Modern Slavery Compliance — UK Modern Slavery Act and EU CSDDD Requirements

title: "Modern Slavery Compliance: UK Modern Slavery Act and EU CSDDD" description: "An implementation guide to modern slavery compliance under the UK Modern Slavery Act 2015, EU Corporate Sustainability Due Diligence Directive (CSDDD), and aligned global frameworks." keywords: "modern slavery, UK Modern Slavery Act, CSDDD, supply chain due diligence, human rights, forced labor, transparency in supply chains" author: "ISO Xpert Consultants" date: "2026-04-28" type: "Implementation Guide"

Quick Reference

Introduction

An estimated 49.6 million people live in modern slavery worldwide, according to the most recent Global Slavery Index. Of these, 27.6 million are in forced labor, much of it embedded in global supply chains for goods purchased by Western consumers and businesses. The legal and ethical responsibility to identify, prevent, and remediate these harms now rests squarely with the corporations whose value chains touch them.

The legislative landscape has evolved rapidly. The UK Modern Slavery Act 2015 pioneered transparency-based regulation, requiring large commercial organizations to publish annual statements describing the steps taken to address slavery in their operations and supply chains. The EU Corporate Sustainability Due Diligence Directive (CSDDD), adopted in 2024, marks a decisive shift to substantive obligations: in-scope companies must conduct rigorous due diligence, prevent and remediate adverse impacts, and face enforcement penalties of up to 5% of worldwide turnover. Germany's Lieferkettensorgfaltspflichtengesetz (LkSG), France's Duty of Vigilance Law, Norway's Transparency Act, and Australia's Modern Slavery Act complete a global regulatory mosaic that no multinational can ignore.

Compliance is no longer about publishing a statement. It is about building genuine due diligence systems that map supply chains, assess risks, engage suppliers, conduct investigations, remediate harms, and report transparently. This implementation guide provides a comprehensive blueprint for compliance officers, supply chain leaders, and ESG executives navigating this complex terrain.

Scope

This guide addresses modern slavery compliance from a multi-jurisdictional, integrated perspective. It is designed for organizations subject to one or more major regimes and for those proactively building due diligence systems ahead of expanding regulation.

In scope:

• Legal framework analysis: UK MSA 2015, EU CSDDD, German LkSG, French Duty of Vigilance Law, Australian MSA, Norwegian Transparency Act, Canadian Bill S-211
• Alignment with UN Guiding Principles on Business and Human Rights (UNGPs) and OECD Due Diligence Guidance
• Scope determination and value chain mapping
• Risk assessment methodology including geography, sector, and product analysis
• Supplier engagement: questionnaires, audits, training
• Worker voice mechanisms and grievance redress
• Investigation and remediation frameworks
• Statement and report drafting (UK MSA, CSDDD, LkSG)
• Governance: board oversight, accountability assignment, internal reporting
• Integration with ESG, ABC, and broader compliance programs

Out of scope:

• Detailed forensic labor audit methodology (covered in our Social Compliance Auditor course)
• Sector-specific regulations (e.g., Uyghur Forced Labor Prevention Act for US imports)
• Conflict mineral compliance (Section 1502 Dodd-Frank, EU Conflict Minerals Regulation)
• Sanctions and trade compliance

This guide assumes participants have foundational supply chain or compliance program experience. Organizations should obtain qualified legal counsel for jurisdiction-specific application, particularly given the rapid evolution of CSDDD transposition across EU Member States.

Key Requirements / Core Concepts

Modern slavery compliance rests on the framework of human rights due diligence (HRDD) as articulated in the UN Guiding Principles and operationalized in the OECD Due Diligence Guidance. The CSDDD effectively codifies this framework into binding EU law, while the UK MSA, LkSG, and other regimes implement variants.

