Mapping social and environmental due diligence legislation

Policy paper

3 April 2026

3. Comparative analysis of due diligence requirements

Copy link to 3. Comparative analysis of due diligence requirements

Due diligence is the process by which business enterprises are expected to identify, prevent, mitigate and account for actual and potential adverse impacts associated with their activities, supply chains and business relationships, consistent with international due diligence instruments: the OECD MNE Guidelines, United Nations Guiding Principles on Business and Human Rights and the International Labour Organization’s Tripartite Declaration of Principles concerning Multinational Enterprises and Social Policy.

The OECD RBC Guidance sets out a six‑step process for due diligence. The standards are grounded in a “risk-based approach” and set out core principles or “key characteristics” of due diligence (see Box 1). This section considers the expectations of the 21 measures against the six‑step process. Figure 5, below and overleaf, provides a visual summary, whilst Annex A gives a descriptive overview of the extent to which each measure reflects each step.

Due to their different nature and purpose, the three categories of measure integrate due diligence differently. Whilst due diligence conduct measures set specific conduct requirements, disclosure measures indirectly encourage due diligence by requiring disclosure on due diligence topics.1 Product and market-based measures generally take two different approaches, with deforestation measures requiring due diligence actions (based on a narrow concept of due diligence) combined with a prohibition on the import, export and/or placing on the market of products associated with deforestation or forest degradation. Product and market-based measures on forced labour do not create conduct obligations, but due diligence is a measure that can support compliance and documentation of due diligence may be requested during investigation or enforcement proceedings (see Methodology section).

Figure 5. Overview of reflection of the six‑step due diligence framework
Copy link to Figure 5. Overview of reflection of the six‑step due diligence framework

Step 1: Embed responsible business conduct into policies and management systems

Copy link to Step 1: Embed responsible business conduct into policies and management systems

The main aim of Step 1 is to ensure that enterprises have the systems in place to implement an effective due diligence process, with appropriate policies, staff, resources, management and oversight systems and operating procedures. Enterprises are expected to assign oversight and responsibility for due diligence to relevant senior management and assign board level responsibilities for RBC more broadly. Due diligence policies are risk-based and dynamic: they should reflect an enterprise’s most significant risks across their own operations, suppliers and business relationships, and be adapted as contexts change. Enterprises are also expected to incorporate responsible conduct expectations into their engagement with suppliers and other business relationships.

Among the 21 measures, 14 explicitly require companies to have RBC policy commitments, broadly reflecting Step 1. Expectations on integrating due diligence into oversight and management systems, and incorporating RBC expectations into supplier engagement, are more varied across the measures and sometimes addressed through guidance.

Many of the due diligence conduct measures integrate aspects of Step 1, but differ in which aspects of the step they reflect. For example:

Policy requirements: 10 of 11 measures require companies to put in place a due diligence policy (or policies). Expectations vary from requiring that policies be verified and periodically audited; to expecting policies that include “up to date” information or that simply embed RBC without further specificity.
Integration into management and oversight: 8 of 11 measures explicitly address integrating due diligence into management and oversight systems.
Engagement with suppliers or other business relationships: 7 of 11 measures explicitly require entities to incorporate their policy commitments into contracts or other agreements with suppliers. Others do not address this, but nevertheless expect companies to engage with suppliers as part of the due diligence process (see Steps 2 and 3 below).2

Three out of four disclosure measures require disclosure or description of a policy; however, other aspects of Step 1 are less explicitly integrated and/or addressed in more detail in statutory guidance.3

Step 1 is less explicitly reflected across product and market-based measures, which, as noted above, often do not include conduct requirements. The EU Deforestation Regulation (2023) is the only measure to explicitly require policies and internal management controls,4 whilst the Operational Guidance on the US UFLPA encourages integrating due diligence into supplier relations through engagement and a written code of conduct (CBP, 2022, p. 13[4]).

