Operations and suppliers at significant risk for incidents of forced or compulsory labor
Practical guidance for preparing this disclosure. Use this card to identify datapoints, verify claims and organise supporting evidence. For exact requirements, always refer to the official GRI source.
↗ Share
This disclosure asks an organisation to explain where, in its own operations and in its supply chain, there is a meaningful risk of forced or compulsory labour. The focus is not on every site or every supplier in equal detail, but on identifying the parts of the business and the supplier base where the risk is significant and therefore needs attention.
In practice, the report should make clear how the organisation has identified those higher-risk areas and what parts of the business they cover. Readers should be able to see whether the assessment is broad or limited to certain geographies, activities, business units, or supplier categories, rather than only highlighting a few flagship sites.
* This LRA educational guidance supports disclosure preparation. For the exact requirements, always refer to the official GRI source.
A quick mental checklist before you prepare this disclosure — tick each as you settle it.
| Datapoint | What to capture | Evidence hint | Owner |
|---|---|---|---|
| High-risk operations | List the business operations the reporter has identified as carrying a higher chance of forced-labour incidents, and note why they are flagged — either because of the kind of activity involved or because they sit in countries or areas seen as higher risk. | Risk assessment, site or country risk mapping, supplier/operating footprint review, internal audit or compliance notes. | Compliance / Human rights / Operations |
| High-risk suppliers | Identify the suppliers the reporter has marked as higher risk for forced-labour incidents, with the reason for the flag based on supplier type or the countries/areas where they operate. | Supplier risk assessment, procurement due diligence records, vendor master data, country risk screening, audit findings. | Procurement / Supplier risk / Compliance |
| Forced-labour actions | Capture the actions taken during the reporting period that were meant to help remove forced labour in any form, with enough detail to show what was done in that period. | Action plans, remediation logs, training records, supplier corrective actions, policy updates, project trackers. | Compliance / Human rights / Operations |
Show GRI 409-1 sub-elements (LRA working checklist)
- Set out the actions taken during the reporting period to help end forced or compulsory labour.
- Identify the operations that present a material risk of forced or compulsory labour, whether because of the kind of activity or the places where they operate.
- Identify the suppliers that present a material risk of forced or compulsory labour, whether because of the kind of supplier or the places where they operate.
LRA working checklist - paraphrased; see official source
- Set the reporting boundary first: decide which parts of your own operations and which supplier relationships you will assess for forced-labour risk, using a clear and consistent basis for the period.
- Define what counts as higher risk in practical terms. Use the nature of the activity, the country or area involved, and any other internal risk indicators you already rely on, so the same logic is applied across the disclosure.
- Gather the supporting records for each risk area you identify. Keep the underlying evidence that shows why a site, activity, supplier, country, or region was treated as higher risk.
- Compile the disclosure content in two parts: list the higher-risk operations and higher-risk suppliers, then describe the actions taken during the reporting period that were meant to help remove forced labour in any form.
- Record any exclusions, boundary changes, or shifts in your risk approach so readers can see what was left out and why, and can compare the current period with prior reporting on a like-for-like basis.
- Check the final draft against the source material and your evidence file. Confirm that the scope, the risk basis, and the actions described all match the underlying records and the official reporting source.
Translate the disclosure into an internal business question — then adapt it to your organisation's own language.
Use your organisation’s own terms first, then map them to the reporting question. For example, use your usual labels for sites, vendors, regions, risk flags, and remediation actions rather than framework language.
Please provide the GRI 409-1 data for the evidence needed for GRI 409:GRI 409-1, including measures taken to contribute to the elimination of all forms of forced or compulsory labor.
Please send the current list of higher-risk sites and supplier groups for labour abuse concerns for [reporting period], with the reason each one is flagged and the actions taken in the period to reduce the risk. Use your usual site, supplier, and risk labels, and include the source system, last-updated date, and any gaps.
Formal email template
Subject: Request for site and supplier risk evidence for [reporting period] Hi [name/team], We are preparing the sustainability reporting pack and need your help with the records for [business area / region / category]. Please send the current list of: - sites or operations you flag as higher risk for labour abuse concerns, with the reason each one is flagged; - supplier groups or individual suppliers you flag as higher risk, with the reason each one is flagged; and - actions taken during [reporting period] to reduce the risk of forced labour or similar labour abuse in those areas. Please include the source file or system, the date the information was last updated, and any notes on gaps or exclusions. A simple table is fine. If you already use different internal labels, please use those and we will map them for the report. Please send by [deadline]. We will check the official source before sign-off. Thanks, [preparer name]
Short Teams / Slack version
Hi [name/team] — could you send the latest list for [reporting period] of higher-risk sites and supplier groups for labour abuse concerns, plus the actions taken in the period? Please include the source, last-updated date, and any gaps. Use your usual internal labels; we’ll map them. Thanks — [preparer name]
Construction / Infrastructure
Context. A project-based business with subcontractors, labour agencies, and sites in several countries.
