Your new 99 problems: Enforcing the EU supply chain law

By Everstream Team

Coming soon to European commerce near you, the EU supply chain law intends to change how logistics and procurement operate on the continent. Although the directive itself singles out the largest of the large—the top 1% of companies as outlined in the draft law—the EU expects that 1% to change the other 99% by pushing the impact across their supplier network.

In fact, the entire directive depends upon the interconnectedness of global sub-tier supply chains making the world a better place. More importantly, it relies on companies knowing and visualizing their entire multi-tier supply network, down to the last tier.

This white paper unpacks the proposed EU supply chain law and how it will likely affect your operation. We summarize the supply chain law background and context, how the law was designed to work, companies it applies to (directly and indirectly), what the law means by “value networks,” and how the law expects in-scope companies to operate in response.

EU supply chain law background

Businesses and governments have asked for this legislation to create a level playing field across the European Union. Currently, multiple EU countries are writing their own supply chain laws, which creates a complex compliance burden for operations functioning across borders. In many cases, businesses must comply with two, three, or more different sets of regulations. Companies often feel their competitors have an easier compliance burden.

Click here to download the full EU supply chain law white paper

The proposed EU law addresses these business issues along with growing public concerns about environmental, social, and governance (ESG) violations. The directive specifically calls out forced labor, child labor, climate impact, and environmental pollution, and names industries at high risk.

The draft directive streamlines and builds on existing legislation, and coordinates existing and proposed policies in individual European countries.

Officially titled the Corporate Sustainability Due Diligence and Amending Directive, the legislation was proposed in early 2022 and is scheduled to be discussed and amended in May 2023. There is no exact timeline yet for implementation.

From an operational perspective, the EU supply chain law has several unique takeaways that will affect how companies in scope do business.

How the EU supply chain law works

To quote directly from the European Commission summary of the directive, “When companies take voluntary action, they focus on the first link in the supply chains while human rights and environmental harm occurs more often further down in the value chain.”

At its core, the proposed law is built on this top-level assertion. The directive hinges on three assumptions about supply chains and corporate operations:

  1. Europe’s largest companies have extensive and overlapping value networks, including suppliers, partners, and other business-to-business relationships.
  2. These large organizations have unique powers to influence their value networks to change.
  3. Small and midsized companies are currently under too much duress to bear the direct financial and administrative burden of this law.

Founded on these beliefs, the law relies on a mix of incentives and penalties to make the world’s largest organizations encourage and even force compliance across their value networks

Entities the EU supply chain law applies to

Although the directive will incorporate some changes before it passes, there are some generalizations on scope that form the core of the law’s intent. Companies will want to consult legal experts for clarifications on compliance details, but your operations are at high risk for impact if your organization falls into one of several categories.

Europe and beyond

Geographically, the scope is wide, covering operations based in the EU or doing significant business in the EU economy. The law outlines specific criteria for the number of employees and revenue (turnover) for operations based in the EU, or those based overseas doing business in an EU economy.

list of existing and pending EU supply chain laws worldwide

Figure 1: Existing and pending EU supply chain laws.

The top 1% and the other 99%

The proposed law applies directly only to the top 1% of businesses in terms of both size and number of employees. Companies in scope have more than 500 employees and higher than €150 million in worldwide turnover. This encompasses only the largest 1% of EU firms, but the directive was shaped so that this 1% is responsible for enforcing the law across their supply network. In this way, the EU hopes to create a trickle-down effect that ultimately reaches small to midsized operations.

High-impact industries

Small to midsized companies will fall into scope two years after the law passes if they fit into “high impact” industries. This applies to companies with more than 250 employees and more than €40 million in worldwide turnover if they operate in the manufacturing of textiles, leather and related products, wholesale trade of ; agriculture, forestry, fisheries, food manufacturing, wholesale trade of agricultural raw materials, live animals, wood, ; the extraction of mineral resources, metal and minerals manufacturing, and the wholesale trade of mineral resources and products. This inclusion doesn’t apply to third-country entities, only those based in the EU.

EU supply chain law “value networks”

If you’re a supply chain executive, here’s where the law gets interesting and will be open to legal interpretation. The definition of “value chain” is sure to be debated in future meetings, but the final definition will certainly be widespread.

The directive defines the value chain as including direct and indirect (or sub-tier) suppliers, partners—and any entity with which the company has a “business relationship.” In fact, there is even a provision for working directly with competitors.

Recognizing that supply networks are closely connected within industries, the proposed law directs companies to share resources and strategies when a shared supplier is at high risk or in violation. A combination of incentives and penalties will coax in-scope companies to identify and end the targeted ESG violations.

Responsibility toward value networks

EU lawmakers will depend on the largest companies to visualize and know their entire value chain, and to take that knowledge one step further. They expect companies to know how much influence they have over that network, and whether or not they can extend that influence to stop child labor, forced labor, environmental impact, and more.

Companies will be expected to leverage that influence to push compliance via financial and contractual means.


Although the proposed law doesn’t yet specify financial penalties for noncompliance, there are two ways it places financial responsibility on companies in scope.

First, companies must link salaries to climate change and sustainability goals, particularly related to emissions. As outlined in the draft law, plans “should be duly taken into account when setting directors’ variable remuneration.” The directive suggests linking remuneration to a director’s contribution to the company’s long-term sustainability.

Second, the directive offers examples of financial support that in-scope companies can offer to at-risk businesses in their supply networks. Financial support can include direct financing, low-interest loans, guarantees of continued sourcing, and assistance in securing financing. Companies might also offer to pay for training or upgrade management systems.


As currently written, the EU supply chain law requires companies to outline their compliance expectations, and then include those requirements when researching potential suppliers and other value network partners. They must also apply those contractual terms to existing relationships.

This contractual obligation only applies to direct suppliers, not to the extended sub-tier network even if those relationships are visible and known to the in-scope company.

What applies to the sub-tier network is an emphasis on preserving the business relationship. Whether contracted in Tier 1 or distantly connected in Tier 4, businesses are discouraged from ending risky or noncompliant relationships. Rather than distance themselves from a violation or risk, companies should take steps to encourage compliance.

Operational compliance with EU supply chain law

The EU supply chain directive repeatedly emphasizes “support” and “appropriate measures.” The directive wants large companies to support small to midsized operators in the value network and use various appropriate measures to do so.

The entire scope of this due diligence will likely be defined in more detail as legislators continue to discuss and refine the proposal. Currently, support and appropriate measures center on assessing, monitoring, reporting, and mitigating activities internally and in the company’s value network.


Simply relying on a supplier survey that says “yes, we’re in compliance” won’t be enough for the EU supply chain law. Companies will have to secure contractual agreements outlining compliance measures, but they can’t take the supplier’s word for it.

The directive states that companies “should obtain information about baseline conditions at higher-risk sites or facilities in value chains.” Third-party risk evaluation data will be valuable in proving baseline conditions.

If a company’s existing suppliers are at too much risk, or even in violation, to provide contractual assurances, companies will need to show that they’ve taken steps to help. That help can come in a few different ways, but companies will need to know enough about their suppliers to choose the most effective approach.

For example, you’ll need to know the financial status of entities in your value network so that you can evaluate whether direct financing or extending more generous payment terms could help. The directive suggests several financial options for supporting a supplier while they are restructuring to meet compliance guidelines.

Finally, companies will need to assess how much impact they have on the various parts of their value network. The EU proposal links a company’s level of responsibility to enforce change to its level of influence.

Monitoring and reporting

The assessment isn’t a one-time process. Companies must specify an internal person responsible for creating and adhering to its code of conduct, which includes ongoing network assessments. The code of conduct should apply in all relevant corporate functions and operations, including procurement and purchasing decisions.

If a company identifies a high-risk or actual violation in its value network, it should take appropriate measures to bring those to an end. Those include documenting measures taken to verify internal compliance with the code of conduct and how they extend that code to their value networks.

Because the top 1% is responsible for pushing out the law through their networks, they’re also responsible for monitoring to see if it’s working. If companies need to verify whether a supplier is in compliance, they will have to bear the cost of any independent third-party verification.


Simply ending a relationship with a high-risk or noncompliant supplier or partner is not sufficient protection from the law. Instead, the EU directive encourages companies to prioritize those riskier business relationships and push for change.

