The French law of Duty of Care was introduced in March 2017. Since then, companies with over 5,000 employees in France and 10,000 in France and abroad, are obliged to establish, publish, and effectively manage measures to identify possible risks and prevent severe abuses of human rights, fundamental freedoms, health and safety of individuals, and the environment. The law was associated with massive public discussions and concerned big companies and their suppliers. France was a pioneer in the field, and since adopting this law, other countries introduced similar regulations.
Was the French Duty of Care Law one of the first steps toward a fully traceable supply chain? Which companies do require to keep a close eye on the law and why? In this article, there is a brief analysis of one of the first European laws on the duty of care.
Duties by the Law
In brief, by the law, the companies must publish an annual vigilance plan covering five main areas. These areas include:
- A risk mapping system to identify, analyze, and prioritize risks,
- Regular evaluation procedures regarding the situation of subsidiaries, subcontractors, or suppliers with whom there is an established commercial relationship, in line with the risk mapping;
- Appropriate actions to mitigate risks or prevent severe impacts;
- An alert and complaint mechanism relating to the existence or realization of risks, drawn up in consultation with the representative trade union organizations within the company;
- A system that monitors implementation measures and evaluates effectiveness.
The first step is identifying risks and prioritizing them. To do that, companies must take into account the probability of the risk and measure its severity. Based on the risk mapping, companies must establish assessments in their subsidiaries. These assessments must be listed in a calendar to ensure the possibility of control over it later. The company should have risk assessment tools and assessment procedures, and the results of these assessments should be published.
One more area is the action plan with the specific measures for mitigating identified risks. Another critical area of the law is establishing the alert system. Reporting systems must be decentralized to enable each subsidiary or subcontractor to report the detection or occurrence of a risk as quickly as possible. Depending on the companies, the alert system can vary. For example, some can set up regular discussions with stakeholders, and others can create telephone lines to report ethical conflicts. The company must put in place indicators to monitor the evolution of risks, e.g., tracking its carbon emissions. The report of this evolution must be published in the annual report and must be regularly updated.
Who Must Comply
There are only two criteria. However, the number of French companies concerned exceeds hundreds. The first criterion is the number of employees in France and abroad. Companies with over 5,000 employees in France (including subsidiaries) and 10,000 in France and abroad should comply. Second, only certain corporate forms (those governed by Article L. 225-102-4 of the French Commercial Code) are concerned.
Although there is no official list of companies and mechanisms to control compliance with the law, the public united and formed organizations to monitor such companies. As a result, the public is putting pressure on those corporations that do not publish vigilance plans according to the French law of Duty of care.
Know Your Supply Chain
As the law came into force almost five years ago, many companies started publishing reports. However, the public continues to keep a close eye on the quality of such documents. Only having a plan is no longer enough. Although many requirements are not fully described in the law, companies need to be as precise as possible while informing the public about the vigilance plans. A good example is Eramet. The French multinational mining and metallurgy company published vigilance plans as required. However, Le radar du devoir de vigilance project’s team analyzed the plan and concluded that it lacks a lot of information on the most challenging part of the law, subsidiaries and subcontractors list.
The vigilance plan must contain not only information on the scope of the company group, i.e. a list of companies controlled directly or indirectly but also all companies that have any commercial relationship with the parent company and its subsidiaries. It is, therefore, essential for each company that is affected by the law to know the entire supply chain to comply with the regulation in France and worldwide.
How Blockchain Technology Can Help
Transparency of the supply chain is a challenging area due to many reasons. One of them is companies’ concerns about data security. Every company has sensitive data that they don’t want to disclose both on the upstream and downstream sides.
However, as regulation moves forward and obliges corporations to take responsibility for their supply chain, technologies appear right in place. Today blockchain technology makes it possible to securely exchange only the data that a company wants to share.
Interested in how to best comply with the law? Our team is always happy to discuss which supply chain due diligence data you could capture and how Product Passports can communicate it along your supply chains. Get in touch here.