The French law on Duty of Care (“Devoir de vigilance”) dated 27. March 2017 – lessons learned and recommendations


published on 15 September 2022 | reading time approx. 7 minutes

The scope of the French law on Duty of Care (“Devoir de vigilance”) is deliberately broad to allow for several types of situations. It establishes the need for a vigilance plan in five parts to be implemented within companies meeting certain thresholds.


The law prescribes those companies to establish a “Vigilance plan” to “prevent serious violations of human rights and fundamental freedoms, the health and safety of individuals and the environment, resulting from the activities of the company and those of the companies it controls, as well as from the activities of sub­con­trac­tors or suppliers with which it has an established business relationship, when these activities are related to this relationship”.

The plan should include the following measures:

  • Mapping of risks for their identification, analysis and prioritisation;
  • Procedures for regular assessment of the situation of subsidiaries, subcontractors or suppliers with whom an established business relationship is maintained;
  • Appropriate actions to mitigate risks or prevent serious harm;
  • A mechanism for alerting and collecting reports on the existence or occurrence of risks, established in con­sultation with the trade unions representing the company;
  • A system for monitoring the measures implemented and evaluating their effectiveness.

The law introduces an obligation to publish the vigilance plan as well as a report on its implementation in the management report presented each year.

A company that does not comply with the obligations of the law may be subject to a civil liability action under common law in the event of damage resulting from a breach of the duty of care. In addition, the law provides for a mechanism to give the company formal notice to comply with the obligations set forth in the law. Five years after the implementation of this law, the Assemblée Nationale issued a report evaluating the law.

General criticism of the law

During the 5 years after the enactment of the Duty of Vigilance Law, several criticisms have been formulated by the Assemblée Nationale. Firstly, it deplores that the legislative provisions are unclear, in particular because of the overlapping of the concepts of the Duty of Vigilance Law with the provisions introduced by the Sapin 2 Law (anticorruption law). The Duty of Vigilance Law is understood and implemented in accordance with the other compliance obligations, including those created by the Sapin 2 Law.

Secondly, the heterogeneity between companies in the implementation of the vigilance plan is criticized:  

  • Risk mapping appears to be a complex exercise for companies, and many companies do not create a map in the strict sense of the word, but simply refer to existing procedures and policies or list risks and issues with­out any associated methodology. The report deplores the lack of proper mapping with a detailed metho­do­logy. It therefore seems necessary to encourage the deployment of multi-stakeholder initiatives, whether sectoral or regional, to offer companies a more precise methodology and thus clarify the risk mapping exer­cise. In addition, the creation of an authority in charge of the application of the duty of care, similar to the French Anti-Corruption Agency, seems necessary to give companies the keys to the implementation of the duty of care law.
  • With regard to the alert mechanism required by the law, there will be a need to clarify the way it has to be implemented also considering the newly enacted law transposing the EU Whistleblower Directive.
  • The vigilance plans are sometimes not very detailed not to expose companies to legal and reputational risks if the elements contained therein are inaccurate. In this sense, companies prefer not to be too ambitious and not to include initiatives that might not be realized and to avoid including sensitive details.
  • The implementation of appropriate actions to mitigate risks or prevent serious harm is an area for improve­ment for companies. Vigilance plans must include appropriate actions for both. It is not possible to include only declarative measures or moral commitments. Most companies subject to the law limit themselves to declarative measures or references to the various group procedures and codes. Most assessment and miti­gation measures are too much like reporting on existing actions.
  • Moreover, the dialogue with NGOs, although they initiated the law, is conflicting. As a result, the day-to-day risk reduction policy is difficult to implement by companies alone, without constructive feedback from NGOs. The law risks becoming a legal obligation, only on paper, and losing impact.
  • Finally, the report deplores that these vigilance obligations, in conjunction with anti-corruption and extra-financial performance obligations, generate costs for companies. Indeed, as they do not have the skills to map risks, policies and procedures to carry out impact studies, companies resort to external service provi­ders (usually consulting firms or law firms).

