The evolving due diligence regime – looking to the horizon

  • Insight
  • 8 minute read
  • January 22, 2025

Navigate the evolving landscape of due diligence with the EU's new directives. Understand key obligations and enhance business value through compliance.

While the Corporate Sustainability Due Diligence Directive marks an important evolution in the regulation of due diligence, other laws and requirements also apply. Together, they add up to a new, fast-changing regulatory framework. It’s a framework based not just on an ‘obligation of means’ (e.g. execution of due diligence) but also on an ‘obligation of results’ (e.g. avoiding forced labour).

These two elements combine to create the foundation for robust value chain due diligence processes and controls. Implemented through value chain mapping, digitisation and relationship engagement, these processes and controls are keys that can unlock enhanced business value through transparency, optimisation and risk reduction.

A complex, fast-changing regulatory environment

A raft of new legislation means businesses must comply with a whole range of emerging due diligence and transparency requirements.[1]

At the core of many of these laws are (i) the United Nations Guiding Principles (UNGPs) on Business and Human Rights and (ii) the Organisation for Economic Cooperation and Development (OECD) Guidelines for Multinational Enterprises on Responsible Business Conduct. 

Both require the identification, prevention, mitigation, remedy, and transparency of actual and potential adverse impacts (caused by - or directly linked to - business operations, both within a business and across its value chain).

This new regulatory environment is centred on two key corporate obligations:

  • obligation of means, requiring execution of risk-based due diligence, and

  • obligation of results, requiring specific outcomes (e.g. prohibiting forced labour for products imported into key markets).

The obligation of means requires awareness and disclosure, while the obligation of results ties actual performance back to real-world impacts on people and their rights. By putting impacts on stakeholders at centre-stage, these two separate but intertwined obligations create new priorities for businesses. Meeting these requires the collection and review of business data to demonstrate ‘actual’ and ‘potential’ impacts, particularly where geography/industries/products present relevant risks.

This process will provide unique value chain insights and transformation opportunities, along with greater visibility into the changing risk landscape for global value chains.

A new era for value chain due diligence

Fuelled by stakeholder demands for evidence on performance and transparency, combined with growing expectations for responsible environmental and social conduct, the EU’s Corporate Sustainability Due Diligence Directive (CSDDD) came into force in July 2024.

CSDDD builds on a number of prior regulatory acts, including - for example - the German Supply Chain Act (LkSG)Opens in a new window and the French Duty of Vigilance LawOpens in a new window to create an obligation of means. Starting with the buyer’s policies and practices, its due diligence obligations extend beyond direct (tier 1) suppliers to encompass direct and indirect business relationships, thereby transforming due diligence and scaling its influence to unprecedented levels. 

EU companies may be directly impacted by CSDDD if they meet the threshold of net worldwide turnover of EURO 450m and 1,000 employees, or if they are non-EU enterprises that meet the revenue threshold of EURO 450m generated in the EU. Other companies will be impacted indirectly, if they - or their products, materials or services - are part of an in-scope entity.

At the same time, authorities across Europe are imposing duties on business to act responsibly based on internal governance controls and external due diligence requirements. Failure to meet these obligations risks incurring penalties, with cases starting to arise evidencing the importance that authorities attach to the matter, such as the recent precedent established by a French Court in relation to its national Duty of Vigilance (see box-out below).


In a 2023 decisionOpens in a new window, the Paris Judicial Court issued an injunction against La Poste, requiring it to supplement its vigilance plan with (ii) risk-mapping to identify, analyse and prioritise risks; (ii) processes for assessing subcontractors; (iii) a mechanism for alerting/collecting reports after consulting trade unions; and (iv) publication of concrete monitoring of vigilance measures. *


Emerging regulatory developments address more than due diligence, creating an obligation of results. Examples include new forced labour regulations (19 USC 1307 and the UFLPA in the US, as well as the EU Forced Labour Regulation). 

This obligation of results means that even where due diligence requirements have been met, enforcement action can be taken to address certain circumstances (e.g. situations where value chain workers are subject to forced labour). Sanctions can include investigations and prosecutionOpens in a new window by customs and other competent authorities.

Good due diligence will be judged on results

The obligation of means (conducting due diligence appropriate not only to procedural expectations, but to risks in the value chain environment) blends into the obligation of results (understanding and mitigating actual/potential risks to rights-holders).

