On December 14, 2027, any product sold in the European Union that cannot be proven free of forced labour becomes illegal to sell. The EU Forced Labour Regulation (EUFLR, Regulation 2024/3015) has been law since December 2024. The prohibition is absolute: any product made with forced labour — at any stage of its supply chain, in any sector, from any origin — cannot be placed on the EU market or exported from it. There are no exceptions for company size, industry, or geography.
And there is a deadline most procurement teams are not tracking: June 14, 2026. That is the day the European Commission publishes the implementation guidelines that will define what acceptable due diligence looks like, which products and geographies carry elevated risk, and how penalties will be calculated. The guidelines will include risk indicators, due diligence methodologies tailored to company size and sector, best practices for ending and remediating forced labour, and a public database of high-risk products and regions.
Organizations that wait until December 2027 to verify their supply chains have already failed. The work required — comprehensive supply chain mapping across multiple tiers, integration of forced labour risk indicators into supplier screening, contractual flow-downs to sub-suppliers, whistleblower channels, documented remediation procedures — takes 12 to 18 months to implement for a typical enterprise with 1,000+ active suppliers. June 2026 is not a deadline to have it done. It is the deadline to start.
The product-level ban that changes the compliance model
The EUFLR differs from every existing due diligence regulation in one critical respect: it bans products, not practices. CSDDD requires companies to conduct diligence. The German Supply Chain Due Diligence Act (LkSG) requires companies to monitor their own supply chains. The EUFLR goes further — it says that if a specific product cannot be proven free of forced labour, that product cannot be sold. Linklaters' analysis notes that this shifts the compliance burden from corporate policy to product-level traceability.
This distinction matters because corporate policy compliance and product-level traceability require fundamentally different capabilities. A supplier code of conduct is a policy document. A traceability system that can prove a specific batch of cobalt, cotton, or silicon was not extracted or processed using forced labour is an operational system. It requires mapping suppliers at every tier, collecting and verifying documentation from each one, and maintaining that verification over time as suppliers and subcontractors change.
Most procurement teams have the first capability — a code of conduct, a supplier onboarding questionnaire, perhaps a third-party audit program for critical suppliers. Very few have the second. A 2026 analysis by ERM states directly: "ensuring your human rights due diligence approach is robust enough to withstand scrutiny and that you have sufficient knowledge of your supply chain takes time, so preparation is key." The report warns that companies must start immediately given the complexity of multi-tier mapping.
The June 2026 guidance: three things procurement needs to track
The European Commission will publish its Article 11 implementation guidelines by June 14, 2026. Fieldfisher's regulatory briefing identifies three main components:
Due diligence guidance for economic operators. The Commission will outline what constitutes acceptable due diligence for forced labour, aligned with the OECD Due Diligence Guidance for Responsible Business Conduct, the UN Guiding Principles on Business and Human Rights, and the ILO Indicators of Forced Labour (updated November 2025). The guidance will differentiate requirements by company size, sector, and supply chain complexity. SMEs will receive specific support, but the core expectation — risk-based, documented, verifiable due diligence — applies to every economic operator.
Risk indicators and enforcement benchmarks. The Commission will publish explicit risk indicators — product categories, geographic regions, industry sectors — that competent authorities will use to prioritize investigations. The Dutch government's guidance describes this as a risk-based approach: authorities will assess whistleblower submissions, international risk indicators, and the forthcoming EU database to decide which products and operators to investigate. Companies whose supply chains touch high-risk products or regions will face higher scrutiny.
Penalty calculation methodology. Member States must notify their penalty frameworks to the Commission by December 14, 2026. The Commission will provide guidance on calculating financial penalties and setting thresholds. Baker McKenzie's compliance briefing notes that the regulation does not set fixed fine amounts — it allows member states to determine "effective, proportionate, and dissuasive" penalties, which creates enforcement variability across jurisdictions.
