Modern slavery legislation: what businesses need to know

Fishers working nets, Türkiye

The legislative landscape on forced labour and modern slavery has changed substantially in recent years — and it continues to evolve. 

What began with the UK’s Modern Slavery Act in 2015 has developed into a complex, multi-jurisdictional body of law covering transparency, due diligence, and in some cases, import bans on goods made with forced labour. 

For companies with international operations or supply chains, understanding which laws apply — and what they actually require — is no longer optional. The direction of travel is clear: obligations are strengthening, enforcement mechanisms are being developed, and the gap between disclosure and meaningful action is narrowing. 

This page sets out the key legislative frameworks, what each requires in practice, and what companies should be doing now to prepare. Because the landscape is changing quickly, we also note where legislation is still developing and where the position may shift. 

For a broader understanding of what forced labour is and why it occurs in supply chains, see: Forced labour & modern slavery: a complete guide for business

The overall direction of travel 

Before turning to individual laws, it is worth understanding the broader pattern — because what looks like a patchwork of different national laws is actually a convergent set of requirements moving in a consistent direction. 

From voluntary to mandatory. Early frameworks like the UK Modern Slavery Act relied on disclosure as the primary mechanism — the expectation being that transparency would drive improvement. This model is increasingly being replaced or supplemented by mandatory due diligence requirements, which obligate companies to identify, prevent, and address forced labour risks regardless of whether they choose to report on them. 

From reporting to action. Regulators, investors, and civil society are paying increasing attention to the gap between what companies say in their modern slavery statements and what they demonstrably do. Updated guidance in the UK and new legislation in the EU and elsewhere place greater emphasis on evidence of action and outcomes for workers, not just process descriptions. 

From Tier 1 to full value chain. Early supply chain transparency legislation focused primarily on direct suppliers. Newer frameworks — including the EU CSDDD (as amended) and the EU Forced Labour Regulation — extend expectations further into the value chain, including subcontractors, raw material producers, and labour recruitment agencies. 

From reputational risk to legal liability. The consequences of failure are no longer primarily reputational. Import bans, civil liability, administrative penalties, and public enforcement actions are increasingly the tools through which governments are seeking to drive corporate behaviour. 

UK: Modern Slavery Act 2015 (Section 54) 

What it is: The UK Modern Slavery Act 2015 was landmark legislation when introduced — the first law of its kind to require large businesses to report publicly on forced labour and human trafficking in their supply chains. 

Who is in scope: Commercial organisations with an annual turnover of £36 million or more that supply goods or services in the UK, regardless of where they are headquartered. 

What it requires: In-scope companies must produce an annual modern slavery statement covering steps taken — or confirming that no steps have been taken — to prevent modern slavery in their operations and supply chains. The statement must be approved by the board and signed by a director. 

The Home Office’s updated statutory guidance, published in March 2025, is the most significant refresh since the Act came into force. It is nearly twice the length of the original guidance and shifts emphasis considerably — away from minimum legal compliance and toward meaningful, outcome-focused action. Key changes in the updated guidance include: 

  • A stronger emphasis on what companies are actually doing, not just what policies they have
  • More detailed expectations around risk assessment, supplier engagement, and responsible recruitment
  • A framework distinguishing Level 1 disclosures (baseline compliance) from Level 2 (demonstrating continuous improvement and outcomes)
  • Explicit reference to the Employer Pays Principle — companies are expected to ensure that workers in their supply chains are not paying recruitment fees to obtain employment
  • Clearer expectations around remediation — what companies should do when modern slavery is found, including engagement rather than reflexive disengagement 

Enforcement and reform: Section 54 has been widely criticised for its weak enforcement — there are no direct penalties for non-compliance beyond reputational damage, and statement quality has been highly inconsistent. The UK government has acknowledged this and committed to reviewing measures to strengthen the Act, including the reporting requirements, the turnover threshold, enforcement penalties, and whether the scope should extend to public bodies. The Joint Committee on Human Rights has an ongoing inquiry into forced labour in UK supply chains. Significant legislative change is not expected in the near term, but the direction of any future reform is clearly toward stronger obligations and penalties. 

What to do now: Review and update your modern slavery statement against the March 2025 guidance, not just the minimum legal requirements. Treat the updated guidance as a signal of what future legislative requirements may mandate — companies that act now avoid a compliance scramble later. 

For guidance on producing a statement that meets current and emerging requirements, see: How to write a modern slavery statement.

EU: Corporate Sustainability Due Diligence Directive (CSDDD) 

What it is: The CSDDD establishes a mandatory human rights and environmental due diligence framework for large companies with significant EU operations or revenues. Unlike the UK Modern Slavery Act, the CSDDD is not a disclosure regime — it requires companies to identify, prevent, mitigate, and account for actual and potential adverse human rights and environmental impacts in their operations and value chains, with forced labour a central concern. 

