|
Disclosure |
|
UK Modern Slavery Act (2015) |
-
Policies: disclose policies and due diligence processes in relation to modern slavery (Sec.54(5))
-
Management systems: referenced in guidance
-
Business relationships: referenced in guidance
|
-
Scope: guidance refers to high-level risk assessment and then assessing identified risks (4.2)
-
Assess: disclose due diligence processes and steps taken to assess risk (Sec.54(5))
-
Prioritise: guidance refers to prioritisation on basis of severity and likelihood (4.2)
|
-
Prevent/mitigate: disclose due diligence processes and steps taken to manage risk (Sec.54(5)(c, d))
-
Involvement framework: not addressed
|
|
Australia Modern Slavery Act (2018) |
-
Policies: referenced in guidance
-
Management systems: referenced in guidance
-
Business relationships: referenced in guidance
|
-
Scope: guidance references initial scoping (mandatory criterion 3)
-
Assess: disclose risks of modern slavery practices in the operations and supply chains; and actions to assess risk (Part 2, 16(c-d))
-
Prioritise: guidance references prioritisation (mandatory criterion 4)
|
-
Prevent/mitigate: describe actions taken to address risk (Part 2, 16(d))
-
Involvement framework: guidance explains that risks of modern slavery practices means potential for entity to cause, contribute or be directly linked to modern slavery
|
|
Canada Fighting Forced Labour in Supply Chains Act (2023) |
-
Policies: disclose policies and due diligence processes in relation to forced labour (Sec.11(3))
-
Management systems: referenced in guidance
-
Business relationships: not addressed
|
|
|
|
EU Corporate Sustainability Reporting Directive (2023) |
-
Policies: explicit: disclosure of policy (European Sustainability Reporting Standards (ESRS) 2)
-
Management systems: disclosure of how management and supervisory bodies are informed about material risks and impacts (ESRS 2)
-
Business relationships: not addressed
|
-
Scope: undertake and disclose materiality assessment based on a “double materiality” lens across the full list of sustainability matters, taking a full value chain perspective (ESRS 1)
-
Assess: disclose risk assessment; methodologies and assumptions employed (ESRS 2)
-
Prioritise: for impact materiality, disclose how entity prioritised based on severity and likelihood (ESRS 2), criteria used, decision making process. High severity negative impacts are automatically material.
|
-
Prevent/mitigate: disclose actions (including action plans) to prevent and mitigate (ESRS 2); disclose information related to payment practices (ESRS G1)
-
Involvement framework: reporting to consider impacts entity is involved with through own operations or as a result of its business relationships
|
|
Dodd-Frank Act (2010) – Section 1 502 / SEC Final Rule (2012) |
-
Policies: adoption of a Conflict Minerals Policy; disclosure of Annual Conflict Minerals Report (CMR) to the SEC.
-
Management systems: review of management systems and processes as part of the audit of the CMR (p.211).
|
-
Scope: not specified
-
Assess: disclose measures taken to exercise due diligence and chain of custody; products manufactured or contracted to be manufactured that are not DRC conflict free; entity that conducted audit; facilities used to process conflict minerals; country of origin (p. 838)
-
Prioritise: not specified but focus on OECD Due Diligence Guidance for Responsible Supply Chains of Minerals from Conflict-Affected and High-Risk Areas Annex II risks, in relation to DRC and adjoining countries (covered countries)
|
|
|
Due diligence conduct |
|
French Duty of Vigilance Law (2017) |
-
Policies: not addressed, implicitly expected through requirement to publish and implement a vigilance plan
-
Management systems: as above
-
Business relationships: as above
|
-
Scope: risk mapping that identifies, analyses and ranks risks in scope (Art.1(4)(1))
-
Assess: procedures to regularly assess, in accordance with risk mapping, the situation of subsidiaries, subcontractors and suppliers with whom the company maintains an established commercial relationship (Art.1(4)(2))
-
Prioritise: limited by severity or seriousness
|
-
Prevent/mitigate: appropriate action to mitigate risks or prevent serious violations (Art.1(4)(3)
-
Involvement framework: refers to risks resulting directly or indirectly from the operations of the company and the companies it controls, as well as operations of subcontractors or suppliers where there is an established business relationship (Art.1(3))
|
|
Norwegian Transparency Act (2021) |
-
Policies: embed responsible business conduct into policies (Sec.4(a))
-
Management systems: not explicitly required but implicitly required through definition of due diligence
-
Business relationships: not explicitly required but implicitly required through definition of due diligence
|
-
Scope: not specified
-
