France’s Due Diligence Law: Is Your Company Ready to Disclose Its Vigilance Plan?

Authors

• Jean-Baptiste Andrieu

  Former Associate Director, BSR

2018 marks the celebration of the 70th anniversary of the Universal Declaration of Human Rights. It is also the year that large companies falling within the scope of the French Due Diligence Law are expected to develop, implement, and publish their due diligence plans to identify risks and prevent infringements on human rights, fundamental freedoms, health and safety, and the environment.

This law, which represents a significant step toward better regulating large companies’ due diligence on human rights, was adopted in an overall context of increasing references to human rights in regulatory and business frameworks. The obligation covers impacts resulting from companies’ own activities, as well as the impacts of both the companies under their control and their suppliers and subcontractors.

Are you seeking to better understand what this means for your company? Here are some common questions I have heard from businesses hoping to do the same.

What should be disclosed in the vigilance plan?

There is little doubt about what should be included in the plan. Although it is not very detailed nor prescriptive, the law is clear on this aspect. Annual public vigilance plans should include the following:

• A mapping of the risk (risk identification and prioritization)
• Procedures to regularly assess how subsidiaries, suppliers, and subcontractors are performing against this risk mapping
• Measures to prevent and mitigate serious violations
• A functioning alert mechanism that collects reporting of existing or actual risks, developed in partnership with trade union organizations
• Monitoring mechanisms to evaluate implementation and effectiveness of measures implemented

... and should be developed in coordination with the company’s stakeholders.

Each component of the plan could be debated at length, but there are a couple of points to keep in mind.

• The scope of disclosure is not limited to forced labor and human trafficking in the supply chain. It also covers human rights and the environment. Companies should disclose the systems they have in place to identify, prioritize, prevent, and mitigate infringements that might happen in their supply chains, but also in their direct operations and in their interactions with clients and customers.
• This is about disclosure, not reporting. Companies should be able to explain the rationale behind their measures. While there aren’t specific procedures or mechanisms that should be put in place to comply with this law, companies should be able to make the case that the systems they are including in their Vigilance Plans are adequate and efficient.

What should companies expect from civil society organizations as a result of this law?

Civil society organizations in France have advocated for the adoption of this law and generally welcome the emergence of legal vigilance obligations for companies. As with the U.K. Modern Slavery Act, we can expect that Vigilance Plans will be scrutinized and benchmarked, and companies will likely be ranked accordingly. Many civil society organizations may also use the law to give companies official notice (mise en demeure) not only to publish, but also to implement, their Vigilance Plans. This is likely to give civil society organizations a lot of visibility, as well as provide opportunities for them to engage companies on these issues.

To avoid having to defend their Vigilance Plans in court, companies should, as suggested by the law itself, develop them in coordination with their stakeholders. To this end, companies should reach out to the organizations with expertise both in their countries of operations and pertinent to the risks they face; they should then collect and address the comments, feedback, and expectations received in their Vigilance Plans.

What does BSR recommend for companies looking to develop due diligence consistent with the law?

After a busy year helping French companies get ready for the law to come into effect, we’d like to share a few of our observations with those of you who may just be getting started: 

1. Risk mapping can be conducted with more or less depth. It is important for companies to have a global vision of the risks they face in all their countries of operations. For some countries, you should also consider finely-tuned risk maps, including identification and detailed review of the risks specific to your operations and identification of vulnerable and marginalized groups, who experience different risks, severity, and impacts of human rights violations than others. 
2. Companies generally struggle with the questions of how far down their supply chains they are required to go and what tools to use to assess suppliers. Site audits are not necessarily the only option to consider for this.
3. To prevent serious violations, companies should be proactive, raise the capacity of their own staff, and collaborate with and train their business partners on human rights and environmental risk management.
4. Engagement with unions is still in early days, and both companies and trade unions themselves are struggling with how to talk effectively about global human rights and environmental issues in companies’ operations and supply chains.
5. Engaging stakeholders and increasing transparency allows companies to make progress in understanding some of the most difficult human rights and environmental issues they face. While this does not shield companies from negative attention, it can help balance it and identify solutions if it arises. 

Do you still have questions about how to comply with this new legislation? Contact us to continue the conversation.