What is Supply Chain Due Diligence?

What is Supply Chain Due Diligence?

Supply chain due diligence is the systematic process by which organizations identify, assess, prevent, mitigate, and account for adverse human rights and environmental impacts in their value chains. It is rooted in the UN Guiding Principles on Business and Human Rights (2011) and the OECD Guidelines for Multinational Enterprises, which establish the expectation that companies exercise due diligence proportionate to the severity and likelihood of harm connected to their operations and business relationships.

Why It Matters

The legal landscape for supply chain due diligence has shifted decisively from voluntary to mandatory. The EU Corporate Sustainability Due Diligence Directive (CSDDD), adopted in 2024, requires companies with more than 1,000 employees and €450 million in net turnover to implement human rights and environmental due diligence across their value chains, including a climate transition plan aligned with the Paris Agreement. Non-compliance carries fines of up to 5% of global net turnover.

Germany's Lieferkettensorgfaltspflichtengesetz (LkSG), effective since 2023 for companies with 1,000+ employees, mandates risk analysis, preventive measures, corrective actions, complaint mechanisms, documentation, and reporting across the supply chain. France's Duty of Vigilance Law (2017) has already produced landmark litigation, including a 2024 ruling ordering a major retailer to overhaul its purchasing practices due to labor rights failures among subcontractors.

Beyond compliance, due diligence is a risk management imperative. Companies with inadequate supply chain oversight face operational disruptions, contractual penalties, loss of market access, and severe reputational consequences. The Rana Plaza factory collapse in Bangladesh (2013), cobalt mining abuses in the DRC, and forced labor in Xinjiang cotton production are high-profile cases that triggered billions of dollars in remediation costs, lost contracts, and brand damage across global industries.

Investors increasingly view due diligence capability as a proxy for management quality. A company that cannot articulate how it identifies and manages supply chain risks signals broader governance weaknesses. The integration of due diligence performance into ESG ratings, lending criteria, and insurance underwriting is accelerating this dynamic.

How It Works / Key Components

Effective due diligence follows the six-step framework outlined in the OECD Due Diligence Guidance for Responsible Business Conduct: (1) embed responsible business conduct into policies, (2) identify and assess adverse impacts, (3) cease, prevent, or mitigate impacts, (4) track implementation and results, (5) communicate how impacts are addressed, and (6) provide for or cooperate in remediation when appropriate.

Risk identification begins with mapping the supply chain and screening for sector-specific, geographic, and commodity-level risks. Salient human rights issues vary by industry—forced labor in agriculture and textiles, child labor in mining, land rights violations in palm oil and timber. Environmental risks include deforestation, water pollution, biodiversity loss, and hazardous waste. Standardized risk databases from organizations like Verisk Maplecroft and the Walk Free Foundation support this analysis.

Preventive and corrective measures must be proportionate to the company's leverage over the risk. Where a company has direct control—its own operations and Tier 1 suppliers—it can impose contractual requirements, conduct audits, and require corrective action plans. Where leverage is indirect—sub-suppliers, smallholder farmers, artisanal miners—collaborative approaches through industry initiatives, multi-stakeholder platforms, and government engagement are more effective.

Documentation and reporting are not administrative afterthoughts but legal requirements under most mandatory due diligence regimes. Companies must maintain records of risk assessments, mitigation actions, and outcomes, and must publish annual due diligence reports. The CSRD's reporting standards (ESRS) align closely with due diligence obligations, creating a coherent but demanding compliance architecture.

Council Fire's Approach

Council Fire helps organizations design and implement due diligence programs that meet mandatory requirements while building genuine supply chain resilience. Our work integrates environmental and human rights risk assessment with climate adaptation planning, ensuring that due diligence is not a standalone compliance exercise but a strategic capability that strengthens the organization's position in an era of increasing supply chain accountability.

Frequently Asked Questions

How does supply chain due diligence differ from a supplier audit?

Audits are one tool within due diligence, but due diligence is far broader. It encompasses policy development, risk assessment, stakeholder engagement, grievance mechanisms, remediation, and public reporting. Audits provide point-in-time compliance snapshots; due diligence is an ongoing, adaptive management process that addresses root causes rather than symptoms.

Which companies are subject to mandatory due diligence laws?

Scope varies by jurisdiction. The EU CSDDD applies to companies with 1,000+ employees and €450M+ turnover (including non-EU companies meeting revenue thresholds in the EU). Germany's LkSG covers companies with 1,000+ employees with a registered office or branch in Germany. France's law applies to companies with 5,000+ domestic or 10,000+ global employees. Smaller companies may be indirectly affected as larger buyers cascade requirements through their supply chains.

What happens if a company fails to conduct adequate due diligence?

Consequences range from administrative fines (up to 5% of global turnover under CSDDD) to civil liability for damages caused by failures to prevent adverse impacts. Companies may also face exclusion from public procurement contracts, loss of export credit agency support, and reputational damage. France's Duty of Vigilance Law allows affected parties to seek court-ordered injunctions compelling companies to implement adequate due diligence plans.