Limits on, and expectations for, effective due diligence will be informed by common knowledge and/or actual government indication[2] of heightened environmental and/or social risks in specific geographies/industries (see example below).


Cocoa-producing countries, Cote d'Ivoire and Ghana, both raise higher due diligence expectations because of the ‘known’ presence of child labour. According to a 2018 studyOpens in a new window (released by the Walk Free Foundation in partnership with Tulane University, with funding from Dutch chocolate company and ICI-member Tony’s ChocolonelyOpens in a new window and the Chocolonely Foundation), there are an estimated 1.5 million children (aged 10-17) in child labour in both countries.*


‘Knowing’ about a risk will create a soft form of ‘rebuttable presumption’ to measure due diligence effectiveness. Companies’ ability to understand and evaluate risks, due diligence to evaluate their presence and creation of a chain of custody (on top of a value chain traceability system) to communicate them will all become more important. We’re already seeing this change take effect, driven by US regulatory action on forced labour and EUDR regulatory requirements, as companies express commitments (see example below). 


Tat WinOpens in a new window, a Thailand-based latex concentrate producer and exporter, is committed to ensuring that its supply chain meets the highest sustainability and traceability standards, in order to comply with the EUDR. The company has designed new policies and actions to minimise breaches, aligning operations to EUDR by developing a comprehensive analysis, implementing due diligence systems, providing education and training to stakeholders, and putting risk mitigation practices in place.*


These due diligence obligations, and in particular those of CSDDD, cover impacts on both human rights and the environment. However, for the purpose of this article we will focus on the labour aspects of human rights, something that is aligned with the intentions of CSDDD.

Corporate actions required by these evolving due diligence requirements are increasingly transparent. Transparency and reporting laws (ranging from the EU Corporate Sustainability Reporting Directive (CSRD) and the EU Taxonomy RegulationOpens in a new window to various modern slavery laws) define the scope of transparency – with reporting requirements that include both broad approaches and responses to specific instances. 

As part of the double materiality assessment and disclosure process, the CSRD requires the evaluation of impacts, risks, and opportunities in the value chain, and reporting on identified material risks. Laws such as the Norwegian Transparency Act require specific feedback and responses to questions on corporate due diligence actions/impacts in the value chain. 

The EU Taxonomy Regulation sets out the criteria for determining whether an economic activity qualifies as environmentally sustainable, aiming to prevent green washing and foster sustainable development. The Regulation echoes concepts intrinsically connected to CSDDD and human rights, such as ‘minimum social safeguards’, exploring ideas rooted in international best practices that are core to due diligence, such as those presented in the UNGPs and OECD Guidelines. 

Whistleblower laws in some jurisdictions (e.g. the US False Claims Act) enhance the ability of governmental agencies to identify and investigate potential issues. Finally, the value chain workforce itself is included when due diligence laws (e.g. CSDDD and the LkSG) integrate stakeholder engagement requirements and grievance processes. (Please refer to PwC’s thought leadership piece on the ‘The role of legal function in ensuring workforce policies and rights’). 

Understanding these emerging obligations is essential

Knowing how these obligations work, and particularly how they complement each other, is key to addressing both successfully at the same time and protecting/remedying stakeholders’ rights within global value chains (see example below). 


The Fair Food ProgramOpens in a new window is an enabler that includes workers in the design of policies and processes, including grievance mechanisms. It’s a clear example of obligations of means and results blending (and of how one solution can be implemented to address both). Workers have a fundamental role to play both in assessing risks in the value chain and designing grievance mechanisms. Involving workers in the design of processes also adds to the obligation of means and demonstrates a business’s intention to put the rights-holder at the centre. Such a system can deliver on the need to act responsibly as well as preventing specific violations (means and results). WalmartOpens in a new window is a notable example. As a member of the Fair Food Program, it provides workers with access to a fair and secure complaints mechanism, including an education aspect.*


Through both obligations, authorities create complementary but different ways to encourage and enforce responsible business action. Some laws and regulations impose duties on companies (as well as on shareholders and directors in some circumstances) to operate responsibly while others enable the authorities to investigate and take a deeper dive when needed. 

In other words, while due diligence laws are about obligations of means to prevent or mitigate actual/potential risks, forced labour laws require results, including forbidding certain products from entering the market. The intentions are clear. Due diligence is about sufficient actions demonstrating responsible conduct. Forced labour regulations focus on specific impacts and enforce action, regardless of due diligence processes.

