Supply chain ESG compliance is no longer voluntary. The EU CSDDD, Germany’s LkSG, and France’s Duty of Vigilance Law impose binding legal obligations. The UK Modern Slavery Act and Canada’s Forced Labour Act also create requirements. These laws mandate identifying and addressing environmental and human rights risks in your supply chain. Even if your business falls below direct reporting thresholds, you still face pressure. Customers must collect ESG data from their suppliers to comply with legal requirements. This guide explains what the law requires, what your customers need from you, and how to comply.
Your largest customers are legally obligated to know what happens in their supply chains. In 2026, if they cannot get verified ESG data from you, they face regulatory risk. The commercial consequence is simple: they will find a supplier who can provide it. Supply chain ESG compliance is not just a regulatory issue for large companies. It is a survival issue for every business that supplies them.
This guide covers the laws driving supply chain ESG compliance. It explains exactly what your customers will require from you. The guide also outlines a step-by-step process for building a compliant ESG supply chain programme regardless of your company’s size.
Which Laws Create Supply Chain ESG Compliance Requirements?
| Law | Jurisdiction | Who Must Comply Directly | What It Requires of Your Supply Chain | Penalty |
|---|---|---|---|---|
| EU CSDDD (Corporate Sustainability Due Diligence Directive) | European Union | EU companies 1,000+ employees and EUR 450M+ turnover; phased from 2027 | Identify, prevent, and remedy adverse human rights and environmental impacts across entire value chain | Up to 5% of global net turnover + civil liability |
| Germany LkSG (Supply Chain Due Diligence Act) | Germany | Companies with 1,000+ employees operating in Germany (from 2024) | Risk analysis, preventive measures, remediation, and annual compliance report covering direct and indirect suppliers | Up to EUR 8 million or 2% of global annual turnover |
| France Duty of Vigilance Law | France | Companies with 5,000+ employees in France or 10,000+ worldwide | Publish and implement a vigilance plan covering human rights and environmental risks throughout supply chain | Civil liability for harm + injunctions |
| UK Modern Slavery Act | United Kingdom | Commercial organisations with GBP 36M+ annual turnover operating in UK | Annual statement on steps taken to prevent slavery and human trafficking in supply chains and operations | High Court injunction + public naming |
| EU CSRD (supply chain provisions) | European Union | Companies 250+ employees OR EUR 40M+ turnover OR EUR 20M+ assets | Disclose environmental and social impacts in supply chain; collect data from key suppliers under ESRS standards | Up to 5% of global annual turnover |
| Canada Forced Labour Act | Canada | Companies listed on Canadian exchange or above revenue/asset thresholds | Annual report on forced and child labour risks and due diligence steps in supply chains | Up to CAD $250,000 fine |
| EU Deforestation Regulation (EUDR) | European Union | Large companies by Dec 30, 2026 | Verify and document that listed commodities in supply chains are deforestation-free | Up to 4% of EU annual turnover + product seizure |
What ESG Data Will Your Customers Actually Demand From You?
If you supply companies subject to CSRD or CSDDD, expect requests for the following data from your customers’ procurement or sustainability teams. Having this data ready is what keeps you in the supply chain:
- Carbon emissions data: Your Scope 1 (direct) and Scope 2 (purchased energy) emissions per unit of product or per year. Some customers will also require Scope 3 upstream data
- Energy consumption: Total energy use, energy intensity, and renewable energy percentage
- Water use: Total water consumption and water stress exposure in your operations and key suppliers
- Waste generation: Total waste, hazardous waste, and recycling and disposal rates
- Labour practices: Average wages, working hours, safety incident rates, freedom of association status, and child and forced labour policies
- Supply chain mapping: Identification of your own tier 1 and, in some cases, tier 2 suppliers, their locations, and any known ESG risk exposures
- Certifications and audits: ISO 14001, SA8000, SMETA/Sedex audits, and other third-party verifications of your environmental and social performance
- Deforestation declarations: For supply chains involving cattle, soy, palm oil, cocoa, coffee, wood, or rubber — geolocation data proving deforestation-free sourcing
What Happens If You Cannot Provide This Data?
