Mapping social and environmental due diligence legislation

This section builds on the findings set out in Sections 2 and 3, exploring key areas of convergence and divergence in how due diligence is integrated across the three categories of measure.

While the legislative measures differ in scope, design and levels of specificity, they share as their objective the mitigation and prevention of adverse social and/or environmental impacts. They also ask companies to look beyond their own operations to adverse impacts associated with their supply chains or other business relationships. The measures also generally expect companies to put in place similar systems and processes for identifying and assessing risk. Very often they refer to the same underlying international standards, with broad coverage of key due diligence elements and characteristics, such as the concept of proportionality and an emphasis on significant risks.1 Many of the measures give companies an important degree of discretion to decide what measure is appropriate or proportionate in a given context, reflecting the international standards as well as risk-based due diligence legislation in other policy areas.

The findings above highlight a number of specific commonalities in how the measures address due diligence requirements. For example, the majority of measures expect companies to, in varying levels of detail:

• Put in place a due diligence policy.

• Identify and assess significant labour, human rights and/or environmental risks and impacts.

• Use adequate and/or proportionate prevention and mitigation measures.

• Carry out stakeholder engagement.

• Publicly disclose information on their due diligence.

These commonalities provide an important reference point for governments in the process of designing new legislation and when supporting companies to comply with existing legislation. Leveraging convergence through policy co‑operation can help to promote more consistent and effective implementation practices, as well as co‑ordinated and consistent enforcement approaches.

Governments can, for example, co‑ordinate in developing clear and consistent understanding of core concepts, terms and processes through publishing joint interpretative materials (including around previously aligned minimum requirements and/or common terminology). They can also identify and signpost to equivalent concepts in related measures through guidance for business and enforcement agencies, as well as through capacity-building initiatives. Where appropriate, more formal interoperability or recognition models can also be considered (OECD, 2025[6]).

Common references to international standards can provide an important reference point to promote coherent and effective business practices and enforcement where policy aims and expectations broadly converge (for example in developing a common understanding of the risk-based approach, credible prioritisation processes, or common best-practice examples of effective mitigation and prevention activities; see also the OECD’s Reporting requirements in social and environmental due diligence legislation (OECD, 2026[1])).

Divergences are discussed across six topics of relevance to the design of new laws and policies, and as entry points for future policy co‑operation to promote effective and coherent due diligence practices, address implementation challenges and support coherent enforcement.

While many of the measures explicitly or implicitly expect companies to identify and prioritise significant areas of risk, they often vary in approach and scope. These differences can create implementation challenges and complexity for companies operating across different jurisdictions. For example:

• Supply chain definitions and coverage: Differences can impact where companies are required to focus their due diligence across business partners and segments of the supply chain (e.g. upstream, downstream, full value chain or “chain of activities”) (see Figure 3).

• Prioritisation criteria and the “risk-based approach”: Measures vary in how far they prescribe priority issues, supply chains or commodities, or define prioritisation criteria and a credible prioritisation process. Some measures introduce criteria that diverge from international standards rather than focussing on where potential or actual impacts are most severe and likely.

• Traceability and/or supply chain mapping requirements: Some measures apply strict traceability requirements or expect entities to gather and disclose to authorities a range of product- and entity-level sustainability and due diligence information. Traceability is also indirectly required under product and market-based measures as a means to demonstrate that products are compliant. Horizontal measures do not include the same level of prescription on traceability or product disclosures (see Box 2).

Differences in how companies are expected to identify and prioritise salient or significant impacts can create particular challenges for businesses operating across different measures and jurisdictions. For example:

• Companies may be asked to consider a different potential “pool” of risk areas, leading to different final outcomes (i.e. different lists of salient or significant impacts). Companies may prioritise issues under one measure that would not be considered “high risk” under other measures or when applying the risk-based approach under international standards. As a result, companies may have to establish parallel tools and methodologies for risk identification and prioritisation. This can also complicate disclosures – see the OECD’s Reporting requirements in social and environmental due diligence legislation (OECD, 2026[1]).

• It can be challenging for companies to demonstrate credible, comparable and integrated prioritisation decisions to external stakeholders, such as supervisory authorities, investors and civil society organisations, if definitions of saliency or materiality, as well as risk prioritisation criteria and methodologies, are inconsistent.

• Conflicting approaches and/or differences in detail can also create complexity and uncertainty for suppliers and other business relationships, who risk being subject to multiple and conflicting information requests depending on how individual buyers or other regulated entities prioritise specific topics.

• Where measures introduce strict traceability requirements or product disclosure rules they expect greater resource investment in risk management of a specific issue (or a specific supply chain). Companies may need to divert significant resources towards tracing specific products or supply chains, potentially at the expense of other risks that may be considered salient under other legislation in another jurisdiction.  

The measures similarly differ in some important respects when it comes to responding to identified significant risks or impacts:

• Risk thresholds vs. demonstrated progress on prevention and mitigation outcomes: Some product and market-based measures require companies to demonstrate no or negligible risk in relation to a designated issue (e.g. deforestation or forced labour); in these cases, due diligence is presented as a tool to demonstrate compliance with that threshold. Due diligence conduct and disclosure measures ask companies to demonstrate appropriate and proportionate mitigation, prevention and remediation processes and/or outcomes based on progress over time against targets, not to meet an overall risk threshold.