1. The Six-Step Due Diligence Cycle

The OECD framework, adopted by CSDDD, defines six interconnected steps:

1. Embed responsible business conduct in policies and management systems
2. Identify and assess actual and potential adverse impacts in operations and value chain
3. Cease, prevent, and mitigate adverse impacts
4. Track implementation and results
5. Communicate how impacts are addressed
6. Provide for or cooperate in remediation when appropriate

2. Scope Determination

Each regulation defines its scope differently:

• UK MSA: Commercial organizations with turnover ≥ £36 million carrying on business in the UK
• EU CSDDD: Phased from 2027, ultimately covering EU companies with 1,000+ employees and €450M+ turnover, plus non-EU companies with €450M+ EU turnover
• German LkSG: German companies with 1,000+ employees (since 2024); contractual flow-down to suppliers
• French Duty of Vigilance: Companies with 5,000+ employees in France or 10,000+ globally
• Australian MSA: Entities with consolidated revenue ≥ AUD 100 million

3. Value Chain Coverage

The CSDDD requires due diligence across the entire chain of activities: upstream suppliers, the company's own operations, and certain downstream activities. The UK MSA addresses operations and supply chains, with growing expectations for full-tier mapping. Effective programs map at least Tier 1 fully and conduct risk-based mapping of Tiers 2+.

4. Risk-Based Prioritization

Pure exhaustive due diligence is impractical for global supply chains. The CSDDD and OECD Guidance accept risk-based prioritization using factors including:

• Geography — country forced labor prevalence (Global Slavery Index)
• Sector — high-risk industries (agriculture, garments, electronics, construction, mining, hospitality)
• Product — high-risk inputs (cotton, palm oil, cobalt, tomatoes, fish)
• Workforce vulnerability — migrant labor, low-skill labor, recruitment fee exposure

5. Worker Voice

Genuine due diligence cannot rely solely on supplier self-reporting and announced audits. Worker voice mechanisms—grievance hotlines, anonymous surveys, civil society partnerships—are now considered essential. The CSDDD explicitly requires meaningful engagement with affected stakeholders.

💡 Pro Tip #1: Use unannounced audits and worker interviews conducted off-site by independent third parties for high-risk suppliers. Announced audits routinely miss the most serious abuses, which are concealed in advance. The cost premium of unannounced audits is small relative to the risk reduction.

💡 Pro Tip #2: Beware of "audit fatigue" — high-volume auditing of the same facilities by multiple buyers wastes resources and often produces sanitized results. Participate in industry collaborations (Sedex, amfori BSCI, Responsible Business Alliance) to share audit data and reduce duplicative burden on suppliers.

💡 Pro Tip #3: Recruitment fees are a leading red flag for forced labor risk. Adopting the Employer Pays Principle—prohibiting workers from paying recruitment costs and remediating any fees previously paid—is the single most impactful policy reform in migrant-labor contexts.

6. Remediation

When adverse impacts are identified, the response cannot be limited to terminating the supplier relationship—doing so may worsen worker outcomes. The expected hierarchy is: cease/prevent further harm, contribute to remediation if implicated, support remediation if linked but not implicated. Disengagement is a last resort and must be done responsibly.

✅ Core Concepts Checklist

• [ ] Board-approved human rights policy aligned with UNGPs
• [ ] Mapped value chain (Tier 1 fully; Tiers 2+ risk-based)
• [ ] Documented risk assessment methodology and current risk register
• [ ] Worker grievance mechanism with documented response protocols
• [ ] Annual training for procurement and supplier-facing staff
• [ ] Public statement/report meeting applicable regulatory requirements
• [ ] Integration with broader compliance and ESG management systems

Approach

Implementing a modern slavery compliance program is a multi-year journey requiring sequenced investment. The ISO Xpert methodology divides the work into seven phases, suitable for both first-time implementers and organizations upgrading legacy programs to CSDDD readiness.

Phase 1 — Scoping and Governance. Determine applicable regulations, define program scope, assign board-level accountability, draft human rights policy. Output: governance charter and policy.