Assess: identify and assess actual and potential adverse impacts on fundamental human rights and decent working conditions (Sec.4(b))
-
Prioritise: implement suitable measures to cease, prevent or mitigate adverse impacts based on the enterprise’s prioritisation and assessments (Sec.4(c))
|
-
Prevent/mitigate: implement suitable measures to cease, prevent or mitigate adverse impacts based on the prioritisations and assessments (Sec.4(c))
-
Involvement framework: identify and assess risks that entity has either caused, contributed or is directly linked to (Sec.4(b))
|
|
German Supply Chain Act (2023) |
-
Policies: issue a policy statement on human rights strategy (Sec.6(2))
-
Management systems: requires risk management system, determination of person responsible for monitoring system, that senior management seek information about this regularly and that results be communicated to board (Sec.4, 5, 6)
-
Business relationships: contractual assurances from direct suppliers (Sec.6)
|
-
Scope: guidance refers to gathering an overview of business area, business relationships in supply chain prior to commencing assessment (4.1; Q2)
-
Assess: appropriate and regular risk analysis (at least yearly) to identify human rights and environmental related risks in own business area and direct suppliers (Sec.5(1)); where there is substantiated knowledge of possible human rights or environmental violation at level of indirect supplier, carry out risk analysis in accordance with Sec.5(1), (Sec.9(3)(1)); ad hoc risk analysis covering both own area of business and direct/indirect suppliers where there are significant changes in business activity or where enterprises must expect a significantly changed or significantly expanded risk situation in the supply chain (Sec.5(4))
-
Prioritise: identified human rights and environment-related risks must be weighted (separately for own business area and direct suppliers) and prioritised appropriately (Sec.5(2); 9(3)); for appropriateness criteria see Sec.3(2))
|
-
Prevent/mitigate: take appropriate preventative measures and remedial action to prevent, end or minimise extent of violation; if violation at direct supplier level cannot be ended in foreseeable future, draw up and implement a concept with a concrete timetable for ending or minimising violation without undue delay (Sec.6(3), 7(1‑2)); adapt risk management system and put in place appropriate preventive measures and implement a cessation concept, where there entity has substantiated knowledge of a violation of a human rights or environment related obligation at level of indirect supplier (Sec.9(2‑3))
-
Involvement framework: appropriate actions depend on nature of causal contribution of the entity to the risk (Sec.3(2)(4))
-
Disengagement: temporary suspension while mitigating risk; termination only required for “very serious” violations, where remedy has failed or where entity has no other less severe option and increasing influence has no prospect of success (Sec.7(2‑3))
|
|
Swiss Ordinance on Due Diligence (2022) |
-
Policies: required (Art.10, 11)
-
Management systems: not addressed
-
Business relationships: include supply chain policy in contracts and agreements with suppliers (Art.10, 11)
|
-
Scope: not specified
-
Assess: identify risks in the supply chain and assess them in their risk management plan (Art.15(1))
-
Prioritise: assess risks according to the likelihood of occurrence and severity of adverse impacts (Art.15(1))
|
-
Prevent/mitigate: identified risks in the supply chain shall be eliminated, prevented or minimised according to their likelihood of occurrence and the severity of the adverse impacts (Art.15(2))
-
Involvement framework: not addressed
|
|
EU CSDDD (2024) |
-
Policies: integrate due diligence into policies and have in place a due diligence policy (Art.7)
-
Management systems: integrate due diligence into risk management systems (Art.7(1)); level of responsibility not specified in CSDDD (but at board/directors’ level according to general corporate governance rules)
-
Business relationships: due diligence policy to include code of conduct applicable to direct and indirect business partners (Art.7(2)); appropriate measures include, where relevant, seeking contractual assurances; terms for SMEs to be “fair, reasonable and non-discriminatory” (Art.10(2)(b), 10(4), 10(5); Art.11(3)(c)), 11(5), 11(6)
|
-
Scope: scope operations, those of subsidiaries and, where related to chains of activities, those of business partners, to identify general areas where adverse impacts may occur, based on reasonably available information (Art.8(2)(a))
-
Assess: based on the results of the scoping, carry out in-depth assessments in areas where adverse impacts are identified to be most likely and severe (Art.8(2)(b))
-
Prioritise: prioritise adverse impacts based on severity and likelihood (Art.9)
|
-
Prevent/mitigate: take appropriate measures to prevent and mitigate potential adverse impacts, bring actual adverse impacts to an end, and minimise extent of impact that cannot be brought to end (Art. 10, 11); includes list of mandatory prevention and mitigation measures, where relevant
-
Involvement framework: addresses impacts caused only by company, caused jointly or caused only by business partner (Art.10, 11)
-
Disengagement: where impacts could not be prevented or mitigated, requirements to suspend business relationship, unless negative effects of suspension exceed those of adverse impacts to be addressed, and take steps to prevent, bring to an end the impacts of suspension and provide reasonable notice to business partner (Arts.10, 11)
|
|
EU Batteries Regulation (2023) |
-
Policies: required (Art.48)
-
Management systems: requirement to assign oversight responsibilities to top management (Art.49(1))
-
Business relationships: incorporate policy, risk measures into contracts and agreements (Art.49)
|
-
Scope: no distinct requirement
-
Assess: identify and assess risk of adverse impacts in supply chain, with reference to risks listed in annex (Art.50(1))
-
Prioritise: no distinct requirement
|
-
Prevent/mitigate: design and implement strategy, including risk management plan, to prevent or mitigate or otherwise address adverse impacts (Art.50(1)); assess probability of adverse impacts in risk categories listed in Annex of regulation (Art.50(3))
-
Involvement framework: situations where entities are “directly linked” are not explicitly addressed but may be inferred through definition of due diligence as including risks by suppliers in the supply chain and references to induced, indirect and cumulative environmental and human rights effects (Art.3(1)(42); Annex X)
-
Disengagement: provides for temporary suspension or for discontinuation after failed attempts at mitigation (Art.50(2)(b)(iii))
|
|
EU Conflict Minerals Regulation (2017) |
-
Policies: adopt and communicate policy (Art.4(a, b))
-
Management systems: structure internal management systems to support supply chain due diligence (Art.4(c))
-
Business relationships: incorporate policy into contracts and agreements with suppliers (Art.4(d))
|
-
Scope: no distinct requirement
-
Assess: identify and assess the risks of adverse impacts in mineral supply chain, consistent with Annex II of the OECD Due Diligence Guidance for Responsible Supply Chains of Minerals from Conflict-Affected and High-Risk Areas (Art.5)
-
Prioritise: not specified, but focus on minerals originating from Conflict-Affected and High-Risk Areas
|
-
Prevent/mitigate: implement a strategy to respond to the identified risks to prevent and mitigate adverse impacts (Art.5)
-
Involvement framework: not addressed
-
Disengagement: provides for temporary suspension during mitigation efforts; disengagement after failed attempts at mitigation (Art.5(1)(b)(ii‑iii))
|
|
EU Digital Services Act (2022) |
-
Policies: terms and conditions of intermediary service providers shall include information on restrictions in relation to use of information including policies, procedures, measures and tools used for the purpose of content moderation
-
Management systems: establish compliance function with authority, stature, resources and access to the management body of the provider (Art.41)
-
Business relationships: providers of very large online platforms and search engines shall provide recipients with concise summary of terms and conditions (Art.14)
|
-
Scope: not specified
-
Assess: providers of very large online platforms and search engines shall identify, analyse and assess systemic risks (Art.34)
-
Prioritise: focus is on systemic risks, taking into consideration severity and probability (Art.34)
|
-
Prevent/mitigate: providers of very large online platforms and search engines put in place reasonable, proportionate and effective mitigation measures that are tailored to the specific systemic risks (Art.35)
-
Involvement framework: not addressed
|
|
EU AI Act (2024) |
-
Policies: strategy for regulatory compliance as part of quality management system (Art.17(1)(a))
-
Management systems: for high-risk AI systems, establish and implement a risk management system (Art.9(1‑3)); put in place quality management system (Art.17(1))
-
Business relationships: not addressed
|
-
Scope: for high-risk AI systems, identification and analysis of reasonably foreseeable risks (Art.9)
-
Assess: for high-risk AI systems, estimation and evaluation of risks that may emerge during use and reasonably foreseeable misuse; evaluation of other risks possibly arising (Art.9(2)(a-c); for general-purpose AI with systemic risk, identify and mitigate systemic risks (Art.55)
-
Prioritise: for high-risk AI systems, focus on reasonably foreseeable risks (Art.9(2))
|
-
Prevent/mitigate: for high-risk AI systems, adoption of appropriate and targeted risk management measures (Art.9(2(d), 4); measures such that residual risk is judged to be acceptable (Art.9(5)(a-c)); for general-purpose AI with systemic risk, mitigate systemic risk (Art.55); take corrective action following reporting of serious incident (Art.73(6))