Step 2: Identify and assess actual and potential adverse impacts associated with the enterprise’s operations, products or services

Copy link to Step 2: Identify and assess actual and potential adverse impacts associated with the enterprise’s operations, products or services

Step 2 aims to address how enterprises identify, assess and prioritise RBC risks and impacts for action, focussing on the criteria of severity and likelihood.5 A high-level scoping exercise ensures that businesses first identify general areas of the business, across their operations and business relationships, where risks are most likely and severe, based on “risk factors”. They then carry out iterative and increasingly in-depth risk assessments in prioritised areas to identify and assess specific impacts.

The majority (18/21) of the measures require entities to undertake a risk assessment (or, in the case of the disclosure measures, disclose their assessment). However, they differ in levels of specificity, for example in whether they distinguish between an initial scoping and in-depth assessment per the international standards. They also differ in their approach to prioritisation and traceability.

Risk scoping vs. assessment

While all due diligence conduct measures require entities to assess defined risks and impacts, only a few distinguish between an initial high-level scoping and subsequent assessment.

Under the product and market-based measures, the approaches differ between deforestation measures, which include a narrow concept of due diligence involving analysis and assessment of information,6 and the forced labour measures, which do not include conduct obligations.7

The disclosure measures each require disclosure on assessment of risk but differ in the level of detail. The three disclosure measures addressing modern slavery require a description of the steps an entity has taken to assess risk,8 while the EU CSRD (2024) focusses on the concept of “materiality”, requiring covered entities to report on the basis of double materiality assessments that encompass “impact materiality” and “financial materiality” to identify “material” impacts, risks and opportunities in the value chain9 (OECD, 2026[1]).

Prioritisation

The expectations around how companies should prioritise across their environmental and social risks and impacts differs between measures that target specific risks (generally product and market-based measures) and horizontal measures that address a range of RBC issues (generally due diligence conduct measures) and those targeting specific risks (generally product and market-based measures).

Measures that target specific issues: commodity and issue specific measures, such as the EU Conflict Minerals, Forced Labour and Deforestation Regulations, or the US UFLPA, effectively prioritise the issues and/or commodities that entities are expected to focus on, and do not expect companies to prioritise beyond this (see Figure 4).

Measures with broad issue scope: Certain measures explicitly require entities to prioritise risks and impacts based on severity and likelihood across a range of human rights and/or environmental impacts (see the section on Responsible business conduct issue scope above). Furthermore, some measures introduce additional criteria not found in international standards (such as the degree of influence a company has over a business partner).

Some legislation also integrates further regulatory parameters for risk prioritisation. For example, the EU Deforestation Regulation (2023) foresees the benchmarking of countries according to risk categories, with simplified or enhanced due diligence obligations;10 the EU AI Act (2024) categorises uses of artificial intelligence (AI) into different risk levels;11 whilst the EU Digital Services Act (2022) highlights, non-exhaustively, categories of systemic risks that require focus.12

Traceability

Four of the measures integrate explicit traceability requirements: the EU Deforestation Regulation (2023), the EU Batteries Regulation (2023), the EU Conflict Minerals Regulation (2017), and the Swiss Ordinance on Due Diligence and Transparency in relation to Minerals and Metals from Conflict-Affected Areas and Child Labour (2023). Traceability is also indirectly required under some product and market-based measures as a means to demonstrate that products are compliant with the measure. In contrast, due diligence conduct measures tend to be less explicit about the role of traceability in due diligence (see Box 2).

Box 2. Traceability and due diligence

Copy link to Box 2. Traceability and due diligence

The term “traceability” is generally understood as the capacity to determine with a certain degree of confidence four elements: (1) origin – where a particular product originates (2) geographical path – where it has travelled (3) chain of custody – who has handled it, and (4) the product’s physical evolution – what modifications it has undergone. Traceability can also be used to pass on certain information on a product’s sustainability performance.

Traceability is however not equivalent to due diligence. Even with advanced technologies, traceability on its own cannot guarantee responsible production and trade. A product may be completely traceable while still having been produced in problematic circumstances. Instead, traceability is one approach towards achieving a level of transparency needed in order to identify, track and address actual and potential adverse impacts in their own operations, supply chains and other business relationships.

Source: OECD/IEA (2025[5]), The role of traceability in critical mineral supply chains, https://doi.org/10.1787/edb0a451-en.