An extended scope of application

  • The obligation of vigilance established by the law is particularly broad, it concerns serious violations of hu­man rights and fundamental freedoms, health and safety of persons as well as the environment. Moreover, the entire commercial chain is included in the definition of the law because the term "established commer­cial relationship" is understood in a broad sense.
  • This extended scope of application creates a certain vagueness for companies. They do not always know how to set up this vigilance plan and where to start.
  • The objective of the law is not understood by companies either. The vagueness of the law and its extremely broad scope are therefore strongly criticised.
  • France has chosen not to list the principles and international conventions that fall within the scope of the vigilance law. Other European countries, such as Germany, have decided to list the texts included in the vigilance law. This broader scope necessarily brings limited clarity in the early stages of the implementation of the law.
  • No regime of sanctions is really foreseen by the law and leaves the judge a vast freedom of appreciation.
  • This broad scope of application is also the source of positive comments. Indeed, it makes it possible to make the companies concerned by the legislation accountable and to effectively prevent potential violations. Risks are interconnected and it is impossible to individualise them. In addition, there are links between environ­mental and human risks and the law as drafted allows for the continuous identification of risks. It drives a need for structural change in business activities and more responsible business conduct.
  • The French Duty of Care law does not restrict the application of the law to the activities of subsidiaries nor to the first ranks of suppliers, it broadly includes companies with which there is an established business rela­tionship. This willingness was already explained by the Rana Plaza scandal in 2013. Indeed, with a strict definition, indirect subcontractors would not fall within the scope of the law, yet in the case of the Rana Plaza collapse indirect subcontractors were involved in the case.
  • The broad inclusion of the value chain of ordering companies in the scope of the law`s application appears necessary to make the application of this law effective and really act against the risks. Indeed, this inclusion will prevent companies from trying to circumvent the law's obligations by explaining that their commercial relationship is not a direct one. The Assemblée Nationale supports this point and encourages the European Union to legislate in this sense for the European Directive Duty of Vigilance.

An insufficient involvement of stakeholders (NGOs, associations and unions)

The Duty of Vigilance Act requires companies to involve stakeholders in the development of the vigilance plan. However, in practice, this association is not clearly mandatory, and companies are content to inform the parties (NGOs, associations, trade unions and in particular employee representatives).

This consultation allows, above all, a better definition of the scope of vigilance and reduces the risks of liti­ga­tion where stakeholders could question the relevance of the plan. By involving them in the development of the plan, companies avoid numerous conflicts because the plan will have been validated by the stakeholders. The exclusion of stakeholders is a real problem for companies, who cannot take into account the opinion of these people, who are generally the first to suffer damage or be exposed to risks. Associating stakeholders by simply providing information is not at all sufficient. It is necessary to make progress in this area and for companies to establish a dialogue and genuine consultation. The preparation of the plan must take the form of a co-con­struc­tion.

Many companies are excluded from the scope of the law

The corporate form of the company

Certain types of companies are excluded from the scope of the law. Despite the wording of the law ("any company"), its inclusion in the section of the Commercial Code dealing with public limited companies, limits its application to public limited companies. The references in the Commercial Code mean that it applies to Euro­pean companies and limited partnerships with shares as well as simplified joint stock companies. In practice, however, the application to simplified joint stock companies is problematic and many simplified joint stock companies are unaware that they are subject to the law of vigilance.

The Assemblée Nationale advocates the application of the duty of care to all companies, regardless of their legal form, as soon as they exceed the thresholds of liability.

The criterion of the number of employees

The application of the French "duty of care" law in companies is subject to a threshold of employees. This threshold for the application of the law is set at 5,000 employees within the company and its direct and indirect subsidiaries in France and 10,000 employees worldwide.

These thresholds significantly reduce the scope of the duty of vigilance. Indeed, the lowering of the employee threshold is necessary since human, social and environmental risks do not depend on the size of the company and very small and medium-sized companies can face risks. In Germany, for example, the threshold for appli­cation is much lower (3,000 employees, to be lowered to 1,000 employees in 2024).

The Assemblée Nationale proposes a broader application of the duty of care law, by lowering the threshold of employees. It is also possible to consider a new criteria, that of turnover, which would better reflect the eco­nomic weight of companies and thus make the obligations of the law weigh on a greater number of companies.

Proposal to create an administrative control authority

The issue of monitoring, controlling and sanctioning non-compliance with the law is complex. The Duty of Vigilance Act provided for a sanction (payment of a civil fine of up to 10 million euros) but this was sanctioned by the Constitutional Council in the name of the principle of legality of offenses and penalties.

The control of compliance with the law is currently based on two mechanisms in the Commercial Code. On the one hand, there is a mechanism of formal notice to comply with the obligations of vigilance that can lead the judge to order the company to comply with its obligations, if necessary, under penalty. On the other hand, there is the liability of the author in case of failure to comply with the obligation of vigilance and the judge can oblige him, if necessary, to compensate the prejudice that the fulfilment of these obligations would have allowed to avoid.

There are relatively few consequences of these two procedures since only a very small number of injunctions have been issued and very few decisions have been rendered. Nevertheless, the administration is facing a lack of knowledge and follow-up of the application of the law. In addition, companies have a real need for support to help them implement the duty of vigilance effectively.

Consequently, the creation of an authority or an administrative service in charge of the follow-up, the accom­paniment, control and the sanction of the law would be necessary. The form is still to be debated, notably on the interest of creating an independent administrative authority, a state service, or an observatory of research. This authority would not prevent possible legal proceedings but would allow to have an authority of advice and control enacting reference standards and procedural aids so that the duty of vigilance really becomes effective.

Deutschland Weltweit Search Menu