Phase 2 — Value Chain Mapping. Map Tier 1 suppliers, identify high-risk sub-tiers using product/geography/sector lenses, build supplier database. Output: value chain map and supplier register.

Phase 3 — Risk Assessment. Apply risk methodology to mapped chain, prioritize for action, document residual risks. Output: prioritized risk register.

Phase 4 — Supplier Engagement. Roll out code of conduct, deploy questionnaires, conduct training, audit high-risk suppliers, address findings. Output: supplier compliance dashboard.

Phase 5 — Worker Voice and Grievance. Implement worker hotlines, partner with civil society for high-risk geographies, integrate with whistleblowing channels. Output: operational grievance mechanism.

Phase 6 — Remediation and Continuous Improvement. Investigate substantiated concerns, remediate harms, refine controls based on findings. Output: remediation log and program improvement plan.

Phase 7 — Reporting and Disclosure. Draft and publish annual statement/report meeting all applicable regulatory requirements. Output: published statement and stakeholder briefings.

Implementation Roadmap

⚠️ Warning: Do not underestimate the time required for value chain mapping. Many organizations discover their procurement systems lack the data structure to identify even Tier 1 suppliers reliably. Budget 4–6 months for Phase 2 in complex multinationals; treat the resulting map as a living document.

⚠️ Warning #2: Beware of cosmetic compliance. Programs that produce comprehensive statements without operational substance are increasingly identified by regulators, NGOs, and journalists. The reputational and legal risks of cosmetic compliance now exceed those of acknowledging genuine challenges with credible improvement plans.

The phases overlap intentionally. Risk assessment refines value chain mapping; supplier engagement reveals new risks; remediation findings improve risk methodology. The program is iterative by design.

Certification / Completion

The ISO Xpert Human Rights Due Diligence Practitioner (HRDDP) certification validates competence in the design, implementation, and continuous improvement of modern slavery and broader human rights compliance programs.

The curriculum covers 80 hours of structured learning across ten modules:

1. International framework: UNGPs, OECD Guidance, ILO conventions
2. Regulatory landscape: UK MSA, CSDDD, LkSG, French Duty of Vigilance, Australian MSA, others
3. Value chain mapping methodology
4. Risk assessment: geography, sector, product, workforce factors
5. Supplier engagement, audits, and capacity building
6. Worker voice and grievance mechanisms
7. Investigation and remediation frameworks
8. Sectoral deep dives (agriculture, garments, electronics, construction)
9. Reporting and disclosure requirements
10. Integration with ESG, ABC, and compliance programs

Certification requires:

• Completion of all curriculum modules
• A 100-question final examination (75% threshold)
• A capstone project applying the framework to a real or simulated supply chain
• A written reflective practice document

Certification is valid for three years, with 32 CPE hours required for renewal. Holders join the ISO Xpert Practitioners Network with access to country risk briefings, sector intelligence, and a curated library of NGO and academic research.

The HRDDP credential is recognized by leading procurement and ESG functions and increasingly cited in due diligence officer job descriptions across Europe, the UK, and Australia. It complements ISO 26000 Social Responsibility, ISO 37301 Compliance, and supply chain credentials such as CIPS and ISM.

Common Challenges

Challenge 1: Sub-Tier Visibility

Problem: Tier 2 and beyond are invisible to procurement systems; suppliers refuse to disclose their suppliers citing competitive sensitivity. Solution: Use a combination of product-level traceability (especially for high-risk inputs like cotton, cobalt, palm oil), supplier mapping platforms (Sedex, EcoVadis, Sourcemap), industry consortia data, and contractual flow-down obligations. Begin with high-risk inputs rather than universal coverage. Outcome: Sub-tier visibility for high-risk inputs typically reaches 60–85% within 18 months; full coverage is a multi-year journey requiring industry collaboration.

