Skip to content

How to Verify a Supplier Certificate

Every manufacturer relies on supplier certificates. A Global Recycled Standard (GRS) certificate proves your recycled content. An FSC certificate validates your wood sourcing. An Oeko-Tex certificate confirms your textiles are free of harmful substances. An ISO 14001 certificate demonstrates your supplier's environmental management credentials.

But here is the uncomfortable truth: not every certificate your supplier sends you is genuine. Certificates can be expired, forged, altered, or simply issued to a different legal entity than the one selling you materials. If your compliance audit file contains a fraudulent certificate, the liability falls on you — not on the supplier who sent it. Market surveillance authorities, customs agencies, and retail buyers hold the importer or manufacturer responsible for verifying their supply chain evidence.

This guide shows you how to independently verify the authenticity of the most common supplier certificates, spot the red flags, and build an audit file that withstands scrutiny.

Why Certificate Verification Matters

When a customs authority audits your Country of Origin declaration, or a retail buyer reviews your Green Claims evidence, they do not take your supplier's PDF at face value. They check:

  • Is the certificate within its validity period? An expired certificate is worse than no certificate — it indicates negligence.
  • Does the scope cover the specific material or product you purchased? A GRS certificate for recycled polyester does not cover recycled cotton.
  • Is the certificate holder the same legal entity as your supplier? Certificates are non-transferable. If the name on the certificate does not match the name on your supplier's invoice, the certificate is void for your purposes.
  • Is the certification body (CB) accredited? Certificates issued by unaccredited bodies carry no legal weight in most regulatory frameworks.
  • Has the certificate been suspended or withdrawn? Certification bodies suspend certificates for non-compliance. A supplier may send you a certificate that was valid when issued but has since been revoked.

The Five Most Common Certificates and How to Verify Them

1. Global Recycled Standard (GRS)

The GRS, administered by Textile Exchange, verifies recycled content in textiles, plastics, and other materials. It is the most commonly requested certificate for recycled content claims.

How to verify a GRS certificate:

  1. Locate the Certification Body (CB): The certificate will display the logo and name of the CB that issued it (e.g., Control Union, SGS, Ecocert, ICEA).
  2. Check the CB's accreditation: Visit the Textile Exchange website to confirm the CB is an approved GRS certification body. Unapproved CBs cannot issue valid GRS certificates.
  3. Look for the scope certificate number (SC): The format is typically CB-ABC-123456. This number identifies the specific certificate.
  4. Verify the certificate holder's name and address: It must exactly match the legal name and address of your direct supplier. If your supplier is a trader rather than the certified manufacturer, they must hold a valid GRS Scope Certificate as a trader — a manufacturer's certificate alone is insufficient.
  5. Check the product categories and materials listed: The certificate lists specific input materials (e.g., "post-consumer recycled PET flakes") and output product categories. Your purchased material must fall within the listed scope.
  6. Verify validity dates: GRS certificates typically have a 12-month validity. Note the issue date and expiry date. Some CBs publish certificate validity on their public databases — search the SC number online.

Red flags: A supplier offering a GRS certificate showing only an "audit report" rather than a full Scope Certificate. Certificates where the address is a residential apartment or virtual office. Certificates that list only vague categories like "textile products" without specifying material types.

2. Forest Stewardship Council (FSC)

FSC certification applies to wood, paper, and other forest products. It is critical for EUDR compliance and furniture manufacturers.

How to verify an FSC certificate:

  1. Use the FSC Public Certificate Search: FSC maintains a public database at info.fsc.org. Enter the certificate code (format: FSC-C123456) or the certificate holder's name.
  2. Verify the certificate status: The database shows whether the certificate is Active, Suspended, or Terminated. Never accept a suspended or terminated certificate.
  3. Check the scope: FSC certificates specify the product types covered (e.g., W5 Solid wood, W12 Furniture). Your purchased product must match the listed scope.
  4. Verify the chain of custody number: Every FSC-certified product must be sold with an FSC claim (FSC 100%, FSC Mix, or FSC Recycled) and the seller's chain of custody certificate number on the invoice.

Red flags: An FSC logo on a product without the certificate code on the invoice. A supplier that appears on the FSC database as "Suspended." Certificates listing a scope that does not include your product type.

3. Oeko-Tex Standard 100

Oeko-Tex certification verifies that textiles have been tested for harmful substances.

How to verify an Oeko-Tex certificate:

  1. Use the Oeko-Tex Label Check: Visit oeko-tex.com/label-check and enter the certificate number.
  2. Verify the certificate holder: The database will display the company name and address. Confirm it matches your supplier.
  3. Check the product classes: Oeko-Tex classifies products by skin contact: Product Class I (baby products), Class II (direct skin contact), Class III (no skin contact), Class IV (furnishing materials). Ensure the class matches your product.
  4. Note the validity period: Oeko-Tex certificates are valid for 12 months. After expiry, the product must be re-tested.

Red flags: Certificates with a label check result showing a different company name. Expired certificates where the supplier claims "we're in the process of renewal." Certificates issued for a different product class than your product.

