Three types of due diligence laws, one foundation

Three categories of due diligence legislation

Due-diligence requirements today fall into three distinct categories: general value-chain laws, material-specific regulations, and issue-focused enforcement.

1) General due diligence laws

General due-diligence laws cast the widest net. They apply to companies above certain thresholds and require them to identify, prevent, mitigate, and account for human rights and environmental risks across their operations and value chains.

Examples include France’s Loi de Vigilance, Germany’s Lieferkettengesetz, Norway’s Transparency Act, and the EU Corporate Sustainability Due Diligence Directive (CSDDD).

These laws are often where companies feel most exposed, because they appear to require comprehensive coverage of everything a business touches.

However, their underlying logic is explicitly risk-based. International standards make clear that companies are expected to prioritise the most severe and likely risks where they have leverage, rather than attempt uniform treatment of all suppliers and activities.

Problems arise when risk-based due diligence is interpreted as exhaustive coverage. That misunderstanding is one of the main drivers of cost escalation and operational overload.

The political trajectory of these general due-diligence laws is also diverging across regions.

While general due-diligence legislation has recently come under political pressure in the European Union — including from external trade partners — the global trajectory is not uniform. The EU is narrowing and delaying elements of an already-agreed regime through higher thresholds, more limited value-chain reach, and slower timelines.

At the same time, several Asian jurisdictions are moving in the opposite direction. In countries such as South Korea, Thailand and Indonesia, governments are not only referencing OECD and UN standards, but are actively developing, consulting on, or strengthening legislative approaches to human-rights due diligence over the medium term.

2) Material-specific due diligence

Material-specific laws follow the product or commodity rather than the company.

If you place certain materials or products on the market, due-diligence obligations attach to your supply chain regardless of your size or where you are headquartered.

The EU Conflict Minerals Regulation is a clear example. The EU Batteries Regulation and the EU Deforestation Regulation operate on the same logic. These regimes do not ask companies to assess everything in their value chain. They ask them to demonstrate responsible sourcing for clearly defined inputs.

From a systems perspective, this category typically requires deeper traceability and documentation for specific supply chains, rather than broad enterprise-wide programmes.

3) Issue-specific due diligence and enforcement

Issue-specific laws focus enforcement on particular severe risks, most notably forced labour and child labour.

The EU Forced Labour Regulation, the US Uyghur Forced Labor Prevention Act, and Canada’s Fighting Against Forced Labour and Child Labour in Supply Chains Act fall into this category.

These regimes are narrower in scope but sharper in enforcement.

They often operate through market-access restrictions, shipment detentions, or targeted penalties. Operationally, they can escalate quickly and under time pressure. There is also a relatively high reputational risk involved.

Politically, this category is also the most durable. Even in jurisdictions where broader ESG frameworks face pushback, forced labour and child labour legislation tends to retain cross-party support.

Why the distinction matters in practice

Treating these three categories as unrelated creates predictable problems.

First, costs increase unnecessarily. Separate gap analyses, governance structures, and reporting systems are built for each law, even though much of the underlying work overlaps.

Second, compliance becomes fragile. Systems designed narrowly for one regulation struggle to adapt when the next law arrives. Work done for modern slavery does not connect to deforestation. Conflict minerals processes sit apart from broader human rights due diligence. This is the cost of building parallel compliance tracks instead of integrated systems from the start.

Third, governance fragments. Boards receive disconnected risk information. Procurement and legal teams face conflicting supplier expectations. Accountability becomes blurred across parallel compliance tracks.

More importantly, fragmented approaches miss the intelligence value of connected due diligence. Risks rarely sit neatly within one legal category. Forced labour, environmental degradation, and community impacts often intersect in the same supply chains.

One shared foundation beneath all three

Most due diligence laws are built on the same underlying frameworks: the UN Guiding Principles on Business and Human Rights and the OECD Guidelines for Multinational Enterprises on Responsible Business Conduct.

These frameworks define the process architecture of due diligence: identifying risks, preventing and mitigating impacts, tracking effectiveness, communicating transparently, and enabling remediation where harm occurs.
Individual laws then add specific scope triggers, timelines, documentation requirements, and penalties.

When companies build their core due-diligence systems around this shared architecture, new legislation becomes an overlay rather than a restart. General laws, material-specific regimes, and issue-focused enforcement can all be absorbed into a single, coherent approach.

This reduces total cost of ownership and improves risk insight.

One materiality assessment can inform both broad human-rights priorities and forced-labour exposure.

One supplier-engagement approach can support environmental, social, and product-specific requirements. One governance structure can oversee multiple legal obligations without duplication.

Common mistakes when new laws arrive

Three patterns appear repeatedly when companies respond to new due-diligence requirements.

The first is starting from scratch. Existing procurement, risk, and supplier-management practices are overlooked because they were not originally designed for the new regulation.
The second is building parallel systems. Different functions respond independently to different laws, creating duplication and operational friction.
The third is treating due diligence purely as compliance. This produces documentation that satisfies reporting requirements but does little to prevent harm or manage real-world risk. And documentation alone will most likely not hold up under public or supervisory scrutiny anyway.

Looking forward

Due-diligence legislation will continue to evolve. Material-specific regimes will expand to new commodities. Issue-specific enforcement will intensify. Political signals will remain uneven.

Organisations that treat each development as a standalone compliance problem will face growing complexity, rising cost, and increasingly fragile systems.

Those that invest in a shared foundation — grounded in internationally recognised due-diligence standards — put themselves in a different position.

They gain clarity on where risk truly sits, which parts of the organisation need to act, and when issues should escalate to senior management or the board. New requirements become a question of scope and emphasis, not reinvention.

This is what makes due diligence manageable: not broader coverage, but clearer priorities; not more process, but better integration into existing governance, procurement and risk management.

Done this way, due diligence stops being a succession of regulatory responses and becomes a disciplined way of managing risk, cost and accountability over time.