The EU Is Making Forced Labor a Trade Compliance Problem, Not Just an ESG Issue

It rarely starts with a headline. It starts with a question your team cannot answer. A distributor in Germany forwards a nongovernmental organization (NGO) report naming a factory you have never heard of. A customer in France asks whether a particular product line will still be eligible for sale once the EU’s new forced labor regulation takes effect. A customs broker flags rumors that certain shipments could be detained if regulators start asking for documentation you do not have.

For companies that sell into, operate in or export from the EU, this scenario is no longer theoretical. The EU’s Regulation 2024/3015 on prohibiting products made with forced labor on the EU market, adopted on Nov. 19, 2024, turns forced labor from a disclosure question into a trade ban with teeth. 

Beginning Dec. 14, 2027, authorities will be able to pull products from the EU market, block imports and exports and order disposal or remediation where they find forced labor anywhere in a product’s supply chain. Member states may also impose financial penalties, the nature and level of which are to be determined under national law. This is not about whether a company has the right statement on its website. It is about whether the company’s products can move.

The good news is that the regulation does not require a mystery playbook that only regulators can see. It does, however, demand that companies treat forced labor as a core trade, compliance and investigations risk, not an ESG afterthought. The companies that will be best prepared are those starting now to build a forced-labor framework which operates at the product level and can stand up to tough questions from authorities, customers and boards.

How does the EU’s forced labor ban change the risk equation?

The forced-labor regulation (FLR) sits on top of a growing stack of modern slavery and human rights rules, including the Corporate Sustainability Due Diligence Directive (CSDDD), the EU deforestation regulation and national supply chain laws such as Germany’s Supply Chain Act. Many of those laws focus on transparency: publish an annual statement, describe your policies, explain your due diligence. The FLR is different. It gives EU and national authorities the power to ban products that they conclude were made, in whole or in part, with forced labor anywhere in their supply chain. A single tainted component or production step can put an entire stock-keeping unit (SKU) at risk. Importantly, compliance with the CSDDD’s due diligence obligations does not create a safe harbor under the FLR; a product can still be banned, regardless of whether the company has met its CSDDD requirements.

The scope is broad. The FLR applies to any “economic operator” that places products on the EU market, makes them available there or exports them, regardless of size or sector. Unlike the CSDDD, there is no employee count or revenue threshold; small and medium-sized enterprises are within scope if their products touch the EU market. The regulation covers goods at every stage of production — from raw materials to finished products — and applies to forced labor both inside and outside the EU, using the definition set out in the International Labour Organisation’s Forced Labour Convention, 1930 (No. 29), as supplemented by its 2014 protocol and the organization’s indicators of forced labor. That means a small technology company shipping hardware, a global healthcare manufacturer supplying devices and a services firm selling branded equipment into EU offices are all in the frame if their products cross EU borders.

The way cases start also matters. Unlike the US Uyghur Forced Labor Prevention Act, which relies on a rebuttable presumption tied to a specific region, the FLR uses a risk-based “substantiated concern” model. Authorities will screen public information; NGO and media reports; stakeholder complaints; and, once available, an EU-wide database of higher-risk regions, sectors and products to decide which operators and SKUs to investigate.

Investigations proceed in two phases: a preliminary phase during which the lead competent authority assesses available information and may request data from the economic operator within 30 working days, and, if concerns are not resolved, a full investigation phase. During a full investigation, authorities can request detailed supply chain information, seek input from workers and civil society and in some cases coordinate with bodies capable of gathering information on the ground outside the EU. Companies that respond slowly or with inconsistent or incomplete information increase the risk that regulators will question not only their supply chains but the seriousness of their compliance programs.

For senior leaders, the practical shift is this: Forced labor is no longer just a reputational and reporting topic. It is an operational and commercial risk that can shut down sales into an entire region. The questions that matter now include:

• Which products are placed on or exported from the EU, and who owns FLR risk for those SKUs?
• How far down the supply chain those products can be traced today and where do visibility gaps remain?
• Can a company’s existing human rights, ESG and trade controls generate the kind of evidence authorities will look for if they open an investigation?