Challenge 2: Audit Limitations

Problem: Standard social audits routinely miss the most serious abuses, which are concealed before announced visits. Solution: Layer multiple methods: announced audits (baseline), unannounced audits (verification), worker interviews off-site, third-party grievance mechanisms, and civil society partnerships in high-risk geographies. Triangulate across sources. Outcome: Material risk identification improves substantially; abuses previously missed are detected within 2–3 audit cycles.

Challenge 3: Supplier Resistance

Problem: Suppliers, especially smaller ones, view due diligence requirements as costly burdens that benefit only the buyer. Solution: Invest in supplier capacity building: training, shared audit costs, longer-term contracts that justify investment, joint remediation programs. Position the program as a partnership, not a unilateral imposition. Outcome: Supplier engagement scores rise materially; remediation collaboration replaces adversarial audit responses.

Challenge 4: Remediation Without Disengagement

Problem: When forced labor is identified, the natural response of terminating the supplier relationship may harm the very workers the program is meant to protect. Solution: Apply the OECD-recommended hierarchy: cease and prevent further harm, contribute to remediation if implicated, support remediation if linked. Engage with affected workers, civil society, and where appropriate national authorities. Disengagement must be responsible, time-phased, and accompanied by remediation. Outcome: Sustained worker protection; preserved supplier relationships where remediation succeeds; defensible disengagement decisions where it does not.

Challenge 5: Reporting Without Greenwashing

Problem: Statements that emphasize positive narrative without acknowledging challenges are increasingly identified as misleading by NGOs and regulators. Solution: Adopt a candid disclosure approach—report identified risks, including substantiated concerns, alongside response actions and lessons learned. Use structured disclosure frameworks (UK MSA registry, CSDDD report templates) to ensure completeness. Outcome: Stakeholder trust improves; regulatory engagement becomes constructive; investor confidence in program credibility rises.

Benefits

A mature modern slavery compliance program delivers substantial benefits across legal, operational, financial, and reputational dimensions. While the immediate driver is regulatory compliance, downstream benefits typically exceed compliance costs within 2–3 years.

Legal and regulatory benefits include reduced enforcement exposure (CSDDD penalties reach 5% of worldwide turnover) and improved standing in regulatory dialogue. Operational benefits include earlier identification of supply chain disruptions, reduced disruption costs, and stronger supplier relationships. Reputational benefits translate into customer loyalty, NGO engagement, investor confidence, and talent attraction.

Benefits Matrix

The program also contributes to broader Sustainable Development Goal alignment (particularly SDG 8 — Decent Work) and supports integration with anti-bribery, environmental, and broader ESG programs through shared infrastructure.

Tools & Resources

A robust modern slavery program leverages purpose-built tools and reference materials:

• UN Guiding Principles on Business and Human Rights (2011) — Foundational framework
• OECD Due Diligence Guidance for Responsible Business Conduct (2018) — Authoritative methodology
• Global Slavery Index — Walk Free Foundation's country-level prevalence data
• Sedex SMETA, EcoVadis, RBA, amfori BSCI — Audit and assessment platforms
• Sourcemap, Achilles, Tealbook — Supply chain mapping tools
• UK MSA Statement Registry — Government repository of published statements
• CSDDD Implementation Guidance (forthcoming, European Commission)
• ILO Indicators of Forced Labour (11 indicators) — Operational red-flag framework
• Ethical Trading Initiative Base Code, Leadership Group for Responsible Recruitment

📥 Downloadable Checklist: ISO Xpert's Modern Slavery Program Maturity Self-Assessment (74-point evaluation) is available to certification candidates and registered users. The tool benchmarks against UNGPs, OECD Guidance, UK MSA, and CSDDD requirements, producing a gap-prioritized improvement plan.

Selection of audit firms and platforms should follow documented requirements analysis. Avoid sole reliance on generic ESG audit firms for high-risk geographies; specialized human rights auditors with regional expertise produce materially better insight.

