Supply Chain Due Diligence: Regulatory Requirements & Best Practices

What Is Supply Chain Due Diligence?

Supply chain due diligence is the process of identifying, preventing, mitigating, and accounting for adverse human rights and environmental impacts throughout an organization's supply chain. It extends traditional vendor due diligence beyond financial and operational assessments to encompass the social and environmental conditions under which goods and services are produced. When done well, it gives a complete picture of the ethical and environmental risks across a company's supply chain.

This concept — rooted in the UN Guiding Principles on Business and Human Rights and the OECD Guidelines for Multinational Enterprises — has rapidly evolved from voluntary best practice to binding legal obligation. Today, multiple laws require companies to conduct formal due diligence across their supply chains.

The Regulatory Landscape

EU Corporate Sustainability Due Diligence Directive (CSDDD)

The EU CSDDD, adopted in 2024, requires large companies to conduct human rights due diligence and environmental due diligence across their value chains:

• Scope: EU companies and non-EU companies with significant EU revenue meeting size thresholds
• Requirements: Identify and assess actual and potential adverse impacts; prevent, mitigate, and remediate impacts; maintain a complaints procedure; monitor effectiveness; publicly report
• Liability: Civil liability for failure to conduct adequate due diligence
• Timeline: Phased implementation beginning 2027 for the largest companies

German Supply Chain Due Diligence Act (LkSG)

Effective since January 2023, the German law requires companies with 1,000+ employees in Germany to:

• Establish a risk management system for human rights and environmental risks
• Conduct regular risk analyses across their own operations and direct suppliers
• Implement preventive and remedial measures when risks are identified
• Establish a complaints procedure accessible to affected parties
• Document and report annually

Other Key Regulations

Human Rights Risks in Supply Chains

Supply chain due diligence focuses on identifying and addressing:

Labor Rights

• Forced labor and modern slavery
• Child labor
• Unsafe working conditions and inadequate health and safety measures
• Excessive working hours and denial of rest periods
• Suppression of freedom of association and collective bargaining
• Wage theft and below-minimum-wage compensation
• Discrimination and harassment

Land and Community Rights

• Forced displacement of communities
• Denial of indigenous peoples' rights to land, territories, and resources
• Destruction of livelihoods
• Inadequate community consultation and consent

Environmental Impacts With Human Rights Dimensions

• Water pollution affecting community health
• Air pollution causing respiratory disease
• Soil contamination affecting agriculture
• Deforestation destroying ecosystem services that communities depend on
• Hazardous waste affecting worker and community health

The Due Diligence Process (OECD Framework)

The OECD Due Diligence Guidance for Responsible Business Conduct provides the globally recognized six-step framework:

Step 1: Embed Responsible Business Conduct Into Policies

• Develop a supply chain due diligence policy that commits the organization to identify prevent and mitigate adverse impacts, approved by senior management
• Integrate human rights and environmental expectations into supplier codes of conduct
• Communicate expectations to all suppliers and business partners
• Assign responsibility and accountability for due diligence activities

Step 2: Identify and Assess Adverse Impacts

Risk mapping:

• Identify high-risk sectors (agriculture, mining, textiles, electronics, construction)
• Map supply chain geographies against human rights risk indices
• Analyze commodity-specific risks (e.g., cobalt mining, palm oil production, garment manufacturing)

Prioritization:

• Focus initial efforts on the most severe and likely impacts, using supplier risk data to guide prioritization
• Severity considers scale (number of people affected), scope (gravity of impact), and irremediability (ability to restore those affected)
• Likelihood considers industry risk data, country-specific conditions, and supplier-specific indicators

Assessment methods:

• Supplier self-assessment questionnaires with human rights and environmental sections
• Third-party audits and site inspections
• Worker interviews and confidential surveys
• Adverse media and NGO report monitoring
• Industry and multi-stakeholder initiative data

Step 3: Cease, Prevent, and Mitigate Impacts

Depending on the organization's relationship to the impact:

• Causing: Stop the activity causing the adverse impact and remediate
• Contributing to: Cease contribution, use leverage to mitigate, remediate to the extent of contribution
• Directly linked through business relationships: Use leverage to influence the supplier; engage, capacity-build, or ultimately disengage if no improvement

Preventive measures:

• Supplier capacity building and training programs
• Joint improvement plans with defined milestones
• Sourcing diversification away from high-risk suppliers
• Industry collaboration on systemic risks
• Contractual requirements with monitoring and enforcement mechanisms

Step 4: Track Implementation and Results

• Monitor whether mitigation measures are actually implemented and effective
• Use a combination of quantitative indicators and qualitative assessments
• Track supplier improvement progress against agreed plans
• Report on KPIs: audit completion rates, corrective action closure, worker grievance resolution

Step 5: Communicate How Impacts Are Addressed

• Publish annual reports on due diligence policies, identified risks, and actions taken
• Respond to information requests from stakeholders (where legally required)
• Participate in industry reporting initiatives and transparency platforms

Step 6: Provide for or Cooperate in Remediation

• Establish operational-level grievance mechanisms accessible to affected workers and communities
• Cooperate with legitimate judicial and non-judicial remediation processes
• Track grievances from receipt through investigation and resolution
• Ensure remediation is proportionate to the adverse impact

Practical Implementation Guidance

Start With Your Highest-Risk Areas

You cannot assess every supplier simultaneously. Prioritize:

1. Direct suppliers in high-risk sectors and geographies
2. Commodity-specific risk areas (conflict minerals, cotton, cobalt, palm oil)
3. Suppliers flagged by adverse media, worker complaints, or audit findings
4. Strategic suppliers where you have the most leverage

Build Leverage Through Collaboration

No single company can transform supply chain practices alone. Increase your impact by:

• Joining industry initiatives (Fair Labor Association, Responsible Business Alliance, Sedex)
• Collaborating with peers on joint audits and shared supplier assessments
• Engaging with civil society organizations that have on-the-ground expertise
• Supporting government and multi-stakeholder governance frameworks

Balance Engagement and Disengagement

Disengaging from a problematic supplier may actually worsen conditions for affected workers. Where possible, use your business relationship as leverage to drive improvement. Disengagement should be a last resort when:

• The supplier refuses to cooperate or acknowledge issues
• No improvement is demonstrated despite sustained engagement
• The severity of the impact is too great to continue the relationship

Invest in Technology

Supply chain due diligence at scale requires technology support:

• Supply chain mapping tools to identify and visualize multi-tier supplier networks
• Risk screening platforms that integrate human rights, environmental, and governance data
• Audit management systems for tracking assessments and corrective actions
• Worker voice platforms enabling direct feedback from supply chain workers
• Reporting tools that aggregate data for regulatory compliance and stakeholder communication

The Business Case

Beyond supply chain compliance requirements, supply chain due diligence delivers tangible business value: reduced operational disruption from supplier incidents, stronger customer and investor relationships, improved brand resilience, better access to capital markets that increasingly incorporate ESG criteria, and early identification of supply chain vulnerabilities before they become crises.

Organizations that treat supply chain due diligence as a strategic function — rather than a compliance checkbox — build more resilient, ethical, and competitive supply chains.