Teeth Without Eyes: How Modern Slavery Laws Are Built to Miss What They’re Looking For

New Zealand’s new Modern Slavery Bill looks, on paper, like the toughest supply chain law in the Anglosphere. Introduced to Parliament on February 10 with rare bipartisan support from both National and Labour, it carries criminal fines of NZ$200,000 (approximately €100,000), civil penalties of up to NZ$600,000 (approximately €300,000), and personal director liability for companies that fail to report. It is the first modern slavery law in the English-speaking world to put genuine consequences on the table.

There is one problem. It doesn’t require companies to actually investigate.

The bill mandates that companies with annual revenue above NZ$100 million report on what they find — or don’t find — in their supply chains. But it stops short of requiring the due diligence process that would generate those findings. A company can file a statement, declare it found nothing, and remain technically compliant. Until, of course, a regulator or a journalist finds what it didn’t look for. Under a penalty regime with director liability, that statement becomes evidence.

New Zealand didn’t invent this problem. It inherited it — from fifteen years of modern slavery legislation that asked companies to report without requiring them to investigate. What’s new is that the consequences for getting it wrong are finally real.

The Pattern

Call it the transparency theory: the idea that requiring companies to publish statements about their supply chains will create enough reputational pressure to drive behavioural change. It is the founding assumption of every modern slavery law written in the English-speaking world. A decade of evidence suggests it is wrong.

The UK’s Modern Slavery Act, passed in 2015, was the first. Section 54 requires large companies to publish annual statements on supply chain practices. Content is voluntary. Penalties are non-existent — an injunction mechanism exists that the Secretary of State can seek in the High Court, but it has never once been used. In October 2024, the House of Lords concluded the regime was fragmented and ineffective. Australia’s 2018 Modern Slavery Act improved on the model by mandating specific reporting criteria, but carried over the critical flaw: zero penalties for non-compliance. A UNSW study found 77% of companies failed to meet basic reporting requirements. Canada’s Bill S-211, in force since 2024, added penalties on paper but detained a single shipment under forced labour provisions — compared to over 16,700 stopped by US Customs and Border Protection over the same period.

The pattern is consistent: laws with eyes but no teeth, or neither. Statements accumulate. Behaviour doesn’t change.

France broke the mould. Its Loi de Vigilance, enacted in 2017, requires large companies to establish, implement, and publish a vigilance plan that actively identifies and prevents human rights risks across their value chains — not just in their own operations but through subsidiaries, subcontractors, and suppliers. Between 2017 and 2024, 13 lawsuits were filed under the law targeting TotalEnergies, BNP Paribas, Carrefour, EDF, and SNCF. On June 17, 2025, the Paris Court of Appeal issued its first ruling on the substance of a company’s obligations — upholding an order requiring La Poste to fundamentally revise its vigilance plan. The court’s finding was precise: risk mapping too vague, third-party assessments disconnected from identified risks, methodology insufficient to actually locate what the law required it to find. This is what enforcement under a law with both eyes and teeth looks like. It doesn’t ask whether a company filed a statement. It asks whether the methodology was rigorous enough to actually find something.

Germany went further still — mandatory risk management systems, human rights officers, annual risk analyses, fines of up to 2% of global turnover. Then, in April 2025, the new CDU/CSU-SPD coalition placed the law’s abolition under a section of their agreement titled “Immediate Program for Reducing Bureaucracy.” Reporting obligations were stripped immediately. Sanctions narrowed to serious human rights violations only. A law that had both eyes and teeth is being methodically defanged — not because it failed, but because it worked well enough to create compliance costs that industry lobbied to eliminate. The EU’s Corporate Sustainability Due Diligence Directive — the most comprehensive framework ever written, with penalties of up to 5% of global turnover and civil liability — exists on paper. Following the December 2025 Omnibus rollback, its application has been deferred to July 2029, its scope narrowed to companies with over 5,000 employees and €1.5 billion in turnover. It is the destination. It is not yet the journey.

Where Liability Lives

The legislative landscape matters to corporate counsel for one reason: the gap between what a law requires and what it assumes is where liability lives.

New Zealand’s bill illustrates this with precision. Companies must report on incidents found, complaints received, and actions taken — without any obligation to conduct the investigation that would surface them. A company that finds nothing and reports accordingly is technically compliant until enforcement begins and someone demonstrates there was something to find. At that point, the filed statement is not a shield. It is a record of what the company claimed not to see.

France’s La Poste ruling makes the legal standard explicit. The Paris Court of Appeal ordered the company to revise its vigilance plan not because it failed to file a document, but because its methodology was insufficient to actually locate what the law required it to find. The court’s message is unambiguous: a statement is not evidence of compliance. A methodology is.

The financial arithmetic reinforces this. A single UFLPA detention costs importers an average of $810,000 — covering legal fees, storage, demurrage charges, lost sales, and operational disruption. In fiscal year 2025, US Customs and Border Protection stopped 7,325 shipments, a 51% increase over the prior year. Against these numbers, the European Commission’s own estimate for full CSDDD compliance — between €52,200 and €643,000 annually — looks less like a burden and more like an insurance premium.

Companies operating across the EU, UK, US, Australia, and now New Zealand face an aggregate compliance reality that demands genuine investigative capability. Standard screening tools check whether an entity appears on a known list. They do not map the relationships between entities that reveal how risk actually operates: the front company registered in a clean jurisdiction, the financial intermediary layering transactions across borders, the subcontractor three tiers removed from the primary supplier relationship. Under weak legislation, that gap is academic. Under what New Zealand is building — and what France has already built — it is a liability.

Evidencity’s Taxonomy of Transparency Legislation maps every major modern slavery law against two dimensions: whether it requires companies to look, and whether it punishes those that don’t. The full analysis charts the trajectory from the UK’s unenforced 2015 Act to the EU’s CSDDD, due for application in 2029.

What the taxonomy reveals is that the direction of travel is settled, even if the pace is not. More jurisdictions will move toward mandatory due diligence with real enforcement. The question for companies is not whether that moment will arrive in their operating environment, but whether they will have the investigative capability to meet it when it does.

The cost of looking is known. The cost of being found not to have looked is escalating.

Download Evidencity’s full Taxonomy of Transparency Legislation.