Value chain: due diligence becomes a legal risk for businesses

For a long time, corporate social responsibility was expressed mainly through voluntary commitments: ethical charters, internal policies, labels or extra-financial reports. These arrangements were largely a matter of communication and reputation.

This time is coming to an end.

The recent conviction of a large French cosmetic group by the court in Paris marks a new step in the transformation of the duty of vigilance into a genuine legal risk for businesses. For the second time in France, a company is condemned for failing to pay due attention to human rights violations in its value chain.

This decision is part of a broader movement: CSR gradually emerges from the declaratory register to enter the register of legal responsibility.

CSR moves from reporting to litigation

In the case decided in March 2026, employees of a foreign subsidiary had denounced infringements of trade union rights and discrimination after an attempt to unionize. The complainants considered that the parent company had not put in place the necessary mechanisms to prevent these violations.

The Court found that the company's vigilance plan had significant shortcomings, particularly in the risk mapping, which did not properly integrate certain subsidiaries of the group.

This decision recalls one key point: the vigilance plan is not a communication document. It constitutes a legal tool capable of incurring civil liability of the undertaking if the risks are not properly identified and addressed.

The scope of this case law goes far beyond the particular case. About 15 French companies are now subject to legal proceedings for failure to comply with their duty of vigilance.

This dynamic is expected to accelerate further in the coming years with the Corporate Sustainability Due Diligence Directive (CSDSD), which extends these obligations to a greater number of companies and reinforces risk prevention requirements in value chains.

In other words, companies are no longer judged solely on their commitments, but on the their ability to effectively prevent risks in their value chain.

Risk mapping becomes the centrepiece

At the heart of these disputes is an often underestimated tool: risk mapping.

French law requires large companies to identify the risks of serious violations of human rights and the environment throughout their value chain, own activities, subsidiaries, subcontractors and suppliers.

In fact, this requirement raises several difficulties.

Supply chains are increasingly long, international and fragmented. Companies can operate in very different regulatory environments with varying levels of control.

However, the emerging case law shows that the argument of complexity or lack of visibility on the value chain is no longer sufficient.

The question asked by the judges is now simple: has the company put in place reasonable means to identify and prevent these risks?

In this context, risk mapping becomes a central element of the compliance strategy. Incomplete or too theoretical mapping can now constitute a Legal misconduct.

This is part of a broader transformation of the corporate responsibility framework. As the expert Pierre-Samuel Guedj points out, contemporary disputes are increasingly structured around the gap between the commitments posted and the operational practices, « Say-do gap ».

For businesses, therefore, the risk is no longer limited to attacks themselves, but also to the ability to demonstrate that they have put in place a credible preventive mechanism.

What ACTE International recommends

In view of this development, the duty of vigilance must be treated as a operational risk management tool, not as a simple reporting exercise.

Three levers become priority:

real mapping of value chain risks
Identify the social and environmental risks to own activities, subsidiaries and suppliers most at risk.

Establish operational control mechanisms
Provider audits, alerting devices and incident monitoring are used to detect and address risk situations.

Document decisions and train key teams
Purchases, supply chain and subsidiaries must be involved, with clear traceability of the analyses and actions undertaken.

In a context of increasing litigation, the challenge is no longer simply to post CSR commitments, but to demonstrate risk control in the value chain.

We offer an exchange with an ACTE expert to identify 3 priority actions.
To benefit, complete our CSR maturity test (5 minutes): Assess your CSR maturity in 5 minutes!