The commercial consequences of failing to meet your customers’ supply chain ESG requirements are direct and serious:
- Contract termination: Large buyers are legally required to address risks in their supply chains. A supplier who cannot demonstrate ESG compliance is a liability. Expect delisting from approved supplier lists
- Procurement exclusion: EU and UK public procurement rules increasingly require ESG credentials. Failure to comply blocks access to government contracts
- Audit failure: SMETA, BSCI, and customer-specific audits are increasingly mandatory for supplier approval. Failing an audit triggers corrective action periods and potential delisting
- Reputational exposure: If your customer faces an ESG investigation and your business is named as a non-compliant supplier, the reputational damage can extend far beyond the original commercial relationship
Step-by-Step: How to Build a Compliant Supply Chain ESG Programme
- Step 1: Map your supply chain. Identify your tier 1 suppliers and their locations. Assess whether any operate in high-risk countries or sectors for labour rights, environmental compliance, or deforestation
- Step 2: Conduct a risk assessment. Use the Social Hotspots Database (SHDB), country ESG risk indices, and sector-specific risk tools to identify where your supply chain carries the highest environmental and social risk
- Step 3: Collect baseline ESG data. Gather your own Scope 1 and 2 emissions, energy use, water consumption, and waste data. This is the minimum your customers will ask for
- Step 4: Build supplier questionnaires. Send structured ESG questionnaires to your key suppliers. Align the questions with ESRS data requirements so your data can feed directly into your customers’ CSRD reporting
- Step 5: Implement a supplier code of conduct. Establish minimum ESG standards that all suppliers must accept. Include environmental performance, labour standards, and deforestation commitments
- Step 6: Obtain relevant certifications. ISO 14001 environmental management certification and SMETA/Sedex audit status are the most commonly requested third-party verifications in B2B supply chains
- Step 7: Document and report. Maintain records of your due diligence activities. Many regulations require an annual compliance report documenting what you found and what you did about it
Supply Chain ESG Compliance Checklist
- Map your tier 1 and key tier 2 suppliers by country and sector
- Conduct a human rights and environmental risk assessment across your supply chain
- Collect your own Scope 1 and 2 emissions data and energy consumption figures
- Issue ESG questionnaires to key suppliers aligned with ESRS or GRI disclosure requirements
- Implement a supplier code of conduct covering environmental, labour, and anti-corruption standards
- Check EUDR compliance requirements for any deforestation-linked commodities in your supply chain
- Register for SMETA, BSCI, or customer-specified audit programmes
- Publish a UK modern slavery statement if your turnover exceeds GBP 36 million
- File a forced labour supply chain report if required under Canadian law
- Document your due diligence activities to meet LkSG annual reporting requirements, if applicable
- Review your supplier contracts to include ESG performance requirements and audit rights
How Much Does Supply Chain ESG Compliance Cost?
Supply chain ESG compliance costs depend heavily on the depth of your supply chain and your customers’ requirements. As a practical planning guide:
- Basic supplier questionnaire programme and risk screening: $5,000-15,000 first year
- Full LkSG-compliant due diligence programme (consultant-supported): $20,000-60,000 per year
- ISO 14001 certification for your own operations: $10,000-30,000
- SMETA/Sedex audit: $2,000-8,000 per audit
- EUDR geolocation verification for deforestation-risk commodities: $5,000-25,000 depending on supply chain complexity
For a full breakdown of overall ESG compliance costs by business size, refer to our detailed guide. See our guide to ESG compliance costs for small businesses. For the penalty consequences of non-compliance, see our post on ESG non-compliance fines and penalties.
Supply chain ESG compliance in 2026 is not a tick-box exercise. It is a commercial imperative. Your largest customers face legal obligations that make your ESG performance their legal responsibility. If you cannot provide verified data and meet minimum ESG standards, you will lose contracts to suppliers who can. The businesses that treat supply chain ESG compliance as a competitive advantage — rather than a burden — are the ones that will be on preferred supplier lists when competitors are being delisted.
Frequently Asked Questions
Does supply chain ESG compliance apply to small businesses?
Yes, indirectly. Small businesses are not directly regulated by CSDDD or CSRD if they fall below the size thresholds. However, if they supply companies that are within scope, those larger companies must collect ESG data from their suppliers. They must also address risks in their supply chains. In practice, this means small business suppliers face ESG questionnaires, audit requirements, and minimum performance standards regardless of their own direct regulatory status.
What is the difference between LkSG and CSDDD?
Germany’s LkSG (Supply Chain Due Diligence Act) is already in force and applies to companies with 1,000+ employees operating in Germany. The EU CSDDD is being transposed into national law across all EU member states with compliance deadlines beginning in 2027. CSDDD applies to a broader range of companies and creates civil liability for supply chain harms, which LkSG does not. LkSG compliance provides a strong foundation for CSDDD readiness but does not fully satisfy the broader CSDDD requirements.
What data do companies typically request from their suppliers for ESG compliance?
The most commonly requested supplier ESG data includes Scope 1 and 2 carbon emissions, energy consumption, water use, waste generation, safety incident rates, labour practice policies, supply chain mapping, and third-party audit or certification status. Companies under CSRD must disclose their value chain impacts under ESRS standards, which drives the specific data categories they request from suppliers to populate their own disclosures.
What is the EUDR and does it affect my supply chain?
Companies placing products on the EU market must verify and document that their products have not contributed to deforestation. They also need to ensure there is no forest degradation. It applies to cattle, soy, palm oil, cocoa, coffee, wood, rubber, and derived products. Large companies must comply by December 30, 2026. If your supply chain includes any of these commodities and you sell into the EU market, EUDR compliance is a legal requirement. It requires geolocation verification of the land on which the commodities were produced.
7 Responses