Why procurement owns this — and why most teams are not ready
The EUFLR assigns responsibility to the "economic operator" placing the product on the market. In most organizations, that operator is not the legal department. It is the procurement function that sources the product, contracts the supplier, manages the relationship, and holds the supply chain data. Legal can draft the compliance framework. Procurement must operationalize it across thousands of supplier relationships.
The gap between where most procurement teams are and where they need to be is wide. According to the Akin Gump regulatory alert, the regulation requires detailed records of due diligence processes, risk assessments, supplier communications, audit results, and remedial measures to demonstrate a risk-based approach if investigated. Most procurement teams maintain supplier records in their sourcing platform. Few maintain the multi-tier supply chain maps, risk indicator integration, and audit documentation trail that the regulation requires.
The complexity is compounded by the number of overlapping regimes. CSDDD due diligence obligations begin phasing in for the largest companies from July 2027. The EU Deforestation Regulation (EUDR) will enforce deforestation-free sourcing from late 2026. The EUFLR adds a third layer with a distinct compliance mechanism — product bans rather than process requirements. The IOE Business and Human Rights newsletter notes that the Commission's call for evidence on the FLR guidelines ran through March 2026, reflecting the complexity of aligning these frameworks without creating contradictory obligations for companies operating across multiple regimes.
What good looks like: the prepared procurement function
Organizations that will navigate the EUFLR with minimal disruption share five characteristics. They have mapped their supply chains beyond tier 1 — not just direct suppliers but the subcontractors, raw material sources, and processing facilities that feed into each product line. They have integrated forced labour risk indicators into their supplier screening and onboarding processes, using the ILO indicators and the forthcoming EU risk database to prioritize high-risk suppliers for deeper investigation. They have updated standard contract templates to include forced labour prohibitions, audit rights, documentation requirements, and mandatory flow-down clauses to sub-suppliers. They have implemented whistleblower channels accessible to workers at supplier facilities — not just an anonymous email address, but a functioning reporting mechanism that workers can access without fear of retaliation. And they have prepared escalation protocols: clear steps for what happens when a credible indication of forced labour is identified, from order suspension to corrective action plans to disengagement if remediation fails.
The Squire Patton Boggs compliance guide recommends companies begin implementing these measures now, noting that the specific measures adopted will depend on each company's sector, supply chain complexity, and resources — but the core requirements are consistent across all operators.
What this means in practice
Procurement leaders should take five actions between June 2026 and December 2027. Each maps to a specific regulatory requirement:
Map supply chains comprehensively, beyond tier 1. This is the single most important action. A product-level ban means procurement must know every supplier, subcontractor, and raw material source in each product's chain. The EUFLR database, once operational, will provide risk indicators by product and region — but the mapping work must be done internally. Start with products that enter or exit the EU market, prioritize high-risk geographies and sectors, and extend to tier 2 and tier 3 suppliers. Expected outcome: a complete, documented supply chain map for every product line within 12 months.
Adopt and operationalize forced labour risk indicators. The June 2026 guidelines will publish the Commission's risk indicators. Align your supplier screening process with the ILO Indicators of Forced Labour (updated November 2025), the OECD Due Diligence Guidance, and the UN Guiding Principles. Integrate the EUFLR database into ongoing monitoring once it goes live. Expected outcome: risk-based supplier screening that flags high-risk products and regions automatically.
Update supplier contracts and onboarding. Every new supplier contract and every renewal must include: explicit forced labour prohibition, flow-down obligation to sub-suppliers, audit and inspection rights for the buyer, documentation requirements for due diligence evidence, remediation obligations, and termination rights for non-compliance. The RVO Netherlands FLR guidance emphasizes that businesses must be ready to read the Commission's guidelines as soon as they are published and integrate them into existing processes. Expected outcome: contractual coverage of forced labour compliance across 100% of active supplier agreements within 18 months.