A rapidly evolving framework: The CSDDD has been subject to significant changes since it entered into force in July 2024. The EU’s 2025 Omnibus simplification package — adopted through a two-stage process concluding in early 2026 — substantially modified both the scope and the obligations. Companies following the original CSDDD should update their understanding to reflect the current position: 

Current scope (post-Omnibus):  

  • EU companies with more than 5,000 employees and net worldwide turnover above €1.5 billion
  • Non-EU companies generating more than €1.5 billion net turnover in the EU 

This is a significant reduction from the original CSDDD, which would have captured far more companies. However, companies that fall out of mandatory scope may still face practical pressure from customers and investors who are in scope and who will cascade due diligence requirements down their supply chains. 

Key obligations: 

  • Identify actual and potential adverse human rights and environmental impacts in their own operations, subsidiaries, and direct business partners (Tier 1)
  • Extend assessment to indirect value chain partners where there is objective, verifiable information indicating a specific risk
  • Integrate findings into policies and risk management processes
  • Take appropriate measures to prevent, mitigate, and remediate identified impacts
  • Establish or participate in grievance mechanisms accessible to workers and affected communities
  • Report on due diligence in line with the CSRD (where applicable) 

Timelines: Following the Omnibus “Stop the Clock” directive (April 2025) and the substantive Omnibus amendments (adopted December 2025, published in the EU Official Journal February 2026), the first wave of in-scope companies must comply from July 2028, with phased application for other company categories. Member States must transpose the amended CSDDD into national law by July 2027. 

What to do now: If your company is in scope, or is a supplier to companies in scope, begin assessing your due diligence processes against the revised CSDDD obligations now. The 2028 application date may seem distant, but building the governance structures, supplier engagement processes, and risk assessment systems required takes time. Companies that have been preparing for the original CSDDD should adapt their approach to reflect the revised scope and obligations — but should not step back from the substantive work they have already done. 

EU: Forced Labour Regulation (EUFLR) 

What it is: The EU Forced Labour Regulation is a different instrument from the CSDDD and should not be confused with it. Where the CSDDD is a due diligence framework requiring companies to act, the EUFLR is a market access measure: it prohibits products made with forced labour from being placed on or exported from the EU market, at any stage of the supply chain. 

Scope: The EUFLR applies to all economic operators — companies of any size, in any sector, wherever they are headquartered — that place products on the EU market or export products from it. This includes online sales targeted at EU consumers. There is no minimum employee or turnover threshold. 

How enforcement works: The EUFLR creates a risk-based investigation and enforcement mechanism: 

  • Investigations can be initiated by competent authorities on their own initiative, or on the basis of substantiated complaints submitted through an online reporting point
  • The European Commission leads investigations where suspected forced labour occurs outside the EU; national competent authorities lead where it occurs within an EU member state
  • Where an investigation concludes that a product was made with forced labour, the economic operator must withdraw it from the EU market and donate, recycle, or destroy existing stocks
  • Decisions by one national competent authority are recognised across all EU member states
  • The Commission is developing a database of geographic and product risk factors, accessible through the Forced Labour Single Portal, to support both enforcement prioritisation and company due diligence 

Timelines: 

  • Entered into force: 13 December 2024
  • Member states designate competent authorities: by 14 December 2025
  • Commission publishes compliance guidelines: by 14 June 2026
  • Full application — enforcement begins: 14 December 2027 

What to do now: The December 2027 enforcement date means the window for preparation is open but not indefinite. Companies should begin mapping supply chain exposure to high-risk geographies and sectors that are likely to feature in the Commission’s risk database. Implementing or strengthening forced labour due diligence now provides the best defence against enforcement action — the regulation explicitly states that appropriate due diligence is relevant to any investigation. 

USA: Uyghur Forced Labor Prevention Act (UFLPA) 

What it is: The UFLPA, which came into force in June 2022, establishes a rebuttable presumption that any goods produced wholly or in part in the Xinjiang Uyghur Autonomous Region of China — or by entities on the UFLPA Entity List — have been made with forced labour and are therefore prohibited from import into the United States. 

What “rebuttable presumption” means in practice: Unlike the EU FLR’s risk-based investigation model, the UFLPA places the burden of proof entirely on the importer. Goods from Xinjiang are presumed to involve forced labour unless the importer can demonstrate, by clear and convincing evidence, that the specific goods were not produced with forced labour. This is a very high evidential standard that has proven difficult to meet in practice. 

Scope and application: The UFLPA applies to any importer placing goods into the US market, regardless of where the importer is headquartered. It applies to finished goods, components, and raw materials. Any product containing an input from Xinjiang — even if the final product is assembled elsewhere — is potentially subject to the presumption. 

