Guide · Forced Labour

How Does Forced Labour Due Diligence Work Beyond Tier 1?

Short answer: forced labour due diligence is the work of identifying, assessing, and remediating forced labour risk across every tier of your supply chain, then documenting it so it survives scrutiny. It only works when it reaches past tier 1, because the risk that hurts you usually hides in the partners you never see: sub-suppliers, staffing agencies, the labour broker nobody named. Most programs stop at the suppliers they can name and call it done. This guide walks through how the work actually runs when it does not stop there.

What is forced labour due diligence?

Forced labour due diligence is the process of verifying that no one in your supply chain is working under coercion: finding where the risk concentrates, assessing the partners who carry it, remediating what you find, and keeping a record you can defend. It is both a moral floor and a legal obligation. In Canada, Bill S-211 requires an annual forced and child labour report, due May 31 each year, and its thresholds, definitions, and mandatory disclosures were clarified for 2026. A thin or undefensible report is not a paperwork problem: it can mean a fine of up to $250,000, with directors and officers personally liable.

Here is the part nobody says out loud: the law makes you responsible for a chain you cannot fully see. You are asked to publish claims about labour conditions at factories you have never visited, staffed by agencies you have never met. That is not a flaw in your character or your team. It is the structural reality every importer inherits, and it is exactly why real due diligence is built as a discovery discipline, not a filing exercise.

Two things it is not. It is not certification: no honest party can certify a chain as free of forced labour, because chains change faster than certificates. And it is not a questionnaire: a form measures how well someone fills out forms. Real forced labour due diligence sits inside the broader discipline of supplier due diligence, and it does four things a filing exercise never does. It maps the chain past tier 1. It assesses each partner's actual behavior, not just their paperwork. It converts every gap into a remediation commitment with a name and a deadline. And it refreshes the whole record on a cadence a regulator would respect.

Why are most due diligence programs blind at tier 2?

Because questionnaire-based due diligence only reaches the parties you can name, and most companies can only name tier 1. The tier-two factory no one has ever named receives no questionnaire, no assessment, and no scrutiny of any kind. It does not appear in the annual report because it does not appear anywhere.

Walk through how the standard program actually operates. You send your direct suppliers a self-assessment. They sign it and send it back. That signed questionnaire becomes the evidence underneath your public claims. Now count what it covers: the supplier's own facility, described by the supplier, in the supplier's own words. The staffing agency that fills their night shift is not on the form. The sub-contractor that takes their overflow orders in peak season is not on the form. The broker that recruited their migrant workforce is not on the form.

And the data you do hold is thinner than it looks. Around 40% of the supplier data companies hold is incomplete or inaccurate, and most only find out when they try to use it. So the average program is standing on partial data about tier 1 and no data at all about tier 2, which is where forced labour risk concentrates: recruitment, sub-contracted staffing, the corners of the chain with the least oversight and the lowest wages.

One buyer put it plainly: “Our brand takes the hit for every supplier we cannot see.” That is the whole problem in one sentence. The report carries your name. The risk lives at addresses you have never heard.

How do you map a supply chain beyond tier 1?

You make discovery part of the assessment itself: each supplier names their own sub-suppliers, carriers, staffing providers, and transit points as a required step, and every named party goes on the map where it can be assessed in turn. This is the single move that separates real forced labour due diligence from a filing exercise, because you cannot assess a factory you cannot name.

In practice, the mapping runs the way cargo mapping runs in a customs risk assessment: follow the goods and the data backward through every hand that touches them. Done supplier by supplier, it routinely surfaces parties no one in your building knew existed. That is not a failure. That is the map growing to the truth.

Three disciplines keep the map honest:

Tier 1 visibility was never the finish line. It was the entry fee. The suppliers you already know are the doorway to the ones you need to find.

Where does forced labour risk actually concentrate?

It concentrates where workers have the least power and buyers have the least visibility. Before any site visit, direct your effort at the conditions that let coercion survive:

Notice what that list is not. It is not a list of countries to avoid or people to distrust. It is a list of structural conditions, and those conditions can exist behind a supplier whose owner has no idea what their staffing agency is doing. That is why the screening has to include the HR side of the chain: the staffing and labour providers behind each supplier, not only the supplier itself.

Be clear about who this discipline serves. The workers in your chain are not the risk. They are the people the entire exercise exists to protect. The managers between you and them are mostly people doing their jobs inside systems they did not design. Concentrating scrutiny on high-risk corners is not an accusation. It is the opposite of the chain-wide average, which is the statistical trick that lets coercion hide in a corner while the summary page reads clean.

Why do audits and questionnaires miss forced labour?

Because coercion is coached. A worker who has been told what to say says it. A site that expects the auditor is ready for the auditor. A static, self-reported audit can be completed perfectly by an operation that does none of it, and forced labour is the risk category where the incentive to rehearse is strongest.

That is why the assessment has to read behavior, not just collect paperwork. A live, guided scenario assessment puts realistic situations to the supplier and has them answer in the moment, while behavioral analysis runs silently in the background: response time, hesitation, low-confidence wording. The result captures not just what they said, but how they said it. The gap between the written procedure and the lived reality is exactly where forced labour hides, and it is the gap a form is built to paper over.

Two properties are non-negotiable. First, the score is determined by the assessment, never self-reported, so a rehearsed answer does not carry the same weight as a confident, consistent one. Second, keep two records: what the supplier submitted and what was verified. The distance between those two records is itself a finding, and tracking it as a data quality score tells you how much of your evidence base you can actually lean on when someone challenges the report.

This is the human factor applied to its darkest corner. People are the decisive variable in every part of supply chain security, and nowhere more than here, where the people involved have the most reason to say what they were told to say.

How do you make forced labour due diligence provable?

Proof means a documented chain of evidence, not a well-written report: a per-supplier assessment, a signed corrective action plan for every gap found, and one master record that rolls it all up, year over year. When a claim in your report is challenged, you do not defend a sentence. You produce the record behind it.

The working parts:

One efficiency worth naming: the same per-supplier assessment maps to C-TPAT, Bill S-211, PIP, AEO, ESG, and the Nestlé food program. The forced labour evidence you build for May 31 is not a separate binder. It is the same living record your other programs stand on.

No supply chain will ever be at 100%. The standard is not a perfect chain, because a perfect chain does not exist and claiming one is how companies get caught flat-footed. The standard is provable diligence: you will prove your due diligence at 100%, partner by partner, tier by tier.

Free guide

Free guide: How to Evaluate Supplier Risk

The risk that hurts you hides in the suppliers you never see. This plain-English guide shows you how to read real supplier exposure before a regulator or auditor does. We'll email you the link.

We’ll email you the link, no spam, no list-selling. Unsubscribe anytime.


See what your May 31 report is actually standing on

Run your 8 highest-risk suppliers through the full assessment, free for 15 days, no credit card.

The programs this maps to: Bill S-211 · ESG