDR risk outcomes with existing governance frameworks 
• Consolidate risk reporting across regulations 
• Reuse EUDR data for internal audits and controls 

Still have EUDR questions? 

Join our free webinar series designed to give importers hands-on guidance at every stage of their EUDR journey: 

-> EUDR for First Operators is built specifically for importers. Each session dives into a core capability of the osapiens HUB, covering risk analysis with satellite inputs, ERP connectivity, supplier engagement, and automated workflows. Expect live feature walk-throughs, practical checklists, and real customer perspectives. 

-> EUDR Readiness 2026 is your ongoing touchpoint for everything that’s changing. Each monthly session focuses on the most current EUDR developments: clarifications, emerging patterns, and what actually matters for your planning right now. The agenda is updated before every session to reflect what’s most relevant. 

Der Beitrag EUDR Compliance FAQ: Importers, Risk Assessment & Supply Chain Data erschien zuerst auf osapiens.

All of these systems are built on the same principle: devices in scope must have a unique, standardized identifier on its label, and that identifier needs to be registered in a central database. When safety issues arise, regulators, hospitals, and manufacturers must be able to identify the exact device quickly and accurately. 

AusUDID is Australia’s contribution to this global infrastructure.

If your company supplies medical devices or in vitro diagnostic (IVD) devices to the Australian market, AusUDID is becoming a critical part of your regulatory landscape.

What is AusUDID?

AusUDID stands for the Australian Unique Device Identification Database. It is the national UDI database operated by the Therapeutic Goods Administration (TGA). Its purpose is straightforward: it stores UDI Device Identifiers (UDI-DIs) and related reference data for medical devices and IVDs supplied in Australia.

The database is public and searchable. Healthcare professionals, sponsors, regulators, and even patients can look up device information. This shared visibility supports:

• Recall management 
• Adverse event investigations 
• Implant tracking 
• Registry reporting 
• Supply chain verification 

In short, AusUDID ensures that everyone is referring to the same device in the same way. 

Key Data Elements Within AusUDID

Manufacturers assign Unique Device Identifications (UDIs) to their medical devices. This is a fixed code that identifies a specific device model and packaging level, and is stored in AusUDID. The UDI-DI standard is developed by recognized issuing agencies, such as GS1 (using the GTIN), HIBCC & ICCBBA. AusUDID also records structured reference data. These data elements are aligned with the international standards of IMDRF but tailored to Australian regulatory requirements.

The UDI-DI can be issued by recognized issuing agencies, such as GS1, and is typically encoded as a GTIN or similar identifier. In addition to the UDI-DI, AusUDID records structured reference data. These data elements are aligned with international standards but tailored to Australian regulatory requirements. 

Key data elements of AusUDID 

• Device Identifier (UDI-DI): The unique code identifying a device model and its packaging level. Different packaging configurations may have different DIs.
• Sponsor Details: An Australian sponsor is the legal entity responsible for supplying a device in Australia. Sponsor details are captured as sponsor-specific data elements (alongside device data), including sponsor identification information and ARTG linkage where applicable. The sponsor is accountable for submitting and maintaining accurate data in AusUDID.
• Brand Name and Model Information: The trade name and version or model number exactly as shown on the label. This allows healthcare providers to match database information with the physical product.
• GMDN Code and Term: The Global Medical Device Nomenclature (GMDN) code defines the device type. This supports regulatory grouping and post-market surveillance activities.
• Links to ARTG Entries: Each UDI-DI record is linked to the corresponding ARTG (Australian Register of Therapeutic Goods) inclusion. This connection confirms that the device is authorized for supply in Australia.

Learn more about how these data elements relate with the global UDI regulations, in the dedicated osapiens UDI guide. 

Key stakeholders within AusUDID

Manufacturers 

Responsible for assigning the UDI, having a quality management system, and may provide device information to AusUDID on behalf of the sponsors.

Sponsors 

Sponsors are responsible for submitting and maintaining UDI records for applicable devices. They link ARTG details to UDI records (which makes the UDI records publicly available) and manage supporting documents to UDI records.

Healthcare professionals and hospitals 

Clinicians and hospital procurement teams can verify device details, confirm models, and check supply status. This supports inventory management, implant documentation, and recall verification.