Companies that cannot answer those questions quickly will struggle if their products are the ones regulators choose to test first.

Featured

A Year After Designation of Cartels as Terrorists, What Is the Risk Landscape for Multinationals Operating in Mexico?

by Robert Johnston, Brian Mich and Ulla Pentinpuro

February 18, 2026

A year after the Trump Administration designated six Mexican cartels as foreign terrorist organizations, the compliance implications for multinationals are still coming into focus — and they are severe.

Read moreDetails

Frameworks that regulators will take seriously

The FLR does not require companies to build a brand new compliance silo. It does require them to tighten and refocus what they already have. In practice, credible preparation tends to rest on four pillars: governance and ownership, risk assessment and scoping, third‑party and supply-chain controls as well as documentation and metrics.

Clarify governance and ownership

Today, forced labor risk often lives in several places at once: ESG or sustainability teams draft modern slavery reports, supply chain teams manage suppliers, legal tracks new regulations, and trade compliance focuses on customs and sanctions. The FLR pushes toward a more integrated model. Companies should identify an executive sponsor and a cross‑functional working group that owns FLR implementation and reports to the C‑suite and, where appropriate, the board.

That group should include compliance, legal, trade, procurement or sourcing, operations, human rights/ESG and internal audit. Its mandate is not to redo everyone’s job but to coordinate decisions about risk appetite, priorities and escalation. A simple responsible, accountable, supportive, consulted, informed matrix for FLR‑related decisions and regulatory interactions can prevent the finger‑pointing and delay that so often make investigations harder than they need to be.

Make risk assessment and scoping product‑specific

Many companies have already conducted high‑level human rights risk assessments. Under the FLR, the focus needs to narrow. Authorities will scrutinize specific products, not just corporate‑level policies. A practical starting point is to create an inventory of all products that are placed on or exported from the EU. For each, companies should identify:

• The countries and regions where key inputs are mined, grown or produced.
• The sectors and tiers (for example, raw materials, processing, assembly, packaging) most associated with forced labor risk.
• What the company actually knows today based on supplier data, audits, grievance reports or other information as opposed to what it assumes.

External sources like international organization reports, civil society research and, in the future, EU risk indicators and databases can help refine that view. The goal is a prioritized list of EU‑facing SKUs and supply chains where enhanced due diligence is warranted, not a perfect global map on day one.

Calibrate third‑party and supply chain controls to that risk

Once higher‑risk products and supply chains are identified, companies can decide where to go deeper. At the program level, this often means defining what “baseline” and “enhanced” forced labor due diligence look like for different categories of suppliers and intermediaries. Baseline expectations might include adherence to a supplier code of conduct, completion of a human rights questionnaire and contractual commitments to prohibit forced labor and cooperate with investigations. Enhanced expectations might add more detailed traceability, on‑site or third‑party assessments, worker‑voice tools or independent verification of high‑risk tiers.

Contracts play a central role. The FLR will put pressure on companies to demonstrate that they can obtain the information they need about upstream facilities and that they have real options if concerns arise. While there is no one‑size‑fits‑all clause, companies should examine whether their agreements allow them to request product‑level data, access relevant sites (directly or through trusted third parties), require corrective action plans and, as a last resort, suspend or terminate relationships where forced labor is confirmed. Those decisions are commercial as well as legal, and they are best made before a shipment is sitting in port.

Treat documentation and metrics as part of your defense file

In every recent wave of enforcement — whether under sanctions, export controls or UFLPA — companies that fare better tend to be those that can produce organized, contemporaneous records of what they did and why. The FLR will be no different. Authorities will not just ask whether a policy was in place; they will look at how that policy operated for the product in front of them.