Step 3: Cease, prevent and mitigate adverse impacts

Copy link to Step 3: Cease, prevent and mitigate adverse impacts

The focus of Step 3 is on how enterprises respond to the risks and impacts that they have identified. Responsibilities differ according to the enterprise’s level of involvement with the risk or impact, with heightened responsibilities where an enterprise causes or contributes to (or may cause or contribute to) an adverse impact through its own activities, compared to where it is “directly linked” (i.e. a business partner causes the impact) (see Step 6 on remediation).

Many of the measures broadly expect companies to take appropriate, suitable and/or proportionate steps to prevent and mitigate identified risks and impacts. As with other steps, the conduct-based due diligence measures are most explicit.

Due diligence conduct measures all require entities to carry out measures to prevent and mitigate risks and impacts; however, they differ in levels of specificity and in emphasis. This includes the extent to which they integrate the “involvement framework” under the international standards,13 whether or not they require a prevention and mitigation plan, the level of detail they provide on specific prevention and mitigation actions, and the extent to which they address responsible disengagement. For example:

Prevention and mitigation requirements: Some measures detail mandatory and optional prevention and mitigation measures, while others rely on more general requirements to use proportionate and/or appropriate measures to prevent and mitigate impacts, giving more discretion to companies to judge what is an appropriate measure in a specific context.14
Provisions on disengagement: Measures vary on whether and how they address disengagement. Four measures explicitly address disengagement, with variance in level of detail including whether disengagement is presented as a measure of last resort, the situations where disengagement may or will be appropriate, and whether provisions are in place to ensure a responsible exit process (see Box 3).15
Product and market-based measures are focussed on ensuring that covered goods or commodities are free from stated risks or impacts or meet specific risk thresholds (e.g. free of deforestation or forced labour). Prevention and mitigation is indirectly encouraged for compliance; however, there is variance in whether and how this is integrated into the measures themselves. Unlike conduct-based measures, these measures do not explicitly address suspension or disengagement. Authorities prohibit the import/export of non-compliant goods, with possible consequences for suspension or termination of contracts where goods are found non-compliant following investigation and review processes.
Disclosure measures all require disclosure of prevention and mitigation actions in the primary text, but vary in whether they explicitly address other Step 3 concepts such as involvement, disengagement and leverage.16 Supplementary guidance addresses some of these concepts for certain measures.

Box 3. Responsible disengagement

Copy link to Box 3. Responsible disengagement

The OECD RBC standards make clear that disengagement is generally a measure of last resort. However, they acknowledge that business enterprises may sometimes need to temporarily suspend a supplier relationship or disengage when prevention and mitigation attempts have failed, where mitigation is not feasible or due to the severity of the impact. They emphasise that the potential adverse social and economic impacts of disengagement should be taken into consideration. They also recognise that disengagement may not be legally or practically feasible or an appropriate response in certain contexts. Where a decision to disengage is made, it should done responsibly, in accordance with the standards.

Sources: OECD (2023[3]), OECD Guidelines for Multinational Enterprises on Responsible Business Conduct, https://doi.org/10.1787/81f92357-en; OECD (2018[2]), OECD Due Diligence Guidance for Responsible Business Conduct, https://doi.org/10.1787/15f5f4b3-en.

Step 4: Track implementation and results

Copy link to Step 4: Track implementation and results

Step 4 aims to ensure that enterprises have systems in place to track and evaluate progress against the targets and indicators it set under Step 3, and to assess effectiveness of their due diligence. It is a central part of promoting meaningful efforts towards continual improvement over time. Monitoring activities should be tailored to the nature and severity of the impacts and relevant stakeholders should be involved in target setting and monitoring. Lessons learned should be used to improve future due diligence efforts and outcomes.

The requirement to monitor and track due diligence activities is included in 15 of 21 measures. However, there is variance in levels of specificity, including around the requirement to assess the effectiveness of measures taken.

Due diligence conduct measures: all conduct measures expect some form of tracking or monitoring (variously framed as ongoing tracking and monitoring of performance,17 or periodic review). For example, the German Supply Chain Act expects an annual review of remedial action, or more regular review where a significant change in risk is expected.18 Five measures address effectiveness specifically.19
Product and market-based measures: Tracking and assessing effectiveness is generally not explicitly required. However, the EU Deforestation Regulation (2023), while not referring to tracking or effectiveness, does require review and update of the due diligence system.20
Disclosure measures: 4 of 5 disclosure measures require some form of disclosure related to effectiveness, with the modern slavery measures requiring description of how the entity assesses effectiveness. The EU CSRD (2023) has a disclosure requirement related to tracking effectiveness.21

Step 5: Communicate how impacts are addressed

Copy link to Step 5: Communicate how impacts are addressed

Step 5 expects enterprises to publicly communicate relevant information on due diligence policies, processes, activities and outcomes, including on prioritised risks and impacts, actions to prevent and mitigate them (including where possible estimated timelines and benchmarks for improvement and their outcomes), and any remediation. The practical actions advise, with respect to human rights impacts, that entities communicate with actually or potentially impacted rightsholders information that is relevant to them.

The majority of measures (17/21) introduce requirements to publicly disclose information on due diligence, but there are significant variations in the scope and level of detail for disclosing impacts and risk-related data.

Disclosure measures: By their nature, these measures have detailed reporting requirements and supplementary guidance. They differ in their subject matter focus (as addressed in the Responsible business conduct issue scope section), with the EU CSRD (2023) addressing a range of RBC risks and impacts, while the other measures focus specifically on forced labour. The EU CSRD also asks companies to identify and disclose impacts which are financially material to a company through the concept of “double materiality”.
Due diligence conduct measures: These generally require an annual report on an entity’s due diligence actions. The measures are less detailed in their specific requirements than the disclosure measures, but generally require reporting to address actions taken to meet the due diligence requirements set out in the measure.
Product and market-based measures: These are more mixed on disclosure requirements. The EU Deforestation Regulation (2023) and the UK Environment Act (2021) include reporting requirements. The other measures do not set direct conduct or reporting requirements.

For more information, see the OECD’s policy brief, Reporting requirements in social and environmental due diligence legislation (OECD, 2026[1]).

Step 6: Provide for or co‑operate in remediation

Copy link to Step 6: Provide for or co‑operate in remediation

Step 6 aims to ensure that enterprises provide or contribute to remediation where they have caused or contributed to actual adverse impacts. It also expects that enterprises provide for or co‑operate in effective grievance mechanisms, through which impacted stakeholders can raise complaints and obtain remedy (where relevant).

Under OECD RBC standards, remediation should seek to restore affected persons to the situation they would be in had the adverse impact not occurred; the type or combination of remedies needed will depend on the nature and extent of the adverse impact. Grievance mechanisms should be consistent with the effectiveness criteria for non-judicial grievance mechanisms set out in the United Nations Guiding Principles for Business and Human Rights (UNGPs).

Only 7 of the 21 measures include an explicit conduct or disclosure requirement related to remediation, with differences in levels of detail.

Due diligence conduct measures: 4 of the 11 conduct measures include language on remediation, but the remaining 7 do not, making this the least integrated step of the framework. Those that include remediation differ in how detailed the requirement is, and whether they distinguish remediation expectations according to the company’s involvement with the harm (see Step 3 on the involvement framework).
Disclosure measures: Disclosure on remediation is required under the primary text of 3 of the 4 disclosure measures and expanded upon in guidance.22

None of the product and market-based measures explicitly require remediation, although evidence of remediation may assist entities in enforcement actions, demonstrating they have sufficiently addressed incidents of forced labour. Remediation is addressed in guidance in some cases. As noted earlier, the deforestation measures use a narrow concept of due diligence, with no requirement for remediation.

Eight of the 21 measures put in place requirements for some form of grievance or complaints mechanism.23 Some provide that entities can facilitate this through collaboration with other initiatives or recourse to an external body. Some of the measures frame the mechanism as an early warning or alert mechanism, with an emphasis on the quick identification of risks,24 whilst others frame the mechanism more as a means to receive complaints.25 Three measures make reference to the effectiveness of non-judicial grievance mechanisms, with two referring to the effectiveness criteria.26

Stakeholder engagement

Copy link to Stakeholder engagement

Meaningful stakeholder engagement is a key component of the due diligence process, and in some cases, may also be a right in and of itself.27 OECD RBC standards recommend engaging with relevant stakeholders throughout the due diligence process. They also explain the concept of meaningful stakeholder engagement, characterised by two‑way engagement and good faith, responsive and ongoing communication.28 Relevant stakeholders may include impacted and potentially impacted rightsholders, worker representatives, trade unions, community organisations, human rights defenders and civil society groups.