From due diligence to enhanced business value

Oversight, enforcement and business conduct are connected through business data. While entities must act responsibly and evidence risk-based decision-making and traceability throughout the chain of activities, this same information will enable them to respond to official enforcement actions (see example below).


Cargill has a 2030 commitment to 100% traceability for its direct and indirect value chain (PDF)Opens in a new window. Using an electronic cocoa bean tracking system, it has already reached 100% farmer-to-factory traceability in Ghana and 61% in Côte d’Ivoire. Currently, more than 70,000 farmers are included in digital Cooperative Management Systems in Côte d’Ivoire and the system has tracked about 120,000 metric tons of cocoa beans. In Ghana, around 25,000 farmers have registered to a fully traceable digital payment system. According to Cargill, the value of a traceability system lies in connecting origin data with data on sustainability characteristics such as good agricultural practices, location of farms, and social conditions in producing communities. These linkages enable Cargill to target interventions, on the basis of risk assessments, where they can have most impact. This in turn enables the company to fulfil its due diligence obligations, as well as providing it with the data needed to prove its responsible conduct with enforcement authorities.*


Value chain and supplier data is also crucial to unlocking business value. The ability to locate, evaluate and trace value chains and the products flowing through them are at the core of this value proposition. This data – an identified location with a measured set of conditions – enables a company to orchestrate its global value chain for increased resilience, focus on systematic waste reduction, increase circularity, reduce carbon emissions, and optimise product differentiation and labelling, all of which help to drive enhanced efficiency and reduce costs.

Understanding the interoperability of laws will be key when meeting these obligations. Companies with systems in place to trace their products and value chains will gain access to better information that will enable them to comply with different regulations.

The time to get started? Now

We’re entering a period of rapid regulatory change. Over time, we’ll see further evolution and learning – on the regulatory side, at the country enforcement level, and by corporates - in terms of due diligence and transparency. 

Informed by increasing ubiquity of data and awareness of information, civil discourse and dialogue around this issue will continue to intensify. For companies, to ensure compliance and to generate new business value, it’s essential to get up to speed now. 


How PwC Can help

  • Readiness assessment. Gain an accurate understanding of your company’s readiness in response to the emerging regulatory environment. 

  • Business preparation. Select, design, and prepare the business for the implementation of the emerging regulatory environment.

  • Implementation. Develop and introduce a strategy for setting up the due diligence and compliance system. 

  • Monitor, report, learn & evolve. Ongoing support and annual review to monitor and sustain compliance.

*The examples included and companies mentioned throughout the article are illustrative cases of actions taken. 


Notes

[1] The European Union’s Corporate Sustainability Due Diligence Directive (CSDDD) and Forced Labour Regulation (EUFLR), the German Supply Chain Act (LkSG), Australia’s and the United Kingdom’s Modern Slavery Acts, the French Corporate Duty of Vigilance Law, the United States’ National Action Plan on Responsible Business Conduct (NAP on RBC), the Uyghur Forced Labor Prevention Act (UFLPA), the US forced labour trade law - 19 U.S. Code § 1307, the Swiss Conflict Minerals and Child Labor Due Diligence Obligations, the Norwegian Transparency Act, the EU Deforestation Regulation (EUDR), the Japanese Guidelines on Respecting Human Rights in Responsible Supply Chains, and many more.

[2]
 For example EU definition of deforestation risks by countrygovernmental reports on trafficking and forced labour, or actual listing of higher risk products by the NSW government in Australia.

The authors thank Ismael Aznar Cano, Alwine de Vos van Steenwijk, Eleanor Larner and Marie Costes for their contributions.

Authors

Jeremy Prepscius
Jeremy Prepscius

Global Impact Centre and Asia Pacific – Sustainable Supply Chains, Managing Director, PwC Hong Kong

Matt Timmons
Matt Timmons

Global CSRD Legal Services leader, Partner, PwC United Kingdom

Nicolás Reigl
Nicolás Reigl

Senior Associate, Asia Pacific Sustainable Supply Chains, PwC China

Tax and sustainability

Viewing tax through a new lens to deliver sustainable outcomes

Legal and sustainability

Legal plays a critical role in solving today’s challenges

Strategy + business, a PwC publication

Be a better decider

As reinvention pressure rises, CEOs need to rewire their decision-making.

See what's new

Follow us