Regulators 

The TGA uses AusUDID data to monitor device performance, manage recalls, and detect safety signals. The structured data improves consistency in post-market surveillance.

Public 

Basic device information is publicly accessible. Patients can confirm implant details or verify sponsor information.

For manufacturers, this means that data quality directly affects how your device is represented and perceived in the Australian market. 

AusUDID implementation timelines and what to expect

The TGA is rolling out UDI requirements through a phased, risk-based approach. The most urgent deadline applies to higher-risk devices. 

From July 1, 2026, manufacturers and sponsors of Class III and Class IIb medical devices, including implantables, must: 

• Apply UDI carriers to labels and packaging, and 
• submit corresponding UDI-DIs to the AusUDID Production database. 

Lower-risk classes will follow in later phases. IVD devices have separate timelines extending from 2028 to 2030. 

Regulatory deadlines move faster than internal projects 

Although July 2026 may seem far, UDI implementation is rarely a quick project. Many companies operating globally assume their existing UDI data can simply be reused. In practice, differences in sponsor roles, ARTG linkages, and local requirements mean that each local regulation demands focused attention. 

Therefore, it is important to treat AusUDID as a separate, structured compliance project. 

Take the Next Step Toward AusUDID Readiness 

AusUDID is part of a broader shift toward standardized device traceability and regulatory transparency. If your organization supplies medical devices to the Australian market, now is the time to evaluate your readiness. 

The osapiens HUB for Medical Devices enables manufacturers to manage and validate all device and UDI information in a central, secure and fully validated environment. The solution supports early testing, ensures high data quality and integrates seamlessly with the global database.  

If you are assessing your AusUDID readiness, understanding the operational implications is the next step. 

Join our practical compliance readiness webinar to learn: 

• What steps to take now 
• How to prepare your data and labeling processes 
• Common implementation challenges and how to avoid them 
• What July 2026 means for your portfolio 

Secure your spot and ensure your AusUDID strategy is aligned before deadlines take effect. 

Der Beitrag Understanding AusUDID: Australia’s Unique Device Identification Database erschien zuerst auf osapiens.

Companies are faced with the challenge of meeting complex and changing sustainability and transparency requirements. At the same time, manual and fragmented IT structures are increasingly reaching their limits. This is where the partnership between osapiens and Tieto comes in: it combines scalable digital architectures with in-depth regulatory expertise, creating a robust foundation for efficient, future-proof compliance processes. 

As a leading tech consulting service provider, Tieto has extensive expertise in cloud infrastructures, AI, data, software development, and enterprise applications, and specializes in integrating software solutions into a holistic data platform ecosystem. osapiens complements this technological strength with specialized expertise in sustainability, regulatory compliance, and end-to-end data transparency. 

In addition to implementing key European regulations such as the EU Deforestation Regulation (EUDR), the partnership focuses primarily on product compliance and supply chain management, including the Digital Product Passport (DPP), which will become a central component of future transparency and data strategies for many industries. “Together with Tieto, we are creating a reliable foundation for combining European requirements and sustainable value creation in a technologically sound manner,” says Christian Schleich, Head of Global Partnerships at osapiens. “This enables us to provide companies with genuine transparency and sustainable growth.”

“Our customers need to overcome regulatory challenges, but at the same time they also want to gain competitive advantages through digitalization,” adds Dietmar Gritsch, Head of Delivery Central Europe at Tieto. “The partnership with osapiens brings both together, with scalable technology and a clear focus on European sustainability requirements.” 

About Tieto 

Tieto (formerly Tietoevry) is a leading tech consulting service provider with a global brand presence and global expertise. 

We offer customers from various industries mission-critical solutions through our specialized software companies Tieto Caretech, Tieto Banktech, and Tieto Indtech, as well as Tieto Tech Consulting. Tieto operates three locations in Austria (Vienna, Linz, and Graz) with a total of around 300 employees. 

Our experts in software, design, cloud, and AI are committed to helping our customers achieve success and innovation with state-of-the-art technology. Tieto Tech Consulting supports companies in the public sector, energy industry, manufacturing industry, including automotive, telecommunications, and financial services, in the seamless integration of innovative technologies into data platform ecosystems. 

Further information is available at www.tietoevry.com

Der Beitrag osapiens and Tieto enter into partnership for digital and sustainable transformation erschien zuerst auf osapiens.