Companies will be expected to explore and award appropriate types of support based on what that supplier needs and on what influence the company has. That support can include training materials, helpful financial terms, and even partnering with a competitor to add more heft to the compliance plan.

Identifying and mapping value networks

To comply with the law’s extensive sub-tier supply chain requirements, companies will at minimum need to know, visualize, monitor, and actively investigate their entire supply network. Identifying and mapping that breadth and depth, along with the required real-time monitoring, is only possible with digital visualization.

Everstream’s best-in-class network mapping process

Everstream Analytics follows the best-in-class supply network mapping process, which combines artificial and human intelligence to create a digital twin of your global supply chain. That data is then combined with proprietary global intelligence that is sourced near-real-time through multiple digital and human sources.

This process creates predictive risk insights that support EU law and other regulatory requirements, while improving overall supply chain sustainability. Everstream removes the blinders of traditional data – giving you more complete information, sharper analysis, and accurate insights that can feed your processes, so your supply chain becomes smarter and more autonomous every day.

Integrating predictive insights into a company’s third-party applications is how Everstream ensures that the right person has the right insight at the right time, with minimal change management. This personalization makes it simple to incorporate risk and potential disruptions across an organization during planning and execution, down to a company’s lowest-tiered suppliers.

End-to-end providers can assess and connect lane, shipment, facility, component, material, and corporate risk, putting companies on a path to identify both product and revenue at risk. It is this end-to-end capability that leads companies to choose Everstream over our competitors.

How digital mapping supports EU law

Once a company has a digital twin of their value network, supply chain managers can automate compliance with the EU supply chain law in multiple ways. Whether rating risk, uncovering actual issues, or supporting compliance, companies will need the data and insights from a digital map.

Managers can automate the identification of actual or potential adverse human rights and environmental impacts. Once the supply chain is mapped, managers can set alerts for certain regions, industries, or even specific suppliers. A best practice is to rely on a software platform that uses a combination of artificial intelligence and human oversight to ensure that all alerts are relevant.

Companies can also use digital maps to prevent potential impacts when assessing new relationships in their value network. Risk scoring provides valuable insights to help managers identify potential misconduct risks before suppliers are part of the company’s network.

For partners and suppliers already under contract, a risk evaluation platform adds to mitigation efforts. Risk data can be integrated with internal systems to collaborate on identifying crises. By creating a systematic approach to managing these risks, companies can more easily build best practices.

Dashboards in a risk management system can also help monitor the effectiveness of due diligence policies. This data can be used to document and share due diligence efforts with stakeholders.


To summarize, the EU supply chain law arose from companies asking legislators for a level playing field amid increasing regulations and proposals. Rather than struggling to adhere to individual country law, large companies doing business across multiple member states want a unified guideline that applies to all.

The proposed law applies to the largest 1% of companies doing business in the EU, with provisions for smaller companies operating in high-risk sectors. These large companies are expected to enforce regulations, support their suppliers and partners, and in that way, push compliance down to the other 99%.

Knowing your entire value network will be critical to comply with this law. Companies will have extensive financial, contractual, and other responsibilities toward their suppliers and other partners. To execute these responsibilities, supply chain managers will need full visibility into risks and violations. Digital supply chain maps can provide automated management and valuable insights for assessing, monitoring, reporting, and mitigating potential violations. Risk management platforms can integrate with a company’s existing systems to add key insights and support due diligence and compliance.

Supply chain due diligence laws already affect companies doing business in the European Union, and those requirements will only grow stricter. Consult these additional resources for more information and support on transitioning your supply chain:


Bain & Company

Blue Yonder


Everstream Analytics



Download a full copy of the directive (in all EU languages) here.

If you are ready to get started with creating a digital map of your value network and learn how that supports EU supply chain law compliance, contact us at [email protected] to set up a personalized consultation.

Click here to download the full EU supply chain law white paper

Share this post

Up Next

February 24

Analysis of the industrial metal supply chain for automotive aerospace, consumer electronics, household goods and other manufacturing industries. Learn more about 2022’s biggest disruptors, and risk factors for the coming months.

Read the blog