There is no EU-wide legislation currently in effect that addresses modern slavery risk, though that would change if the Corporate Sustainability Due Diligence Directive (CSDDD) becomes EU law and is then implemented in EU member states.

However, legislation is already in effect in Germany and France that imposes requirements on organisations in respect of modern slavery and other risks. This guide explores what those requirements are and who they apply to.

What is modern slavery?

Modern slavery exists in or affects trade in all countries. It is a serious organised crime that results in major human rights abuses. The crime includes slavery, forced or compulsory labour, child labour and human trafficking.  Whilst it is difficult to establish the scale of the issue, research by the International Labour Organisation (ILO) has estimated that over 40 million people globally are victims of modern slavery.

Companies need to have policies and procedures in place to help them identify and root out modern slavery risk in their supply chains. Doing this will not only enable them to demonstrate a culture and commitment to compliance and, in particular, to good corporate governance, but also avoid reputational damage from any actual or perceived failure of theirs to address the problem. It will also help them comply with any legal obligations arising – such as those in Germany and France.


The 2021 Supply Chain Due Diligence Act (Lieferkettensorgfaltspflichtengesetz, LkSG) has been in force since 1 January 2023. It requires large German companies as well as foreign companies with a branch office in Germany to take certain measures to ensure that both they and their suppliers from Germany and abroad comply with a broad range of social and environmental standards. The companies must report annually on their compliance with the law.

Who is in scope of the requirements?

Since 1 January 2024, the LkSG applies to enterprises (irrespective of legal form) which generally employ at least 1,000 employees in Germany.

Core duties arising under the LkSG

The LkSG sets out several due diligence requirements for enterprises in scope. These include that they establish an appropriate and effective risk management system, with a responsible person designated to oversee and monitor it. At its core, this should involve regular (annual) general abstract and specific risk assessment of own business operations and those of direct (tier 1) suppliers, as well as incident-related ad hoc risk analysis. Enterprises must also issue a policy statement setting out their human rights strategy and expectations and identifying their key risk areas. 

Where risks are identified, appropriate mitigations – including a number of defined preventative measures – must be put in place, and remedial action must be taken if a human rights or environment related violation has occurred. A complaints procedure must also be put in place through which the enterprise can receive both internal and external reports of risks or breaches of duty in relation to human rights and environmental standards. 

Similar obligations are also imposed in respect of indirect suppliers in case of substantiated knowledge of a risk or violation.

All companies that fall directly under the scope of the LkSG must prepare an annual report on the fulfilment of their due diligence obligations in the previous business year and submit it to the German Federal Office of Economics and Export Control (BAFA). BAFA is responsible for implementing and monitoring compliance with the law. In addition, the reports must be made publicly available free of charge on the company's website for at least seven years.

BAFA has published extensive guidance on compliance, including on the form and content of reports.

Sanctions for failure

Non-compliance with the due diligence obligations are punishable by a fine issued by BAFA of up to €800k for responsible managers and up to €8 million for enterprises. For enterprises with an average annual global turnover over the past three fiscal years of more than €400 million, the fine can be up to 2% of such turnover.


The 2017 Duty of Vigilance Law (the 2017 Law) requires companies in scope to establish and implement a vigilance plan relating to the activities of the company and its subsidiaries. The vigilance plan must include reasonable due diligence measures to identify risks and prevent infringements of human rights, health and safety laws, or damage to the environment, resulting from the direct or indirect activities of the company and its subsidiaries, subcontractors or suppliers.

Who is in scope of the requirements?

The 2017 Law applies to companies operating in France with at least 5,000 employees, including French subsidiaries, or at least 10,000 employees, including French and non-French subsidiaries.

Core duties arising under the 2017 Law

The company’s vigilance plan must include identification, analysis and prioritisation of potential risks. It must include an overview of the procedures used for regular due diligence of subsidiaries, subcontractors or suppliers, together with the steps taken to mitigate risks and prevent serious harm, as well as a monitoring system to assess the effectiveness of the measures. A mechanism for collecting disclosures on the existence or occurrence of risks is also required.

The vigilance plan and report on its implementation must be published in the company’s public annual report.

Sanctions for failure

Formal notice to comply with the required obligations within a period of three months may be given to a company in default. If the company does not comply within this time limit, then any person with an interest may request the competent court to order compliance, if necessary under penalty.

We are working towards submitting your application. Thank you for your patience. An unknown error occurred, please input and try again.