Adapted request. Please send the project sites and subcontractor groups you flag as higher risk for labour abuse concerns for [reporting period], plus the actions taken on those projects during the period. Include the reason each site or supplier group is flagged, the source register, and any follow-up actions or closures.
Example response. - Project A site: flagged due to labour agency use and cross-border workforce - Project B site: flagged due to remote location and prior audit findings - Subcontractor group X: flagged due to labour broker model in higher-risk region - Actions: site audits completed, contract clauses updated, worker briefing sessions held, corrective actions tracked to closure
Food manufacturing / Agriculture
Context. A business using seasonal labour, growers, and labour providers across multiple regions.
Adapted request. Please send the list of farms, processing sites, and labour providers you flag as higher risk for labour abuse concerns for [reporting period], plus the actions taken in the period. Use your normal risk labels and include the source file, last update, and any gaps.
Example response. - Farm cluster 1: flagged due to seasonal labour and use of labour provider - Processing site 2: flagged due to high turnover and prior grievance reports - Labour provider Y: flagged due to cross-border recruitment route - Actions: supplier checks completed, worker induction updated, site visits increased, follow-up issues logged
The full request pack — response form, data table, evidence metadata and sign-off — is in the Download Centre.
LRA training templates — adapt them to your organisation, and check the official source before sign-off.
Explain how the business defined a higher-risk operation or supplier, including the criteria used to assess location, activity type, or other relevant factors, and state the basis used to decide which items were included.
Set out what the figures indicate about where the business sees the greatest exposure to forced-labour risk, and summarise the main prevention or remediation steps taken during the period.
If the profile changed materially from the prior period, explain whether that was driven by changes in the business footprint, supplier mix, risk assessment approach, or the actions taken to address the issue.
GRI 409-1 Operations and suppliers at significant risk for incidents of forced or compulsory labor — [location / page] / [notes]
Professional preparation tools and forms for GRI 409-1. Each download includes a concise “How to use” guide.
| Claim | Risk | Evidence to check |
|---|---|---|
| I identified the parts of the business that we judged most exposed to forced-labour risk, using our own risk review of the activities and the places where we operate. | An assurer will check whether the risk screen was applied consistently, whether the basis for calling an area or activity higher risk is documented, and whether the coverage figure matches the underlying review. | Risk assessment papers; site, activity or country risk matrix; methodology note showing how higher-risk areas were selected; management sign-off; working papers linking the disclosed figure to the reviewed population. |
| I set out the supplier groups we treated as higher risk after reviewing the kinds of suppliers we use and the locations from which they supply us. | An assurer will probe whether supplier risk was assessed on a clear basis, whether the supplier population was complete, and whether exclusions or filters were justified and traceable. | Supplier risk assessment; procurement or vendor master extract; criteria used to flag higher-risk suppliers; evidence of any exclusions; review and approval records; reconciliation between the disclosed figure and the supplier list used. |
| I prepared the reported measures from records kept during the year, using the actions we actually carried out and checking that the summary agreed to the source files before publication. | An assurer will look for whether the actions were captured completely, whether the period covered is correct, and whether the final wording is supported by contemporaneous evidence rather than later reconstruction. | Project logs, training records, audit or remediation trackers, policy updates, meeting minutes, and other contemporaneous records; period cut-off check; internal review notes; evidence of final sign-off; reconciliation from source records to the published summary. |
| I checked that the disclosed coverage was complete for the reporting period and that the same inclusion rules were used throughout the table or narrative. | An assurer will test whether the boundary was applied consistently, whether any omitted entities or locations were intentional, and whether the reported numbers or statements are internally consistent. | Boundary memo; consolidation or inclusion list; exception log; cross-checks between draft and final disclosure; internal control review; evidence that all included units were assessed under the same rules. |
| I retained enough supporting material to show how each figure or statement was built, so an independent reviewer can trace it back to the underlying records. | An assurer will assess whether the audit trail is sufficient, whether source documents are authentic and dated, and whether the trail supports the final disclosure without gaps. | Source documents with dates and owners; calculation sheets; version history; approval trail; document retention index; traceability from published text or numbers back to original records. |
- The governing policy or written commitment behind this disclosure
- A methodology / definition note setting out how the disclosure was scoped and prepared
- Source-system exports the figures or facts were drawn from
- The internal approval / sign-off record for the disclosure before publication
- Minutes or records evidencing the relevant engagement or consultation
- The information is presented without a date or as-at point.