Due diligence conduct measures (7/11 measures) generally foresee stakeholder engagement and consultation as part of the due diligence obligation; however, they differ in specificity over when stakeholder engagement should take place, which stakeholders should be captured and what the process should look like.29 For example, some measures specify stakeholder engagement for specific steps only, and others include a narrower framing of consultation with experts and civil society for information purposes, rather than a broader concept of two‑way engagement.

Stakeholder engagement is less explicitly integrated into product and market-based measures and disclosure measures. Under product and market-based measures, only the EU Deforestation Regulation (2023) addresses it explicitly as a feature of risk assessment and reporting;30 although the US UFLPA Operational Guidance does recommend stakeholder engagement, but does not detail when, how or with whom such engagement should take place. Among disclosure measures, only the CSRD (2023) explicitly requires reporting on stakeholder engagement.31 The UK and the Australian Modern Slavery Acts address stakeholder engagement through statutory guidance.

Third-party verification, industry schemes and multi-stakeholder initiatives

Copy link to Third-party verification, industry schemes and multi-stakeholder initiatives

OECD RBC standards address the role of collaboration, including through industry schemes and multi-stakeholder initiatives, and third-party verification, to support companies’ due diligence. Collaboration can be beneficial in pooling knowledge on sector risks and solutions, increasing leverage with shared business relationships, and promoting efficient approaches, for example through common reporting templates or risk assessment frameworks. Cost sharing and savings can also be an important benefit, particularly for SMEs.

However, the standards also make clear that enterprises retain ultimate responsibility for their due diligence; participation in an initiative or use of third-party verification does not shift responsibility from the enterprise to the initiative or other verification provider. Where enterprises participate in initiatives or use third-party information or tools, they should assess their scope, quality and credibility.

Third-party verification, industry schemes and multi-stakeholder initiatives are referenced in several of the due diligence conduct measures but are generally not an explicit feature of disclosure or product and market-based measures. Out of 11 due diligence conduct measures, six refer variously to third-party verification, certification, industry initiatives and for multi-stakeholder initiatives, with differences in approach and levels of specificity to their role in supporting compliance.32 Approaches range from authority-led oversight and recognition of initiatives considered to align with policy objectives to more flexible approaches that task companies with understanding the relevance and credibility or “fitness” of the third party initiatives they use.

Oversight approaches, for example under the EU Conflict Minerals and Batteries Regulations, enable the Commission to recognise due diligence schemes as equivalent to the due diligence requirements of the regulation.33 More flexible approaches position industry and multi-stakeholder initiatives as a supportive tool for due diligence – a source of information or means of increasing leverage, rather than as a mandatory or compliance oriented function. The consequences of participation in an industry scheme or multi-stakeholder initiative for compliance and enforcement is often not set out in the legislation but instead in accompanying guidance aimed at clarifying their role in due diligence.34

Enforcement and public support

Copy link to Enforcement and public support

Across the 21 measures there are a range of enforcement approaches and modalities, which this paper only briefly summarises. The majority of measures require administrative enforcement, except for the French Duty of Vigilance Law, which uses judicial enforcement.

A range of different authorities are involved in enforcement. Product and market-based measures are often enforced by customs authorities. For example, the US Customs and Border Protection (CBP) agency enforces the forced labour import prohibition under section 307 of the Tariff Act. Across due diligence conduct and disclosure measures, relevant enforcement authorities involve consumer authorities, home affairs, public safety authorities and attorneys’ general offices. The enforcement of issue‑specific measures, for instance modern slavery acts, are often housed within specialised units of the relevant enforcement body. In some cases, enforcement responsibilities are split between two bodies, often one leading in promoting compliance and the other in monitoring and sanctioning non-compliance. For example, both the UK and the Australian Modern Slavery Acts’ enforcement processes are shared between the Attorney General’s department and Home Office on the one hand, and the Department of Business and Trade and the independent commissioner on the other.

