Skip to content

EU Regulations

Regulatory analysis and compliance roadmaps for EU sustainability legislation including the Ecodesign for Sustainable Products Regulation (ESPR), Corporate Sustainability Reporting Directive (CSRD), and Green Claims Directive.

EU Cyber Resilience Act (CRA) Compliance Software

If you manufacture or distribute products with digital elements in the European Union, the Cyber Resilience Act (CRA) is now your most important regulatory obligation. Manual compliance is slow, expensive, and error-prone. CRA compliance software automates risk assessments, generates declarations of conformity, and keeps your engineering and legal teams aligned — without the spreadsheet chaos.

CSDDD: EU Corporate Due Diligence Rules

The CSDDD (Directive 2024/1760, also called CS3D) is the regulation that turns voluntary ESG commitments into legal obligations with teeth. If your company has >1,000 employees or >€450M turnover, you're legally required to identify, prevent, and remediate human rights and environmental harms in your supply chain — and if you don't, you can be sued.

It closes a gap that's existed for decades: companies could talk about ethical supply chains without any legal framework forcing them to actually do something about problems they found. CSDDD changes that.

EU Green Claims Directive: Substantiation

If you've ever described a product as "eco-friendly," "green," or "sustainable," you need to read this closely. The EU Green Claims Directive makes vague environmental claims illegal and requires every specific claim to be verified by an accredited third party before it can appear on a product, website, or advertisement.

The core principle is simple and brutal: any explicit environmental claim must be substantiated before publication, verified by a third party before marketing, and accessible to consumers at the point of sale. If you can't prove it, you can't say it.

EU Cyber Resilience Act (CRA) Guide

Here's a problem you might not have thought about: before the Cyber Resilience Act, most hardware and software products had no mandatory cybersecurity requirements at all. A smart camera, a connected thermostat, a SaaS platform — none of them needed to meet any baseline security standard to be sold in the EU. The CRA (Regulation 2024/2847) changes that, and it's going to affect every company that makes or sells products with digital elements.

The Act entered into force in 2024, with obligations phasing in through 2027. If you make connected devices, operating systems, or even mobile apps sold in the EU, you're in scope.

EU Deforestation Regulation (EUDR): Enforcement

The EU Deforestation Regulation (2023/1115) is in full enforcement, and it's already reshaping global supply chains. If you deal in cattle, cocoa, coffee, oil palm, rubber, soya, or wood, you need a Due Diligence Statement for every shipment — backed by geolocation coordinates down to the plot level. No exceptions, no phase-ins for small operators.

Most companies underestimate how hard the geolocation requirement is. Your supplier in Côte d'Ivoire needs to provide plot-level GPS coordinates that match satellite imagery. If they can't, your shipment doesn't clear customs.

CSRD: EU Sustainability Reporting Requirements

If you think the CSRD is just an expanded version of the old NFRD, you're in for a shock. The Corporate Sustainability Reporting Directive (2022/2464) doesn't just expand the scope from 11,000 companies to 50,000 — it fundamentally changes what reporting means. 1,100+ datapoints. Double materiality. Limited assurance. iXBRL tagging. And for the first time, your sustainability data needs to stand up to external scrutiny.

The European Sustainability Reporting Standards (ESRS) are the rulebook, and they cover environmental, social, and governance topics in granular detail. If you already report under GRI or SASB, there's overlap — but the bar is significantly higher.

EU AI Act: Risk Classification & Compliance

The EU AI Act (Regulation 2024/1689) is the world's first comprehensive horizontal regulation of artificial intelligence — and its compliance deadlines are no longer theoretical. The bans on unacceptable-risk AI systems hit in February 2025, and the big one (high-risk AI obligations) arrives in August 2026.

Here's what most people miss: the AI Act doesn't regulate AI technology — it regulates what you do with it. The same AI model can be treated four different ways depending on how it's deployed. That distinction is the whole game.

EU PPWR: Packaging Waste Compliance Guide

You've probably heard that the EU's new Packaging and Packaging Waste Regulation is a big deal. It is. But here's what most coverage gets wrong: it doesn't just set recycling targets — it rewrites the entire rulebook for how products are packaged, sold, and disposed of across the single market. And unlike the old directive (which let member states go their own way), this one applies directly in all 27 countries. One rulebook. One timeline. One enforcement framework.

If your company puts anything in a box, you need to understand what's coming.

Exporting to the EU: Surviving CBAM Penalties

If you operate a manufacturing, mining, or agricultural SME in South Africa—or anywhere else in the Global South—the European Union is likely one of your most valuable export markets. But the rules of trade have changed drastically. The EU’s Carbon Border Adjustment Mechanism (CBAM) places a literal price on the carbon emissions of your products.

While the tax is technically paid by the importer based in Europe, the regulatory burden falls squarely on you, the exporter. If you cannot provide precise carbon data, you will lose your EU buyers overnight.

EU Battery Regulation (2023/1542): Compliance Guide

The European Union has enacted the most comprehensive battery legislation in the world. Regulation (EU) 2023/1542, which entered into force in August 2023 and is now progressively applying its requirements, replaces the old Battery Directive (2006/66/EC) and fundamentally transforms how batteries are designed, manufactured, reported, and recycled.

This is not a narrow update. The new Battery Regulation introduces the world's first mandatory Battery Passport, imposes strict due diligence obligations on raw material sourcing, mandates carbon footprint declarations, sets binding recycled content targets, and significantly expands extended producer responsibility. If your product contains a battery — from the smallest consumer device to the largest industrial installation — these requirements affect you.