Key sectors at risk: Cotton and textile products (Xinjiang produces approximately 85% of China’s cotton), polysilicon (used in solar panels), tomatoes, seafood, and a range of other goods where Xinjiang-based production is significant. The US Department of Homeland Security regularly updates the list of sectors and entities subject to heightened scrutiny. 

Enforcement: US Customs and Border Protection (CBP) actively enforces the UFLPA, detaining goods for review at the border. Companies that cannot demonstrate compliance face having goods seized or turned away. Since the Act came into force, CBP has detained or denied entry to billions of dollars’ worth of goods. 

What to do now: Any company importing goods into the US that sources from China — or from supply chains that may include Chinese inputs — should urgently assess its exposure to Xinjiang-sourced materials. Supply chain mapping to at least Tier 3 is likely necessary given the depth at which Xinjiang inputs can appear. Engagement with suppliers to obtain traceability documentation, and with specialist legal and sourcing advisors familiar with UFLPA compliance, is strongly recommended. 

Canada: Fighting Against Forced Labour and Child Labour in Supply Chains Act

What it is: Canada’s modern slavery law came into force on 1 January 2024, requiring annual reporting on steps taken to prevent and reduce the risk of forced labour and child labour in supply chains. 

Who is in scope: Government institutions, and private sector entities that are listed on a Canadian stock exchange, or that have a connection to Canada (assets, revenues, or employees above defined thresholds) and that meet at least two of: net assets of $20 million, revenues of $40 million, employing 250 or more employees. 

What it requires: Annual reports must address the organisation’s structure, its policies and due diligence processes in relation to forced labour and child labour, identification of high-risk areas, and measures taken to remediate any forced labour or child labour found. Reports must be approved by the board and submitted to the government by 31 May each year. 

Enforcement: The Act provides for financial penalties in cases of non-compliance. The first reporting cycle (2024) focused on awareness-raising and no enforcement action was taken. Enforcement scrutiny is expected to increase in subsequent years. The Canadian government is also considering a rebuttable presumption model similar to the UFLPA, which would represent a significant strengthening of the regime. 

What to do now: Entities within scope should ensure their reporting processes are established and their most recent report submitted. Companies sourcing from high-risk geographies and sectors should begin building the due diligence infrastructure to support stronger requirements if a rebuttable presumption model is introduced.  

Australia: Modern Slavery Act 2018 

What it is: Australia’s Modern Slavery Act requires large entities — those with annual consolidated revenue of at least AUD $100 million — to report annually on the risks of modern slavery in their operations and supply chains and the actions taken to address those risks. 

What it requires: Annual modern slavery statements must address seven mandatory criteria, including the entity’s structure and supply chains, risks of modern slavery, actions taken to assess and address those risks, how effectiveness is assessed, and consultation with entities the reporting entity owns or controls. 

Developing reforms: The Australian government has been considering reforms to strengthen the Act, including introducing financial penalties for non-compliance, lowering the reporting threshold, and introducing due diligence obligations. Consultation on these changes was underway in 2025. Companies with Australian operations should monitor developments closely. 

What to do now: Entities in scope should ensure statements are submitted to the Australian Border Force and published on the company website. Given the expected direction of reform, the same logic applies as in the UK: acting beyond minimum compliance now is a sounder long-term position than waiting for legislative change.  

Germany: Supply Chain Due Diligence Act (LkSG) 

What it is: Germany’s Lieferkettensorgfaltspflichtengesetz (LkSG) has been in force since 1 January 2023 for companies with 3,000 or more employees in Germany, and from 1 January 2024 for companies with 1,000 or more employees. 

What it requires: In-scope companies must conduct risk analysis across their own operations and direct (Tier 1) suppliers, establish preventive measures and remediation processes, and report annually to the German Federal Office for Economic Affairs and Export Control (BAFA). 

Relationship to the CSDDD: The LkSG was always intended as a bridging measure ahead of EU-wide legislation. The Omnibus amendments to the CSDDD have led Germany to suspend certain LkSG reporting requirements — other than for serious violations — pending the CSDDD’s application. However, the substantive due diligence obligations remain in force. 

What to do now: German-headquartered companies and companies with significant German operations should maintain their LkSG compliance programmes while monitoring the transition to the amended CSDDD framework.  

How these laws interact: navigating multiple regimes 

Companies operating internationally increasingly face obligations under more than one of these frameworks simultaneously. Several principles help navigate the overlap: 

The UK MSA and Australian/Canadian acts are broadly compatible. The March 2025 UK guidance explicitly acknowledges Australia and Canada in its reporting template, reflecting the shared roots of these disclosure regimes. A well-structured disclosure under one framework will largely satisfy the requirements of the others, though specific content differences exist. 

The CSDDD and EUFLR are complementary but distinct. The CSDDD requires proactive due diligence; the EUFLR provides an enforcement mechanism against products made with forced labour. Compliance with CSDDD-standard due diligence is the most credible preparation for EUFLR enforcement risk, but the two instruments have different scopes, timelines, and enforcement mechanisms. 

The UFLPA operates on different logic from European frameworks. The rebuttable presumption model, the focus on specific geography (Xinjiang) rather than sector-neutral risk assessment, and the import-denial enforcement mechanism make the UFLPA substantially different from EU and Commonwealth frameworks. Companies with both EU and US exposure need to understand both. 

National legislation is still evolving. France’s Loi de Vigilance, the Netherlands’ due diligence law, and legislation in Norway, Switzerland, and other countries add further layers of obligation for companies operating in those markets. The EU CSDDD will eventually harmonise much of this landscape within the EU, but national laws continue to apply in the interim.  

What companies should be doing now 

Across all of these frameworks, some practical priorities apply regardless of which specific laws affect you: 

Map your actual supply chain. Most of these laws require or imply understanding of the supply chain beyond direct suppliers. Mapping exercises that identify subcontractors, labour agencies, and raw material sources are a prerequisite for meaningful compliance. 

Assess forced labour risk specifically. Generic human rights risk assessments are not sufficient for laws that focus specifically on forced labour. Risk assessment should apply the ILO’s eleven indicators and address the structural risk factors — migrant worker populations, recruitment fee practices, informal subcontracting — that predict forced labour risk. 

Engage your suppliers proactively. Legislation that cascades obligations down supply chains creates shared interest in compliance. Suppliers who understand what is expected and receive support to meet it are more likely to be transparent and more likely to improve. Supplier engagement on forced labour should be collaborative, not adversarial. 

Align your modern slavery statement with your due diligence. The growing expectation — visible in updated UK guidance, Australian reform proposals, and the CSDDD framework — is that statements demonstrate action, not just describe processes. The gap between what companies say and what they do is increasingly where scrutiny concentrates. 

Plan for change. The legislative environment of 2026 is not the legislative environment of 2030. Building the governance, systems, and supplier relationships to support genuine forced labour due diligence now positions companies to adapt to future requirements without crisis-driven scrambles. 

Frequently asked questions 

Does my company need to comply with all of these laws? Not necessarily all of them simultaneously, but potentially several. Applicable laws depend on where your company is headquartered, where it operates, where its suppliers operate, and in some cases where it sells its products. A company headquartered in the UK, selling into the EU and the US, and sourcing from China may be subject to the UK Modern Slavery Act, the EUFLR, and the UFLPA at the same time. Mapping your jurisdictional exposure is an essential first step. 

Has the CSDDD been watered down to the point where it doesn’t matter? The Omnibus amendments significantly reduced the number of companies directly in scope of the CSDDD — by approximately 70% compared to the original framework. But several factors mean the CSDDD remains highly relevant beyond its direct scope. Large in-scope companies will cascade requirements to their suppliers, creating indirect obligations across value chains. The EUFLR — which was not changed by Omnibus — applies to all companies selling in the EU market regardless of size. National laws in Germany, France, and elsewhere continue in parallel. And the Omnibus changes represent a simplification of scope and obligations, not a change in the fundamental direction of EU policy. 

What is the difference between the CSDDD and the EU Forced Labour Regulation? They are different instruments with different purposes. The CSDDD is a due diligence framework that requires in-scope companies to identify and address human rights and environmental risks in their operations and value chains. The EUFLR is a market access measure that bans products made with forced labour from the EU market and creates an investigation and enforcement mechanism to identify and remove such products. A company can be subject to both, and CSDDD-standard due diligence is the most credible preparation for EUFLR enforcement risk. 

Is the UK likely to introduce a forced labour import ban similar to the UFLPA? The House of Lords committee that reviewed the Modern Slavery Act in 2024 recommended introducing a forced labour import ban, and this has been advocated for by civil society organisations and some parliamentary voices. The current UK government has committed to reviewing options but has not announced specific import ban legislation. The UK’s Trade Strategy has referenced responsible business conduct as a priority. This remains a developing area to monitor. 

What happens if we find forced labour in our supply chain during a compliance review? The expected response under all of these frameworks is engagement and remediation, not immediate disengagement. The UK guidance, Australian Modern Slavery Act guidance, and CSDDD framework all emphasise that finding forced labour and responding to it — including through continuing to work with the supplier to address the issue — is preferable to exit that leaves workers without income or remedy.

Further reading in this cluster 

What is modern slavery? Definitions, forms and scale
How to identify forced labour in your supply chain
How to write a modern slavery statement
Forced labour & modern slavery: a complete guide for business 

Page

Human Rights Due Diligence legislation tracker

Group of female workers, picking cotton in Turkey
Key pieces of global legislation that impact human rights due diligence in global supply chains
Read more