Introduction
This checklist will assist in-house counsel, compliance teams and procurement teams in organisations of all sizes to include ESG factors in their supply chain due diligence, responsible procurement practices and risk assessment processes. The checklist adapts and expands upon the six steps of due diligence set out in the Organisation for Economic Co-operation and Development’s (OECD) April 2023 policy paper entitled ‘A little downstream goes a long way’.
This checklist covers the following steps:
- Understand the organisation’s supply chain
- Conduct supplier ESG due diligence
- Identify supplier ESG risks and impacts
- Prevention and mitigation of ESG supplier risk
- Tracking, communication and remediation
This checklist can be used in conjunction with the following How-to guides: Understanding environmental, social and governance (ESG), How to assess suppliers for modern slavery risk (UK) and How to create a supplier code of conduct (UK).
Step 1 – Understand the organisation’s supply chain
| No. | Requirement |
| 1.1 | Understand the difference between supply chains and value chains |
Step 2 – Conduct supplier ESG due diligence
| No. | Requirement |
| 2.1 | Understand the aim of supplier ESG due diligence |
| 2.2 | Make a policy commitment |
| 2.3 | Identify and categorise suppliers |
| 2.4 | Develop a supplier ESG due diligence process |
Step 3 – Identify supplier ESG risks and impacts
| No. | Requirement |
| 3.1 | Carry out risk mapping |
Step 4 – Prevention and mitigation of ESG supplier risk
| No. | Requirement |
| 4.1 | Repeat risk assessments regularly |
| 4.2 | Embed respect for human rights and due diligence commitments |
| 4.3 | Use commercial leverage to reduce risks and impacts |
| 4.4 | Identify whether there is scope for creating a more diverse and inclusive supply chain |
Step 5 – Tracking, communication and remediation
| No. | Requirement |
| 5.1 | Track the implementation and results of due diligence efforts |
| 5.2 | Communicate internally and externally how ESG risks and impacts in the organisation’s supply chain are addressed |
| 5.3 | Contribute to the remediation of any negative impacts to which the organisation contributed |
General notes
There is a growing expectation from both lawmakers and society in general that organisations will be responsible for their supply chains and, as described by the OECD, will ‘do good while doing no harm’. This includes an expectation that organisations – both in the public and private sector – will select suppliers on the basis of their ESG performance. This impacts organisations of all sizes.
This checklist is based on a broad definition of supply chain, ie, all the different suppliers of an organisation, not just those involved in the movement of a product or service from supplier to customer. This is because all suppliers create potential risk for an organisation if their ESG performance is not understood.
The principles and techniques referred to in this checklist can also be used for due diligence and risk assessment of entities in an organisation’s wider value chain. Organisations that come under the scope of the EU Corporate Sustainability Due Diligence Directive (CSDDD) will need to have regard to the particular requirements of that legislation, as this checklist is not intended to be fully compliant with the requirements of the CSDDD.
See step 1.1 below for further information about the difference between supply chains and value chains.
Legal framework
There are various ways in which the law may create a need for organisations to carry out supplier ESG due diligence. Some jurisdictions have already adopted legislation that requires human rights and environmental considerations to be taken into account in an organisation’s operations, for example:
- the Modern Slavery Act 2015 (UK);
- the Law No. 2017-399 on the duty of vigilance (France); and
- the Supply Chain Act (Germany).
International standards for responsible business have also been published, such as the OECD’s Guidelines for Multinational Enterprises, Due Diligence Guidance for Responsible Business Conduct and the United Nations’ Guiding Principles on Business and Human Rights.
In addition, regulations requiring organisations to make ESG disclosures, such as Regulation (EU) 2019/2088 – the Sustainable Finance Disclosure Regulation, and Directive (EU) 2022/2464 – the Corporate Sustainability Reporting Directive require in-scope organisations to know about the ESG performance of their supply chains in order to make the required disclosures, although the EU proposed in early 2025 in its ‘Omnibus I’ package that the due diligence obligations be limited to direct business partners only, thereby limiting the scope of liability unless a company has plausible knowledge of adverse impacts further down the value chain.
Step 1 – Understand the organisation’s supply chain
Understanding whether an organisation’s supply chain is committing harm to humans or the environment can be challenging, particularly for organisations with complex supply chains that span multiple sectors and jurisdictions. However, if a supplier is consciously or unconsciously committing environmental or human rights abuses, it can result in reputational and financial damage for both the supplier and any organisation receiving goods or services from the supplier, particularly as litigation for supply chain negligence and parent company liability is on the rise. In addition, the adoption of sector-specific legislation regarding environmental (eg, deforestation) and human rights (eg, critical minerals and the garment sector) issues in supply chains increases regulatory risk.
