Table of Contents
- One CMRT. Two hundred smelters. Which ones are in your product?
- Why Company-Level CMRTs Fail Due Diligence
- The over-inclusion problem
- Hidden risk dilution
- RCOI expectations require product-level specificity
- The UFLPA complication: RMAP conformance alone is no longer enough
- What Product-Level CMRT Reporting Actually Looks Like
- Level 1: Product family scope
- Level 2: Part-number scope
- Level 3: BOM-level mineral mapping
- What CMRT 6.6 enables
- The EU Dimension: RMAP Recognition Raises the Bar
- How to Transition from Company-Level to Product-Level Reporting
- 1. Start with your highest-risk suppliers, not all suppliers
- 2. Use the CMRT 6.6 product fields as the transition mechanism
- 3. Map smelters to your BOM before asking suppliers
- 4. Aggregate product-level CMRTs into a single consolidated view
- 5. Track RMAP status and UFLPA Entity List in parallel
- A Self-Check for Your CMRT Reporting Scope
- Where Regilient Fits In
One CMRT. Two hundred smelters. Which ones are in your product?
A Tier-1 supplier submits their annual Conflict Minerals Reporting Template. The declaration tab is completed. The smelter list tab contains 200 entries across tin, tantalum, tungsten, and gold. The declaration scope says "Company."
The compliance team rolls the data into their consolidated report, adds the smelters to their master list, checks RMAP statuses, and files the Form SD or EU Conflict Minerals Regulation disclosure. Job done.
Except it isn't. Of those 200 smelters, only 12 are relevant to the specific components that supplier provides to your product. The other 188 belong to supply chains serving other customers, other industries, other product lines. A non-conformant smelter in the list might source minerals for a product you'll never touch. Or it might be the primary smelter feeding your highest-volume component. With a company-level CMRT, there's no way to tell.
This is the structural weakness at the heart of most conflict minerals programmes: company-level declarations that aggregate smelter data across an entire business, obscuring the product-level risks that regulators, OEM customers, and increasingly, forced labour enforcement agencies are trying to identify.
CMRT 6.6, released on April 17, 2026, introduced new product identification fields (Requester Product Number and Requester Product Name) designed to support product-level traceability. The shift from company-level to product-level reporting is no longer optional for compliance teams that want their due diligence to hold up under scrutiny.
This article explains why company-level CMRTs fail due diligence, what product-level reporting actually requires, and how to transition your programme without collapsing your supplier response rates.
Why Company-Level CMRTs Fail Due Diligence
The over-inclusion problem
A company-level CMRT lists every smelter and refiner in the supplier's entire supply chain, across all products, all customers, and all business units. For a diversified manufacturer, this can mean hundreds of smelter entries. The compliance team receiving this CMRT cannot determine which smelters are relevant to their products. The result is a smelter list that is technically complete but operationally meaningless for product-level risk assessment.
This creates a paradox: the more comprehensive the company-level CMRT, the less useful it is for product-specific due diligence. A supplier listing 300 smelters looks thorough on paper. In practice, 95% of those smelters may have nothing to do with the parts being supplied.
Hidden risk dilution
When smelter data is aggregated at the company level, high-risk smelters are diluted by low-risk ones. A non-conformant gold smelter sourcing from conflict-affected areas in the eastern DRC may sit on the same list as 50 RMAP-conformant tin smelters serving unrelated product lines. In a company-level declaration, the non-conformant smelter is one entry among hundreds. In a product-level declaration, it's one of three, and the risk is immediately visible.
Company-level reporting doesn't just obscure risk. It structurally prevents the compliance team from identifying which products carry that risk.
RCOI expectations require product-level specificity
Under SEC guidance for Dodd-Frank Section 1502, companies are expected to conduct a Reasonable Country of Origin Inquiry (RCOI) to determine whether conflict minerals in their products originated from covered countries (the DRC and adjoining countries). The key word is "products." The RCOI is a product-level inquiry, not a supplier-level one.
