ESRS S2-4 Supply Chain Due Diligence

What ESRS S2-4 requires

ESRS S2-4 requires disclosure of the actions taken to address material actual and potential negative impacts on value chain workers — and the financial resources allocated to those actions.

Supplier risk assessment: How suppliers are screened and assessed for human rights risk — country and sector risk overlays, self-assessment questionnaires, documentary review, and initial due diligence processes for new suppliers.

Supplier audit programme: The scope and methodology of the supplier audit programme — which suppliers are audited; the frequency of audits; the audit standards used (SMETA, RBA VAP, SA8000); whether audits are announced or unannounced; the use of accredited third-party audit firms; and the proportion of high-risk suppliers covered annually.

Corrective action plan management: How audit findings are tracked and remediated — CAP requirements for different finding severity levels; timelines for corrective action; follow-up verification; and escalation for non-compliance.

Capacity building: Actions taken to help suppliers meet human rights standards — training provision; co-financing of certifications; access to supplier development programmes; and engagement with industry initiatives that build supplier capability.

Financial resources: The OpEx and CapEx allocated to supply chain human rights actions during the reporting period. This is a challenging disclosure for companies that have not previously budgeted supply chain sustainability as a distinct line item — but it is important for investor assessment of programme credibility.

Social audit programmes — design and implementation

Social audits are the cornerstone of most supply chain due diligence programmes. Understanding how to design and implement them effectively — and how to disclose them credibly under ESRS S2-4 — requires clarity on both audit standards and their limitations.

Audit standards comparison: SMETA (Sedex Members Ethical Trade Audit) — the most widely used globally, particularly for consumer goods supply chains. Covers labour, H&S, environment, and business ethics. SMETA reports are stored on the Sedex platform and shareable with multiple buyers — reducing audit fatigue. RBA VAP (Responsible Business Alliance Validated Audit Process) — standard for electronics and technology supply chains. SA8000 — management systems approach with certification, particularly used in factory-direct certification contexts. amfori BSCI — European retail-focused, covers labour standards.

Audit frequency: Risk-based frequency — high-risk suppliers audited annually or biennially; medium-risk triennially; low-risk screened through questionnaires with periodic sample audits. Disclose the frequency policy and the percentage of high-risk suppliers audited within the last 12 and 24 months — a key coverage metric for S2-4.

Finding severity classification: A credible CAP management process categorises findings by severity: Zero Tolerance (immediate corrective action required — child labour, forced labour, safety-critical violations); Critical (30-day remediation); Major (90-day remediation); Minor (6-month remediation). Disclose the number of each severity category found during the year and the percentage closed within target timeframes.

Audit limitations: ESRS S2-4 should acknowledge audit programme limitations — announced audit schedules allow preparation; worker interview sample sizes are small; audit firms may have conflicts where they are paid by suppliers. Supplement audits with unannounced spot checks and worker voice platforms to address limitations.

Capacity building — moving beyond compliance policing

Supply chain due diligence that only polices compliance without building supplier capability creates a race to the bottom — suppliers pass audits but do not genuinely improve. Capacity building is the investment that makes the programme sustainable.

Types of capacity building actions: Technical training — H&S management systems, chemical safety, fire safety, electrical safety — delivered directly to supplier facilities. Business management support — helping suppliers understand why good working conditions improve productivity and reduce turnover, connecting the business case to the sustainability standard. Financial support — co-financing third-party certifications (SA8000, ISO 45001) that are too expensive for small suppliers alone. Technology access — providing or subsidising tools for chemical management, time and attendance recording, or grievance mechanism platforms.

CSDDD capacity building obligation: CSDDD Article 10(2) requires companies to support SME suppliers in meeting due diligence requirements rather than simply imposing requirements. This creates a legal basis for the capacity building investment that ESRS S2-4 requires you to disclose. Frame your capacity building programme as CSDDD-compliant supplier support — both fulfilling a legal obligation and creating more resilient supply chains.

Industry programme participation: Individual supplier capacity building is resource-intensive. Industry-level programmes — ZDHC (Zero Discharge of Hazardous Chemicals) in textiles; Better Cotton Initiative in cotton; Roundtable on Sustainable Palm Oil — build supplier capability at sector scale. Participation in these programmes as a brand or buyer is a credible S2-4 capacity building disclosure.

Measuring capacity building effectiveness: Track supplier improvement over time — do suppliers that receive capacity building show fewer audit findings in subsequent assessments? Do self-assessment scores improve year-on-year? These trend metrics demonstrate that capacity building investment is creating genuine improvement, not just compliance theatre.

Frequently asked questions