Skip to main content

Duty of vigilance: 1st edition of the observatory of vigilance plans

Sia Partners' Compliance team present the first edition of our benchmark of Vigilance Plans.

Scope of the benchmark

This benchmark has been published following the application of the French law on duty of vigilance, by major companies in the following sectors: 

  • Agri-food 
  • Energy 
  • Trade 
  • Telecom 
  • Transport 
  • Distribution 
  • Luxury goods  
  • Financial services 

22 plans were studied, with more than 60 points of analysis across and categories. This study was carried out by our compliance and duty of care experts, thanks to our AI tool, SiaGPT, developed by, our ecosystem of ready-to-use artificial intelligence solutions. 

What are the main difficulties observed in the eight categories?

The risk map only appears to be completely compliant for 9% of the Plans studied. In fact, most stakeholders limit themselves to listing the identified risks, without ensuring prioritization.  

Although procedures for evaluating subsidiaries and third parties appear to be carried out by all players, their scope and frequency are too restrictive. 

Most Plans do not detail the implementation schedule for each measure identified regarding the risk map. Moreover, these measures are not systematically identified.  

Concerning the alert mechanism, some Plans do not specify the possibility for foreign subsidiaries to locally report the existence of a risk linked to the Duty of Vigilance. 

The risk monitoring system remains incomplete, in that certain Plans fail to provide performance indicators to evaluate the effectiveness of the measures implemented. 

Although the organization of governance is not prescribed by law, it nevertheless represents a major element of the system. However, this, like comitology, is sometimes not explained within the Plans. 

The French Law on Duty of Vigilance of March 27, 2017, mandates the integration of the Plan into the entity’s Annual Report. However, the information should not be included there as this affects readability. In addition, we observe that this provision is not systematically respected, and that certain Plans are only published in isolation. 

Finally, awareness and training systems on the Duty of Vigilance do not always seem to be deployed within the analyzed organizations.  

Best practices observed throughout the benchmark

In a cross-functional manner, the involvement of stakeholders, whether internal or external, is a key element in the implementation of Duty of Vigilance measures. These can help the responsible Departments considerably, for example during the risk identification stage. The use of benchmarks, particularly international, such as International Labour Organization Conventions or OECD Guidelines for Multinational Enterprises, also prove useful. 

To be able to cross-reference as much data as possible, certain organizations are increasing the methods of evaluating their subsidiaries and third parties, the latter also being subject to a strict process when entering into a business relationship.  

Regarding risk mitigation and the prevention of serious harm, it is deemed appropriate for companies subject to the law to include clauses in their contracts with third parties relating to compliance with the Duty of Vigilance, which is the case for almost half of the Plans studied. 

Half of all entities have set up several alert channels to collect reports from employees and third parties. Having multiple channels is strongly encouraged as it ensures the availability of the mechanism, particularly for players using external platforms, which may be subject to maintenance. 

The monitoring system must not be global but specific to each previously identified risk. KPIs must be attached to each measure implemented, which has been generally well assimilated by the various stakeholders.  

In view of the issues linked to the Duty of Vigilance, 64% of entities have put in place a comitology specific to the subject.  

Finally, the Vigilance Plan must include an exhaustive report of its implementation, making it possible to understand the effectiveness and efficiency of the measures. This has been correctly implemented for a minority of actors.  

Sia Partners’ convictions to succeed in the Vigilance Plan exercise

  • Carry out a complete audit and count all the indicators to ensure the effectiveness of the monitoring and internal control system of the Plan. 
  • Create a comprehensive (including all relevant indicators) and regular system for evaluating subsidiaries and third parties. 
  • Establish robust governance and comitology from the development of the Plan and for monitoring it. 
  • Collaborate with stakeholders and third parties, both internal (such as work counsels) and external (business partners). 
  • Equip yourself with an operational alert system (digital, global or local tool) that guarantees the protection of stakeholders. 
  • Ensure the accessibility of the document and its promotion to all stakeholders. 

What is the future for Vigilance Plans?

Although the law on the Duty of Vigilance has been in force for 6 years, we still notice numerous disparities in the methods and quality of the Vigilance Plans analyzed. It is essential for players to analyze market best practices and compare their methodologies. Looking specifically at companies within the same sector and at the current Duty of Vigilance development, with the Corporate sustainability due diligence Directive project (known as the CSDD directive), expected for 2024. 

Sia Partners can support you in the development and improvement of your Plan and in your Duty of Vigilance compliance program.  

Contact us to find out more!

Sia Partners integrates this data in its client database to send you marketing communications (invitations to events, newsletters and new commercial offers).
This data will be kept for 3 years before being deleted and you can withdraw your consent to the processing of your data at any time.
To learn more about the management of your personal data and to exercise your rights, please consult our Data Protection Policy.


Your data are used by Sia Partners to process your contact request. Please note that you have rights regarding your personal data. For more information, we invite you to read our data protection policy