There are several areas in the world where national sustainability law is weak or non-existent. In particular, the more globally complex an organisation’s supply chain is, the greater the need to have identified whether any suppliers are ‘doing harm’ or have insufficient checks and controls to ensure that they ‘do no harm’.
Understanding and building supply chain transparency also has benefits for organisations, in that it leads to supply chain resilience, which frequently leads to improved financial performance and sustainability.
1.1 Understand the difference between supply chains and value chains
The standards and information about the legislation referred to above (see ‘Legal framework’), make reference to ‘value chains’ as well as ‘supply chains’. Both can be referred to in relation to ESG performance and it may be important for organisations to identify whether they need to develop ESG due diligence processes in relation to their supply chain or their broader value chain.
According to the Cambridge Institute for Sustainability Leadership:
‘A “supply chain” refers to the system and resources required to move a product or service from supplier to customer. The “value chain” concept builds on this to also take into account the manner in which value is added along the chain, both to the product / service and the actors involved. From a sustainability perspective, “value chain” has more appeal, since it explicitly references internal and external stakeholders in the value-creation process. It also encourages a full-lifecycle perspective and not just a focus on the (upstream) procurement of inputs. Value is generally used in a narrow economic sense, but it can be interpreted to encompass “values”, i.e ethical and moral concerns as well as other non-monetary utility values such as closing material loops, the provision of ecosystem services and added customer value.’
Step 2 – Conduct supplier ESG due diligence
ESG supplier due diligence can be carried out at the same time as any other supplier due diligence that an organisation carries out (eg, financial or employment) – it does not need to be separate or distinct, or carried out in a silo. While the particular ESG questions to be included in a due diligence questionnaire and the supplier’s responses may need input from sustainability or ESG specialists, there is no reason why they cannot be included in an organisation’s standard procurement procedures – and indeed, this helps ESG supply chain performance management become ‘business as usual’.
2.1 Understand the aim of ESG supplier due diligence
The aim of ESG supplier due diligence and risk assessment is to understand where, within an organisation’s supply chain, there might be scope for harm to the environment or humans, and what steps are in place to ensure that this does not happen. What due diligence an organisation can do, and how it does it, will likely be determined by what is reasonable and proportionate for the organisation – taking into account its size, activities, resources and understanding of its ESG supply chain risks.
While suppliers may initially be resistant to sharing information, particularly if an organisation has little leverage, organisations can seek to build trust and establish formal and informal communications at all levels. Organisations should be sympathetic to supplier concerns about data breaches or the sharing of confidential information, and may suggest the use of non-disclosure agreements where appropriate, to alleviate supplier concerns. Organisations can emphasise to their suppliers that modern business relationships are built on transparency and collaboration.
Larger organisations may also be able to emphasise that the due diligence is not about seeking to ‘name and shame’ or exclude suppliers, or to terminate contracts. Rather, the purpose is to understand where an organisation can support suppliers in its supply chain in order to improve their ESG performance – ie, doing good while doing no harm.
2.2 Make a policy commitment
Make a policy commitment at board or equivalent level to conduct supply chain due diligence and to address supply chain risks and impacts. The policy commitment should be published in the organisation’s annual reports and on its website. The commitment should then be embedded within the organisation’s policies and procedures and business strategy and should be supported by sufficient resources from the top (board level) down to achieve it.
The board should be accountable for the implementation of the policy commitment and should provide oversight, ensuring that the commitment flows down through the organisation’s management structure and is widely understood and upheld by the organisation’s workforce. Both the policy commitment and the policies and procedures needed to embed the policy commitment, should be appropriate to the size and scope of the organisation’s activities. See OECD, Due Diligence Guidance for Responsible Business Conduct for further detail.
2.3 Identify and categorise suppliers.
In order to ensure that suppliers are subject to robust due diligence and risk assessment procedures and as a way to implement responsible procurement practices, it is essential for an organisation to have a good understanding of all suppliers within its supply chain.