- The scope or boundary of the statement is left undefined.
- Key terms are used inconsistently across the report.
- Material changes since the previous period are not disclosed.
- Assertions are made without supporting detail or a source record.
- Boilerplate is used that does not actually answer what is asked.
- Wrong owner
The request goes to the wrong team, so the list is built from a desk that does not hold the operational or supplier risk records.
- Framework language used in the ask
The data request is written in reporting jargon instead of the organisation’s own terms, and the person answering cannot map it to their working files.
- Scope not pinned down
No one states which parts of the business, supplier base, or locations are in scope, so different teams send different populations.
- Timing basis mixed up
The team pulls figures from a different period than the one being reported, which makes the evidence set and the reporting window inconsistent.
- Counting basis gets blended
One file mixes site counts, supplier counts, and other tallies without saying which basis each figure uses, so the numbers cannot be compared cleanly.
- Source labels are lost
Original tags from the source register are stripped out during consolidation, so the reviewer cannot trace each line back to the underlying record.
- Separate populations merged
Operations and suppliers are rolled into one list even though they need to stay distinct, which hides where each risk sits.
- Evidence details missing
The pack contains the headline list but not the supporting metadata, such as source date, owner, or file reference, so the trail is incomplete.
- No sign-off trail
The draft moves forward without a clear review and approval record, so nobody can show who checked the data before it was used.
- Setting the risk cut-off for sites and suppliers
Use one documented rule for what counts as a meaningful risk flag across your own sites and supplier base, then explain the basis you used and any exceptions where local conditions led to a different call.
- Handling acquisitions, disposals, and newly added locations
Decide whether to include bought, sold, or newly opened operations and suppliers from the point they enter your control or relationship, and state the timing rule you applied so readers can see why the list changed.
- Dealing with different country rules and local labour practices
Where legal definitions or labour-market conditions vary by country or region, apply a consistent internal screen but note any local adjustments made to identify higher-risk places or activities.
- Classifying borderline activities and indirect relationships
If a site, business line, agent, broker, or other intermediary sits close to the boundary of your scope, explain the judgement used to include or exclude it and why that treatment is reasonable.
- Choosing the population basis for suppliers
Be clear whether the supplier list is built from active spend, contracted vendors, critical suppliers, or another internal population, and disclose the basis so users can understand what is and is not covered.
- Using estimates where full checks are not practical
If complete review is not possible, use a documented estimate or proxy, say how it was derived, and separate estimated coverage from directly checked cases where that distinction matters.
- Aggregating sensitive information to protect people and counterparties
When naming specific sites or suppliers could expose individuals or commercial relationships, group the information at a higher level and explain the aggregation approach and any limits it creates.
- Rounding and presentation of counts
If you present numbers of at-risk operations or suppliers, apply one rounding method consistently, make sure the rounded figures still make sense against the underlying totals, and note the method used.
- Explaining changes from the prior period
If the set of flagged operations or suppliers moves materially from last year because your screening method, boundary, or source data changed, describe the reason for the movement rather than leaving the change unexplained.
- Linking risk identification to the actions taken in the year
Keep the list of higher-risk operations and suppliers separate from the measures taken during the period, and explain how the actions you describe relate to the risks you identified.
Synthetic, written by LRA — not from a company report, not text from any standard.
Synthetic illustration only. During the year, we focused our labour-rights checks on cut-and-sew sites and labour brokers in higher-risk sourcing countries, and we reviewed 18 direct suppliers and 42 subcontracted facilities flagged by geography or business model.
- The main exposure areas were garment assembly, fabric finishing, and labour agencies operating in two overseas sourcing corridors where migrant labour is common.
- We also ran supplier audits, worker interviews, contract reviews, and corrective-action follow-up to help remove practices linked to coercion, debt bondage, or restriction of worker freedom.
Synthetic illustration only. Our review identified elevated labour-abuse risk in seasonal packing lines, third-party transport, and labour providers in three countries where temporary migrant work is prevalent; in total, 9 operating sites and 27 suppliers were treated as higher-risk.
- We carried out unannounced site visits, refreshed supplier due-diligence checks, updated contract clauses, and escalated any findings for remediation and worker support.
- These steps were intended to reduce the chance of any forced-work practices remaining in our own operations or in the supply chain.
