The increasing regulatory requirement of supply chain due diligence compliance – the next (really) big thing in compliance

The requirement for businesses to do supply chain due diligence in order to comply with modern slavery and other environmental, social and corporate governance (ESG) rules has steadily increased in the past few years.

The pace of change has increased with individual countries introducing their own homemade rules, EU legislation is on its way, and potential litigation is looming in at least one European country.

The fact that many of these local rules have extra-territorial effect provides for a complex and fragmented compliance framework where international businesses operating across a number of jurisdictions will need to adhere to a range of legislative systems, all in different shapes.

This article sets out briefly the key issues to consider regarding “modern slavery”.

Modern slavery is a tricky concept – in brief, in legal terms, it may be defined as per the 1926 Slavery Convention, which describes it as “the status or condition of a person over whom any or all of the powers attaching to the right of ownership are exercised”. In more informal terms modern slavery is the severe exploitation of a person for personal or commercial gain. In commercial life modern slavery is often seen where people can become entrapped making clothes, preparing or serving food, picking crops and working in factories.


UK as the European first mover

Under the UK Modern Slavery Act 2015[1] organisations have to be transparent about their practices and policies in relation to preventing slavery and human trafficking, both within their own organisation and crucially within their global supply chains, as they are required to publish an annual slavery statement (on their website) about the steps that they have taken to combat modern slavery.

A commercial organisation (whether or not it is based in the UK) that (i) supplies goods or services, (ii) has a total annual turnover (i.e. total sales after tax) of £36 million or more (around €41.4 million & $USD 50.1 million) and (ii) carries out business in the UK[2] it must meet the disclosure requirements.

Failure to disclose the annual slavery statement could result in a court injunction (as applied for by the government) requiring disclosure[3].

The UK government also recently launched an official online modern slavery statement registry which can be used by an organisation to file their annual slavery statement. Currently this is voluntary, but the government’s intention is to make it mandatory[4].

The UK is planning to upgrade the disclosure requirements, including enforcement – following a public consultation, in 2020 the UK government issued its thoughts about revising the rules[5].

More recently, new impetus for reform of the slavery disclosure rules, along with possible legal changes in other related areas, came about following the UK Parliament’s investigation into the Uyghurs in Xinjiang, China[6]. Old laws such as the UK’s Foreign Prison-Made Goods Act 1897[7] may also see new life breathed into them.

The UK Parliamentary committee tasked with dealing with the Uyghurs issue, the Business, Energy and Industrial Strategy (BEIS) committee, issued a report about this and supply chains more generally in March 2021[8].


The position in other countries?

Other places have similar transparency and disclosure requirements. This could be said to have all been started with the California Transparency in Supply Chains Act[9]. The modern slavery transparency and disclosure requirements in Australia are on very similar lines to those in the UK[10].

A number of European countries are also active in this field, as follows:

France has a 2017 Duty of Vigilance Law/Loi de Vigilance[11] which can require businesses with at least 5,000 employees in France or at least 10,000 employees globally to put in place a so-called “Vigilance Plan” that identifies, assesses and seeks to mitigate human rights (and other) risks and tries to prevent human rights violations, both for the business itself and in its supply-chain; the plan must also be disclosed and non-compliance can result in civil sanctions.

Germany has a Supply Chain Act/Lieferkettengesetz under which businesses with over 3,000 employees (1,000 employees in 2024) are to put in place a risk management system that assesses human rights risks, seeks to mitigate risks and tries to prevent adverse human rights impact, both for the business and throughout the supply-chain (albeit with tiered levels of due diligence based on various factors).  Non-compliance may result in sanctions and exclusion from tendering procedures.

The Netherlands has a draft Child Labour Due Diligence Act/Wet Zorgplicht Kinderarbeid[12]  which will require businesses to do due diligence into whether their goods or services have been made with child labour and to put in place a plan to prevent child labour in their supply chains. The plan must be reported (to a regulator) and non-compliance can result in administrative and criminal sanctions.

Belgium has draft legislation[13] that will require companies registered in Belgium or operating in the country to identify and prevent human rights violations and mitigate social and environmental risks in their supply chains, including in their subsidiary companies.

These rules and draft laws all appear to have certain extra-territorial dimensions.