That means thinking now about how to store and retrieve:

• Supplier lists and facility information tied to specific SKUs.
• Due diligence reports, audit findings and corrective action plans.
• Internal escalation records, including how concerns were raised, evaluated and resolved.

Basic metrics like the percentage of EU‑facing SKUs with mapped supply chains to defined tiers, the number of higher‑risk suppliers with active remediation plans or the time taken to close findings help leadership monitor progress and give regulators a more concrete picture of program maturity.

Getting investigation-ready

Because the FLR is enforced through targeted investigations, “investigation readiness” should not be an afterthought. It should be a design principle.

To avoid scrambling under that kind of pressure, companies can develop an FLR-specific investigations-and-escalation protocol that builds on existing frameworks for anticorruption, sanctions or human rights issues. Because the burden falls on the economic operator to demonstrate that its products are not tainted by forced labor once an investigation is opened, front-loading evidence collection is critical. Key elements include:

• Clear triggers for opening an internal review, such as receipt of an authority’s information request, credible allegations about a supplier or facility or serious findings from an audit or grievance mechanism.
• A cross‑functional investigations team that includes compliance, legal, trade, human rights or ESG, supply chain and communications, with defined roles at each stage.
• Standard expectations for how quickly initial fact‑finding should occur, how evidence is collected and preserved and how decisions are documented.

Companies should also think through at a policy level how they will approach remediation if an internal review finds indicators of forced labor. That may include expectations for supplier corrective action plans, timelines for improvement, criteria for exiting a relationship and approaches to addressing harm to affected workers in coordination with credible local partners. Under the FLR, if a product ban is imposed, authorities can require economic operators to withdraw or dispose of the product and donate remaining goods for charitable or public interest purposes. The specifics of remediation will vary by case, but a principled framework can help demonstrate to authorities that the company is not improvising its response in the heat of an investigation.

A practical way to test readiness is to run a tabletop exercise around a hypothetical FLR investigation for one or two higher‑risk product lines. The exercise does not need to be elaborate. The core questions are straightforward:

• How quickly can a list of all known suppliers and facilities involved in this product be produced?
• What documentation exists to show the due diligence performed and the response to any issues?
• Who would speak to regulators and who has authority to make time‑sensitive decisions about remediation, disclosure and communications?

Gaps revealed by the exercise can become concrete work items for the next 12 to 18 months.

Action items for the next year

The FLR’s enforcement date of Dec. 14, 2027, may feel distant, but the lead time is not as long as it seems once supply chain complexity, contract cycles and internal budget processes are factored in. Some enabling provisions, including the establishment of the EU-wide portal and database, will take effect earlier, and companies should monitor the European Commission’s implementing and delegated acts for further operational detail. 

For most organizations, the most effective approach will be to focus on a clear, staged work plan rather than an all-at-once overhaul. Over the next year to year and a half, companies can:

• Confirm who owns FLR implementation, designate an executive sponsor and charter a cross‑functional working group that reports regularly to senior leadership.
• Build a focused inventory of EU‑facing products and prioritize a first wave of higher‑risk SKUs and supply chains for deeper mapping and due diligence.
• Define baseline and enhanced forced labor due diligence expectations and begin aligning supplier contracts so the company can obtain the information and cooperation it will need under the FLR.
• Develop or refine an FLR‑specific investigations and escalation protocol and test it through at least one scenario exercise.
• Upgrade documentation and data practices so that product‑level supply chain and due diligence information can be retrieved quickly in the event of an inquiry.
• Integrate FLR considerations into existing risk assessments, internal audits, training and board reporting so that forced labor is treated as a standing compliance and trade risk rather than a one‑off project.

No company can eliminate forced labor risk entirely, especially in complex, multitier supply chains. What regulators and stakeholders will look for under the EU’s forced-labor regulation is whether companies can show with evidence that they understand where their exposure lies; they are taking reasonable, risk‑based steps to address it; and they are prepared to respond when questions come. Companies that do that work now will be in a stronger position when the calls and letters start to arrive.