4. ISO Management System Certificates (ISO 14001, ISO 9001, ISO 27001)

ISO certificates prove a supplier's management systems — not the specific product. They are frequently misrepresented by suppliers who imply the certificate covers product quality when it actually only covers a management process.

How to verify an ISO certificate:

  1. Check the accreditation body: ISO certificates must be issued by a certification body accredited by a recognized national accreditation body (e.g., UKAS in the UK, DAkkS in Germany, ANAB in the US). Look for the accreditation body's logo and accreditation number.
  2. Verify the certification body's IAF membership: The International Accreditation Forum (IAF) maintains a database of recognized accreditation bodies. If a CB claims accreditation from a body not listed by IAF, the certificate is not internationally recognized.
  3. Check the scope of certification: ISO certificates list a specific scope (e.g., "Manufacture of steel fasteners"). If the scope does not cover the activity your supplier performs for you, the certificate is irrelevant to your supply chain.
  4. Verify with the certification body: Most major CBs (SGS, Bureau Veritas, TÜV, BSI, DNV) maintain public certificate databases. Search the certificate number to confirm validity.

Red flags: ISO certificates without an accreditation body logo. A scope statement so vague it could apply to any company. Certificates issued by "International Accreditation Service" without specifying the actual national accreditation body.

5. REACH and RoHS Compliance Letters

Many suppliers issue their own "REACH/RoHS Certificate" — a self-declared document. This is not a certificate in the traditional sense.

How to verify a REACH/RoHS statement:

  1. Understand that these are self-declarations: There is no central registry for REACH or RoHS certificates. The document is a formal, signed statement from your supplier.
  2. Check for specific substance citations: A valid declaration should reference the specific regulation (e.g., "Directive 2011/65/EU including amendment [EU] 2015/863 for RoHS") and the specific SVHC Candidate List version for REACH.
  3. Look for test report references: A strong REACH/RoHS declaration will reference specific laboratory test reports with report numbers, test dates, and the testing laboratory's name and accreditation.
  4. Verify the signatory: The declaration must be signed by an authorized representative of the supplier with their name, title, and date clearly stated.

Red flags: Declarations that simply say "all our products are REACH and RoHS compliant" without listing substances or test reports. Declarations referencing the REACH SVHC Candidate List from three years ago. Declarations signed by an unknown "quality manager" without verifiable contact details.

The Fraudulent Certificate Liability Trap

If a market surveillance authority finds a fraudulent certificate in your technical file, you — not your supplier — are liable for placing a non-compliant product on the market. The authority will not accept "my supplier sent me that certificate" as a defense. Your due diligence obligation includes independently verifying the certificates you rely on. This is explicit in the EU GPSR and the Market Surveillance Regulation (EU) 2019/1020.

How Sustalium Secures Your Certificate Verification Workflow

Managing certificate verification across dozens of suppliers, tracking expiry dates, and maintaining an audit trail is overwhelming in spreadsheets. Sustalium's compliance platform provides a structured verification system.

  • Centralized Certificate Vault: Upload supplier certificates to Sustalium. The platform automatically records the certificate type, issuing body, scope, issue date, and expiry date for each document.
  • Expiry Date Monitoring: Sustalium actively tracks certificate validity windows and alerts you before a certificate expires. This prevents the most common compliance failure: accidentally relying on an expired certificate.
  • Supplier Document Requests: Send structured, automated certificate requests to your suppliers through the platform. The system tracks which suppliers have responded and which certificates are still outstanding.
  • Audit-Ready Evidence Dossier: Generate a complete, organized evidence file linking each certificate to the specific product SKUs and materials it covers. When a customs auditor or retail buyer requests your documentation, produce it instantly.

Secure Your Supply Chain Evidence Today

Don't let a fake or expired certificate expose your business to fines and product recalls.

With Sustalium, you can centralize, verify, and manage your supplier certificates for just €10 per document.

Build Your Certificate Vault Now →

Frequently Asked Questions

How do I know if a certification body is legitimate?

Check the CB's accreditation status. Every legitimate CB is accredited by a national accreditation body that is a signatory to the IAF Multilateral Recognition Arrangement (MLA). You can verify the accreditation body on the IAF website and then verify the CB on the accreditation body's own register.

What should I do if I discover a supplier has sent me a fake certificate?

Immediately suspend purchases from that supplier. Notify your certification or compliance team. If you have already sold products relying on that certificate, consult with a regulatory lawyer about your disclosure obligations. In most cases, you should proactively notify your own customers and the relevant market surveillance authority to mitigate penalties.

Can I accept a certificate that expired but the supplier is "in the process of renewal"?

No. An expired certificate provides no legal protection. Until the new certificate is issued with a current validity date, you cannot rely on the supplier's credential. Require the renewed certificate before accepting any new shipments.

What is the difference between a certificate and a test report?

A certificate (e.g., GRS, FSC) is issued by an accredited certification body after auditing the supplier's processes and confirming ongoing compliance. A test report is a one-time laboratory analysis of a specific sample. Certificates demonstrate systemic compliance; test reports demonstrate the characteristics of a specific batch. Both are important, but they serve different evidentiary purposes.



Last updated: June 20, 2026