Breaking New Regulatory Ground: Due Diligence Obligations in Corporate Supply Chains

Heightened due diligence obligations regarding companies’ impact on human rights and the environment through their supply chains are gaining regulatory momentum. Policymakers in major capital markets, including the European Union (EU), Japan, and the United States, are taking steps to require companies to make responsible conduct a business imperative.

Regulation promoting responsible business conduct is not new, and neither is corporate supply chain risk management. Nevertheless, the scope of the proposals, their extraterritorial application, and the introduction in some cases of civil liability provisions elevate existing obligations to new heights. Often moving beyond disclosure, the latest proposals also seek prevention or elimination of potential adverse company impacts. The regulatory environment also raises additional implications for the investment management industry.

This post highlights key aspects of the developing landscape, focusing on those jurisdictions leading the way and noting similar measures in other markets. The most recent regulatory developments, including both introduced and final regulations, are identified below. 

Figure 1: Overview of Global Regulatory Developments

Notes: Existing, recently adopted reporting obligations are in black; proposed reporting obligations are in blue.
Source: ISS ESG

EU CSDDD Changes the Game but Is Not the Only EU Legislation Pushing Forward Due Diligence

Nowhere is the ambition of the EU sustainable finance agenda clearer than in the EU Corporate Sustainability Due Diligence Directive (CSDDD), introduced in early 2022 after much anticipation. The Directive has officially entered the trilogues stage of negotiations among the EU Parliament, the Council of the European Union, and the European Commission. Given the European elections in June 2024, the goal is a final agreement by March or April 2024, though given the political debate the proposal may slip into the next mandate.

The CSDDD builds on the EU Corporate Sustainability Reporting Directive (CSRD), for which reporting standards are being developed and which already requires covered companies to disclose their due diligence processes related to sustainability matters, in addition to the principal actual or potential adverse impacts related to their supply chains. The CSDDD goes further, however, by covering broader adverse human rights and environmental impacts of company operations, including of subsidiaries and of upstream and downstream effects, in addition to establishing civil liability and director-specific obligations.

Like the CSRD, the CSDDD is far-reaching legislation that would apply to both EU and non-EU companies. ISS ESG research shows that approximately 1,800 non-EU companies are expected to be subject to CSRD. Based on the current CSDDD application triggers, a substantial subset of CSRD companies, both EU and non-EU, would likely be in scope. An additional tranche of companies doing business with CSDDD companies, even if out of direct scope, will likely be relied upon to provide relevant reporting. This is particularly notable for the sectors relying on manufacturing outside of the EU.

Major CSDDD provisions are under active debate among policymakers and the public. Supporters argue the legislation is an opportunity to change corporate behavior and curb environmental and human rights violations in company operations. Detractors argue CSDDD overpromises its potential impact and assigns legal responsibility to companies and their directors for circumstances beyond their control.

Among the thorniest of topics is whether it is appropriate for the due diligence obligations to apply to the financial services sector. Significantly, the EU Parliament proposes to apply the regime to EU-based companies regardless of their sector, unlike the European Commission and the Council. This means that financial services firms such as investment managers, financial institutions, and insurers would be within the scope of the CSDDD. Unlike the Parliament, the Council proposes to give EU member states the right to apply the regime to the financial services industry, at their discretion, when implementing the Directive into national law. What will be critical to watch is what financial institutions and activities will be included in the scope. The Council and Parliament also disagree on the role of directors, specifically whether to require directorial oversight of due diligence obligations or to tie director compensation to due diligence targets.

If the CSDDD comes into force, the next step, because the legislation is a directive and not regulation, will be for EU member states to transpose the Directive into national legislation. This may require EU member states to amend existing due diligence regulation. For example, Germany will likely need to tailor its Act on Due Diligence in Supply Chains (Lieferkettensorgfaltspflichtengesetz, “LkSG”) to the final CSDDD text, specifically the scope and civil liability provisions.

With the trilogue negotiations under way, the CSDDD is garnering more media attention, influencing the global discussion on how regulators can or should formulate corporate and financial sector due diligence obligations.