• Remediation: A relatively small proportion of the measures include an explicit conduct or disclosure requirement related to remediation, making this the least integrated due diligence aspect. Those that include remediation differ in level of detail, including how they define remediation and the situations in which remediation is required.

• Responsible disengagement: While some conduct measures explicitly address the topic, they vary in how they do so and in levels of prescription and specificity. Product and market-based measures do not introduce conduct requirements, but use a prohibition on import/export or placing on the market (with possible consequences for the suspension or termination of contracts).

• Levels of specificity: Some measures include lists of prevention and mitigation measures (voluntary or mandatory) and foresee guidance about what constitutes appropriate practice; others set out broad requirements on prevention and mitigation and give companies more discretion to judge what is an appropriate or effective response in a particular context – sometimes accompanied by guidance. Measures also emphasise different types of prevention and mitigation actions, such as requirements to consider and adapt purchasing practices and business models; the use of contracts, codes of conduct and contractual assurances; independent verification and/or industry and multi-stakeholder initiatives; using and building leverage over business partners; and financial and non-financial support to suppliers, in particular SMEs.

These differences can have important implications for regulated entities and their business partners. They can result in a lack of clarity for companies and business partners on what is “good enough”: when they should be pursuing due diligence efforts, when they can determine that mitigation has “failed” or when disengaging from a supplier is appropriate, and what their responsibilities are around prevention, mitigation and remediation. In these cases further clarity on effective prevention and mitigation activities can be provided in guidance, as already envisaged under some conduct-based measures. Other differences can lead to companies facing inherently conflicting obligations for the same issue, with implications for whether and how they choose to support and engage with suppliers, particularly on more complex issues that may require longer time frames and more collaborative approaches. For example, companies may choose to disengage from a supplier to comply with one piece of legislation, whereas another piece of legislation may expect ongoing engagement to ensure prevention, mitigation and/or remediation. This can in turn lead to companies making diverging or conflicting demands on suppliers even where the impact in question is the same.

While there is broad convergence across the measures and steps of the due diligence process companies have to disclose across the legislation, there are variations in terms of scope, assessment approaches and level of detail for disclosing impacts and risk-related data. The appropriate level of specificity in reporting is often not clear nor well understood by businesses in the context of disclosing actions to prevent and mitigate salient risks and impacts, as well as the effectiveness or outcomes of those actions. Finally, even where information needs are aligned across legislation and related reporting frameworks, differences in how data is shared can hinder streamlined reporting and create duplicative reporting and data requests. These challenges can cascade down to business relationships of regulated entities, particularly those with limited capacity and resources to respond to multiple and sophisticated data requests. For considerations for governments, see Reporting requirements in social and environmental due diligence legislation (OECD, 2026[1]).

Many of the measures explicitly foresee stakeholder engagement and consultation as part of due diligence obligations but differ in specificity, including when stakeholder engagement should take place in the process, what meaningful engagement entails, and in almost all cases do not define “stakeholders”.

Broad convergence around the importance of stakeholder engagement provides an important reference point for governments designing new legislation. It also provides governments with an opportunity to clarify key concepts and terms, including through guidance. Many of the measures give companies a degree of discretion to judge which stakeholders are most relevant in a particular context. Different stakeholders will be relevant for different aspects of due diligence (e.g. risk assessments vs. remediation) and will vary according to a company’s sector, position in the supply chain and the nature of its business relationships. However, a lack clarity and/or differences around who companies should engage with and when adds complexity for companies implementing measures across jurisdictions, as well as uncertainty for stakeholders. It also risks inconsistent approaches by enforcement authorities.

A number of conduct-based measures reference industry schemes, multi-stakeholder initiatives and/or third-party verification in the context of due diligence. Approaches broadly range from government-led oversight and recognition of industry initiatives to more flexible approaches that task companies with evaluating the relevance and credibility (or “fitness”) of the initiatives and/or third-party verification providers that they use. More flexible approaches tend to position industry and multi-stakeholder initiatives as a tool that entities may use in their due diligence – a source of information or means of increasing leverage – rather than as a mandatory or compliance‑oriented function. Some measures explicitly state that entities retain ultimate responsibility for their own due diligence obligations. Policymakers have sought to clarify the role that certifications and other types of initiative play in supporting compliance through guidance, including to clarify that certification or participation in an industry scheme does not guarantee compliance. This can be seen, for example, in guidance developed by Germany’s Federal Office of Economics and Export Control (BAFA) under the German Supply Chain Act (2023) and by the European Commission under the EU Deforestation Regulation (2023).

Multi-stakeholder initiatives, industry schemes and third-party verification can in practice play an important role in supporting companies and their suppliers to comply with due diligence measures, even where they are not explicitly referenced. However, significant differences in the scope, design and quality of these initiatives can be complex to navigate and present challenges both for businesses using them and for authorities overseeing compliance. It is notable that many measures and accompanying guidance do not address how enforcement authorities should evaluate companies’ participation in different initiatives, nor set out guidance or criteria to evaluate their credibility. The OECD has explored the role of sustainability initiatives in the context of mandatory due diligence in other papers (OECD, 2026[7]).

The regulatory mapping findings show important areas of divergence in relation to enforcement mechanisms. This topic requires further research and goes beyond the main scope of this paper. Nevertheless, co‑operation around how due diligence is enforced, and how enforcement authorities understand key due diligence terms and concepts, will play a significant role in determining effective implementation and, ultimately, the uptake and impact of the different pieces of legislation. This topic will be the focus of an upcoming policy paper by the OECD.