A company that relies entirely on company-level supplier CMRTs for its RCOI is conducting supplier-level due diligence and presenting it as product-level analysis. This gap may not be challenged in every reporting cycle, but it becomes indefensible when an auditor, customer, or regulator asks: "For this specific product, which smelters are in the supply chain, and what is their country of origin status?"
The UFLPA complication: RMAP conformance alone is no longer enough
Here's the development that makes product-level traceability urgent. An RMAP-conformant smelter has been added to the UFLPA Entity List. The smelter passed its RMAP audit, meaning it appears safe from a conflict minerals perspective. But under the Uyghur Forced Labor Prevention Act, any product containing minerals sourced from that smelter is prohibited from entering the United States.
If your CMRT data is company-level, you cannot determine whether that specific smelter is in the supply chain for the specific product you're importing into the US. Company-level data tells you the smelter exists somewhere in the supplier's business. Product-level data tells you whether it's in your product. The difference between those two answers is the difference between a shipment clearing customs and one being detained.
As of August 2025, the UFLPA Entity List contains 144 entities. CBP has detained over 16,700 shipments valued at approximately $3.7 billion. Five new high-priority enforcement sectors (caustic soda, copper, lithium, steel, and jujubes) were added in August 2025. Tungsten, a 3TG mineral, is now directly in scope through entities mining critical minerals in the Xinjiang region.
What Product-Level CMRT Reporting Actually Looks Like
Product-level reporting doesn't mean creating a separate CMRT for every individual part number. That would be operationally impossible for most supply chains. In practice, product-level reporting works through three levels of granularity:
Level 1: Product family scope
The CMRT covers a defined family of related products supplied to a specific customer. The smelter list includes only smelters in the supply chain for that product family, not the supplier's entire business. This is the minimum level of specificity that satisfies most OEM requirements and provides meaningful risk visibility.
Level 2: Part-number scope
The CMRT is tied to a specific part number or assembly. The smelter list reflects only the materials in that part. This level of granularity is increasingly required by automotive and aerospace OEMs, and is supported by CMRT 6.6's new Requester Product Number field.
Level 3: BOM-level mineral mapping
Each 3TG mineral is traced not just to a smelter, but to a specific material or component within the product's bill of materials. This is the most rigorous level of traceability and the one that best supports both RCOI and UFLPA due diligence. Few companies achieve this today, but it's the direction the regulatory and customer landscape is heading.
What CMRT 6.6 enables
The April 2026 release of CMRT 6.6 introduced two new fields in the Product List tab:
Requester Product Number: allows the requesting company to specify which product or part the CMRT should cover.
Requester Product Name: provides a human-readable description alongside the part number.
These fields create a structural mechanism for product-level scoping that previous CMRT versions lacked. They don't force product-level reporting (the template still accepts "Company" as a declaration scope), but they signal clearly where the standard is heading: toward product-specific mineral traceability.
The EU Dimension: RMAP Recognition Raises the Bar
In October 2025, the European Commission formally recognised RMAP as the first due diligence scheme fully aligned with the EU Conflict Minerals Regulation and the OECD Due Diligence Guidance. For EU importers of 3TG minerals and concentrates, demonstrating conformity with RMAP is now a recognised compliance pathway.
This recognition amplifies the product-level reporting question for two reasons.
First, EU competent authorities auditing importers will expect due diligence that traces minerals to specific products and smelters, not company-wide declarations. The OECD Guidance (which RMAP is aligned with) requires a supply chain policy, risk identification, and risk mitigation at the level of the specific minerals being imported.
Second, as Assent noted in their 2025 analysis, an RMAP-conformant smelter can simultaneously be non-compliant under other frameworks (like UFLPA). EU importers using company-level CMRT data to demonstrate RMAP alignment cannot identify whether a dual-risk smelter is relevant to their specific import. Product-level data is the only way to resolve this.
How to Transition from Company-Level to Product-Level Reporting
The biggest objection to product-level CMRT reporting is operational: suppliers struggle to complete one CMRT per year, let alone multiple product-specific submissions. This is a legitimate concern, but it can be addressed without collapsing supplier response rates.