2.3.1 Categorise suppliers
Categorise (or ‘tier’) all suppliers into three tiers:
- Tier 1 suppliers – an organisation’s direct suppliers;
- Tier 2 suppliers – the suppliers to an organisation’s Tier 1 suppliers, or sub-contractors to an organisation’s Tier 1 suppliers; and
- Tier 3 suppliers – the suppliers or subcontractors of an organisation’s Tier 2 suppliers.
2.3.2 Further categorise tier 1 suppliers
Organisations may then wish to further categorise Tier 1 suppliers based on their importance to the organisation’s operations, by contract value and by length of contract term. This will help with allocating resources during the due diligence and risk assessment phases. However, it is worth remembering that even if a contract is of low value (either in terms of importance and/or cost), it can still cause issues (such as adverse publicity and business disruption) if a supplier is underperforming from an ESG perspective, particularly if the supplier’s underperformance hits the headlines.
2.3.3 Identify potential future suppliers
The next step will be to identify potential future suppliers (ie, any goods or services that are in the process of being procured by the organisation), and add these to the supplier list.
2.4 Develop a supplier ESG due diligence processes
Aim to develop clear ESG due diligence processes and protocols, including a multi-level escalation procedure for cases of human rights violations or severe environmental impact.
The process of developing due diligence processes should engage every department/team in the organisation and the results should be included in an up-to-date and robust central contract and risk management system. No supplier should be considered too small to be included in due diligence (eg, out-sourced cleaners, or gardeners). All goods and services supplied to an organisation, for whatever purpose, should be included.
2.4.1 Review publicly available information about existing and potential new suppliers.
A review of supplier information can include consideration of:
- internet searches;
- sanctions lists (eg, UK, EU, USA (including the Uyghur Forced Labor Prevention Act), Canada, UN);
- World Bank Listing of Ineligible Firms and Individuals (which includes firms and individuals cross-debarred by the African Development Bank Group, the Asian Development Bank, the European Bank for Reconstruction and Development and the Inter-American Development Bank (referred to as multilateral development banks);
- whether the supplier is a UN Global Compact participant, or commits to apply or confirm with any other form of international environmental and human rights standard;
- whether the supplier is regulated in any way, in any jurisdiction; and
- whether the supplier is in a ‘high-risk’ country or sector – see the US Bureau of International Labor Affairs List of Goods Produced by Child Labor or Forced Labor, the Global Slavery Index in relation to modern slavery and Elevate’s Supply Chain ESG Risk Ratings reports. See also the UK government’s Modern Slavery Assessment Tool.
2.4.2 Develop a supplier ESG due diligence questionnaire
Develop a supplier ESG due diligence questionnaire (or template ‘Supplier ESG Report’) that suppliers are required to complete and submit before contract signature and periodically throughout the contract term (for contracts longer than a year).
The topics to be considered for inclusion in the questionnaire (or report) include, but are not necessarily limited to:
- greenhouse gas emissions;
- the environment (eg, waste disposal, water usage, chemical production/usage and disposal);
- biodiversity;
- deforestation;
- waste;
- human rights (including modern slavery, health and safety, land rights and indigenous people’s rights, as applicable);
- labour conditions (including gender equality, diversity, social inclusion, and ethnicity and gender pay gap reporting);
- tax transparency;
- privacy;
- community engagement;
- organisational governance and ownership;
- board composition;
- regulatory compliance;
- business ethics; and
- responsible investment.
If an organisation doesn’t know who its Tier 2 and Tier 3 suppliers are, they should include a request for such information, and for the Tier 2 and Tier 3 ESG performance information, in the due diligence questionnaire/report for the Tier 1 supplier.
There are several existing templates that can be used (eg United Nations Global Compact, Communication on Progress Questionnaire and The Chancery Lane Project, Climate Change Due Diligence Questionnaire).
While a template can be a good starting point, it should be tailored to an organisation’s particular requirements, taking into account sector, product, country and supplier-specific risks.
Step 3 – Identify ESG risks and impacts
The information below summarises the risk identification activities that can be carried out in relation to ESG risks within a supply chain.
3.1 Carry out risk mapping
Using the information obtained under Step 2 above, conduct risk mapping to identify the risks and impacts in supplier relationships.
Set out the main supply chain ESG risks and for each risk, decide how likely it is to happen (or, in a worst-case scenario, whether it has already happened) and what impact it will have on the organisation. Each risk should be prioritised based on severity, for example, using a R(ed)A(mber)G(green) rating system, in order to identify where resources should be focussed.
For a more detailed example of supplier risk assessment, see How-to guide: How to assess suppliers for modern slavery risk (UK).
