Certificate of Analysis (COA)

A COA is only useful if it is complete, batch-linked, and verifiable. Anything else is a marketing attachment.
This page defines a conservative, documentation-first COA standard for EU-focused wholesale THCA procurement.
This is not legal advice.

Related pages: Compliance hub · Testing standards ·
Lab verification · Batch traceability ·
Sample COA · Quality assurance

Non-negotiable COA rule

Rule: If the COA does not clearly link to a specific batch/lot ID that matches your invoice, packing list, and labels,
you do not have a decision-grade COA.

Minimum COA fields (decision-grade baseline)

If any of these fields are missing, you should treat the COA as incomplete until corrected.

Identification

  • Lab name and contact/location identifiers
  • Report/Certificate ID (unique reference number)
  • Client name (or submitting entity) as listed by the lab
  • Sample name or sample ID used by the lab
  • Batch/Lot ID that matches your procurement records

Chain and timing

  • Sample received date
  • Test date(s)
  • Report issue date
  • Sample matrix description (e.g., flower)

Methods and reporting discipline

  • Methods used (potency method specified; contaminant methods where relevant)
  • Units clearly stated (%, mg/g, etc.)
  • LOQ/LOD where relevant for contaminant reporting
  • Pass/Fail statements only if the lab is authorized and the basis is clear (avoid relying on vague “pass” stamps)

For a field-by-field reference format, use: /documentation/sample-coa/.

Potency reporting: what must be explicit

Potency is where misunderstandings happen. A compliant, buyer-friendly COA should list key cannabinoids with clear units and method context.
At minimum, for THCA-focused procurement you should require:

  • THCA result
  • Δ9-THC result
  • Clarity on “Total THC” if presented (what it represents and how it’s calculated)

For the technical distinction and why “Total THC” needs discipline, read:
/insights/thca-vs-thc-eu/.

Contaminant panels (risk-based, buyer-defined)

Buyers should define contaminant expectations based on destination risk posture and internal policy.
Do not assume “potency-only” is enough for serious procurement.

Common categories buyers may require

  • Pesticides
  • Heavy metals
  • Microbials (as applicable)
  • Mycotoxins (as applicable)
  • Residual solvents (as applicable to the product/process)

Baseline policy reference: /compliance/thca-testing-standards/.

Lab verification: the COA isn’t “proof” without it

A PDF can be fabricated. A real lab report can still be mis-scoped. Buyers should verify the lab and the report.

What to verify (minimum)

  • Lab identity and contact details (match known channels)
  • Report authenticity (portal/QR/reference validation where available)
  • Scope alignment (the lab actually tests what the COA claims)
  • Method identifiers are present and plausible

Process reference: /compliance/lab-verification/.

Batch traceability: COA must match the physical goods

The COA is part of a batch file. It must map to your shipment and your labels.

  • Batch/lot ID on COA matches invoice, packing list, and labels exactly.
  • Multi-lot shipments require a lot-to-carton/case/pallet mapping record.
  • Any formatting drift (spaces, hyphens, abbreviations) is treated as mismatch.

Traceability standard: /compliance/batch-traceability/.

COA audit checklist (fast, practical)

  • Batch/lot ID present and matches procurement docs
  • Received date, test date(s), and issue date present
  • Methods listed and units clear
  • THCA and Δ9-THC reported separately
  • Total THC (if shown) is explained or treated as ambiguous
  • Contaminant panels match buyer policy
  • Lab verification path exists (portal/QR/report ID validation)
  • COA archived in the shipment packet before dispatch

Shipment packet reference: /documentation/shipping-flow/ and
/compliance/shipping-documents/.

FAQ

Is a COA enough to prove legality in my country?

No. A COA is a technical report and one part of a broader compliance assessment. For context references, start at
/legal-status/. This page is not legal advice.

Can we accept a “generic COA” not linked to our batch?

If you want professional procurement, no. Generic COAs break traceability and increase dispute and inspection risk.
Enforce batch linkage via /compliance/batch-traceability/.

What’s the most common COA failure you see?

Missing batch linkage and missing date/method context. Buyers should use the audit checklist above and the field reference at
/documentation/sample-coa/.

Should “Total THC” be included?

It can be included, but the COA should clarify what it represents and how it is calculated. Buyers must standardize their internal interpretation.
Reference: /insights/thca-vs-thc-eu/.

Where do I verify labs and reports?

Use /compliance/lab-verification/.