France's law on the corporate duty of vigilance: process, pedagogy and pragmatism as the way forward
The publication of the first vigilance plans prepared under France’s Law on the Corporate Duty of Vigilance (the “Vigilance Law”) has led to studies principally focused on a review of the content of these plans and identification of certain best practices. This note goes a step further and presents three recommendations to improve the next generation of vigilance plans and the effective implementation of current plans.
These recommendations, which are particularly relevant for the human rights aspect of the Vigilance Law, are centred on three Ps: Process, Pedagogy and Pragmatism. They are based on the author's experience advising companies on the implementation of the Law and a legal review of 25 vigilance plans conducted across 12 industrial sectors and against a set of 57 questions.As explained in the concluding comments of this note, the implementation of the Vigilance Law with processes, pedagogy and pragmatism should be inserted into a larger juridical framework.
As a preliminary matter, it is important and urgent to note that several companies do not have vigilance plans although there is a high probability that they fall under the scope of the Vigilance Law. A global group that has one or several corporate entities in France therefore needs to verify whether it is subject to the Vigilance Law before its sanctions regime is triggered.
Companies need to adopt a process-based approach both when drafting their next generation of plans and also when implementing their current plans. Processes are at the core of the Vigilance Law, including risk mapping, regular assessments of entities within the ambit of vigilance plans, grievance mechanisms, alert mechanisms, monitoring, and reporting.
These processes, however, need to be developed further. For instance, several companies need to detail the methodologies on which they base their risk mapping and then publish their results and the risks identified. The risk mapping should be focused not on the risks for the company itself but on risks for the rights-holders.
As for alert mechanisms, those provided for by anti-bribery legislation (such as for Loi Sapin 2) and by the Vigilance Law do not address the same risks or target the exact same population (the company on the one side; right-holders for the other side). Thus, such mechanisms cannot be used in lieu of the other without any adjustment.
Pedagogy is essential in order to go beyond a tick-the-box exercise so as to raise awareness and mobilise internal and external stakeholders.
An internal pedagogical approach is crucial to raise a company's staff awareness of the importance of respecting human rights. This includes organising training for each business unit and for each profession within such units as well as explaining what human rights are and how they can be affected by the conduct of given activities within the business unit. Pedagogy also means building synergies between the different departments within a company. Dialogue helps information circulate and facilitates the identification of key interlocutors in order for the staff to anticipate and report on human rights risks.
An external pedagogical approach requires that the company should make public the processes in place and actions that are taken to respect human rights. In particular, a vigilance plan should demonstrate that a company is in a position to know and show it respects human rights.
Companies need to be pragmatic when they initiate the processes discussed above. This is particularly the case as a number of obligations provided for by the Vigilance Law remain subject to several possible interpretations. Companies should be able to defend their decisions and interpretation of the Vigilance Law in line with the UNGPs and related standards.
Pragmatism also calls for transparency when implementing the Vigilance Law. First, transparency reduces the possibility that companies could be subject to periodic penalty payments based on the absence, incomplete content, or non-effective implementation of their vigilance plans. Second, companies whose plans are more comprehensive than those of competitors may be less targeted by the new judges (such as NGOs, consumers, ESG investors). Third, should a civil liability claim be brought against the company, vigilance plans based on transparency can serve as evidence that a company has fulfilled the obligations set out in the Vigilance Law.
AN OVERACHING LEGAL APPROACH FOR THE THREE “P”
Approaching the Vigilance Law with processes, pedagogy and pragmatism requires a broad juridical approach for three main reasons:
- identifying companies subject to the Vigilance Law and entities that such a plan should cover requires corporate law expertise;
- anticipating disputes arising from the Vigilance Law's interpretation and setting up processes requires a good understanding of the soft law and hard law on business and human rights; and
- protecting a company against the sanctions set out in the Vigilance Law. Sanctions include periodic penalty payments for failure to comply with the obligations set in the Law, and/or civil liability, should damage be caused and which could have been avoided if a vigilance plan had been prepared and effectively implemented.
* The recommendations provided for in this summary have been presented and discussed during a panel entitled “Vigilance Law - Year one: feedbacks on 2018 vigilance plans - focus on human rights” at the Convergences conference in Paris (September 2018). I am grateful to Charlotte Michon (EDH) and the panellists for our discussions, to Stéphane Brabant for his feedback and fruitful conversations, and to Adèle Bourgin for her research and help drafting this summary.
 Entreprises pour les droits de l'Homme (EDH) & B&L Evolution, Application de la loi sur le devoir de vigilance, 25 April 2018, available at https://www.e-dh.org/userfiles/Edh_2018_Etude_V6.pdf; EY, Loi sur le devoir de vigilance : analyse des premiers plans de vigilance par EY, September 2018, available at https://www.ey.com/Publication/vwLUAssets/ey-analyse-des-premiers-plans-de-vigilance-du-sbf-120/$File/ey-analyse-des-premiers-plans-de-vigilance-du-sbf-120.pdf.
 We conducted research on the format of vigilance plans, their scope of application and risk mapping, the implemented processes for the regular assessment of the situation of subsidiaries, subcontractors, or suppliers, tailored actions to mitigate risks or prevent severe impacts, existing systems monitoring implementation measures, alert mechanisms, and stakeholders.
 Stéphane Brabant, Elsa Savourey & Charlotte Michon, The Vigilance Plan: Cornerstone of the Law on the Corporate Duty of Vigilance, Rev Int. Compliance, December 2017, p.9 (“Although the required measures may bring to mind traditional risk management processes found in companies, there is, however, a fundamental difference: the purpose of the vigilance approach is to protect individuals and the environment whereas the purpose of classic risk management processes is to protect the company”) available at https://www.business-humanrights.org/sites/default/files/documents/Law%20on%20the%20Corporate%20Duty%20of%20Vigilance%20-%20Vigilance%20Plan%20-%20Intl%20Rev.Compl_.%20%26%20Bus.%20Ethics.pdf; see also UN, Report of the Working Group on the issue of human rights and transnational corporations and other business enterprises, 16 July 2018, A/73/163, p. 8.
 Loi n° 2016-1691 relative à la transparence, à la lutte contre la corruption et à la modernisation de la vie économique, 9 December 2016.