Let's talk
Frameworks
EcoVadis

Achieve top sustainability ratings

ISO 14001

Build a robust environmental management system

CDP

Lead in environmental transparency

CSRD / VSME

Simplify EU sustainability reporting

Other frameworks

Showcase your performance across all frameworks

Solutions
Management system

Centralize and streamline your CSR efforts

Compliance questionnaires

Respond to compliance requests in a flash

AI solutions

Your AI-powered CSR co-pilot

Supplier engagement

Engage your supply chain in sustainability

Resources
All Resources
Blog

Explore the latest CSR & compliance trends

Guides and reports

Access our guides and tools to structure your compliance

Webinars

Watch our past CSR & compliance webinars

News

Keep up to date with the latest Ditto news

Blog

Materiality assessment: method and examples

A materiality assessment is the foundation of a relevant ESG strategy: it identifies the most significant issues for the company and its stakeholders, to structure credible reporting aligned with frameworks (GRI, SASB, CSRD).

Blog

Non-financial reporting: framework, obligations, examples

Non-financial reporting has become a strategic pillar to structure, measure and communicate a company's sustainability performance. Here is how to understand it, apply it and turn it into a credibility lever.

Plans

English

Français

Log in
Let's talk
Home
Resources
Blog
What is the corporate duty of vigilance?

What is the corporate duty of vigilance?

The duty of vigilance reflects the legal and ethical responsibility of large companies to prevent harm to human rights, health and the environment across their value chains.

Illustration of the corporate duty of vigilance and company responsibility for human rights and the environment.
The essentials in 30 seconds
  • The duty of vigilance, created by France's March 27, 2017 law, requires large companies to prevent human rights and environmental harm across their value chain.
  • It applies to groups with more than 5,000 employees in France (or 10,000 worldwide, subsidiaries included), with a cascading effect on suppliers and subcontractors.
  • A vigilance plan rests on five pillars: risk mapping, assessment procedures, prevention actions, alert mechanisms, and monitoring.
  • Non-compliance exposes a company to formal notice, civil litigation, damages, and significant reputational risk.

Origin and legal framework of the duty of vigilance

The duty of vigilance stems from France's law of March 27, 2017, the first in the world to impose a legal obligation on certain companies to prevent serious harm to human rights and the environment. This law inspired European frameworks (the Corporate Sustainability Due Diligence Directive) and international ones (UN Guiding Principles, Global Compact).

It follows the same logic as CSR and ESG criteria: embedding the management of social and environmental risks into corporate governance. The goal is to turn non-financial vigilance into a legal requirement, with documented and verifiable obligations.

Good to know: France was the first country to enact duty of vigilance legislation, anticipating the future EU Corporate Sustainability Due Diligence Directive (CSDDD).

The complete action plan to succeed in your CSR assessments

A practical guide to structure your approach, centralize your evidence and meet your compliance obligations

Download the guide

Which companies are concerned and what is the scope

The law primarily targets large French companies:

  • More than 5,000 employees in France, or
  • More than 10,000 employees worldwide (subsidiaries included).

Its reach goes well beyond that circle. SMEs that act as subcontractors or suppliers to these groups are directly affected, since they must document their practices to meet their buyers' requirements.

The duty of vigilance therefore spreads across the entire value chain through a cascading effect, raising ESG compliance expectations even for players not directly subject to the law.

The building blocks of a vigilance plan

The vigilance plan brings together all the measures a company deploys to identify, prevent, mitigate and monitor the risks tied to its own activities and those of its partners. At a minimum, it must include:

  1. Risk mapping: analysis of serious risks to human rights, health and the environment across all activities and supply chains.
  2. Assessment procedures: regular evaluation of subsidiaries, subcontractors and suppliers.
  3. Prevention and mitigation actions: corrective plans, training, contractual clauses and audits.
  4. Alert and reporting mechanisms: channels accessible to any internal or external stakeholder.
  5. Monitoring and reporting: annual review of the measures' effectiveness, with results included in the management report.
Good to know: The vigilance plan must be public, included in the management report, and updated every year.

Building and implementing the vigilance plan

The vigilance process follows a continuous-improvement logic close to an ESG or ISO management system (Plan-Do-Check-Act).

  1. Initial diagnosis: identify priority risk areas through risk mapping and a materiality analysis.
  2. Formalization: draft a documented vigilance plan, approved by governance and shared with stakeholders.
  3. Operational rollout: embed the requirements into business processes (procurement, HR, production).
  4. Evidence collection and control: regularly audit suppliers and subsidiaries, and track key indicators (audit rates, reported incidents).
  5. Reporting: publish and revise the plan at regular intervals based on feedback and observed results.

For partner SMEs, these obligations can be translated into simplified compliance policies: codes of conduct, vigilance training or specific contractual clauses.

