Timber Legality risk assessments developed before 2022 follow the Preferred by Nature Risk Assessment Development & Revision Procedure A. Scope of assessment Our timber legality risk data originates from our Timber Legality Risk Assessments based on our LegalSource Standard indicators. The EU Timber Regulation (EUTR) requires companies to consider five categories as part of a due diligence system (DDS). It does not detail all the specifics of the laws, which could be relevant to the legality of a supply chain. We have aligned our LegalSource Standard’s requirements to the EUTR to define further the areas of law relevant to the harvest, transport and trade of forest products. Based on the five categories of law, which the EUTR requires, we have identified 21 sub-categories relevant to the legality of a timber supply chain. These 21 sub-categories cover the definitions found in the EU Timber Regulation, the US Lacey Act and the Australian Illegal Logging Prohibition Act. Please note that we have also assessed the relevant traceability and processing requirements for a number of country risk assessments available in the Sourcing Hub. B. How we carry out the risk assessments We rely on local experts with country specific knowledge to do the first draft of the risk assessments. These experts are either local Preferred by Nature staff or external consultants in the country. Then follows a review of the draft report conducted by Preferred by Nature’s experts, including close collaboration with country experts outside the organisation. This ensures the assessment to accurately reflect the relevant risks. Step B1: We identify which of the areas of law that applies to the country in question and identify the timber source types Not all countries have legal requirements for all the select 21 sub-categories. For example, not all countries use a concession licensing system for timber harvesting, which we have defined in our sub-category 2. We do not consider it a legal risk if no legislation exists covering a specific topic in our indicators. Where legal requirements exist, we identify applicable laws and regulations relating to the appropriate sub-categories. This often requires extensive research into the legal systems of the country we are assessing, including interviewing legal experts. Where possible, we provide links to the relevant legal statutes and reference the specific clauses or sections we refer to. Our risk assessment approach includes identifying the different forest source types found in the country. This is important as various forest types can have very different risk profiles. This is represented in the report’s findings. Step B2: We identify the relevant legal authorities Our reports have identified the legal authorities responsible for monitoring and enforcing applicable legislation. We recognise the crucial role public authorities have in combating illegal timber trade. Step B3: We identify legally required documents Certain types of documentation are often required to comply with legal requirements. We have produced a list of documents that companies should consider for this purpose. These are e.g. harvest licenses, tax registration forms and environmental impact assessments. Step B4: We identify reliable sources of information Our information comes from governments as well as trusted non-governmental sources. We use these sources to verify the risk assessment findings and for additional details on the findings. We process our risk assessments through a desk-based review of written sources and emphasise having our statements referenced. This is however not possible for all sub-categories of the risk assessment as data is not always available or reliable. In such cases, we rely on expert and stakeholder consultations throughout the risk assessment development process to validate our findings. Step B5: We describe the risk of illegality We describe what the law requires for the individual sub-category, and for each, we analyse the risk that the relevant requirements are not being met. We consider instances of illegality that fall into the following categories to be low risk: Temporary Unusual or non-systematic Limited in their impact Legislation controlled, monitored and enforced by effective government agencies We consider instances of illegality that fall into the following categories to be specified risk: Affects a wide area and/or causes significant damage and/or continues over a long period of time. Indication of the absence or breakdown of enforcement of the legal system If cases of illegal behaviour is not penalised or adequately responded to when identified If illegal activities are widespread and significantly negatively impact society, the production of forest products and other services, and the forest ecosystem. Step B6: Our conclusion is founded on our findings Based on the information we have analysed, we conclude whether each of the relevant legal requirements should be considered a ‘low’ or a ‘specified’ risk (i.e. not low). We do this for each indicator, each of the different forest source types, and individually for each country. Step B7: We identify risk mitigation measures The steps that could be taken to mitigate the risk of illegality depend on which areas were identified as being at risk of legal violation. Some risks can be verified as being mitigated only by undertaking a field visit e.g. to the harvesting site. Other risks can be verified as being mitigated through e.g. document validation. Implementing risk mitigation measures is required by both the EUTR and the Australian Illegal Logging Prevention Act. C. We check, summarise and translate the risk assessments Preferred by Nature’s senior legality experts are reviewing the risk assessments for the final quality assurance check before being submitted for stakeholder consultation. This process is an integrated part of our approach to developing risk assessments. D. Publication is never the final of a risk assessment. Your feedback is very important to us All our risk assessments are made public on the Preferred by Nature Sourcing Hub, and this is not the end of our work. We always welcome input and feedback on our risk assessment. If you have comments on any of the risk assessments, including the legislation mentioned, the conclusions, or suggestions on additional risk mitigation measures, please contact us via the feedback form on the Preferred by Nature Sourcing Hub or directly by e-mail sourcinghub@preferredbynature.org Our risk data is never better than the evidence, information and update we have at hand at the time of publication. We very much value feedback from the community of users of the Sourcing Hub, so please consider partnering with us to enhance our findings and to make them as relevant as possible.