Several of the measures encourage co‑operation and exchange of information between authorities, between different states, and between states and the European Commission. For example, the EU Forced Labour Regulation (2024) mandates the creation of networks of representatives of competent authorities across the member states, and the US UFLPA (2021) sets out a role for the Forced Labor Enforcement Task Force – an interagency task force – in developing an enforcement strategy.35

The measures embed a range of enforcement modalities, with some requiring supervisory authorities to undertake preventative actions through monitoring and checks to avoid non-compliance.36 Others contain specific reactive requirements for member states to undertake investigations where there are concerns of non-compliance, with investigations taken both on the authority’s own initiative or when a concern has been raised by a third party. For example, the EU CSDDD (2024) and EU Forced Labour Regulation (2024) each provide for authorities to receive and assess “substantiated concerns” from third parties. The US measures do not explicitly specify a role for authorities in receiving complaints and allegations; however, under CBP regulations, any person may submit allegations of suspected forced labour via the CBP’s portal.37

Many of the measures include a system of administrative penalties. The product and market-based measures also contain enforcement actions such as withdrawal and confiscation of products. Under the US forced labour measures, CBP has the authority to detain, seize or exclude goods produced with forced labour; while under the EU Forced Labour Regulation (2024), authorities may prohibit, withdraw, dispose of and restrict access to products.38

Finally, many of the measures provide for accompanying measures and guidance to support compliance. This includes providing guidance, developing information portals, help desks, providing training and facilitating business feedback. 5Annex B provides selected examples of guidance across some of the measures. In some cases, measures provide for guidance to support enforcement authorities (for example, EU Forced Labour Regulation (2024)).

Notes

Copy link to Notes

← 1. Revisions to the European Sustainability Reporting Standards (ESRS) (delegated regulation 2023/2 772 setting out the reporting requirements of the CSRD) are currently ongoing, and this report therefore refers only to reporting provisions covered in both the delegated regulation and the simplified draft submitted to the European Commission in 2025 (see: https://www.efrag.org/en/draft-simplified-esrs).

← 2. For example, the French Duty of Vigilance Law, 2017‑399 requires that entities’ vigilance plans address risks relating to suppliers and subcontractor, but does not prescribe a form for this, whereas the Swiss Ordinance (2021) and the EU Batteries Regulation (2023) require entities to incorporate their policy into contracts with direct suppliers. Likewise, the UAE Due Diligence Regulations for the Responsible Sourcing of Gold require entities to strengthen company engagement with gold supplying counterparties. See French Duty of Vigilance Law, 2017‑399, Article 1; Swiss 221.433 Ordinance on Due Diligence and Transparency in relation to Minerals and Metals from Conflict-Affected Areas and Child Labour (2021): Articles 10(1)(b), 11(1)(b); EU Batteries Regulation 2023/1 542: Article (49)(1)(e); UAE Due Diligence Regulation: Step 1.3.

← 3. For example, the UK Modern Slavery Act (2015) requires in the primary text that entities disclose their structure, business and supply chains, and policy; however, the statutory guidance provides further detail on oversight, management and supplier engagement (Home Office, 2025[11]).

← 4. EU Deforestation Regulation 2023/1 115: Article 11, https://eur-lex.europa.eu/eli/reg/2023/1115/oj/eng.

← 5. “Severity of impacts will be judged by their scale, scope and irremediable character. Scale refers to the gravity of the adverse impact. Scope concerns the reach of the impact, for example the number of individuals that are or will be affected or the extent of environmental damage. Irremediable character means any limits on the ability to restore the individuals or environment affected to a situation equivalent to their situation before the adverse impact.” (OECD, 2018, p. 42[2]).

← 6. EU Deforestation Regulation 2023/1 115: Article 10; UK Environment Act (2021): Sch.17(1)(3)(2)(a).

← 7. For example, under section 3 of the US UFLPA (2021), evidence of an entity’s efforts to identify and assess forced labour risks can be used to rebut presumptions of forced labour.

