This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.

Freshfields Sustainability

| 5 minute read

Navigating Legal Complexities in Cross-Border Supply Chain Investigations

Internal investigations serve as a fundamental tool for companies to detect, stop and remediate non-compliance incidents within their operations. However, when investigations extend to potential violations in international supply chains, the complexity increases significantly. This may involve violations of Germany’s Lieferkettensorgfaltspflichtengesetz (LkSG), the UK’s Modern Slavery Act, France’s Loi de Vigilance or of specific supply chain due diligence obligations in legislative decrees, including Italy’s Antimafia Code (N. 159/2011) or its decree on quasi-criminal liability for corporations (N. 231/2001. Investigations in this area, typically conducted (also) at suppliers’ sites, regularly require navigating diverse legal frameworks and cultural contexts across different countries. 

The recent adoption of the Corporate Sustainability Due Diligence Directive (CSDDD) by the European Union (EU), which member states must transpose into national law by July 2026, will further harmonise supply chain legislation across the EU (see Sustainable global supply chains: EU’s CSDDD finally adopted by Council). The phased deadlines of the CSDDD will require all relevant companies to comply with the transposed legislation starting between July 2027 and July 2029. 

With its expanded applicability, it is expected that there will be an increase in cross-border investigations of suppliers as one of several measures to ensure compliance with companies’ supply chain due diligence obligations. This is consistent with some supply chain laws, such as Germany’s LkSG, which incentivise investigations by allowing authorities to consider the company’s efforts to detect and remedy offences as mitigating circumstances when determining fines. In light of these developments, this blog post examines the practical considerations for cross-border supply chain investigations at a supplier’s site, outlining potential legal challenges and strategies for navigating international regulations.


Strategies for effective information collection at supplier sites

When conducting internal investigations related to the CSDDD or other supply chain laws at a supplier site, companies will require access to adequate information to assess any allegations. In the textile industry, for instance, companies may identify working conditions and child labour as potential issues in their supply chain risk assessments. Consequently, employment contracts, pay slips, and timesheets may prove helpful when investigating potential violations. On the other hand, environmental risks such as hazardous waste disposal and raw material extraction practices may be higher priority in the electronics and pharma sectors, such that documents relating to waste disposal practices, records of emissions and data on the use of resources may be of particular relevance. However, concerns about disclosing potential violations or sensitive information may cause suppliers to be hesitant to cooperate and provide relevant information when they are the subject of an allegation. 

To address this challenge, companies should consider engaging with their suppliers proactively. This includes incorporating terms into new and existing contracts that require suppliers to comply with relevant supply chain legislation and take cooperative measures such as providing access to specific information and allowing company audits and investigations in predefined situations. Securing cooperation from suppliers in advance is crucial, as companies cannot unilaterally adjust contracts when access to information becomes critical. However, there remains a risk that terms may be formulated in a way that are impractical (unenforceable). Furthermore, and depending on their bargaining power, suppliers may not consent to these (broad) provisions or could withdraw from cooperation when suspected of non-compliance.

Additionally, it is advisable for companies to develop a general plan for evidence collection in their (international) supply chains alongside risk analysis. This can involve creating protocols for gathering evidence abroad, including steps for legal compliance with local laws, procedures for handling data (e.g. secure storage and transfer methods), establishing effective communication channels, and may also include information on cultural particularities. By anticipating and adapting these protocols based on their supply chain structure and associated risks, companies can foster effective collaboration with local stakeholders (including local suppliers, government agencies, legal experts, industry associations, auditors), gather evidence more efficiently, and overcome legal hurdles more quickly.

Legal and regulatory considerations

One of the primary challenges with international investigations is the diversity of legal and regulatory frameworks, along with their unique procedural implications. Below are some of the main legal areas requiring consideration:

  • Labour law 

Cross-border investigations of suppliers are challenging from a labour law perspective. Unlike investigations at a company’s own premises, the employees involved are not employed by the investigating company but by the supplier. This means they have no legal obligation to cooperate with the investigation – their duty is to their employer. 

However, to comply effectively with supply chain legislation, companies often need to gather information from suppliers to properly conduct risk analyses or establish control mechanisms like audits, which typically require the cooperation of the supplier’s employees. To navigate these challenges, companies should also proactively secure supplier employee cooperation through contractual terms. Such terms should require suppliers to exercise managerial authority in a manner that facilitates effective internal investigations. This includes trying to contractually make sure that employees comply with requests for information and participate in interviews and audits. However, when doing so, companies also need to ensure that they obtain the information they need without violating employees’ rights, including privacy, rest periods, and freedom from harassment. Overall, anticipating potential issues and securing suppliers’ cooperation before investigative measures become necessary can be crucial for the success of cross-border investigations. However, there is a risk that suppliers may not agree to such far-reaching clauses or may find ways to be less cooperative if suspicions arise.

  • Data protection 

In addition, the cross-border nature of investigations often adds a new layer of restrictions concerning data privacy. For companies operating outside the EU, firstly, the relevant local data protection laws in the supplier’s country must be considered when obtaining and processing data locally. This is crucial to avoid potential breaches of local data protection law and may require establishing robust data-handling agreements to secure standard contractual clauses or to ensure that the receiving country provides adequate data protection. 

When operating in the EU, GDPR compliance is mandatory and involves ensuring the lawful processing of personal data, maintaining robust data security measures, and respecting individuals’ privacy rights. This includes adhering to data minimisation principles (i.e. collecting only the data necessary for the investigation), ensuring a high level of protection when transferring data to a third country, and securely disposing of the data after the investigation.

In jurisdictions such as China, Switzerland and France, laws known as blocking statutes prevent foreign entities from accessing certain information. These laws are generally in place to protect national interests or sovereignty. Blocking statutes prohibit the disclosure of information (particularly of an economic or commercial nature but also, for example, investigative reports) to foreign authorities or to natural or legal persons. These laws can give rise to significant legal challenges, as complying with the requirements of one jurisdiction may lead to infringements in another (see also this blog post on the recent judgment of the General Court of the European Union on the European Commission’s authority to request data stored outside the EU, despite conflicting foreign laws). To justify relying on a blocking statute to prevent the processing of their supplier’s information, companies must meet a high standard of proof that the impossibility of responding to the request is beyond doubt. This includes an assessment of the relevant laws in the requested state, failed attempts to obtain special authorisations from the foreign authorities, and unsuccessful alternative measures to access the information. To navigate these conflicts, companies should consider legal expertise at the earliest possible stage in order to balance compliance with multiple legal regimes. This may involve relying on local investigators or adapting investigative procedures to comply with local laws while still achieving the objectives of the investigation.

Conclusion
Cross-border supply chain investigations are inherently complex, demanding careful consideration of legal, cultural and operational factors. As European countries transpose the CSDDD into national laws, and as existing supply chain regulations evolve, effective (cross-border) investigations at suppliers’ sites will become an increasingly important instrument to help meet companies’ supply chain due diligence and compliance obligations. Companies that invest in understanding the nuances of these investigations and proactively implement robust and adaptive investigative approaches will be better positioned to maintain compliance in a dynamically evolving regulatory landscape.

 

Tags

corporate governance, human rights, investigations, regulatory