What Is the French Duty of Vigilance Act?
The French Duty of Vigilance Act, also known as the 'devoir de vigilance' law, is legislation passed in 2017 to hold French companies accountable for human rights violations and environmental damage caused by their subsidiaries, suppliers, or service providers. The law is considered one of the strongest of its kind globally, setting a high standard for corporate social responsibility and environmental protection. In 2017, France became the first country in the world to adopt a law obligating large companies to carry out mandatory human rights and environmental due diligence and publish a Vigilance Plan annually. It represented a fundamental shift in the regulatory landscape, diverging from traditional reporting laws and calling for a genuine reorientation of businesses' internal processes. The law applies to all large French companies with over 5,000 employees in France or over 10,000 employees worldwide. This means that even if a company operates primarily outside of France, it may still be subject to the law's requirements if it meets those size criteria. The Loi de Vigilance mandates that covered companies develop, implement, and publicly disclose a vigilance plan to identify and mitigate risks of severe human rights violations and environmental harm within their own operations, as well as those of their subsidiaries, subcontractors, and suppliers with whom they maintain established commercial relationships.
Companies must build a comprehensive, living plan that covers risk mapping, due diligence, alert mechanisms, and continuous remediation.
Under the Duty of Vigilance Act, companies must adopt a vigilance plan to prevent or mitigate the risks of serious harm to human rights and the environment. The plan must outline the measures the company will take to monitor its business activities, ensure compliance with ethical and environmental standards, and prevent harm. The law requires this plan to be developed in association with the company's stakeholders where appropriate, and aligned with the UN Guiding Principles on Business and Human Rights. The vigilance plan must include several core elements: a risk mapping process allowing for identification, analysis, and prioritization of risks; regular assessment procedures applied to subsidiaries, subcontractors, and suppliers with whom the company has a stable commercial relationship; concrete actions to diminish risks or prevent severe adverse impacts; an alert mechanism to gather information about the existence or materialization of risks, developed with representative unions; and a monitoring mechanism to assess the effectiveness of preventative and mitigating measures. Companies must conduct thorough due diligence on their activities and those of their subsidiaries, suppliers, and service providers. They must also report annually on the implementation of their vigilance plan and the measures taken to prevent or mitigate serious harm. If harm does occur, companies must take appropriate remedial action to address the issue and prevent recurrence. Additionally, companies are required to establish a Duty of Vigilance Committee responsible for monitoring the implementation of the law and advising on vigilance plans.
Non-compliance exposes companies to court injunctions, civil liability, and fines reaching up to 30 million euros.
If a business fails to properly implement its Duty of Vigilance plan, courts can penalize it with periodic payments or injunctions. Parent companies are held accountable if damage results from insufficient preparation in implementing an adequate plan, and could face civil liability if harm occurs. Companies that fail to comply with their due diligence obligations are liable for damages caused by an improperly prepared and monitored vigilance plan, even if those damages are directly caused by third parties. The law provides for a formal notice mechanism: any concerned party, including victims of corporate abuses or NGOs, can file a complaint. A company is then given a three-month period to meet its obligations. If the company still fails to comply after that notice period, a judge decides whether the vigilance plan is complete and appropriately fulfills the legal obligations. Companies failing to publish plans can be fined up to 10 million euros. If the failure to act results in damages that would otherwise have been preventable, those fines can reach up to 30 million euros. The Paris Judicial Court created a specialized ESG chamber — the 34th — specifically to hear cases concerning the Act, mirrored on appeal by the Paris Court of Appeal's chamber 5-12. These chambers have heard high-profile cases against large French multinationals, including proceedings involving an energy company over alleged human rights and environmental risks linked to overseas projects, and a bank regarding climate-related financing decisions.
The Loi de Vigilance pioneered a wave of mandatory due diligence laws that now spans Europe and beyond — and compliance is increasingly non-negotiable.
The French Duty of Vigilance Act has had a profound ripple effect on global regulation. It inspired Germany's Supply Chain Due Diligence Act and served as a key reference point for the EU's Corporate Sustainability Due Diligence Directive (CS3D), which requires all EU Member States to enact similar laws. Ever since France implemented its mandatory human rights and environmental due diligence framework, governments across the globe — especially in Europe — have accelerated their own legislative efforts in this space. The Act has triggered a broad corporate response. Companies now publish longer and more detailed vigilance plans, with clearer risk mapping and remediation measures. These disclosures have had ripple effects across global value chains, including on foreign entities. Some subcontractors and suppliers have been pushed to adopt their own commitments on environmental harm, human rights, and health and safety — even where they are not directly covered by the law. For businesses operating in or sourcing from France, compliance is not optional. Proactively building a robust vigilance process — mapping supply chain risks, establishing alert mechanisms, reporting annually, and remediating harm — is both a legal requirement and a strategic imperative. Companies that embrace the law's requirements can build stakeholder trust, strengthen their reputation, and position themselves ahead of the expanding wave of mandatory due diligence legislation reshaping global supply chains.
*not sales material disguised as 'resources.'