In a First for Its Region, Japan Introduces Human Rights Due Diligence Guidelines

In late 2022, the Japanese Ministry of Economy, Trade and Industry (METI) published the final Guidelines on Respecting Human Rights in Responsible Supply Chains (the HRDD Guidelines). As in other jurisdictions, the HRDD Guidelines steadily move “soft law” initiatives into “hard law.” Specifically, the Guidelines focus on international human rights standards in the global supply chain, such as freedom from forced labor and child labor.

Though non-binding, the HRDD Guidelines apply to every corporate entity in Japan and their supply chains, whether upstream or downstream. They call on companies to implement human rights policies, to be approved by senior corporate management; and implement due diligence processes to identify and address the potential adverse impacts on human rights of a company’s operations. These due diligence processes include preventing and mitigating adverse impacts in the supply chain. In addition, like the CSDDD, the Guidelines establish a grievance mechanism allowing individuals to seek remedies for adverse impacts caused by companies. Further, companies are encouraged to annually disclose to stakeholders how they intend to address adverse human rights-related impacts.

The Japanese government has taken a greater interest over the years in facilitating management of companies’ human rights impacts, and the HRDD Guidelines represent the latest step towards a regulatory framework in Japan for “respect for human rights.” The Guidelines formalize Japan’s National Action Plan on Business and Human Rights (NAP) based on the U.N. Guiding Principles on Business and Human Rights, formulated in 2020, and build on the OECD Due Diligence Guidance for Responsible Business Conduct and the OECD Guidelines for Multinational Enterprises.

The Japanese government gathered public input on the draft Guidelines, setting up a study group and surveying companies listed in the first and second sections of the Tokyo Stock Exchange. Public comments were generally supportive, though about half of the companies surveyed stated they are not conducting human rights due diligence, despite the majority formulating specific policies on human rights. 

In the near term, METI and the Japanese government will likely consider issuing guidance and/or detailed manuals to assist companies with compliance. Over the long term, these institutions are expected to continue to iterate the Guidelines, including in response to global developments.

Geopolitical Developments Bring Bipartisan and SEC Scrutiny of Global Supply Chain Risks

Geopolitical developments have prompted the U.S. Congress and the U.S. Securities and Exchange Commission (SEC) to scrutinize U.S. companies’ dealings in regions subject to trade prohibitions or sanctions, particularly prohibition and sanctions related to the use of Uyghur forced labor in China and Russia’s invasion of Ukraine. The scrutiny has generated a bipartisan focus on the SEC’s role as a “disclosure agency.”

The Uyghur Forced Labor Prevention Act (UFLPA) makes due diligence critical for U.S. companies whose supply chains run through China. Effective as of 2022, UFLPA presumptively bans the importation of “any goods, wares, articles, and merchandise mined, produced, or manufactured wholly or in part in” the Xinjiang Uyghur Autonomous Region of China (XUAR), as well as those produced by a number of entities identified by the Forced Labor Enforcement Task Force (“FLETF”). FLETF is a central hub responsible for enforcing the prohibition on imports made through forced labor; it is chaired by the secretary of Homeland Security and includes representatives from the Departments of State, Treasury, Justice, Labor, and the Office of the U.S. Trade Representative.

To rebut the UFLPA’s presumptive ban, importers must show, among other requirements, that they comply with FLETF’s due diligence guidance, including supply chain tracing and effective management practices, and provide “clear and convincing evidence” that no forced labor anywhere in the supply chain produced any part of the imported goods. Significantly, there is no de minimis exception.

Though the final UFLPA eliminated initially proposed text that required companies to report in their annual and quarterly SEC disclosures any activities related to forced labor in the XUAR, there remains interest in such transparency among shareholders and some U.S. congressional policymakers. Within the last few legislative months alone, legislation and congressional inquiries on the topic have emerged:

• Congressmen Mike Gallagher (R-WI) and Raja Krishnamoorthi (D-IL), the chairman and ranking member of the Select Committee on the Chinese Communist Party, respectively, sent a series of letters to major U.S. and Chinese retailers seeking answers about whether the companies are complying with UFLPA. Recognizing the value of such information to shareholders, the lawmakers wrote, “American businesses and companies selling in the American market have a moral and legal obligation to ensure they are not implicating themselves, their customers, or their shareholders in slave labor.”