Case Study: Global Apparel Brand (Anonymized)

Before: A €2.8 billion apparel brand with manufacturing across 14 countries faced growing scrutiny following an NGO report alleging forced labor in its Tier 2 fabric mills. Its UK MSA statement, while compliant on its face, had been criticized as boilerplate. The CSDDD's adoption required substantial program upgrade. Existing supplier audits—announced, conducted by a single firm, focused only on Tier 1—had failed to detect the alleged abuses. Two major retailers had requested enhanced disclosure as a condition of continued partnership.

The Engagement: Over 14 months, the brand implemented all seven phases of the ISO Xpert methodology. Key actions included full Tier 1 mapping plus product-level Tier 2/3 mapping for high-risk inputs (cotton, viscose, leather), adoption of the Employer Pays Principle, partnership with the Issara Institute for off-site worker interviews in Southeast Asia, conversion to a layered audit approach (announced + unannounced + worker voice), and a candid revised UK MSA statement disclosing identified risks and response actions.

After: Within 18 months, the brand had identified and remediated 23 substantiated concerns including recruitment fee abuses affecting 1,400 workers (US$2.1M in remediation payments). Tier 2 visibility for high-risk inputs reached 78%. Two major retailers cited the program as exemplary in their public sourcing reports. The annual NGO benchmark scorecard improved from 38% to 71%. Investor engagement on the topic shifted from challenging questions to constructive dialogue. The Chief Sustainability Officer described the program as "transformative—we now know our supply chain in a way we never did before."

Conclusion

Modern slavery compliance has moved decisively beyond statement publication to substantive due diligence. The CSDDD, LkSG, and aligned regimes have raised expectations to a level that demands genuine investment in mapping, assessment, supplier engagement, worker voice, and remediation. Organizations that approach compliance as a tick-box exercise expose themselves to enforcement, litigation, reputational, and operational risk. Those that build genuine programs gain resilience, customer access, investor confidence, and—most importantly—contribute to the abolition of practices that should have no place in the 21st century.

The frameworks are mature and the methodologies are tested. What remains is the leadership commitment to invest, the operational discipline to execute, and the candor to disclose what is found. ISO Xpert exists to accelerate that work.

📞 Call to Action: Begin with the ISO Xpert Modern Slavery Program Maturity Self-Assessment at iso-xpert.com. Then enroll in the Human Rights Due Diligence Practitioner certification to build the competencies needed to lead your organization's program in the CSDDD era.

Key Takeaway Infographic

+-------------------------------------------------------------+
|        MODERN SLAVERY DUE DILIGENCE                         |
+-------------------------------------------------------------+
|  EMBED       -> Policy, governance, training                |
|  IDENTIFY    -> Map, assess, prioritize risks               |
|  ADDRESS     -> Cease, prevent, mitigate                    |
|  TRACK       -> Monitor, measure, evaluate                  |
|  COMMUNICATE -> Statement, report, dialogue                 |
|  REMEDIATE   -> Worker-centered, hierarchical response      |
+-------------------------------------------------------------+
|  EFFECTIVENESS = Visibility + Voice + Verification          |
+-------------------------------------------------------------+

FAQ

Q1: Does the CSDDD apply to non-EU companies? Yes, if the non-EU company generates ≥ €450M turnover in the EU. Phased application begins in 2027.

Q2: What is the difference between the UK MSA and CSDDD? The UK MSA is a transparency regime requiring published statements. The CSDDD imposes substantive due diligence obligations with enforcement penalties up to 5% of worldwide turnover.

Q3: Are we expected to map our entire supply chain? No regulator mandates complete mapping. The expectation is full Tier 1 mapping with risk-based mapping of higher tiers, focused on high-risk products, sectors, and geographies.

Q4: What if we discover forced labor in our supply chain? Apply the remediation hierarchy: cease/prevent further harm, contribute to remediation if implicated, support remediation if linked. Engage workers and credible civil society partners. Disengagement is a last resort.

