Requirements for Enterprises within Scope

1. Establishing a risk management system

-    Establish an appropriate and effective risk management system

-    Integrate risk management into all relevant business processes.

2. Appointing personnel responsible for supply chain due diligence

-    Appoint personnel responsible for human rights

-    Senior management must be updated at least once a year regarding this personnel.

3. Conducting risk analysis

Conduct appropriate risk analysis:

-    Identify risks in the enterprise’s operations and those of direct suppliers.

-    Analyze and prioritize risks.

-    Results must be communicated to decision-making bodies (e.g., Board of Directors, procurement departments).

Frequency:

-    At least annually, and

-    Whenever significant changes or expansions in supply chain risks occur (e.g., new products, projects, or business expansions)

4. Issuing a Policy Statement

Approve and issue a Policy Statement on the enterprise’s human rights and environmental strategy, including:

-    Description of the due diligence process used;

-    Priority risks identified (based on risk analysis results);

-    Specific protective criteria applied to employees and suppliers in the supply chain (based on risk analysis).

5. Implementing preventive measures

Implement appropriate preventive measures, including:

-    Measures for the enterprise itself (training, implementation and monitoring of the Policy Statement, etc.)

-    Measures for direct suppliers (selection criteria, contractual clauses, etc.)

Review/evaluate the effectiveness of preventive measures (same frequency as Obligation 3) and update promptly if complaints are received regarding risks.

6. Implementing corrective measures

Conditions: When a human rights/environmental violation has occurred or is imminent.

Requirements: Measures must be sufficient to prevent, cease, or mitigate the violation.

-    For violations within the enterprise: ensure the violation ceases.

-    For violations at direct suppliers that cannot be immediately ceased: promptly develop and implement a corrective plan with a specific timeline; termination of contract with the supplier may be considered under certain conditions.

Review/evaluate effectiveness: same frequency as Obligation 3.

7. Establishing a grievance mechanism

Establish and publicly disclose a grievance mechanism:

-     Allow timely reporting of risks or violations in the enterprise/direct/indirect suppliers’ operations.

-     Steps and rules must be published in writing.

-     Personnel responsible for handling complaints must act objectively and independently.

-     Information on the mechanism must be clear and accessible.
Review frequency: same as Obligation 3.

8. Due diligence on risks at indirect suppliers

Grievance mechanism (Obligation 7) must allow reporting risks at indirect suppliers.

If there is actual indication of high probability of human rights/environmental violations at indirect suppliers, the enterprise must adjust the risk management system promptly and conduct necessary due diligence as required.

9. Maintaining records and reporting

Maintain records of due diligence implementation for at least 7 years from the date of creation.

*Annual Report on due diligence for the previous fiscal year, including:

-     Identified risks or breaches of obligations;

-     Measures implemented to address risks, violations, or complaints;

-     Assessment of effectiveness of measures and lessons learned for future measures.

-     If no risks or violations were identified: explanation must be provided.

Electronic version must be submitted online to the competent authority and publicly disclosed on the enterprise’s website no later than 4 months after the fiscal year-end.

*Reporting obligation abolished under the SCDDA amendments (September 2025).