ESRS S2-1 Supply Chain Policies

What ESRS S2-1 requires

ESRS S2-1 requires disclosure of the policies covering material impacts on value chain workers — specifically:

Supply chain code of conduct: The standards your suppliers must meet as a condition of doing business with you. A credible code covers: prohibition of child labour (ILO Conventions 138 and 182); prohibition of forced and bonded labour (ILO Conventions 29 and 105); freedom of association and collective bargaining rights (ILO Conventions 87 and 98); non-discrimination in employment; safe and healthy working conditions; payment of legally mandated wages and benefits; working time compliance; and no use of violence or harassment.

Human rights policy: A broader commitment to respect human rights in the value chain — referencing the UN Guiding Principles on Business and Human Rights (UNGPs) and OECD Guidelines for Multinational Enterprises. The policy should specify the scope of commitment (which tiers of the supply chain), the governance accountability (who is responsible), and how the policy is communicated to value chain partners.

Supplier qualification requirements: How the code of conduct is embedded in supplier onboarding — whether acceptance of the code is a contractual condition of supply, how new suppliers are screened for human rights risk before onboarding, and how existing suppliers are assessed.

Policy coverage: What percentage of your procurement spend is covered by the supplier code of conduct — and whether the code applies to all suppliers or only those above a spend threshold or in high-risk categories.

Aligning S2-1 with CSDDD Article 5

CSDDD Article 5 requires in-scope companies to integrate due diligence into their corporate policies — including a human rights and environmental due diligence policy approved at board level. This is the same document as your ESRS S2-1 policy disclosure.

For maximum efficiency: draft one policy document that satisfies both ESRS S2-1 and CSDDD Article 5 requirements simultaneously. The CSDDD standard is more demanding — it requires board approval, explicit reference to priority adverse impacts from the CSDDD Annex, and annual review. If your S2-1 policy meets CSDDD standards, it exceeds ESRS requirements.

CSDDD-compliant policy elements for S2-1: Board-approved (not just management-endorsed); references the specific human rights in CSDDD Annex Part I (ILO Core Conventions, right to life, prohibition of torture, right to health etc.); references the environmental obligations in CSDDD Annex Part II (Paris Agreement, CBD, Minamata, Stockholm, Basel Conventions); specifies the value chain scope (tier 1 directly, tier 2+ where there is plausible signal of adverse impact); includes an annual review commitment; and is publicly available.

For ESRS S2-1 disclosure: reference the CSDDD alignment explicitly — stating that your supply chain human rights policy is designed to comply with CSDDD Article 5 demonstrates proactive regulatory positioning to investors and stakeholders.

Cascading the code of conduct through the supply chain

A supply chain code of conduct that exists only at tier 1 is insufficient for ESRS S2-1 — and for CSDDD. The code must cascade down through the supply chain to reach the workers most at risk, who are frequently in tier 2 and beyond.

Tier 1 cascade requirement: Your direct suppliers must contractually commit to: applying your code of conduct to their own operations; flowing equivalent requirements down to their tier 2 suppliers; and reporting violations up to you.

Practical cascade mechanisms: Contractual cascade clauses in supplier agreements (the most legally enforceable approach); industry multi-stakeholder programme participation (Responsible Business Alliance, Better Cotton Initiative) that embed equivalent standards across a supply chain without bilateral contracts with every supplier; supplier self-declaration systems where tier 1 suppliers certify their tier 2 suppliers' compliance.

Code effectiveness: A code that suppliers sign but never implement is a paper policy. S2-1 should disclose not just the code's existence but how its implementation is verified — through the S2-4 audit and monitoring programme. The policy (S2-1) and the action (S2-4) must be coherent — a strong code commitment backed by no verification programme creates a greenwashing risk.

For SME suppliers: CSDDD requires you to support SME suppliers in meeting code requirements rather than simply imposing requirements. Disclose any capacity building support — training provision, co-financing of certifications, simplified reporting templates (VSME alignment) — as evidence of proportionate implementation.

Frequently asked questions