Implement worker-facing reporting channels. The regulation's risk indicators include whistleblower submissions as a source authorities will use to trigger investigations. Procurement must ensure workers in the supply chain have access to reporting channels — anonymous, multilingual, and managed by a trusted third party if internal channels are not appropriate. Expected outcome: functioning whistleblower mechanism documented in supplier codes of conduct and verified during audits.
Prepare escalation and remediation protocols. Define in advance what happens when forced labour is identified. Immediate actions: suspend new orders, investigate scope, assess whether remediation is feasible. If remediation is possible: defined corrective action plan with timeline, verification milestones, and worker restitution (recruitment fee repayment, wage correction). If remediation is not possible or the supplier is non-cooperative: disengagement plan with alternative sourcing already identified. Expected outcome: documented escalation procedure that can be activated within 48 hours of a credible indication.
Common questions about the EU Forced Labour Regulation and procurement
Does the EU Forced Labour Regulation apply to companies outside the EU?
Yes. The regulation applies to any economic operator placing products on the EU market or exporting products from the EU, regardless of where the company is headquartered. A U.S. manufacturer exporting to Germany is in scope. A Chinese supplier whose components end up in an EU product is in scope. The prohibition covers every stage of the supply chain — manufacture, harvest, extraction, processing — and every sector.
What is the difference between EUFLR and CSDDD?
CSDDD requires companies to conduct ongoing due diligence on human rights and environmental impacts across their entire value chain. EUFLR is narrower and more aggressive: it bans specific products proven to involve forced labour. CSDDD is process-based (do the diligence), while EUFLR is outcome-based (prove the product is clean or it cannot be sold). EUFLR enforcement starts December 2027. CSDDD obligations begin phasing in from mid-2027 for the largest companies.
What happens if procurement does nothing before December 2027?
The EU Forced Labour Product Network will coordinate investigations across member states. Competent authorities can open investigations based on whistleblower reports, risk indicators, or database flags. If a product is found to involve forced labour, the authority can order its withdrawal from the market, ban its export, and require disposal of remaining stock. Repeat violations escalate in penalties. For products deemed strategically important, authorities can order the product withheld until compliance is demonstrated — effectively freezing inventory.
Does the regulation cover tier-2 and tier-3 suppliers?
Yes. The regulation explicitly covers every stage of the supply chain: manufacture, harvest, extraction, and any working or processing related to the product. A buyer cannot claim ignorance of conditions at a tier-3 raw material supplier. The burden is on the economic operator placing the product on the EU market to demonstrate, through risk-based due diligence, that no forced labour exists anywhere in the product's supply chain.
What should CPOs do between June 2026 and December 2027?
CPOs should take five actions: (1) map supply chains comprehensively, including indirect suppliers and subcontractors for products entering or leaving the EU, (2) adopt ILO forced labour indicators and the forthcoming EU risk database into supplier screening, (3) update standard supplier contracts to include forced labour prohibitions, audit rights, and remediation obligations with flow-down to sub-suppliers, (4) implement whistleblower channels accessible to workers in the supply chain, and (5) prepare escalation protocols for credible indications of forced labour, including order suspension and corrective action plans.
Sources
- EU Forced Labour Regulation — Official text (Regulation (EU) 2024/3015)
- Squire Patton Boggs — EU Forced Labour Regulation Compliance Guide (2025)
- Linklaters — EU Forced Labour Regulation Published in the Official Journal (2024)
- Fieldfisher — EU Forced Labour Regulation Client Briefing (2025)
- Baker McKenzie — EU Forced Labour Regulation Supply Chain Compliance (2024)
- Akin Gump — EU Forced Labour Regulation Regulatory Alert (2024)
- ERM — Raising the Bar: Preparing for the EU Forced Labour Regulation (2026)
- RVO Netherlands — Forced Labour Regulation Business Guidance (2026)
- IOE Business and Human Rights — EUFLR Call for Evidence (March 2026)