Modern Slavery Act Supplier Reporting: What You Must Disclose and How to Gather the Data
July 6, 2026
Modern slavery is not a fringe risk. The International Labour Organization estimates that 50 million people were living in modern slavery globally in 2021, and the majority of business exposure sits not in a company's own operations but deep in its supply chain, in the factories, farms, and logistics providers that most procurement teams have never assessed. For companies operating in Australia, the UK, and Canada, legislation now requires you to do something about that, and to report on it publicly every year.
We’ll cover what each jurisdiction actually requires, what good supplier data gathering looks like in practice, and how technology is closing the gap between box-ticking statements and defensible due diligence programs.
Who Is Required to Report?
Australia, the UK, and Canada each have mandatory modern slavery reporting regimes with distinct requirements, thresholds, and obligations:
Amendments are coming. Australia's statutory review, completed in 2023, recommended lowering the revenue threshold to AUD $50 million, introducing civil penalties for non-compliance, and requiring entities to establish formal due diligence systems. The government's December 2024 response agreed, in full, in part, or in principle, to 25 of the 30 recommendations and noted the remaining 5. Critically, it declined to lower the threshold at this stage, opting to consult further before committing to any legislative change. Companies below the threshold today should be preparing now.
In 2024, the UK, Australian, and Canadian governments jointly released an International Reporting on Modern Slavery, Forced Labour and Child Labour template to help companies operating across multiple jurisdictions streamline their compliance reporting. If you operate across more than one of these countries, this template is worth using as your baseline.
What Your Statement Must Actually Cover
While exact requirements vary by jurisdiction, the substantive expectations converge significantly. The Australian Act is the most prescriptive, requiring statements to address six mandatory criteria:
Your organisational structure, operations, and supply chains
The risks of modern slavery in your operations and supply chains, including those of any entities you own or control
The actions taken to assess and address those risks, including due diligence and remediation processes
How you assess the effectiveness of your actions
The process for consultation with entities you own or control
Any other information you consider relevant
The key words in criterion three are 'assess and address.' A statement that acknowledges risk exists but cannot demonstrate what was done about it is increasingly insufficient. Regulators, investors, and civil society groups scrutinise published statements, and the gap between organisations with genuine programs and those relying on boilerplate language is becoming obvious.
Why Supplier Data Is the Hard Part
Most organisations can describe their own operations with relative ease. The genuine challenge is supply chain data. The Australian Department of Home Affairs is explicit that it is not sufficient to outsource compliance through contracts or simply rely on statements from suppliers. You need to meaningfully engage, which requires actual data collection and risk assessment, not just a supplier sign-off on a code of conduct.
The practical barriers are significant:
Tier 1 visibility is incomplete. Most companies have reasonable visibility over direct suppliers but almost none over Tier 2 and beyond, where the highest forced labour risk often concentrates.
Supplier response rates are low. Unsupported questionnaires sent to hundreds of suppliers routinely achieve response rates below 30%, leaving major gaps in the risk picture.
Geographic data is missing. Without country-level risk intelligence, companies cannot identify which parts of their supply chain are operating in high-risk jurisdictions.
Self-reported data is unreliable. Suppliers in high-risk environments have strong incentives to provide optimistic responses, particularly where the relationship and contract value are at stake.
A Practical Approach to Supplier Data Gathering
Modern slavery compliance has moved from a disclosure exercise toward a risk-based due diligence model. The following approach reflects where leading programs are now operating:
Step 1: Map and Segment Your Supplier Base
You cannot assess every supplier with the same depth. Start by segmenting your supply base using a combination of spend, geography, industry sector, and commodity type. Suppliers in textiles, agriculture, electronics manufacturing, construction, and cleaning services operating in Southeast Asia, South Asia, or parts of Africa carry materially higher inherent risk than a domestic software vendor.
Step 2: Use Third-Party Intelligence Before You Ask Suppliers Anything
A pre-populated risk profile based on external signals, country risk data, known sector risk indicators, and adverse media screening, gives you two things: a prioritised shortlist of suppliers that genuinely need deeper assessment, and a baseline of evidence that does not depend on the supplier volunteering information about their own practices.
Step 3: Send Targeted Surveys to High-Risk Suppliers
Targeted surveys to a smaller, higher-risk cohort consistently outperform blanket questionnaire campaigns sent to the full supplier list. Suppliers are more likely to engage when the request is specific, proportionate, and comes with clear context about why it matters. Keep the survey focused: labour practices, worker recruitment, subcontractor relationships, and grievance mechanisms are the highest-signal questions.
Step 4: Document Your Process
Whatever your findings, your statement needs to demonstrate a credible, repeatable process. Regulators and auditors are looking for evidence that your due diligence is systematic rather than ad hoc. That means maintaining a documented record of which suppliers were assessed, what approach was used, what was found, and what action was taken.
The Direction of Travel
Modern slavery compliance is shifting from transparency to accountability, and both Australia and the EU are moving in the same direction. Australia's response to the McMillan Review committed to consult on civil penalties and a mandatory due diligence system, though it stopped short of lowering the reporting threshold, deferring that question to a future review. The difference is one of maturity and reach. The EU has already legislated the shift: its CSDDD, applying to the largest companies from July 2029, requires them to identify, prevent, and mitigate adverse human rights and environmental impacts across their operations and supply chain, not only disclose them. Australia has signalled the same direction of travel but has yet to put a due diligence duty into law.
If your program today runs on annual questionnaires and a published statement, the direction of travel is worth taking seriously. You do not need a full due diligence system tomorrow, but you do need to know where your real risks sit and be able to show how you found them. That identification-and-evidence layer is the foundation a credible statement rests on today, and the groundwork any future due diligence duty will build on. It is also where Socialsuite is designed to help: automated external screening to surface risk, structured supplier surveys to go deeper where it matters, and an audit trail your compliance function can stand behind. Learn more at our Supplier Risk Assessment page.
By clicking 'Accept all cookies', you agree to storing cookies on your device to enhance site navigation, analyze site usage and assist in our marketing efforts as outlined in our privacy policy.
By clicking "Accept all cookies", you agree to storing cookies on your device to enhance site navigation, analyze site usage and assist in our marketing efforts as outlined in our privacy policy.