What Compliance Teams Need to Know: Human Rights Due Diligence and Modern Slavery in 2026

Over the past two months, Ethixbase360 and Norton Rose Fulbright hosted a two-part webinar series on Human Rights Due Diligence (HRDD) and modern slavery, first examining APAC and global developments, then turning to Europe and the United States. Across both sessions, one message came through clearly: human rights due diligence and modern slavery are no longer compliance exercises confined to annual reporting. They have become risk management disciplines with direct legal, operational, and trade consequences. 

Below are the strongest practical takeaways from both sessions, brought together into a single guide for compliance, risk, and governance teams. 

The Speakers

Session 1 — APAC and Global Compliance Expectations 

  • Natasha Martin, Director of Product, Ethixbase360 (moderator) 
  • Grace Do, Special Counsel, Norton Rose Fulbright Australia
  • Abigail McGregor, Partner, Norton Rose Fulbright Australia
  • Lisa Smit, Business and Human Rights Advisor, Norton Rose Fulbright LLP 

Session 2 — Global Expectations for Compliance Programs 

  • Natasha Martin, Director of Product, Ethixbase360 (moderator)
  • Stuart Neely, Partner, Norton Rose Fulbright LLP
  • Lise Smit, Business and Human Rights Advisor, Norton Rose Fulbright LLP
  • William Troutman, Partner, Norton Rose Fulbright US LLP 

1. Human Rights Due Diligence Is Moving Beyond Reporting

Both sessions opened with a similar theme: human rights due diligence and modern slavery are no longer emerging topics. As Natasha Martin put it:

“They’re now firmly at the centre of global regulatory enforcement and stakeholder expectations.”

As these issues have moved to the centre of compliance programmes, the nature of the obligation has also evolved. Reporting laws ask companies to describe their risks and actions. Due diligence laws require companies to identify, assess, prevent, mitigate, and remediate actual and potential impacts.

Stuart Neely illustrated this shift by walking through the global patchwork of frameworks and legislation — from voluntary standards such as the UN Guiding Principles and OECD Guidelines, through reporting obligations in Canada, the UK, and Australia, to mandatory due diligence laws that carry direct legal and commercial consequences.

One of the clearest examples is the EU Corporate Sustainability Due Diligence Directive (CS3D), which applies from July 2029 to EU companies with 5,000+ employees and €1.5 billion+ global turnover, or €1.5 billion+ EU turnover for non-EU companies. It moves expectations beyond disclosure and toward mandatory, risk-based human rights and environmental due diligence across the upstream supply chain. While the Omnibus amendments removed the EU-harmonised civil liability regime, Stuart was clear that exposure remains:

“CS3D retains an obligation on EU member states to ensure that existing routes to civil liability under national law provide for damages in the event of claims by rights holders relating to alleged breaches of CS3D. So in effect, the risk of civil claims against companies, as well as potential regulatory enforcement, remains.” 

Abigail McGregor also reminded attendees that despite the growing complexity of the regulatory landscape, the underlying principles remain consistent:

“Underlying all of this law are the UN Guiding Principles on Business and Human Rights, and really that should be underpinning everything. The answer — if you’re looking at a pure UN Guiding Principles approach — is prioritise where the greatest harm has been or may be caused.”

Takeaway: Treat human rights due diligence as a risk management discipline, not a reporting exercise. The governance, documentation, supplier engagement, and supply chain intelligence needed to support these programmes should be built proactively, not assembled in response to a detained shipment, customer request, or regulatory inquiry.

2. Trade Enforcement Is Raising the Stakes

The shift from reporting to due diligence is also being reinforced by a growing use of trade enforcement mechanisms. Increasingly, regulators are using import controls and market access restrictions to drive compliance, creating consequences that are immediate and commercial rather than purely reputational. 

Stuart Neely and Lise Smit walked through the three EU instruments coming into force in sequence — and the tensions between them. 

The EU Forced Labour Regulation (applying from December 2027) prohibits products made with forced labour from being placed on, imported into, or exported from the EU. It covers the entire supply chain with no SME carve-out. When a preliminary investigation opens, companies have 30 days to respond to information requests, and the competent authority must reach a decision within nine months. Where forced labour is found, products can be prohibited, withdrawn, or disposed of. 

The EU Deforestation Regulation (applying from December 2026 to large and medium companies) covers products made from cattle, cocoa, coffee, palm oil, rubber, soy, and wood — and despite its name, requires compliance with a wide range of local laws including labour rights and human rights, verified to the level of individual plots of land. As Lise Smit noted: 

“When products are commingled or imported together, where even one of the plots is not covered, the entire batch becomes non-compliant.”