1. Start with your highest-risk suppliers, not all suppliers
Identify the suppliers whose products are most likely to contain 3TG minerals (connectors, PCBs, alloy castings, plated components, battery materials) and prioritise product-level requests for them. Low-risk suppliers (packaging, fasteners, labels) can continue submitting company-level CMRTs without materially affecting your risk picture.
2. Use the CMRT 6.6 product fields as the transition mechanism
Rather than asking suppliers for entirely new submissions, instruct them to complete the Requester Product Number and Requester Product Name fields in their next CMRT submission. This scopes the declaration to your products without changing the supplier's workflow fundamentally.
3. Map smelters to your BOM before asking suppliers
Review your existing company-level CMRT data and cross-reference smelter entries against the materials in your BOM. For many products, you can narrow the relevant smelter list from hundreds to a handful using internal engineering knowledge alone, then validate with targeted supplier follow-up.
4. Aggregate product-level CMRTs into a single consolidated view
Product-level reporting doesn't mean abandoning consolidation. Your compliance programme should roll product-specific smelter data up into a master smelter list, but with an additional layer of metadata: which smelters map to which products. This preserves the efficiency of consolidated reporting while adding the product-level traceability that auditors and regulators require.
5. Track RMAP status and UFLPA Entity List in parallel
A smelter that is RMAP-conformant and on the UFLPA Entity List simultaneously creates a compliance contradiction that only product-level data can resolve. For each product entering the US market, you need to confirm that no smelter in that product's specific supply chain appears on the Entity List. This cross-referencing is only possible with product-level CMRT data.
A Self-Check for Your CMRT Reporting Scope
Six questions to assess whether your conflict minerals programme passes product-level due diligence:
- Declaration scope: Are your suppliers submitting company-level or product-level CMRTs, and do you know which scope each supplier uses?
- Smelter relevance: For a given product in your portfolio, can you identify which specific smelters are in that product's supply chain (not just the supplier's company-wide smelter list)?
- RCOI defensibility: If an SEC reviewer asked "which smelters source minerals for Product X," could you answer from your CMRT data alone?
- UFLPA exposure: Have you cross-referenced your product-level smelter data against the current UFLPA Entity List (144 entities as of August 2025)?
- Template currency: Are you collecting on CMRT 6.6 with the Requester Product Number and Requester Product Name fields populated?
- EU CMR alignment: If a Member State competent authority asked you to demonstrate RMAP-aligned due diligence for a specific import, could you trace the minerals to product-level smelter data?
If more than two answers are "no" or "company-level only," your programme is reporting at a level of granularity that regulators and OEM customers are moving beyond.
Where Regilient Fits In
The transition from company-level to product-level conflict minerals reporting is not a template change. It's a data architecture change. It requires collecting, validating, and aggregating smelter data at the product level while maintaining consolidated reporting efficiency. Regilient's agentic sustainability platform is built for exactly this transition:
- Product-level CMRT collection with automated population of Requester Product Number and Requester Product Name fields from your BOM data
- Smelter-to-product mapping that cross-references supplier smelter lists against your bill of materials to identify which smelters are relevant to which products
- Dual-risk screening that validates each product's smelter list against both RMAP conformance status and the UFLPA Entity List simultaneously
- Consolidated reporting with product-level traceability that rolls product-specific smelter data up into Form SD and EU CMR disclosures while preserving the audit trail to individual products
- Supplier engagement automation that transitions high-risk suppliers to product-level submissions while maintaining company-level collection for low-risk suppliers
Company-level CMRTs served the industry well when conflict minerals reporting was primarily a disclosure exercise. But the convergence of Dodd-Frank RCOI expectations, EU RMAP recognition, UFLPA enforcement, and OEM customer requirements has shifted the bar. The programmes that survive audit are the ones that can answer one question: for this specific product, which smelters are in the supply chain, and are they compliant across every applicable framework? Company-level data can't answer that. Product-level data can.
Book a Regilient demo to see how agentic conflict minerals management transitions your programme from company-level declarations to product-level traceability, across Dodd-Frank, EU CMR, and UFLPA.
Regilient provides agentic sustainability software for product compliance, supplier engagement, and regulatory intelligence across REACH, RoHS, PFAS, CMRT, SCIP, and global chemical regulations.