• Senators Marco Rubio (R-FL) and Jeff Merkley (D-OR) introduced the Uyghur Genocide Accountability and Sanctions Act (UGASA). The bill would, among other things, mandate disclosures to the SEC by entities engaged in providing technology or other assistance to create mass-population surveillance systems in the XUAR.
• A bipartisan group of congressional members, with the backing of the American Securities Association, have called on the SEC to require a Chinese retailer, as a condition of its anticipated IPO filing, to certify via independent verification that the company does not use Uyghur forced labor. The members write that foreign companies must “uphold a demonstrated commitment to human rights across the globe.”

Events of major macroeconomic and geopolitical impact have also prompted the SEC to issue guidance regarding how companies should consider disclosing emerging risks, including regarding supply chains. While there has not been specific SEC guidance related to doing business in China, the SEC’s Division of Corporation Finance recently issued guidance regarding Russia’s invasion of Ukraine, which is worth noting in this context.

In May 2022, the SEC staff issued a sample letter reminding companies of their disclosure obligations regarding Russia’s invasion of Ukraine. Among these obligations, companies are reminded to disclose actual or potential disruptions to their supply chains, to the extent the disruptions are material or otherwise required, regardless of the location of their operations. Regarding the Management Discussion and Analysis (MD&A) section in a company’s annual report or quarterly filings, the SEC staff wrote they expect disclosure about whether and how a company’s business segments, products, lines of service, projects, or operations are materially impacted by supply chain disruptions. Moreover, the staff letter asks companies to describe the extent and nature of the role of the board of directors in overseeing risks related to Russia’s invasion of Ukraine. Such considerations include risks related to sanctions or export restrictions.

Similarly, the SEC has taken note of climate-related issues in corporate reporting, including those related to supply chains. Setting aside the SEC’s climate disclosure rule proposal, which in its proposed form seeks enhanced corporate reporting on climate-related risks along the corporate supply chain, the SEC’s Division of Corporation Finance published in September 2021 a sample comment letter that follows a logic similar to both the SEC’s proposal and its 2010 guidance on climate-related disclosures. Referring to the MD&A section, the sample letter comments on disclosures regarding the physical impacts of climate change on a company’s operations. Here, the SEC is interested in how the potential for indirect weather-related impacts have affected or may affect major suppliers.

The sample comment letter is particularly noteworthy because, as the SEC writes, there may be discrepancies between companies’ expansive disclosures in corporate sustainability reports and their SEC filings. While companies may be more inclined to provide climate-related disclosures in their sustainability reports or on their websites, the SEC makes clear that it is not only looking for any inconsistencies between the sustainability reports and the SEC filings but that it expects companies to clearly explain the reasoning behind differing disclosures. Combined with other recent SEC staff comment letters, the sample letter suggests that the SEC also expects disclosure about how material pending or existing legislation, regulation, and international accords have had any material effect on the company’s operations.

It should be noted that companies are not the only market participants required to provide such reporting. The SEC’s updated Form N-PX obligations, which begin to apply for the July 1, 2023, to June 30, 2024, period, require investment funds and managers to report their proxy votes along SEC-defined ESG categories, including one on supply chain exposures to human rights risks.

Explore ISS ESG solutions mentioned in this report:

• Financial market participants across the world face increasing transparency and disclosure requirements regarding their investments and investment decision-making processes. Let the deep and long-standing expertise of the ISS ESG Regulatory Solutions team help you navigate the complexities of global ESG regulations.
• Identify ESG risks and seize investment opportunities with the ISS ESG Corporate Rating.
• Assess companies’ adherence to international norms on human rights, labor standards, environmental protection and anti-corruption using ISS ESG Norm-Based Research.