Q5: Can we rely on supplier audits? Audits are necessary but insufficient alone. Supplement with worker voice mechanisms, unannounced audits, civil society partnerships, and product-level traceability for high-risk inputs.

Q6: What is the Employer Pays Principle? The principle that no worker should pay for their job—employers (or their agents) should bear all recruitment costs. Adopting it is a leading practice in migrant labor contexts.

Q7: Are penalties under the CSDDD criminal or civil? Civil administrative penalties up to 5% of worldwide turnover, plus civil liability for damages caused by failures of due diligence.

Q8: Who must approve the UK MSA statement? The board (or equivalent governance body) and a director, partner, or member must sign. This is increasingly mirrored in other regimes.

Q9: How does this integrate with our ESG program? Modern slavery is the central pillar of the "S" in ESG and integrates naturally with broader human rights, supply chain, and stakeholder programs.

Q10: What about the Uyghur Forced Labor Prevention Act? The UFLPA creates a rebuttable presumption that goods from China's Xinjiang region involve forced labor and are barred from US import. It requires distinct compliance work in addition to other regimes.

Glossary

1. Modern Slavery — Umbrella term covering forced labor, debt bondage, human trafficking, and similar practices.
2. Forced Labor — Work exacted under threat of penalty and not undertaken voluntarily (ILO Convention 29).
3. UNGPs — UN Guiding Principles on Business and Human Rights (2011).
4. OECD Due Diligence Guidance — Operational methodology aligned with UNGPs (2018).
5. CSDDD — EU Corporate Sustainability Due Diligence Directive (2024/1760).
6. UK MSA — UK Modern Slavery Act 2015.
7. LkSG — Germany's Lieferkettensorgfaltspflichtengesetz (Supply Chain Due Diligence Act).
8. Tier 1 Supplier — Direct supplier of goods/services to the company.
9. Sub-Tier — Suppliers further upstream (Tier 2, 3, etc.).
10. Employer Pays Principle — No worker should pay for their job; employers bear recruitment costs.
11. Worker Voice — Mechanisms enabling workers to raise concerns confidentially.
12. Grievance Mechanism — Formal process for receiving and responding to complaints.
13. Remediation — Actions to address harms suffered by workers.
14. Salient Human Rights Issue — Most severe potential negative impact on people.
15. Living Wage — Wage sufficient to afford a decent standard of living for the worker and family.

References

External: 1. United Nations (2011). Guiding Principles on Business and Human Rights. 2. OECD (2018). Due Diligence Guidance for Responsible Business Conduct. 3. European Union (2024). Directive (EU) 2024/1760 on Corporate Sustainability Due Diligence (CSDDD). 4. UK Government (2015). Modern Slavery Act 2015. 5. Walk Free Foundation (2023). Global Slavery Index.

ISO Xpert Internal: 1. ISO Xpert (2025). ISO 26000 Social Responsibility Implementation Guide. 2. ISO Xpert (2025). Supply Chain ESG Audit Methodology. 3. ISO Xpert (2026). CSDDD Readiness Assessment Toolkit.

Author Bio

Written by ISO Xpert Consultants — a global team of governance, compliance, and sustainability practitioners specializing in human rights due diligence and supply chain ESG. Our consultants include UN Global Compact LEAD network advisors, certified Social Auditors (SA8000, SMETA), and Chartered Members of the Institute of Procurement and Supply, with field experience across high-risk geographies and sectors.

Related Articles

1. L-02 — ISO 26000 Social Responsibility Implementation Guide
2. L-06 — Stakeholder Capitalism Principles: Beyond Shareholder Primacy
3. L-07 — Whistleblower Protection Systems: Building Speak-Up Cultures
4. L-09 — Green Building Certifications: LEED, BREEAM, and the Sustainable Built Environment
5. L-14 — Supply Chain Risk Management Aligned with ISO 28000

Share This Article

Found this useful? Share it with your network: