Human Rights Due Diligence: How to Manage Risk in Your Supply Chain

With 50 million people living in modern slavery today, human rights due diligence (HRDD) has moved from a voluntary commitment to a strategic and legal imperative for companies worldwide. New legislation — above all the EU Corporate Sustainability Due Diligence Directive (CSDDD) — is raising the stakes significantly for businesses operating global supply chains.

What Is Human Rights Due Diligence?

Human rights due diligence (HRDD) is an ongoing process through which companies identify, prevent, mitigate, and account for actual and potential adverse impacts on people — within their own operations and across their full value chains.

The concept is grounded in the UN Guiding Principles on Business and Human Rights (UNGPs), unanimously endorsed by the UN Human Rights Council in 2011. The UNGPs establish that all business enterprises — regardless of size or sector — bear a responsibility to respect human rights.

A key distinction sets HRDD apart from traditional financial due diligence: HRDD focuses on risks to people, not risks to the business. Traditional due diligence examines how a decision affects the company itself. HRDD examines how a company's activities affect third parties — workers, communities, and other rights holders along the value chain.

HRDD is also fundamentally different from a tick-box compliance exercise. It is a continuous, proactive process — not a one-off audit or annual report. As new suppliers are onboarded, sourcing regions shift, and regulations evolve, the due diligence process must evolve with them.

The 4-Step HRDD Process

The UNGPs define human rights due diligence as a continuous four-stage cycle. The OECD Due Diligence Guidance for Responsible Business Conduct offers a complementary six-stage framework, but the underlying logic is the same: identify, act, track, and communicate.

Step 1: Identify and Assess Human Rights Impacts

Companies begin by mapping their operations, subsidiaries, and business relationships to identify where human rights risks are most likely to occur. This includes assessing sector-specific risks — such as those in garment manufacturing, electronics, mining, or agriculture — as well as geographic and structural risk factors.

The focus should be on salient risks: those most likely to result in severe or widespread harm to people. Meaningful engagement with affected rights holders, workers, and civil society organizations is essential at this stage. Audits alone are insufficient — they capture conditions at a single point in time and frequently miss issues like debt bondage or forced labour, which are often actively concealed.

Step 2: Integrate Findings and Take Action

Risk assessment findings must translate into concrete preventive and corrective action. This can mean adjusting purchasing practices, revising supplier contracts, or exiting high-risk relationships where leverage is insufficient. Companies should prioritize action based on the severity and likelihood of harm to people — not merely the financial exposure to the business.

Step 3: Track and Monitor Progress

HRDD is not a one-time exercise. Companies must continuously monitor whether their mitigation measures are working. This requires structured data collection from suppliers, regular reviews of risk indicators, and mechanisms to detect early warning signs of violations — before they escalate into incidents.

Step 4: Communicate Transparently

Companies are expected to report publicly on how they identify and address human rights risks. Effective communication goes beyond generic statements of intent — it should be specific, measurable, and grounded in the actual risks the company faces. For companies subject to mandatory HRDD laws such as the CSDDD or the German LkSG, public reporting is a legal requirement, not an optional add-on.

Modern Slavery by the Numbers

The scale of the problem makes HRDD an urgent business priority. According to the Global Slavery Index 2023, published jointly by Walk Free, the ILO, and the IOM, an estimated 50 million people were living in modern slavery on any given day in 2021 — an increase of 10 million since 2016, representing a 25% rise.

Modern slavery is an umbrella term encompassing forced labour, human trafficking, debt bondage, forced marriage, and the sale and exploitation of children. It is deeply embedded in global supply chains:

• G20 nations account for more than half of all people living in modern slavery and collectively import US$468 billion worth of at-risk products annually.

• Electronics are the highest-value at-risk product category (US$243.6 billion), followed by garments (US$147.9 billion), palm oil (US$19.7 billion), and solar panels (US$14.8 billion).

• Over 82% of EU companies are likely to be exposed to forced or child labour risks at tier-2 suppliers — a figure that rises to over 99% at tier 3.

• Despite the UN SDG 8.7 target to end modern slavery and forced labour by 2030, no government is currently on track to achieve this goal.

For companies with global supply chains, human rights exposure is the norm — not the exception. The renewable energy sector illustrates this starkly: solar panels and batteries rely on minerals sourced from regions with elevated forced labour risks, meaning even sustainability investments can carry hidden HRDD exposure. Our article on responsible minerals sourcing in global supply chains explores this dynamic in depth.

The Regulatory Landscape: Key HRDD Laws You Need to Know

Over the past decade, human rights due diligence has shifted from voluntary best practice to a rapidly growing body of mandatory law. The following frameworks are the most relevant for companies operating globally or within European markets.

