Is a Supplier Code of Conduct required by law?

Increasingly yes for large EU companies. The Corporate Sustainability Due Diligence Directive (CSDDD, Directive 2024/1760) requires in-scope undertakings to identify, prevent, and remediate human-rights and environmental impacts across their value chains, with a grievance mechanism extending to suppliers. The German LkSG (Lieferkettensorgfaltspflichtengesetz) imposes similar obligations from 2023. A supplier code is the standard instrument for cascading these obligations.

Does the code need to be in the supplier's local language?

Yes. The code is only effective where suppliers can read and brief their own workers on it. Most multinationals publish the code in English, French, German, Spanish, Italian, Chinese, and the operational languages of the largest supplier countries.

Should suppliers sign the code?

The most defensible approach is to incorporate the code by reference into the supplier contract, with the supplier countersigning the contract. Stand-alone code signatures are less robust because they do not flow contractually to the supplier's subsidiaries. The contractual route also enables termination rights for breach.

Free template · Updated May 2026

Supplier Code of Conduct

A Supplier Code of Conduct covering anti-bribery and corruption, labour rights, health and safety, environmental performance, data protection, and a grievance mechanism with whistleblower access. Designed for cascade through tier-1 suppliers into the broader value chain.

1. Scope and application

This Code applies to every supplier of goods or services to [Organisation], including agents, distributors, joint-venture partners, and subcontractors. Each tier-1 supplier is responsible for cascading equivalent obligations to its own suppliers and subcontractors where relevant. Compliance with this Code is a condition of doing business with [Organisation] and is incorporated by reference into the master supply agreement.

2. Human rights and labour

The supplier respects internationally recognised human rights, including those set out in the UN Universal Declaration of Human Rights, the ILO core conventions, and the UN Guiding Principles on Business and Human Rights. Specifically:

No use of forced or compulsory labour, including human trafficking, debt bondage, or prison labour.
No use of child labour. Workers under 18 do not perform hazardous work.
Freedom of association and collective bargaining respected.
No discrimination on grounds of race, colour, sex, religion, political opinion, national extraction, age, disability, or other protected characteristic.
No harassment, abuse, or degrading treatment.
Wages at least at the local minimum wage and sufficient to meet basic needs; overtime compensated at the legally required premium.
Working hours within local legal limits; voluntary overtime only.

3. Health and safety

The supplier provides a safe and healthy working environment. Workplaces meet applicable safety and health regulations. Workers receive appropriate training, protective equipment, and information about hazards. Incidents are recorded and investigated; root causes addressed.

4. Environment

The supplier complies with applicable environmental laws and minimises adverse environmental impacts of its operations. Specifically:

Emissions to air, water, and soil within legal limits.
Hazardous substances identified, managed, and disposed of safely.
Energy and resource efficiency targeted; greenhouse-gas emissions tracked and reported where requested.
Commitments aligned with [Organisation]'s climate strategy where the supplier is in a high-impact category.

5. Anti-bribery and corruption

The supplier complies with applicable anti-bribery laws, including the UK Bribery Act, the US FCPA where applicable, and the laws of the countries in which the supplier operates. Specifically:

No offering, giving, requesting, or accepting bribes, kickbacks, or other improper payments.
No facilitation payments.
Gifts and hospitality limited to modest, occasional, transparent values; declared and recorded.
Books and records accurate.
Conflicts of interest declared.

6. Competition law

The supplier complies with applicable competition law and does not engage in price-fixing, bid-rigging, market allocation, or other anti-competitive practices.

7. Data protection and information security

Where the supplier processes personal data on [Organisation]'s behalf, the relationship is governed by a separate Data Processing Agreement under GDPR Article 28. Independently of that, the supplier:

Implements appropriate technical and organisational measures.
Notifies [Organisation] of personal data breaches within 24 hours of becoming aware.
Restricts access to [Organisation] data on a need-to-know basis.
Returns or deletes data at the end of the engagement.

8. Sanctions and export controls

The supplier complies with EU, UK, US, UN, and other applicable sanctions and export-control regimes. The supplier does not engage with sanctioned persons or entities and screens its own counterparties.

9. Conflict minerals and responsible sourcing

Where applicable, the supplier exercises due diligence on the sourcing of tin, tantalum, tungsten, gold, and other minerals from conflict-affected and high-risk areas, consistent with Regulation (EU) 2017/821 and the OECD Due Diligence Guidance.

10. Grievance mechanism

The supplier maintains a grievance mechanism through which its own workers can raise concerns about conduct that breaches this Code. The mechanism is confidential, accessible to all workers in their local language, protected against retaliation, and capable of receiving anonymous reports. Tier-1 suppliers providing goods or services to [Organisation] in the EU are encouraged to use [Organisation]'s channel at [URL] as an additional, escalation route.

Workers of the supplier and their representatives may submit reports about conduct affecting their engagement on [Organisation] business directly to [Organisation]'s channel at [URL]. Reports may be anonymous; the channel is protected from retaliation; the report is escalated to the supplier on the reporter's consent and subject to confidentiality.

11. Audit rights

[Organisation] may audit the supplier's compliance with this Code on reasonable notice, by itself or through an independent auditor. Audits may include on-site inspection, document review, and worker interviews. The supplier provides reasonable cooperation. Audit costs are typically borne by [Organisation] except where the audit reveals material non-compliance attributable to the supplier.

12. Remediation and consequences of breach

Where a breach is identified, [Organisation] and the supplier agree a corrective action plan with timelines. Material or repeated breaches may result in suspension of new orders, termination of the contract, and removal from the supplier panel. Suspected criminal conduct is referred to authorities.

13. Reporting

Tier-1 suppliers in scope of [Organisation]'s sustainability reporting cycle provide annual self-attestation of Code compliance and respond to information requests supporting CSRD, CSDDD, or LkSG disclosure obligations.

14. Acknowledgement

The supplier acknowledges this Code by accepting the supply agreement that incorporates it. The supplier informs its employees and subcontractors of the Code's obligations and provides training where appropriate.

Adopted by [Organisation], date [yyyy-mm-dd]. Reviewed: [yyyy-mm-dd]. Next review: [yyyy-mm-dd]. Published in EN, DE, FR, IT, ES, NL; additional translations on supplier request.