How to turn the collected data into a draft disclosure. Suggested visuals and a GRI content-index line generated from this disclosure's datapoints.
Suggested visuals
- Where forced-labour risk is concentrated in the business — bar: A count or share of operations flagged as higher risk, split by location or by type of activity.
- Supplier risk profile by source and geography — stacked bar: How higher-risk suppliers are distributed across supplier categories, countries, or regions.
- Risk hotspots across the operating footprint — map: Geographic areas where the business has operations or suppliers assessed as more exposed to forced-labour risk.
- Actions taken during the year to reduce forced-labour risk — table: The main steps completed in the period, with a short note on what each measure was intended to achieve.
- Operational and supply-chain risk comparison — bar: A side-by-side view of higher-risk operations versus higher-risk suppliers to show where exposure is more concentrated.
What separates a figure from a disclosure.
We identified 12 higher-risk sites and 8 higher-risk suppliers.
We identified 12 higher-risk sites and 8 higher-risk suppliers based on the kind of activity and the countries involved.
We identified 12 higher-risk sites and 8 higher-risk suppliers this year, using our risk review of business type and location, and the count was unchanged because our sourcing footprint stayed stable.
Real reports where this topic is disclosed. The confidence label shows how closely each match maps to GRI 409-1 — these are report practice, not exact disclosure examples.
| Company | Sector · Country | Year | Match | Page | Report | Assurance | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Sands China Ltd. | Hotels, Restaurants, Leisure, Tourism Services · Macao | 2025 | Exact | p. 53 →p. 48 →p. 49 → | 2025 ESG Report → | EY | |||||||||||||
Evidence in Sands China Ltd.’s reportWhat the report shows Sands China Ltd.’s 2025 ESG Report provides detailed coverage of supplier risk assessment, noting that 63% of suppliers were assessed and 72 critical suppliers were identified for social or environmental risks (p.49). The report also mentions specific ESG risk factors related to suppliers, including direct and indirect suppliers, and references third-party audits assessing compliance with laws and issues such as child labor and forced labor (p.49). However, the report does not clearly specify the outcomes of these assessments or the measures taken in response, and some data on management representation targets are mentioned without direct linkage to supplier risk management (p.41).
Evidence-based summary of this company’s own report — not a disclosure template to copy, and not a compliance verdict. Datapoint coverage
Source trail
|
|||||||||||||||||||
| Cogna Educação S.A. | Education Services · Brazil | 2024 | Partial | p. 149 →p. 160 →p. 139 → | Relato Integrado 2024 → | KPMG | |||||||||||||
Evidence in Cogna Educação S.A.’s reportWhat the report shows Cogna Educação S.A.'s 2024 Relato Integrado report includes specific disclosures on suppliers at significant risk for forced or compulsory labor, with relevant information found on page 149. The report also covers suppliers screened using environmental criteria (p.139) and mentions legal actions related to unfair competition (p.155). However, while there are references to risks of child labor and forced labor, the extent of detailed data or comprehensive risk assessments on these issues remains unclear from the provided extracts.
Evidence-based summary of this company’s own report — not a disclosure template to copy, and not a compliance verdict. Datapoint coverage
Source trail
|
|||||||||||||||||||
| London Luton Airport Operations Ltd. | Air Transportation — Airport Services · United Kingdom | 2024 | Exact | p. 71 →p. 42 →p. 38 → | Sustainability Report 2024 → | BSI | |||||||||||||
Evidence in London Luton Airport Operations Ltd.’s reportWhat the report shows London Luton Airport Operations Ltd.'s Sustainability Report 2024 provides specific data on suppliers at significant risk for incidents of child labor, referencing GRI 409 on forced or compulsory labor (p.71). The report also details that 60% of total spend is with suppliers located within 25 miles of the airport (p.30), and mentions legal actions related to anti-competitive behavior under GRI 206 (p.70). However, the report does not clearly disclose the extent of incidents or outcomes related to these risks, nor does it provide comprehensive information on measures taken to address them.
Evidence-based summary of this company’s own report — not a disclosure template to copy, and not a compliance verdict. Datapoint coverage
Source trail
|
|||||||||||||||||||
A manufacturer has factories in two countries and also uses a labour broker for seasonal packing staff. Its review shows the brokered workforce and one overseas site need closer attention because of the way work is arranged and the locations involved.Should the disclosure name both the at-risk sites and the at-risk supplier arrangement, or only one of them?
A retailer has no direct production sites in a high-risk country, but several imported product lines come from suppliers there. The team is unsure whether to mention the country only under suppliers or also under operations because the buying office is elsewhere.How should the preparer decide where to place the country-based risk information?
