Duty of vigilance and responsibility of managers: what are the real risks for French and European companies?

The term “duty of vigilance” has become, in just a few years, essential in discussions between lawyers, senior management, and CSR managers. In France, as in Europe, it symbolizes a profound shift: a growing demand placed on large companies, which are now required to prevent serious violations of human rights, health, and the environment not only in their own operations, but also within their subsidiaries, subcontractors, and suppliers. For executives, HR professionals, and managers, this is not a purely technical subject reserved for lawyers; it is a matter of governance, risk management, and reputation.

In France, the law on the duty of vigilance for parent companies and contracting entities, adopted in 2017, requires certain large companies to establish, publish, and implement a vigilance plan. This plan must identify and prevent serious violations of human rights, health and safety, and the environment throughout the entire value chain. At the European level, a directive on sustainable business due diligence is being implemented, with the aim of harmonizing and strengthening these obligations in all member states.

Admittedly, only companies exceeding certain employee and revenue thresholds are currently directly affected by these regulations. But the reality is broader: the requirements are trickling down through supply chains. Large corporations are demanding proof of compliance, formal commitments, and improvement plans from their suppliers—often mid-sized or small businesses. Clients are incorporating stricter contractual clauses, increasing the number of CSR questionnaires, audits, and supplier selection criteria. For a tier 2 or 3 supplier, failing to anticipate this evolution means risking the closure of strategic markets in the medium term.

For managers, the risks associated with due diligence are multifaceted. First, there is a legal and financial risk. A proven breach of duty can lead to legal action by NGOs, unions, associations, or directly affected victims. These proceedings can be lengthy, costly, and highly publicized. Even if not all litigation results in substantial penalties, the mere existence of such a case can permanently damage the reputation of a brand or group and undermine the trust of customers, investors, and public partners.

But it would be simplistic to limit vigilance to this legal aspect. Ultimately, what is at stake are the working and living conditions of thousands of people, sometimes far from company headquarters, in countries where social protection is weak, controls insufficient, and poverty endemic. Child labor in certain sectors, the exploitation of migrant workers, factories failing to meet basic safety standards, the dumping of untreated pollutants, and the appropriation of resources at the expense of local populations: the examples are numerous. Civil society, consumers, and the media are increasingly unwilling to let these realities remain hidden.

This is where the responsibility of leaders becomes truly meaningful. It's no longer a matter of being able to say "we didn't know," but of demonstrating that a credible system has been put in place to identify risks, prevent them, and take action in case of any deviations. A vigilance plan cannot be reduced to a document drafted by a lawyer and a consultant and then published in a report. It must include several essential components: a thorough risk mapping, based on a detailed understanding of the activities, geographical locations, and business lines; procedures for evaluating subsidiaries, subcontractors, and suppliers; concrete prevention and remediation measures; an alert and reporting mechanism accessible to both employees and external stakeholders; and regular monitoring of progress.

In this structure, the Executive Committee (COMEX) plays a central role. It is responsible for issuing the mandate, setting the level of ambition, allocating resources, and making difficult decisions when unacceptable practices are uncovered. It is also responsible for integrating due diligence into other strategic decisions: choice of countries of operation, supply chain structure, purchasing policy, and relationships with certain partners. A management committee that merely approves a due diligence plan once a year without making it a regular topic of discussion is missing the point.

Human Resources (HR) is also on the front line. It is responsible for ensuring respect for fundamental rights within the company itself: non-discrimination, decent working conditions, risk prevention, social dialogue, and respect for freedom of association. But it also plays a key role in fostering and developing skills: training managers on the importance of due diligence, integrating social criteria into international mobility policies, ensuring that social partners are involved in the process, and contributing to the implementation and credibility of whistleblowing mechanisms. The way a company handles internal alerts, protects whistleblowers, and acts on reports is a powerful indicator of its actual level of vigilance.

Operational managers, for their part, translate these requirements into the daily realities of their sites, projects, and relationships with on-site subcontractors. They are often the ones who spot the first warning signs: insufficiently trained temporary workers, service providers who bend the rules regarding safety, and unrealistic deadlines imposed on suppliers who can no longer afford to work properly. It is essential that they be encouraged to report these issues and feel that these matters are just as important as adhering to a budget or deadline.

Even a company not directly subject to the law has an interest in taking action. First, because it is, or will be, evaluated by its customers on these issues. Second, because many best practices in due diligence overlap with fundamental principles of sound HSE-CSR risk management: having a clear risk map, knowing the profile of its main suppliers, setting minimum social and environmental compliance requirements, offering a secure and accessible reporting channel, taking reports received seriously, and investing in team training. Finally, because a structured approach makes it easier to withstand crises: when an incident occurs, a company that has documented its efforts, procedures, and decisions will be better equipped to demonstrate its good faith and commitment to improvement.

The duty of vigilance will not disappear; on the contrary, it will continue to grow stronger and more widespread. Leaders who choose to make it a strategic issue rather than a passive obligation ultimately find a dual benefit: better control of their human and environmental risks, and increased credibility with their clients, employees, and financial partners.

Here again, it is at the intersection of general management, HR, purchasing, operations and HSE-CSR functions that real vigilance is built, which goes beyond words to be embodied in concrete choices.