The Nordic/Baltic region

In Sweden there are no legal requirements for businesses to report about their work for human rights/modern slavery. The Swedish government has made clear, through guidelines and action plans, that businesses must comply with the UN principles on human rights etc. but the compliance requirements is to this date limited to policies and not legal requirements.

At the moment, Finland is considering to establish a Corporate Social Responsibility Act and the Finnish government has added the preparation of the Act to its agenda. The Corporate Social Responsibility Act would most likely include mainly provisions on responsibilities relating to environmental issues and human rights. It is yet unclear when the Act will become law. Finland has also published a National Action Plan on the UN Guiding Principles on Business and Human Rights and the Finnish government is promoting the compliance of these principles in Finnish companies. As part of the implementation of the UN Guiding Principles on Business and Human Rights, Finland organised round table discussions in which the State, companies, labour market organisations and non-governmental organisations sought a common view on how the UNGPs should be implemented in business activities.

In Lithuania there are no legal requirements for businesses to report about their work on human rights/modern slavery. However, In October 2020, the State Labour Inspectorate and the National Association Against Human Trafficking signed a cooperation agreement and agreed to strengthen prevention of human trafficking for forced labour and modern slavery as well as to give assistance to victims.

In Estonia the Ministry of Social Affairs has developed guidance material for businesses with the purpose to prevent and reduce human trafficking, but there are no legal requirements for businesses to be transparent about their practices and policies in relation to preventing slavery and human trafficking as it is required in UK Modern Slavery Act. The guidance material for businesses includes metrics to evaluate their subcontracting chain, helping businesses to answer question like – how to compile an anti-exploitation strategy and how internal supervision should be carried out etc.

In Denmark a cross-ministerial working group was established in 2019 in order to provide proposals for a strengthening of the Danish legislative framework, including harder punishment for ringleaders and improving the collaboration between the various public authorities responsible for this issue. The working group was set to deliver its report in late 2020, but has been delayed due to Covid19.


The general position in the EU?

Recently the European Parliament issued its official “European Parliament resolution of 10 March 2021 with recommendations to the European Commission on corporate due diligence and corporate accountability”[14] which calls on the EU to adopt ESG/due diligence legislation.

If adopted in the very wide-ranging approach favoured by the European Parliament this move could well have a very significant effect on businesses, including those who import goods into the EU since some of the focus is on using customs and trade policy to drive supply chain due diligence. According to the Resolution:

  • Obligations should be imposed on businesses “to identify, assess, prevent, cease, mitigate, monitor, communicate, account for, address and remediate potential and/or actual adverse impacts on human rights, the environment and good governance in their value chain”;
  • “[T]he scope of any future mandatory [European] Union due diligence framework should be broad and cover all large [businesses] governed by the law of a Member State or established in the territory of the [European] Union, including those providing financial products and services […] as well as all publicly listed small and medium-sized [businesses] and high-risk small and medium-sized [businesses]”. Further, “[…] the framework should also cover [businesses] which are established outside the [European] Union, but are active on the [EU] internal market”;
  • “[D]ue diligence obligations should be a condition for access to the [EU] internal market and […] operators should be required to establish and provide evidence, through the exercise of due diligence, that the products that they place on the [EU] internal market are in conformity with the environmental and human rights criteria set out in the future due diligence legislation”;
  • There should be “complementary measures such as the prohibition of the importation of products related to severe human rights violations such as forced labour or child labour”;
  • “[D]ue diligence obligations should be carefully designed to be an ongoing and dynamic process instead of a ‘box-ticking exercise’ and […] due diligence strategies should be in line with the dynamic nature of adverse impacts” and “[…] those strategies should cover every actual or potential adverse impact on human rights, the environment or good governance”;
  • There should be “a liability regime and […] in order to enable victims to obtain an effective remedy, [businesses] should be held liable in accordance with national law for the harm the [businesses] under their control have caused or contributed to by acts or omissions […] unless the [business] can prove that it acted with due care in line with its due diligence obligations and took all reasonable measures to prevent such harm”; and,
  • “[C]onducting due diligence should not automatically absolve [businesses] from liability for the harm they have caused or have contributed to”.

The next step will be for the European Commission to issue a draft legal proposal, which would then make its way through the EU legislative pipeline.


What about litigation?

In France a well-known pressure group called Sherpa recently claimed[15] to have brought a complaint before the Paris Public Prosecutor’s Office against multinational companies in the clothing/garment industry alleging the use of Uyghur forced labour in China by these organisations in their supply chains. Sherpa has a history of similar action in other areas and in a joint campaign in France with ActionAid France previously had an indictment brought against a Korean business over similar allegations.  Sherpa was also involved in similar action over environmental issues against a French oil company.

It can be expected that, in the future, litigation in the area of ESG/supply chain due diligence will grow throughout Europe over time.


What are the takeaways?

Supply chain due diligence compliance rules are either already in place in some countries or are in the legislative pipeline elsewhere – some commentators are already saying that future EU rules in this area could have as big an impact on businesses as EU GDPR. So, businesses need to start acting.

In order to better manage their third-party risk in the field of ESG/supply-chains, organisations should consider:

  • Putting in place appropriate due diligence and risk management processes, procedures and policies, and look at building this into holistic ESG and procurement processes, including looking at which rules you as a business are exposed to based on your geographic coverage
  • Training the appropriate staff to deal with these issues
  • Becoming more alert to pressure group activity. Some pressure groups, NGOs and universities are compiling target lists of organisations who they say are not taking these issues seriously. No business wants to appear on these lists and as a result it is important to escalate these requests quickly and deal with them appropriately. This is likely to need training for your social media people too
  • Becoming more alert to possible customs issues, making sure that your suppliers are clear that you expect total honesty on the origin of goods
  • Carefully examining any claims you make or your sales channel makes about ethical conduct, the origin of products etc. because it can be expected that some of the litigation is likely to be based on allegations of false claims. It is important to remember that in many cases the burden of proof is on the organisation making the claim and so proper, documented evidence should be obtained of any claim before it is made
  • Getting the Board on board
  • Keeping track of the various draft legislation and planning resources accordingly to be able to implement requirements when the various new rules come into force


Magnusson & Cordery[16]

Magnusson is an international law firm with offices across the Nordics, Baltics and Russia. We assist a range of international commercial clients on complex cross-border issues, including with due diligence in M&A transactions and within the corporate governance and compliance field. Magnusson employs a range of previous in-house counsel with in-depth knowledge about how to operate internal compliance systems. Find a Magnusson specialist at

Nikolaj Juhl Hansen

Nikolaj Juhl Hansen is a Danish corporate M&A lawyer and a part of Magnusson’s cross-border transactional team. Nikolaj coordinates advice for Magnusson’s clients across a number of worldwide jurisdictions, and has in recent years increasingly been involved in complex cross-border commercial regulatory assignments, e.g. within ESG, FDI screening, data protection, financial services legislation etc.

Cordery helps manage the ever-increasing compliance burden. Cordery provides innovative ways of helping General Counsel, compliance professionals and heads of legal across industries manage compliance. Using the expertise of seasoned compliance professionals and the content and technology capabilities of LexisNexis UK we provide expert advice and compliance solutions.  Cordery is licensed by the Solicitors Regulation Authority in the UK as an Alternative Business Structure so that we can provide our solutions and services with the quality, confidentiality and legal privilege that clients value in managing compliance. Contact a Cordery Specialist +44(0)207 118 2700.

André Bywater is a UK-qualified commercial lawyer with a focus on regulatory compliance, processes and investigations. He assists and advises mainly US and European in-house counsel along with compliance and IT teams. He is based in London in the UK working for Cordery, a niche law firm solely dedicated to compliance issues, in particular in the privacy/data protection, anti-bribery and corruption, and modern slavery spheres.



[2] this is not defined and depends on the facts of each case using a common-sense approach, e.g. if an entity inside or outside the UK sold just a handful of products in the UK (in a given financial year) it would probably not meet this condition but if e.g. it sold a few thousand UK pounds worth of products in the UK (in a given financial year) it probably would meet this condition

[3] Cordery’s FAQs and films about the UK disclosure requirements can be found here





[8] Summarised here:








[16] This briefing has been authored in a collaboration between Cordery partner Andre Bywater and Magnusson partner Nikolaj Juhl Hansen