← 8. UK Modern Slavery Act (2015): Sec.54(5)(d); Australian Modern Slavery Act (2018) Sec.16(1)(d); Canadian Fighting Against Forced Labour in Supply Chains Act Bill S211: Sec.11(3)(c).

← 9. Double materiality assessment addresses both impact materiality (sustainability matters) and financial materiality. Sustainability matters are material when they pertain to actual or potential positive or negative impacts on people and environment (see ESRS 1, Section 3).

← 10. EU Deforestation Regulation 2023/1 115: Article 29 and see https://green-forum.ec.europa.eu/nature-and-biodiversity/deforestation-regulation-implementation/eudr-cooperation-and-partnerships_en. The Commission has also published a staff working document outlining the benchmarking methodology.

← 11. EU AI Act 2024/1 689; Article 6 and Annex III.

← 12. EU Digital Services Regulation 2022/65: Article 34.

← 13. The “involvement framework” differentiates between the due diligence expectations for companies depending on how they are involved with a specific risk or impact – whether they caused, contributed or are directly linked, consistent with the international standards. Where companies cause or contribute to harm, they have a responsibility to stop these activities and provide for or contribute to remedy. In situations where companies are “directly linked” there is more flexibility and RBC standards expect companies to seek to prevent or mitigate adverse impacts by using a range of potential measures as well as to use their leverage to encourage the entity causing the impact to remedy it (OECD, 2022[15]).

← 14. EU Corporate Sustainability Due Diligence Directive 2024/1 760: Articles 10, 11.

← 15. UAE Due Diligence Regulations for Responsible Sourcing of Gold: Step 3.2. (f). German Act on Corporate Due Diligence Obligations in Supply Chains: Section 7(2‑3); EU Conflict Minerals Regulation 2017/821: Article 5(1)(b)(ii‑iii).

← 16. Only the EU CSRD (via Delegated regulation 2023/2 772 setting out the European Sustainability Reporting Standards) addresses prevention and mitigation, involvement and leverage.

← 17. For example, EU Conflict Minerals Regulation 2017/821: Article 5(1)(iii), EU Batteries Regulation 2023/1 542: Article50(1)(b)(iii); EU Corporate Sustainability Due Diligence Directive 2024/1 760: Article 15.

← 18. German Act on Corporate Due Diligence Obligations in Supply Chains: Section 7(4).

← 19. EU Corporate Sustainability Due Diligence Directive 2024/1 760, French Duty of Vigilance Law, 2017‑399, German Act on Corporate Due Diligence Obligations in Supply Chains, Norwegian Transparency Act 2021, Swiss 221.433 Ordinance on Due Diligence and Transparency.

← 20. EU Deforestation Regulation 2023/1 115: Article 12(2).

← 21. European Sustainability Reporting Standard 2.

← 22. Australian Modern Slavery Act (2018); EU Corporate Sustainability Reporting Directive 2022/2 464; Canadian Fighting Against Forced Labour and Child Labour in Supply Chains Act 2023.

← 23. EU Corporate Sustainability Due Diligence Directive 2024/1 760; EU Batteries Regulation 2023/1 542; EU Conflict Minerals Regulation 2017/821; German Act on Corporate Due Diligence Obligations in Supply Chains; Norwegian Transparency Act 2021; French Duty of Vigilance Law, 2017‑399; Swiss Ordinance on Due Diligence and Transparency in relation to Minerals and Metals from Conflict-Affected Areas and Child Labour.

← 24. EU Conflict Minerals Regulation 2017/821; French Duty of Vigilance Law, 2017‑399.

← 25. For example, the German Supply Chain Act states (translation from German) “enterprise must set up the complaints procedure pursuant to section 8 in such a way that it also enables persons to report risks to human rights or environment-related risks as well as violations of human rights-related or environment-related obligations that have arisen due to the economic actions of an indirect supplier”.

← 26. Legitimate, accessible, predictable, equitable, transparent, rights-compatible, source of continuous learning. Principle 31, UN Guiding Principles on Business and Human Rights.

← 27. OECD MNE Guidelines on RBC, Commentary on chapter II, para 28 (OECD, 2023[3]).

