The amendments to Australia’s Modern Slavery Act, passed earlier this year, have introduced tighter reporting requirements that are now beginning to ripple through supply chains — sometimes in ways that feel predictable, sometimes in ways that seem to catch even seasoned compliance teams off guard. For companies earning more than AUD 50 million annually, the new rules have made it clear that general statements of commitment to human rights are no longer sufficient. There is a stronger expectation, now codified in law, that firms actively interrogate their supply chains, document risk, and disclose their findings in a manner that is both credible and accessible. Downstream manufacturers, particularly in sectors like electronics where supply chains tend to be dense, layered, and geographically dispersed, are feeling the pressure to respond — to move beyond aspirational language and start embedding more robust processes into their operational systems.
A lot of attention has turned toward how firms might integrate mandatory supplier self-assessments into existing enterprise resource planning (ERP) platforms. This makes sense on a number of levels. After all, ERP systems already function as the backbone of procurement and production workflows; adding a compliance module, or perhaps modifying existing fields and forms to capture supplier declarations, seems like a logical extension. Yet, as straightforward as this may appear conceptually, the implementation presents no small number of challenges.
There’s the technical side, certainly — adapting templates, building approval chains, linking assessments to specific purchase orders or contracts — but also the human element: ensuring that procurement officers, who may be accustomed to focusing on price, lead time, and quality, now also engage with questions of labor standards, forced labor indicators, and risk documentation. There is sometimes an assumption that technology will drive these processes on its own, but in practice, systems are only as good as the people who use them. And, inevitably, the quality of supplier self-assessments will vary. Some suppliers will respond thoughtfully, in detail, with supporting evidence. Others may provide only minimal information or language that sounds reassuring but offers little real insight. Firms will need to decide how to evaluate these responses, how to weigh them against other risk indicators, how to respond when assessments fall short.
Another area that has attracted increasing focus is the use of open data provided by the Australian Border Force to help build risk heat maps of second-tier suppliers. It’s a task that, at least on the surface, seems well-suited to data analysis: collect trade data, overlay it with information on supplier locations, product types, sectoral risks, perhaps even socio-political indicators, and generate a visual representation of where exposure may be concentrated. But this, too, is rarely as clean or as definitive as firms might like. The data available is often imperfect — incomplete, lagging, or difficult to interpret in isolation. And the process of weighting different risk factors, of deciding how to categorise or rank suppliers based on the data, involves judgment calls that can’t be fully automated. Different teams, different firms, may take different approaches, and while there is some emerging guidance on best practices, much of this work remains iterative — a matter of refining the methodology over time, learning from experience, adjusting as new information comes to light.
It’s also worth acknowledging that building a heat map, while valuable, is only one piece of a larger puzzle. The map can help direct attention, highlight areas where deeper engagement may be warranted, or where audits or supplier visits could be prioritised. But it does not, in itself, resolve the underlying risks. Nor does it necessarily provide the kind of clear, linear answers that boards and regulators may sometimes hope for. Supply chain risk management, particularly in relation to modern slavery, remains a space where ambiguity persists. Data can point to potential areas of concern, but rarely does it provide certainty. Firms are left to navigate this terrain as best they can — balancing compliance obligations, ethical commitments, and commercial realities, all while operating within systems that, however advanced, are still evolving to meet the demands of this increasingly scrutinised area.
One theme that seems to be emerging, not just in Australia but globally, is that regulatory frameworks are shifting toward a more proactive, evidence-based model of compliance. The amendments to the Modern Slavery Act exemplify this trend. There is less tolerance for superficial assurances, for generic policy statements, for approaches that amount to little more than procedural formalities. The expectation — sometimes explicit, sometimes implied — is that firms will engage meaningfully with their supply chains, will take reasonable steps to understand and mitigate risks, and will be prepared to demonstrate, in concrete terms, how they are doing so. And while the specific tools may vary — ERP-integrated self-assessments, heat maps, audit protocols — the underlying imperative remains consistent: transparency backed by action, documentation backed by substance.
Of course, how far firms can or should go in this regard remains, to some extent, an open question. There are limits, both practical and legal, to what companies can demand of suppliers, particularly in jurisdictions where regulatory environments are themselves weak or where asking the wrong questions may have unintended consequences. And there is the ever-present tension between the ideal — a supply chain free of forced labor, operating in full transparency — and the reality, which is that global supply chains are complex, dynamic, and not easily brought into full alignment with any single standard. But what is clear, or at least becoming clearer, is that doing nothing, or doing the bare minimum, is no longer a viable option.