Supply chain due diligence: compliance, risk and governance in an evolving regulatory landscape

Supply chain due diligence on environmental and social issues is no longer a voluntary exercise in corporate responsibility. It is fast becoming a core legal and governance requirement, shaped by complex and overlapping regulatory frameworks and reinforced by growing expectations around corporate accountability on a global scale. For boards, executives and in-house counsel, the challenge is no longer simply a matter of compliance, but ensuring that due diligence is efficient and effective across its multiple different purposes. 

Increasingly, those purposes are not aligned. Due diligence systems must operate across a range of legal and regulatory regimes – from modern slavery and illegal logging to climate disclosure and broader corporate accountability – each with distinct requirements and enforcement settings. This creates a structural challenge: designing a single program capable of meeting overlapping obligations, while remaining robust under scrutiny and adaptable as the regulatory landscape continues to evolve.

In Australia, the regulatory landscape relevant to supply chain due diligence is substantial and continues to evolve. The Modern Slavery Act 2018 (Cth) requires large businesses with annual consolidated revenue of at least A$100 million to report on how they identify and address modern slavery risks in their operations and supply chains, with human rights due diligence used as the primary mechanism to support those obligations. An independent statutory review completed in 2023 recommended strengthening the Act, and the Government is currently consulting on the introduction of mandatory due diligence requirements and civil penalties, among other changes. 

Other regimes impose more significant obligations. The Illegal Logging Prohibition Act 2012 (Cth) requires importers of raw timber and regulated timber products to undertake due diligence, with significant reforms in 2025 introducing strict liability offences and expanded enforcement powers. At the same time, mandatory climate-related financial disclosure obligations require companies to report on scope 3 (supply chain) emissions. Such disclosures require information that is gained through supply chain due diligence. 

More broadly, corporate and consumer laws, including directors' duties, are increasingly being used to hold companies to account for their voluntary sustainability commitments and for meeting standards of diligence that are reasonable having regard to known risks.

Internationally, the trajectory is clear. Transparency regimes, mandatory human rights due diligence laws, and customs and import bans are expanding across jurisdictions, including in Asia and Europe. These developments are not confined to those markets – European joint venture counterparties, customers and supply chain participants will, as a practical necessity, pass their own regulatory obligations on to Australian companies. Import restrictions and other prohibitions linked to environmental and human rights standards create a further layer of exposure, with Australian businesses at risk of being locked out of key markets if they cannot demonstrate adequate due diligence.

Taken together, each of these drivers underscore the increasing importance of effective supply chain due diligence. However, they also highlight a more fundamental challenge: a one-size-fits-all approach to due diligence will not achieve compliance across the board, and is unlikely to satisfy the range of overlapping and evolving regulatory requirements now in play.

Designing effective supply chain due diligence systems

Effective supply chain due diligence is not a single process but is best understood as an integrated system operating across three stages. 

The first stage is understanding. This involves identifying and mapping legal obligations to the organisation’s operations, documenting and embedding the necessary policies and procedures, and ensuring that the relevant people are trained. Critically, this mapping exercise should identify the points of intersection between different regulatory regimes. For example, modern slavery and illegal logging may engage the same supplier relationships, meaning well-designed supplier engagement or audit processes may be able to collect the required information simultaneously, subject to specific regulatory requirements. This stage is underpinned by clear governance architecture, including board-level oversight, management accountability and defined escalation pathways to ensure that identified risks reach the right level of the organisation for decision-making.

The second stage is implementation. This involves actively identifying and assessing risks across the supply chain, integrating findings into company processes and taking appropriate action to ensure regulatory compliance and to prevent or mitigate adverse impacts. It also requires maintaining contemporaneous records to demonstrate legal compliance in practice. Accessible grievance mechanisms are a key component as they provide an avenue for remedy while also functioning as an effective risk management tool by providing early warning of emerging risks and a diagnostic tool for assessing the effectiveness of due diligence processes.

The third stage is continuous improvement. This requires tracking the effectiveness of measures through qualitative and quantitative indicators, monitoring shifts in regulatory obligations and policy guidance, and proactively identifying opportunities to improve. Maintaining ongoing engagement with stakeholders is also critical. In this context, effective due diligence cannot be a "set and forget" exercise – it must evolve alongside the regulatory environment to ensure continued compliance.

Contracting as both a tool and a source of risk in supply chain due diligence

Supplier contracts are an important tool to support due diligence and legal compliance. They can provide enforceable mechanisms for gathering information, establish audit and verification rights, create leverage to facilitate actions that mitigate adverse human rights and environmental impacts, and cascade compliance expectations through the supply chain. However, contracts are not a compliance strategy in their own right. Statutory obligations are generally non-delegable: each regime imposes duties directly on the regulated entity, and a supplier cannot be relied on to discharge those duties. In practice, regulators assess what the entity actually did, not merely what its contracts said.

At the same time, the degree of control exercised through supplier contracts can itself become a source of legal exposure. In Mangku & Ors v Dyson Technology Ltd & Ors, 24 migrant workers employed by third-party Malaysian suppliers commenced proceedings in the UK against Dyson and its subsidiaries, alleging forced labour and trafficking. The claimants argued that Dyson exercised a high degree of control over working and living conditions at its suppliers' factories through its contractual arrangements and policies, and that its monitoring and auditing processes were defective and ineffectively enforced. The case survived a jurisdictional challenge and was ultimately settled in February 2026.

The case highlights an evolving risk. Contracts that grant significant oversight and control of supplier operations can support compliance with human rights and environmental standards. However, where that control is not exercised in practice when risks become known, it may also strengthen the argument that the company bears responsibility for harms it sought to prevent in its supply chain.

Implications for boards and senior decision-makers

Inadequate supply chain due diligence can expose organisations to material reputational, legal and commercial risk. These risks are not theoretical. The Illegal Logging Prohibition Act 2012 (Cth) imposes strict liability offences on importers on a per-importation basis, with potential exposure to civil penalties and forfeiture orders. International forced labour bans prohibit goods being sold in particular markets if due diligence has not been undertaken to establish that a product has not been made with forced labour. 

These are access-to-market risks that require active board oversight. Directors must take reasonable steps to satisfy themselves that the organisation has adequate systems in place to discharge its legal obligations, and that the disclosures it makes – whether in modern slavery statements, sustainability reporting or otherwise – are accurate and defensible. 

This requires more than high-level review of policies. Directors should ensure the board is provided with sufficient information to understand the organisation's approach to supply chain due diligence in practice, including how risks are identified, escalated and addressed. They should also consider whether that practice is consistent with how it is described in the organisation's public reporting and stated commitments. 

Ultimately, the focus for boards is not whether due diligence processes exist, but whether they are effective in practice and capable of withstanding regulatory and stakeholder scrutiny.

Designing due diligence systems that withstand scrutiny

The commercial incentive to simplify supply chain due diligence is strong and, in many respects, sensible. However, prioritising efficiency risks undermining the system’s core purpose: ensuring legal compliance. As domestic and global reforms continue to move towards more prescriptive requirements, the margin for error is narrowing. 

For boards and decision-makers, the question is no longer whether a due diligence program exists, but whether it is designed to meet the specific legal obligations the business faces – today and as they evolve – and whether it will withstand regulatory and stakeholder scrutiny when tested.