A company has introduced worker hotlines, supplier audits and contract clauses during the year. The sustainability lead wants to describe these actions as proof that the issue has been solved, even though the risk review still flags some sites and vendors as higher risk.Should the disclosure present these actions as eliminating the risk, or as steps taken during the year to help reduce it?
A group has a long list of low-risk suppliers and only two labour agencies in one region that were flagged after a review. The reporting team is tempted to include every supplier and every country where the group buys from, to be safe.What should the preparer include in the risk disclosure: every supplier and location, or only those judged to have meaningful exposure?
See how companies actually report GRI 409-1 — drawn from their own published reports, with the exact pages, and an LRA AI-assistant that works through it with you. Available to LRA Community members and to students throughout their platform access.
How this disclosure maps across the major reporting frameworks.
For GRI 409-1, what data do I need to gather before I start drafting the disclosure?
The page says to prepare three datapoints: high-risk operations, high-risk suppliers, and forced-labour actions. Use those as the starting point for your data request and evidence pack. ↑ section
How do I scope GRI 409-1 in practice if I am the ESG manager or HR data owner?
Use the page’s step-by-step preparation section to define the reporting boundary, then map the three datapoints to the relevant parts of the business and supply chain. The page is designed to help you turn that scoping into a draft disclosure. ↑ section
What should I ask operations and procurement teams for to support GRI 409-1?
Ask for information that supports the three prepared datapoints: where high-risk operations sit, which suppliers are high-risk, and what actions have been taken on forced labour. The page also points you to an evidence pack so you can collect supporting documents alongside the data. ↑ section
What does the page mean by an evidence pack for GRI 409-1, and what should go in it?
The page includes an evidence pack with five items to support assurance readiness. Use it to assemble the documents and records that back up the claim, the risk assessment, and the actions reported. ↑ section
Which assurance checks should I be ready to answer for GRI 409-1?
The page lists five assurance claims to verify, each framed around a claim, the related risk, and the evidence. That helps you test whether the disclosure is supported before it goes to review. ↑ section
What are the most common mistakes people make when reporting GRI 409-1?
The page has a section on common reporting gaps and mistakes, which you can use as a pre-submission check. It is there to help you avoid missing data, weak evidence, or an unclear narrative. ↑ section
How can I use the synthetic example on the GRI 409-1 page without copying it into my report?
The example is there to show how a disclosure can be structured, including a quantitative table where relevant. Treat it as a model for format and level of detail, not as a template to copy word-for-word. ↑ section
What should the draft output for GRI 409-1 look like on this page?
The page gives draft-output guidance with visualisation ideas, narrative starters, and a GRI content-index line. Use those to turn your prepared data into a first-pass disclosure for internal review. ↑ section
How do I use the Prep & Assurance workbook for GRI 409-1?
The Download Centre includes a Prep & Assurance workbook in .xlsx format. Use it to organise the preparation steps, evidence, and assurance checks before drafting the disclosure. ↑ section
What is the printable Library Card for GRI 409-1 used for?
The Download Centre also includes a printable Library Card in .pdf format. It is a quick-reference aid for working through the disclosure and supporting materials. ↑ section
Can I use the 'From company reports' table to see how other companies disclose GRI 409-1?
Yes. The page includes a table linking to real published reports where the topic is disclosed, which can help you see how the disclosure is presented in practice. ↑ section
- What are the three datapoints to prepare for GRI 409-1?
- How do I build an assurance-ready evidence pack for GRI 409-1?
- What should I include in a draft GRI 409-1 narrative?
- How do I use the GRI 409-1 workbook step by step?
- What are the common gaps to check before finalising GRI 409-1?
- Where can I find real company report examples for GRI 409-1?
- How do I turn the GRI 409-1 preparation notes into a content-index line?
- What visualisation ideas does the GRI 409-1 page suggest?
- How should I assign ownership for GRI 409-1 data collection?
- What should an HR or procurement data owner provide for GRI 409-1?
- How do I check whether my GRI 409-1 disclosure is ready for assurance review?
- Does the page give an ESRS or IFRS mapping for GRI 409-1?
Get a practical answer for your reporting context. Your first answer is free — create a free account to continue the conversation.
Sources, status and disclaimer
This LRA assistance tool is designed for educational and internal data-collection purposes. It is not an official interpretation of the GRI Standards, IFRS Sustainability Disclosure Standards or EU CSRD/ESRS requirements. When applying these frameworks in professional practice, users should consult and double-check the official standards, guidance and applicable regulatory sources.