EU Corporate Sustainability Due Diligence Directive (CSDDD)

The EU CSDDD (Directive 2024/1760) is the most significant development in the HRDD regulatory landscape to date. It entered into force on 25 July 2024, requiring large companies to conduct thorough due diligence on human rights and environmental impacts across their full value chains — upstream and downstream.

Following the EU Omnibus Simplification Package (February 2025) and the "stop-the-clock" directive (April 2025), the compliance timeline has been revised. The Omnibus I amendments — definitively approved by the EU Council on 24 February 2026 — set the transposition deadline for member states at 26 July 2027 and first-wave company compliance at 26 July 2028.

The scope after Omnibus I covers EU companies with more than 5,000 employees and a global net turnover above €1.5 billion, as well as non-EU companies generating more than €1.5 billion in the EU. The Omnibus amendments also narrowed due diligence obligations to direct (tier-1) business partners for most assessments and removed the standalone climate transition plan requirement.

Non-compliance can result in fines of up to 5% of worldwide net annual turnover. Civil liability provisions allow affected individuals to seek compensation in European courts.

German Supply Chain Act (LkSG)

Germany's Lieferkettensorgfaltspflichtengesetz (LkSG) has been in force since January 2023 and, since January 2024, covers all companies with 1,000 or more employees operating in Germany. It requires annual risk analyses, implementation of preventive measures, and public reporting. The German government is currently discussing a temporary suspension of LkSG obligations pending national CSDDD transposition.

French Duty of Vigilance Law (Loi de Vigilance)

In force since 2017, France's duty of vigilance law was one of the first mandatory HRDD laws worldwide and served as a key model for the CSDDD. It requires large French companies to establish and implement a vigilance plan covering human rights and environmental risks across their operations, subsidiaries, and supply chains — and makes them civilly liable for failures to do so.

UK Modern Slavery Act (2015)

The UK Modern Slavery Act requires companies with annual turnover above £36 million to publish an annual modern slavery statement outlining steps taken to prevent slavery and human trafficking in their operations and supply chains. It applies across all sectors and is enforced through public disclosure requirements.

Norwegian Transparency Act (2022)

Norway's Åpenhetsloven covers approximately 8,800 companies and requires them to perform and publicly report on HRDD across their supply chains. Non-compliant companies can be fined by the Norwegian Consumer Authority.

Australian Modern Slavery Act (2018)

The Australian Modern Slavery Act covers entities with annual revenues of AUD 100 million or more, requiring annual reporting on modern slavery risks and the steps taken to address them. The Global Slavery Index 2023 identified Australia as having one of the most improved government responses among assessed nations.

US Uyghur Forced Labor Prevention Act (UFLPA)

The UFLPA establishes a rebuttable presumption that all goods produced in whole or in part in China's Xinjiang region involve forced labour, effectively banning their import into the United States unless companies can provide clear and convincing evidence to the contrary. It has significant implications for electronics, textile, and solar supply chains. Related supply chain due diligence obligations in the EU context are covered in our article on the EU Conflict Minerals Regulation.

California Transparency in Supply Chains Act (2010)

One of the earliest mandatory HRDD laws globally, this act requires companies with annual worldwide gross receipts exceeding US$100 million that do business in California to disclose their efforts to eradicate slavery and human trafficking from their direct supply chains.

Challenges of Implementing HRDD in Complex Supply Chains

Despite growing regulatory pressure, many companies struggle to implement effective HRDD in practice. The obstacles are largely structural.

Opacity beyond tier 1: Most companies have reasonable visibility into their direct suppliers. But human rights risks are often most severe deeper in the chain — at tier 2 and beyond — where sourcing conditions are hardest to verify and oversight is weakest.

Over-reliance on audits: Social audits are widely used but are not a substitute for HRDD. They assess conditions at a single point in time and frequently miss issues like forced labour or debt bondage, which are actively concealed from auditors.

Fragmented systems: Many companies rely on a patchwork of manual procedures, spreadsheets, and disconnected tools spread across regions, business units, and supplier tiers. This makes it nearly impossible to generate a consistent, reliable view of HRDD status — and creates significant reporting risk under mandatory disclosure regimes.

Inconsistent supplier engagement: Collecting meaningful data from hundreds or thousands of suppliers requires structured, scalable processes. Without a systematic approach, response rates are low and data quality is insufficient to support informed risk decisions.

Evolving and overlapping regulation: The HRDD regulatory landscape is changing rapidly and differs across jurisdictions. Companies need flexible systems that can adapt as requirements evolve — such as the recent CSDDD timeline and scope changes under the Omnibus process — without requiring a full process overhaul each time.

Frequently Asked Questions