IRO library for CSRD

A practical tool to identify, classify and prioritize your impacts, risks and opportunities when mapping your risks

Download the guide

Sanctions and liability for non-compliance

Failing to establish or apply a vigilance plan can lead to:

  • A formal notice from any legitimate stakeholder (NGOs, unions, victims, etc.);
  • Civil litigation before French civil courts;
  • Damages where harm is proven to be linked to a lack of vigilance.

Beyond the financial risk, inaction or a plan deemed insufficient can seriously damage a company's reputation and ESG credibility.

Challenges and best practices for an effective duty of vigilance

Implementing a credible duty of vigilance means going beyond minimal compliance. The most advanced companies rely on management tools drawn from ESG frameworks:

  • CSR assessments to validate the robustness of policies and indicators.
  • Double materiality to prioritize the most critical issues.
  • Supplier codes of conduct and training to spread a risk-aware culture.
  • Digital ESG management tools to centralize data and automate compliance evidence.
Good to know: ESG management solutions (platforms, coaching, automation) sharply reduce the administrative burden of tracking the duty of vigilance.

Secure your vigilance plan with an expert

Our experts help you map your risks, structure your evidence and steer your ESG compliance

Get started

The corporate duty of vigilance: key takeaways

Key point In short
Legal originFrance's 2017 law requiring heightened vigilance over human rights and the environment.
Companies concernedFrench groups with 5,000 to 10,000+ employees, with an indirect effect on their suppliers and subcontractors.
Vigilance planA public document covering risk mapping, prevention actions, monitoring and reporting.
Non-complianceLegal risks (formal notice, damages), reputational and commercial exposure.
ESG management toolsAudits, materiality, codes of conduct and tracking platforms to simplify compliance and improve traceability.

FAQ

Which companies are subject to the duty of vigilance?
The law targets companies with at least 5,000 employees in France, or 10,000 worldwide including subsidiaries. SMEs below these thresholds are not directly bound, but they are affected indirectly when they supply these large groups, which pass their requirements down the value chain.
What must a vigilance plan contain?
At least five elements: risk mapping, assessment procedures for subsidiaries and suppliers, prevention and mitigation actions, an alert mechanism accessible to stakeholders, and a system to monitor the measures' effectiveness. The plan is public and updated every year.
What is the difference between the duty of vigilance and the CSRD?
The duty of vigilance requires preventing and addressing harm to human rights and the environment across the value chain. The CSRD requires publishing sustainability information against a standardized framework. The two reinforce each other: vigilance risk mapping feeds the CSRD double materiality analysis.
What are the penalties for non-compliance?
Any legitimate stakeholder can issue a formal notice and then bring the matter before a civil court. Where harm is linked to a lack of vigilance, the company faces damages, on top of significant reputational and commercial risk.
How can an SME meet its clients' vigilance expectations?
By formalizing simplified compliance policies: a code of conduct, contractual clauses, traceable evidence and tracking indicators. An ESG management tool helps centralize these elements and respond quickly to buyers' questionnaires.

Table of contents

Origin and legal framework of the duty of vigilance
Which companies are concerned and what is the scope
The building blocks of a vigilance plan
Building and implementing the vigilance plan
Sanctions and liability for non-compliance
Challenges and best practices for an effective duty of vigilance
The corporate duty of vigilance: key takeaways
FAQ
EcoVadis

EcoVadis Guide - 3 weeks to succeed in your CSR assessment

Discover the complete EcoVadis guide: a 3-week method to succeed in your CSR assessment, maximize your score, and turn the audit into a strategic lever.

Download guide

Practical AI & CSR insights—tools, studies, and templates, in your inbox

Ready to get compliant? Ditto.

Turn your CSR program into a strategic advantage with a compliance copilot that's with you every step of the way.

Book a demo

Practical CSR insights—tools, studies, and templates, in your inbox

Your CSR and compliance copilot

4.6/5on Trustpilot
English
Français

© 2026 Ditto.

TermsPrivacyLegal notices

Frameworks

EcoVadisCDPCSRDISO 14001

Solutions

Management systemCompliance questionnairesAI solutionsSupplier engagement

Customers

SMELarge CompaniesAll Case Studies

Resources

AllBlogNewsGuidesEvents

About

ManifestoCareers

Blog

Materiality assessment: method and examplesNon-financial reporting: framework, obligations, examplesWhat is the corporate duty of vigilance?Ditto becomes a CDP Accredited Solutions Provider

News

CSR News – June 25, 2026: Climate, Justice and the Value ChainCSR News – February 13, 2026: Climate, Biodiversity and EnergyCSR News – February 6, 2026: PFAS, Green Deal and ESGCSR News – January 30, 2026: Climate Policy, Energy and Governance