The key tension across all three EU laws is that CS3D sets an obligation of means — risk-based due diligence to a reasonable standard — while the Forced Labour Regulation and EUDR set outcome-based prohibitions. Compliance with CS3D does not guarantee products will clear the other two. 

“That inconsistency is really a particular challenge for companies looking to navigate these laws.” — Stuart Neely 

In the United States, William Troutman provided a detailed picture of how enforcement is operating in practice. The Uyghur Forced Labor Prevention Act (UFLPA), in effect since 2022, establishes a rebuttable presumption that goods from Xinjiang or connected to Xinjiang-linked entities are made with forced labour. Since implementation, CBP has detained nearly 43,000 shipments, with approximately 57% denied entry. 

The scope has broadened well beyond cotton. Electronics and metals now make up a significant majority of detentions, and geography is no defence, with Malaysia, Vietnam, and Thailand accounting for a higher value of targeted shipments than China itself. 

“The real challenge with UFLPA is that the type of information CBP expects to see to prove goods are not connected to forced labour is not typically the type that a company could really obtain prior to acting — either because its supply chain would not be in a position to provide that information, or frankly just the volume of information needed would be so vast that collecting it in advance for every shipment would be incredibly burdensome.” — William Troutman 

Takeaway: If you export to or import into the EU, all three laws are likely relevant — and CS3D compliance does not guarantee that products will comply with the other two. In the US, supply chain documentation is a trade compliance asset. Build it before a detention, not after. 

3. APAC Is Emerging as a Key Area of Regulatory Change

The APAC session mapped a regional picture that often receives less attention than developments in Europe and the United States, but represents material near-term exposure for multinational organisations with operations, suppliers, or customers across the region. 

Grace Do highlighted New Zealand’s modern slavery bill as the most immediately significant development. It passed its first reading with 112 votes in favour and 11 against, has bipartisan support, and if enacted, could require first statements as early as 2028. 

Crucially, it extends to overseas companies with majority shareholdings in New Zealand entities — meaning reporting obligations could attach to a parent company with no direct New Zealand operations in relation to its corporate group activities. 

“Entities with supply chains or operations in New Zealand should start to consider what they should be doing between now and the end of 2027.” — Grace Do

The bill goes materially further than Australia’s Act. It requires disclosure of specific incidents, extends reporting to training of supplier employees — not just the reporting entity’s own workforce — and introduces financial penalties and personal liability for directors and executives who permit or fail to prevent non-compliant reporting. 

“It means it’s simply not going to be enough to say that I didn’t know.” — Grace Do

Trade agreements with the United States of America are driving forced labour bans in a number of APAC jurisdictions. Forced labour import bans have come into force in both Indonesia and Pakistan. Indonesia is targeting mandatory HRDD obligations by 2028 through a fast-track legislative pathway. Australia’s own Modern Slavery Act also remains under review, with the Anti-Slavery Commissioner indicating possible amendments before year-end. 

Takeaway: Check whether your corporate group structure creates New Zealand reporting obligations now. The bill sets a higher standard than Australia’s, and preparation — particularly around supply chain mapping and board governance — should begin well before enactment. 

4. China Is Creating New Due Diligence Challenges

Abigail McGregor addressed one of the most challenging issues facing multinational organisations today: two new Chinese regulatory instruments — the Industrial and Supply Chain Security Regulation and the Regulation on Countering Foreign States’ Unlawful Extraterritorial Jurisdiction — that create a framework for countering forced labour compliance obligations imposed by other jurisdictions. 

“A number of businesses will find themselves in what is called the dual illegality dilemma, where they’re required to undertake specific due diligence in one market, but that due diligence is unlawful in another.” — Abigail McGregor 

Chinese suppliers can now legally refuse to engage with certain due diligence requests. Physical audits in China, without specific legal advice, may contravene the law. If an entity is placed on the malicious entity list, consequences can extend across the organisation, including visa denials, asset freezes, import-export restrictions, and prohibitions on transactions with Chinese parties. 

Abigail was clear, however, that the answer is not to stop conducting due diligence. 

“Don’t stop doing all of your due diligence because of the existence of these laws. There will be ways to manage this. But you need to get advice and work out how real this risk is for your particular organisation.” 

Takeaway: Review supplier codes of conduct, modern slavery clauses, and public commitments for China-specific exposure. Physical audits now require legal review. The obligation itself does not disappear but the method may need to be adapted. 

