Solution
Duty of Vigilance
Our cloud-based risk platform is designed to help you comply with the French Law on the Duty of Vigilance, Loi de Vigilance, with efficiency and ease.
3 challenges
#1. Comprehensive risk mapping
Organisations must develop and implement comprehensive risk mapping to identify potential human rights and environmental risks across their entire supply chain. This entails a detailed and ongoing due diligence process, which can be challenging due to the complexity and opacity of global supply chains. Organisations must ensure that their risk assessments are thorough and updated regularly, necessitating significant resources and expertise.
#2. Supplier and subcontractor compliance
A major challenge lies in ensuring that suppliers and subcontractors comply with the due diligence standards set forth by the Loi de Vigilance. Organisations are required to extend their vigilance measures beyond their immediate operations, to include their entire supply chain. This can be particularly difficult when dealing with suppliers and subcontractors in jurisdictions with varying levels of regulatory enforcement and standards of practice, requiring enhanced monitoring and collaboration efforts.
#3. Documentation and reporting
Organisations are required to document their vigilance plans and actions taken to mitigate risks and must report on these annually. The challenge here is twofold: first, in maintaining detailed and accurate records of all due diligence activities and their outcomes; and second, in producing transparent, accessible reports that meet the regulatory requirements and stakeholder expectations. This process demands robust data management systems and can significantly increase administrative burdens.
Key benefits
- Align with best-practices
- Streamline processes
- Improve stakeholder engagement
- Standardise reporting
- Improve decision-making
3 common challenges
and our solutions
#1. Comprehensive risk mapping
Organisations must develop and implement comprehensive risk mapping to identify potential human rights and environmental risks across their entire supply chain. This entails a detailed and ongoing due diligence process, which can be challenging due to the complexity and opacity of global supply chains. Organisations must ensure that their risk assessments are thorough and updated regularly, necessitating significant resources and expertise.
#2. Supplier and subcontractor compliance
A major challenge lies in ensuring that suppliers and subcontractors comply with the due diligence standards set forth by the Loi de Vigilance. Organisations are required to extend their vigilance measures beyond their immediate operations, to include their entire supply chain. This can be particularly difficult when dealing with suppliers and subcontractors in jurisdictions with varying levels of regulatory enforcement and standards of practice, requiring enhanced monitoring and collaboration efforts.
#3. Documentation and reporting
Organisations are required to document their vigilance plans and actions taken to mitigate risks and must report on these annually. The challenge here is twofold: first, in maintaining detailed and accurate records of all due diligence activities and their outcomes; and second, in producing transparent, accessible reports that meet the regulatory requirements and stakeholder expectations. This process demands robust data management systems and can significantly increase administrative burdens.
Our features to simplify & automate compliance
Register internal and external risks. Link risks to a specific third-party, internal control(s) and/or location within your organisation. Follow the ISO 31000 best-practice workflow containing of risk identification, assessment, treatment and monitoring. Use the interactive risk matrix to easily filter different risk disciplines and scores.
One integrated register for all your internal & external compliance requirements Use it to manage compliance requirements for security, sustainability, privacy, legal, quality and many others. Define a specific scope & applicability per compliance requirement and link them to one or more assessment questionnaires. Monitor compliance in real-time.
One integrated register for all your third parties. Register multiple contracts per third-party. Assign risk profiles to segment your landscape, taking into account multiple risk domains such as cybersecurity, sustainability and compliance. Connect with your procurement system to retrieve and enrich your supplier data.
Integrate the different third-party assessment efforts of all your risk and compliance disciplines. Combine questionnaires from different risk disciplines into one third-party assessment. Suppliers log in to a secure supplier portal in which they can collaborate and provide their evidence. Our AI-powered review module makes an initial analysis.
Continuously monitor your third-parties in 2 million news sources and receive instant alerts on negative news articles. Activate our out-of-the-box integrations with BitSight, SecurityScorecard, Ecovadis, Refinitif and many others to retrieve your third-parties' security, sustainability, financial or compliance risks ratings in one central overview.
Consolidate remediation actions across all internal teams and third-parties within a unified action plan repository. Assign ownership through our platform and Microsoft Teams. Set and adjust timelines for each action, with reminders to keep progress on track via our platform's virtual officer, e-mail and Teams. Visual indicators offer status updates, simplifying oversight.
For organisations with limited time or resources for third-party risk management, we have formed partnerships with esteemed experts in the field. These partners can fully manage the entire third-party risk management process for you, encompassing risk profiling, due diligence, and real-time monitoring, by using our fit-for-purpose platform. Schedule a conversation.
.svg)
European Council reached agreement on the CSDDD: What has changed?
Achieving CSRD readiness: Essential steps for ESG reporting
Sustainability expert Wouter Botzen on managing ESG-related supply chain risks
FAQ
In the overview below, we have listed the most frequently asked questions and answers. Do you still have questions? Just reach out to one of our experts.
How does the Duty of Vigilance Law align with international standards?
The French Duty of Vigilance Law is closely aligned with international standards and frameworks on business and human rights, particularly the United Nations Guiding Principles on Business and Human Rights (UNGPs). The law operationalizes the UNGPs’ principles by requiring companies to conduct due diligence to identify, prevent, mitigate, and account for how they address their impacts on human rights and the environment. This law is part of a growing trend of legislation aimed at ensuring corporations are responsible for their impact on human rights and the environment, not just within their operations but throughout their supply chains and business relationships globally. It underscores the importance of transparency, accountability, and the protection of human rights and the environment in the context of global business practices.
How does this law impact international subsidiaries and suppliers?
The Duty of Vigilance Law extends beyond France, affecting international subsidiaries and suppliers as well. Companies subject to the law must ensure that their vigilance plans cover not only their own operations but also the activities of their subsidiaries, suppliers, and subcontractors globally. This means that international businesses engaged with French companies may need to comply with certain standards and practices outlined in these vigilance plans to maintain business relationships.
What are the consequences for non-compliance with the Duty of Vigilance?
Non-compliance can result in legal action and potentially significant financial penalties. The law aims to hold companies accountable for the human rights and environmental impacts of their operations and their supply chains, emphasizing the importance of due diligence and transparency.
What should be included in the vigilance plans?
Vigilance plans must include reasonable and adequate measures to identify risks and prevent severe impacts on human rights, fundamental freedoms, and the health and safety of individuals and the environment. These measures should cover risk mapping, value chain assessment processes, risk mitigation and preventive actions, alert mechanisms, and monitoring systems to ensure effective and efficient implementation.
Which companies are subject to the Duty of Vigilance Law?
The law applies to companies based on two main criteria: their corporate form and their number of employees. Specifically, companies must have more than 5,000 employees in France or more than 10,000 employees worldwide, including within their direct and indirect subsidiaries, to fall within the scope of this legislation
What is the French Duty of Vigilance Law in short?
The French Duty of Vigilance Law is a pioneering regulation that mandates certain large companies to establish, publish, and implement measures to identify risks and prevent severe abuses to human rights, fundamental freedoms, health and safety of individuals, and the environment. It requires companies to create a vigilance plan that outlines the steps they are taking to mitigate risks associated with their activities, including those of their subsidiaries, suppliers, and subcontractors.