Step 4 – Prevention and mitigation of ESG supplier risk
Once an organisation has a good understanding of its supply chain and has identified key ESG risks and impacts, steps can be taken to prevent and mitigate these risks. Some of the activities that can be undertaken in order to prevent and mitigate ESG supplier risk are set out below.
4.1 Repeat risk assessments regularly
Prior to entering into a new supplier contract or renewing existing ones, repeat the due diligence exercise referred to in Step 2. Risk assessments should also be repeated regularly in long-term supplier relationships, to see if any new risks have developed that need to be managed.
4.2 Embed respect for human rights and due diligence commitments
Seek to embed respect for human rights and due diligence commitments as contractual provisions in sales, supply and services agreements with suppliers, and in all procurement documents. Consider what provisions should be boilerplate in all contracts and procurement documents, and where sector, geographic or other bespoke terms might be required. For example:
- Are there any particular high-risk ESG areas where specific undertakings from suppliers might be required?
- Consider a requirement for suppliers to disclose Tier 2 and Tier 3 relationships and to undertake due diligence on Tier 2 and Tier 3 relationships.
- Consider a right to terminate a supplier contract if any adverse ESG impacts are identified and cannot be prevented or ended.
- Consider requiring suppliers to have adopted and implemented adequate and robust complaints and grievance mechanisms – having a non-judicial mechanism through which those directly affected by the organisation’s activities can raise concerns about how they are or may be harmed is a vital part of any responsible organisation.
- Are there appropriate channels in place for suppliers to communicate, as appropriate, both on how they address human rights and environmental risks in general, and how they have remedied any negative impacts.
- Consider whether to include a requirement to comply with a supplier Code of Conduct (as required under Germany’s Supply Chain Due Diligence Act and under the proposed EU Corporate Sustainability Due Diligence Directive).
Regularly review and stress-test such provisions to ensure that they are fit-for-purpose.
4.3 Use commercial leverage to mitigate risks and impacts
Organisations may be able to use their commercial leverage with their suppliers to encourage the party causing the risk or impact to cease doing so. If an organisation does not have sufficient commercial leverage with which to influence its supply chain (eg, if the value of a contract is too low), seek to build leverage by, for example, collaborating with other business, labour or civil society actors who have a stake or interest in the situation. If leverage is still insufficient, organisations may need to responsibly disengage from any supplier that refuses to respect human rights or the environment, or that fails to carry out due diligence to adequately address risks and impacts.
4.4 Identify whether there is scope for creating a more diverse and inclusive supply chain
Supply chain due diligence and risk assessment can help an organisation to identify whether there is scope for creating a more diverse and inclusive supply chain. This might include the following:
- Aim to increase the participation of underrepresented groups, such as minority-owned, female-owned and small businesses.
- Undertake ethical sourcing. Strive to work with suppliers that adhere to ethical standards, treating workers fairly and promoting sustainable practices throughout the supply chain.
- Collaborate with stakeholders. Engage in partnerships with diverse suppliers, industry organisations, community groups and advocacy organisations to drive positive change, share best practice and foster innovation.
- Where resources permit it, provide resources and training opportunities to suppliers and their employees to enhance awareness, understanding and cultural competence regarding the environment and human rights issues.
- Establish key performance indicators related to ESG in supply chains. Regular evaluations and reporting on ESG metrics can provide helpful insights and drive continuous improvement.
Step 5 – Tracking, communication and mediation
The information below sets out the next steps after an organisation has identified, mapped, mitigated or removed ESG supplier risk in its supply chain.
5.1 Track the implementation and results of due diligence efforts
Track the implementation and results of due diligence efforts undertaken in Steps 1 and 2. Tracking should be based on appropriate qualitative and quantitative indicators and draw on feedback from both internal and external sources, including affected stakeholders. This may involve:
- risk assessments of suppliers undertaken periodically and if the circumstances of a supplier change, for example, if there is a change of control;
- inclusion of key performance indicators (KPIs) regarding the results of the ESG due diligence undertaken in an organisation’s annual KPIs; and
- inclusion of ESG KPIs in an organisation’s supply contracts, particularly longer term contracts.
All KPIs should include clear targets and identify how progress will be reported. The organisation subject to the KPIs will need to develop a roadmap that sets out how the targets will be met. In terms of what are appropriate KPIs, this will depend on the issues that the organisation needs to address, whether there are already well-established indicators for those issues, what data can reasonably be obtained by the organisation, and how easy it is to obtain feedback from affected stakeholders, etc.
5.2 Communicate internally and externally how ESG risks and impacts in the organisation’s supply chain are addressed
Supply chain transparency helps organisations demonstrate their commitment to responsible business practices and sustainability. Consumers and employees are increasingly aligning their purchasing power and employment choices with their values, with many purchasing goods or services from, or choosing to work for, organisations that have an ethical and sustainable purpose. Good communication on ESG and supply chains may also result in greater investment, particularly from investors looking for investments that align with their own values, or that are low ESG risk (on the basis that high ESG risk organisations may also be a credit and/or litigation risk).
Supply chain transparency also helps eradicate corruption, which negatively impacts regional, national and international development and sustainability. Use existing methods of communication (eg, strategy documents, business plans, annual reports, websites, social media) or develop new communication tools.
5.3 Contribute to the remediation of any negative impacts to which the organisation contributed
ESG due diligence aims to prevent and mitigate potential negative human rights and environmental impacts in which an organisation might be involved. Remediation aims to put right these impacts.
Where organisations identify that they have caused or contributed to negative human rights or environmental impacts, the organisation should be part of the solution (ie, cooperate in, or instigate, remediation). Examples of remediation mechanisms include state-based judicial and non-judicial mechanisms, as well as non-state-based grievance mechanisms.
Potential remedies include apologies, restitution, rehabilitation, financial or non-financial compensation, and punitive sanctions (whether criminal or administrative, such as fines), as well as the prevention of harm through, for example, injunctions or guarantees of non-repetition.
The victims of any negative human rights or environmental impacts should be at the forefront of any remediation process and both the process and potential remedies should be appropriate for their requirements, taking into account their access to remediation mechanisms, and local cultural and legal norms.
Even if an organisation did not itself contribute to or cause an adverse impact, it can use its commercial leverage to encourage suppliers causing or contributing to negative impacts to take action to remediate a negative impact.
Additional resources
United Nations, The Corporate Responsibility to Respect Human Rights: An Interpretive Guide
OECD, OECD Due Diligence Guidance for Responsible Supply Chains of Minerals from Conflict-Affected and High-Risk Areas
UK Supreme Court, Vedanta case – parent company liability
White & Case, Okpabi v Royal Dutch Shell Plc: UK Supreme Court allows Nigerian citizens' environmental damage claim to proceed against UK parent company
World Wildlife Fund, Due Diligence in the UK
Retail Gazette, Boohoo faces £100m lawsuit over modern slavery breaches
The Guardian, Cadbury faces fresh allegations of child labour on cocoa farms in Ghana
Sustainalytics, Child Labor in Cocoa Supply Chains: Unveiling the Layers of Human Rights Challenges
Earth.org, 13 major companies responsible for deforestation
Environmental Justice Foundation, Seafood and Slavery [Thailand]
European Commission, Circular economy: New law on more sustainable, circular and safe batteries enters into force
European Commission, Regulation on Deforestation-free products
Related Lexology Pro content
How to guides:
Understanding environmental, social and governance (ESG)
What general counsel (GC) need to know about environmental, social and governance (ESG)
How to consider and navigate the consequences of ESG risks
Overview of climate legislation and regulation in the UK and Europe
How to understand and implement the ‘E’ in environmental, social and governance (ESG)
How to understand and implement the ‘S’ in environmental, social and governance (ESG)
How to understand and implement the ‘G’ in environmental, social and governance (ESG)
How to assess suppliers for modern slavery risk (UK)
How to assess modern slavery risk in supply chains (USA)
How to create a supplier code of conduct (UK)
How to navigate the regulatory and litigation risks associated with greenwashing in the UK and EU
Understanding the legal framework for human rights and the importance of human rights due diligence
Checklists:
UK Modern Slavery Act reporting requirements: Section 54 (UK)
Modern slavery in supply chains (USA)
Greenwashing risk assessment
Human rights due diligence in supply chains
Reliance on information posted:
While we use reasonable endeavours to provide up to date and relevant materials, the materials posted on our site are not intended to amount to advice on which reliance should be placed. They may not reflect recent changes in the law and are not intended to constitute a definitive or complete statement of the law. You may use them to stay up to date with legal developments but you should not use them for transactions or legal advice and you should carry out your own research. We therefore disclaim all liability and responsibility arising from any reliance placed on such materials by any visitor to our site, or by anyone who may be informed of any of its contents.