5. Effective Human Rights Due Diligence Requires Integration

Across both Q&A sessions, the panel was asked what separates organisations doing this well from those that are not. The answers converged on one word: integration. 

Stuart Neely described the hallmarks of a mature approach: 

“A hallmark of an appropriate approach would be one which is not reactive. What companies would be looking to demonstrate would be clear governance, allocation of responsibility, oversight at appropriate committee or board level, documented information-gathering processes.” 

William Troutman was more direct, drawing on what he sees after UFLPA detentions: 

“There is a before time where companies perhaps wear the costume of modern slavery due diligence. They have policies and procedures that are stated, they might have headcount dedicated to this issue, but as long as nothing has happened, they don’t really know if any of those things work… We often see circumstances where there’s a geopolitical situation, trade policy changes, and the business makes a move — changes the supply chain — but no one tells the ESG arm of the company that those things have occurred.”  

Lise Smit pointed to severity and likelihood — the core concepts from the UN Guiding Principles, now embedded in CS3D, CSRD’s European Sustainability Reporting Standards, and UK modern slavery guidance — as the practical tool for deciding where to focus: 

“These concepts are the concepts that you should be using in terms of determining where to focus your work. And the flip side of that is… the idea that that can be tested.”  

Takeaway: Due diligence needs to be embedded in business operations, not parallel to them. A single, risk-based governance framework anchored in the UN Guiding Principles — with jurisdictional requirements layered onto it — is more defensible and more efficient than managing each obligation in isolation. Severity and likelihood, not jurisdictional proximity, should determine where resources go.

What to Do Now

The practical consensus from eight speakers across two sessions: 

  • Assess jurisdictional exposure — understand both current obligations and those arriving over the next two to three years.
  • Map your corporate group — regulatory reach increasingly extends through ownership and control, not just direct operations.
  • Look beyond Tier 1 suppliers — risk-based supply chain visibility is becoming the expected standard.
  • Integrate due diligence into business operations — procurement decisions, supply chain changes, and ESG processes need to be connected.
  • Seek specific advice on China — the dual illegality dilemma requires legal review, not a blanket policy response.
  • Document decisions and actions — due diligence evidence is both a regulatory compliance record and a trade compliance asset. 

Watch the Webinar Recordings

For a more detailed analysis of the global regulatory landscape, look out for our forthcoming eBook, From Disclosure to Enforcement: Modern Slavery and Human Rights Regulation in 2026, developed with input from Norton Rose Fulbright. The eBook explores emerging legislation, enforcement trends, and practical considerations for organisations navigating increasingly complex human rights and modern slavery obligations across global supply chains.

You can also join our upcoming webinar on 29 July, From Reporting to Defensibility: Modern Slavery Compliance in Australia and New Zealand, for a deeper discussion of the evolving regulatory landscape and practical compliance considerations in both jurisdictions.

How Ethixbase360 Can Help

Ethixbase360 is pleased to introduce the Human Rights Supply Chain Due Diligence Questionnaire — a defensible human rights due diligence solution for your supply chain, built on the subject matter expertise of Norton Rose Fulbright and embedded within Ethixbase360’s third-party risk platform. 

Identify — Surface human rights risk across your supplier base with structured, jurisdiction-aligned assessments. 

Prioritise — Tier suppliers by risk using country, sector, and practice indicators, helping you focus resources where they matter most. 

Evidence — Generate audit-ready records that stand up to regulators, auditors, customers, and the board. 

Contact us to learn more. 

Turn Risk to Resilience
Get the 360° visibility you need to protect your business and move faster
BOOK DEMO
Product

Integrated Third-Party Risk Management Platform
Configurable Questionnaires
Risk Based Due Diligence
Independent Third-Party Certification
Unified Third-Party Cyber Risk Management
Program Driven Managed Services
Customizable Third-Party e-learning

About Us

Company 
Sustainability @Ethixbase360
Careers
Diversity Statement
Supplier Code of Conduct

Connect

Contact Us

News & Resources

All Resources
Blog
eBooks/White Papers
Events & Webinars

Linkedin
Copyright © Ethixbase360, 2026 All Rights Reserved
Terms & Conditions Privacy Policy Code Of Conduct

On-Demand Webinar: ‘FCPA Trends to Watch: From Incentive Programs to Ephemeral Messaging Communications and Beyond’

Watch Now
Share via
Facebook
X (Twitter)
LinkedIn
Mix
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap