The introduction of Canada’s draft Modern Slavery Act in March 2025 has, perhaps predictably, sparked a mixture of anticipation and uncertainty among Canadian exporters and multinationals with ties to the Canadian market. The proposal, which would impose mandatory reporting requirements on firms with global revenues exceeding CAD 50 million, is still working its way through the legislative process. Yet the contours of the new compliance landscape are already becoming clear enough that companies are beginning — some perhaps cautiously, others more assertively — to reassess their due diligence frameworks.
For many, the core challenge lies in moving from abstract support for human rights — something no company would publicly contest — to the more technical, and often tedious, task of operationalising that support. The proposed law envisions annual reporting on efforts to prevent forced labor and child labor within supply chains, and while the requirements are still being finalised, the direction of travel is evident. The government aims to push companies toward greater transparency, with an emphasis on concrete actions over general statements of principle. And this, of course, means that firms will need to put in place systems that can generate the necessary data, verify its reliability, and package it in a form that satisfies regulators, investors, and perhaps civil society as well.
One emerging focus is the development of open-data filing mechanisms. It’s a term that sounds technical — maybe even a little remote — but what it really gets at is the need for companies to standardise and share information about supply chain practices in ways that are accessible and verifiable. Firms are exploring ways to integrate reporting platforms that can interface with government portals, that can accommodate third-party data feeds, that can capture supplier declarations in formats that facilitate audit and review. There’s a temptation, sometimes, to think of these as purely IT problems. But they aren’t. The technology is, in a sense, the easy part. The harder work lies in deciding what data to collect, how to assess its credibility, how to address gaps or inconsistencies when they arise.
Supplier-level certificate verifications will no doubt play a central role in all this. The idea is straightforward enough: suppliers provide evidence — certificates, declarations, audit reports — attesting to their labor practices. But in practice, interpreting these documents, evaluating their sufficiency, integrating them into a broader compliance picture — this is where things get complicated. There’s always the risk that firms treat certificates as a box-ticking exercise, something to be collected and filed without really being interrogated. And yet the proposed Act, much like its counterparts in other jurisdictions, clearly envisions something more substantive. It expects companies to exercise judgment, to probe where necessary, to engage suppliers not just as vendors but as partners in upholding labor standards. And this shift in mindset, while widely discussed, isn’t always easily achieved. Particularly not for companies managing large, complex supply chains where the sheer volume of transactions can overwhelm even well-resourced compliance teams.
Drafting a human-rights risk assessment is another task that, while essential, can feel daunting. The expectation is that firms will go beyond generic statements — beyond the language of “zero tolerance” for forced labor, which by now is standard in most codes of conduct — and engage in a more granular analysis of where their specific risks lie. This requires not only mapping supply chains (a task that, even at Tier 1, can present challenges) but also applying a risk lens that considers sector, geography, material type, production method. And, inevitably, judgments will need to be made about how to prioritise risks, how to allocate resources, how to balance thoroughness with feasibility. There are no easy answers here. What one firm judges to be a material risk, another might assess differently, depending on its business model, its exposure, its risk appetite. And while official guidance may provide some parameters, much will rest on the company’s ability to document its reasoning, to show that decisions were made thoughtfully, in good faith, and with reference to credible data.
Companies are already grappling with how best to align existing policies and procedures with what the proposed Act will require. Some have well-established frameworks that, with adaptation, may suffice. Others are starting from a less developed base and will need to build capacity, both in terms of systems and people. And of course, the Act’s final form may yet change — that is always a possibility with legislation still under debate. But the direction is clear enough that firms delaying action entirely risk finding themselves on the back foot once the law comes into force. Many compliance teams are therefore working, even now, to identify gaps, to test reporting mechanisms, to engage suppliers, to begin the long — and often imperfect — process of embedding human-rights due diligence into commercial operations.
If there’s a unifying theme in these preparations, it may be this: that compliance, in this space, is as much about process as outcome. Companies are expected to show that they have systems in place, that they are making reasonable efforts, that they are not ignoring warning signs or deferring responsibility to others. And in a regulatory environment that is, arguably, becoming more demanding and less tolerant of superficial assurances, that focus on process is likely to deepen. How firms rise to this challenge — how they balance regulatory requirements, commercial realities, and ethical imperatives — will be watched closely by policymakers, investors, and the wider public alike.