← 28. According to the OECD MNE Guidelines on RBC: “Meaningful stakeholder engagement refers to ongoing engagement with stakeholders that is two-way, conducted in good faith by the participants on both sides and responsive to stakeholders’ views. To ensure stakeholder engagement is meaningful and effective, it is important to ensure that it is timely, accessible, appropriate and safe for stakeholders, and to identify and remove potential barriers to engaging with stakeholders in positions of vulnerability or marginalisation”. See Commentary on chapter II, para 28 (OECD, 2023[3]).

← 29. EU Conflict Minerals Regulation 2017/821; EU Batteries Regulation 2023/1 542; EU Corporate Sustainability Due Diligence Directive 2024/1 760; French Duty of Vigilance Law, 2017‑399; German Act on Corporate Due Diligence Obligations in Supply Chains of 16 July 2021; Norwegian Transparency Act 2021; Swiss 221.433 Ordinance on Due Diligence and Transparency.

← 30. EU Deforestation Regulation 2023/1 115: Articles 10(2)(d), 12(4)(c).

← 31. Under the ESRS (delegated regulation 2023/2 772 and simplified draft released in 2025), entities are expected to disclose information such as a description of their stakeholder engagement and their understanding of the interests and views of stakeholders as they relate to its business model and how interests of stakeholders were considered in setting policy, in relation to social topics.

← 32. EU Conflict Minerals Regulation 2017/821; French Duty of Vigilance Law, 2017‑399; German Act on Corporate Due Diligence Obligations in Supply Chains of 16 July 2021; Swiss 221.433 Ordinance on Due Diligence and Transparency in relation to Minerals and Metals from Conflict-Affected Areas and Child Labour (2021); EU Batteries Regulation 2023/1 542; EU Corporate Sustainability Due Diligence Directive 2024/1 760.

← 33. EU Batteries Regulation 2023/1 542: Article 53; EU Conflict Minerals Regulation 2017/821: Article 8.

← 34. The EU CSDDD (2024) proposes guidance setting out fitness criteria and a methodology for companies to assess the fitness of industry and multi-stakeholder initiatives (Article 20(4)). Similarly, to complement the German Supply Chain Act (2023), the Federal Office for Economic Affairs and Export Control (BAFA) has put in place guidance on standards, audits and certifications (BAFA, 2025[13]).

← 35. EU Forced Labour Regulation 2024/3 015: Article 6; US Uyghur Forced Labor Prevention Act, Public Law 117‑78, 2021: Section 2.

← 36. For example, under the EU Deforestation Regulation (2023), authorities are required to carry out checks on a specified percentage of operators and traders, depending on the risk category of the country of origin of the commodity (Article 16(9)).

← 37. See submission guidance: https://www.cbp.gov/sites/default/files/2025-06/how_to_submit_allegations_on_the_forced_labor_allegation_portal_qrg.pdf.

← 38. EU Forced Labour Regulation 2024/3 015: Articles 23‑25.

Featured topics

Agriculture and fisheries

Climate change

Development

Digital

Economy

Education and skills

Employment

Environment

Finance and investment

Governance

Health

Industry, business and entrepreneurship

Regional, rural and urban development

Science, technology and innovation

Society

Taxation

Trade

Energy

Nuclear energy

Transport

Featured topics

Agriculture and fisheries

Climate change

Development

Digital

Economy

Education and skills

Employment

Environment

Finance and investment

Governance

Health

Industry, business and entrepreneurship

Regional, rural and urban development

Science, technology and innovation

Society

Taxation

Trade

Energy

Nuclear energy

Transport

Countries A - C

Countries D - I

Countries J - M

Countries N - R

Countries S - T

Countries U - Z

Regional and global engagement

Countries

Countries A - C

Countries D - I

Countries J - M

Countries N - R

Countries S - T

Countries U - Z

Regional and global engagement

Publications

Publications

Featured publications

Data

Data

Featured data

News & events

News & events

Featured events

About OECD

About

Engage with us

Work with us

Featured topics

Agriculture and fisheries

Climate change

Development

Digital

Economy

Education and skills

Employment

Environment

Finance and investment