Consulting
 ← Back to site

Regulatory Updates — Full Archive

Compliance Alerts & Framework Updates

Curated from leading regulatory, standards, and industry sources. Relevant developments affecting social compliance, supply chain security, and ethical trade frameworks — filtered for what matters to suppliers and manufacturers operating in global supply chains.

Filter:

2025

12Apr 2025
EU CSDD

EU Corporate Sustainability Due Diligence Directive — Implementation Timeline Confirmed

The European Commission has confirmed phased implementation dates. Companies with 5,000+ employees and €1.5bn+ turnover must comply by 2027. Suppliers to EU-listed companies should begin gap assessments now — customer-imposed timelines will arrive 12–18 months before the legal deadline.

The CSDD applies directly to large EU companies but its reach extends upstream — any supplier producing goods or providing services to an EU-listed company will face equivalent requirements imposed contractually. The key obligations include identifying actual and potential adverse human rights and environmental impacts, establishing grievance mechanisms, and implementing corrective action plans.

03Mar 2025
SMETA

SMETA 6.1 Released — Key Changes for Audit Preparation

Sedex has released SMETA version 6.1, introducing updated guidance on living wage assessment, migrant worker protections, and environmental pillar requirements. Facilities preparing for SMETA audits should review the updated question set, particularly sections 2B and 4A.

The most significant changes in SMETA 6.1 relate to the living wage pillar, which now requires facilities to demonstrate a structured roadmap toward paying living wages — not merely legal minimum wages. The migrant worker section has been substantially expanded, with new questions on recruitment fee reimbursement and document retention policies.

18Feb 2025
RBA

Responsible Business Alliance Updates VAP Audit Protocol

The RBA has issued revised guidance for its Validated Audit Process, with updated scoring methodology for Priority Non-Conformances in the labour and ethics pillars. Technology sector suppliers — particularly those supplying HP, Lenovo, and Apple — should note the revised grading thresholds.

The revised VAP protocol introduces a new classification tier for Priority Non-Conformances related to working hours and wages. Facilities that previously received a "Priority" finding for isolated overtime violations may now face "Immediate" classification if systemic patterns are identified during the audit.

29Jan 2025
CTPAT

US CBP Tightens CTPAT Minimum Security Criteria

US Customs and Border Protection has updated CTPAT Minimum Security Criteria, with new requirements on cybersecurity controls, agricultural security, and business partner vetting. Suppliers to US retail brands with CTPAT obligations should verify their current status against the revised criteria.

The updated CTPAT criteria introduce mandatory cybersecurity requirements for the first time, reflecting growing recognition that digital supply chain vulnerabilities pose equivalent risks to physical security gaps. Suppliers must now demonstrate IT security policies covering access controls, incident response, and third-party vendor management.

15Jan 2025
ILO

ILO Reports 28 Million in Forced Labour — Supply Chain Exposure Rising

A new ILO report estimates 28 million people remain in forced labour globally, with supply chain exposure concentrated in agriculture, manufacturing, construction, and domestic work. The report underscores the urgency of robust supplier due diligence ahead of EU CSDD enforcement.

The ILO report highlights that forced labour in supply chains is not confined to high-risk regions — it occurs in developed and developing economies alike. The sectors most exposed include electronics, apparel, and food and agriculture. For compliance teams, the report reinforces the case for conducting due diligence beyond Tier 1 suppliers.

08Jan 2025
SCAN

SCAN Association Updates Member Requirements for 2025

The Supplier Compliance Audit Network has issued updated requirements for 2025, including revised guidance on cargo security, personnel security screening, and IT security controls. Suppliers to major US retailers who are SCAN members should review their current compliance status.

SCAN membership includes major US retail brands such as Walmart, Target, Home Depot, Costco, and CVS. The 2025 updates align SCAN requirements more closely with CTPAT, reducing dual audit burden for suppliers already certified under both programmes.