-
Involvement framework: not addressed
|
|
Korea AI Basic Act (2025) |
-
Policies: indirectly required through risk management plan (Art.34)
-
Management systems: build monitoring and risk management system (Art.32); ensure human supervision and oversight (Art.34)
-
Business relationships: not addressed
|
-
Scope: conduct preliminary assessment to determine whether AI systems qualify as high-impact AI (Art. 33)
-
Assess: implement measures to identify and assess risks at each stage of the AI life cycle (Art. 32); assess in advance impact on human rights for high-impact AI (Art.35)
-
Prioritise: focus is on high-impact or high-risk AI (not defined)
|
-
Prevent/mitigate: for AI business operators, where the AI system meets a specified threshold of computing capacity, implement measures to identify, assess and mitigate risks at each stage of the AI lifecycle (Art.32); for high-risk AI, develop and implement a risk management plan and user protection plan (Art. 34)
-
Involvement framework: not addressed
|
|
UAE Due Diligence Regulations for Responsible Sourcing of Gold (2022) |
-
Policies: adopt a gold supply chain policy (1.1)
-
Management systems: establish internal governance system to implement due diligence (1.2)
-
Business relationships: integrate policy into contracts and agreements, and strengthen company engagement (1.4)
|
|
-
Prevent/mitigate: evaluate and respond to identified risks through risk management strategy and risk control plan (3.1; 3.2)
-
Involvement framework: not addressed
-
Disengagement: disengage for at least three months where suppliers do not comply with mitigating measures; disengage entirely if controls are not feasible or acceptable (3.2)
|
|
Product and market-based measures |
|
US Tariff Act, Section 307 (1930) |
-
Prohibits the import of goods, wares, articles and merchandise mined, produced or manufactured wholly or in part by forced labour; provides for regulations to be made enforcing this provision
-
No direct obligation to conduct due diligence
-
Documentation on due diligence may be considered in enforcement proceedings
-
CBP’s (2025[8]) Withhold Release Order (WRO) and Finding Modification Guide sets out an identify, correct and prevent approach to address forced labour
|
|
US Uyghur Forced Labor Prevention Act (2021) |
-
Establishes a rebuttable presumption that the import of goods related to the Xinjiang Uyghur Autonomous Region (XUAR) are prohibited under section 307 of the US Tariff Act (Sec.3(a))
-
Presumption can be overcome through compliance with official guidance, responding to information requests and through evidence that goods were not produced by forced labour (Sec.3(b))
-
No direct obligations to conduct due diligence, but due diligence is referred to as part of guidance to be established (Sec.2(d)(6))
-
Documentation on due diligence may be considered in enforcement proceedings
-
Operational Guidance recommends mapping supply chain, assessing forced labour risk and putting in place internal controls to prevent or mitigate forced labour and remediating forced labour
|
|
UK Environment Act (2021) |
|
-
Scope: identify and obtain information about forest risk commodities (Sch.17, Part 1.3(2))
-
Assess: assess risk that relevant local laws were not complied with (Sch.17, Part 1.3(2))
-
Prioritise: not specified
|
-
Prevent/mitigate: mitigate risks in relation to forest risk commodities (Sch.17, Part 1, 3(2))
-
Involvement framework: not addressed
|
|
EU Deforestation Regulation (2023) |
-
Policies: have in place adequate policies (Art.11(2))
-
Management systems: requirement for entities to have in place adequate controls and procedures to manage risks; appointment of compliance officer at management level of non-SME operators (Art.11(2))
-
Business relationships: not addressed
|
|
-
Prevent/mitigate: have proportionate policies, controls and procedures in place to mitigate (Art.11); no distinct prevention requirement
-
Involvement framework: not addressed, emphasis is on products being free from deforestation risk rather than on linkage between entity and risk
|
|
EU
Prohibits Forced Labour Regulation (2024) |
-
Prohibits economic operators from placing and making available on the Union market or exporting from the Union market products made with forced labour (Art.1(1))
-
No direct obligation to conduct due diligence
-
Documentation of due diligence may be considered during preliminary investigation phase when forced labour is suspected (Art.17).
-
Due diligence in relation to forced labour is defined as incorporating “practices to identify, prevent, mitigate or bring to an end the use of forced labour” (Art.2(3))
-
Guidance on due diligence and best practice on bringing to an end and remediation forced labour planned (Art.11)
|
