The EU is Going to Name Names

By Evidencity | AI Assisted | 100% Human Verified

The EU Forced Labor Regulation (EUFLR), which enters full implementation in December 2027, does something that no equivalent legislation has done before: it will publish investigation results. Not anonymized statistics. Not aggregate detention data. Named companies, documented findings, and public records of what investigators found and what due diligence failed to surface.

The US forced labor ban, by comparison, operates through US Customs and Border Protection detentions — generic, anonymized, largely invisible outside the logistics function. An EUFLR investigation finding is a different category of exposure. It attaches to your company name and stays there.

Compliance teams should be asking whether an EU investigator will find forced labor risk in their supply chains before they do, and what that finding will show about the tools they relied on to look.

How investigators see what standard screening misses

Standard due diligence screening is built around a specific task: checking whether a named entity appears on a published list. It confirms that an immediate counterparty carries no sanctions flags, no regulatory enforcement actions, no adverse connections in the disclosed record. When a check returns clean, the box is ticked and the shipment moves.

Standard screening cannot see beyond the immediate counterparty. It cannot map the network architecture behind a transaction. It cannot connect entities across jurisdictions through shared ownership, shared legal representatives, or coordinated operational shifts. It reads the disclosed record. It cannot read what was never disclosed.

Three cases from Evidencity's own published investigations illustrate what that gap looks like in practice.

In Ecuador, the Constitutional Court ordered Furukawa Plantaciones to pay USD41 million in reparations after finding the company guilty of maintaining serfdom-like conditions for over five decades. The company fired all 342 plaintiffs, paid nothing, and shifted its abaca operations to a sister entity, Marca Abacá S.A., incorporated in 2019 by an attorney who simultaneously served as legal representative for both companies. Trade data from March 2025 shows Furukawa's Japanese parent, Mavenz Inc., now receiving shipments from Marca Abacá rather than Furukawa itself. Furukawa's workforce collapsed from 296 employees to 92. Standard screening flags Furukawa at maximum risk. Marca Abacá registers as a separate legal entity with clean corporate filings. Entity-based screening sees two companies. Network mapping sees one continuous operation and a court-ordered reparations process being systematically evaded.

In Indonesia, Harita Nickel commissioned a marine study near Kawasi village on Obi Island that found dangerous levels of lead and cadmium in local fish. An internal email recommended keeping the full findings "for internal use only." Sections detailing safe consumption limits were deleted. References to water quality data exceeding regulatory standards were softened or removed. The shortened version, published by IPB University, concluded the fish were safe to eat. Harita cited that version in its 2022 and 2023 sustainability reports and in its response to the Indonesia Stock Exchange ahead of its April 2023 initial public offering (IPO). The contamination data existed. It was commissioned, reviewed, edited, and filed internally. It was never where standard due diligence was looking, because standard due diligence reads published sustainability reports, not the internal documents that shaped them.

The third case is structural rather than sectoral. Between February 2022 and January 2025, a network of European shell companies delivered approximately 16,000 shipments of dual-use goods worth EUR30 million to 24 Russian defense manufacturers supplying military operations in Ukraine. The network operated undetected for nearly three years across multiple layers of European compliance screening. It did not bypass those systems through document forgery or hacking. It was designed to look compliant at every individual checkpoint. Each shell company was properly registered. Each immediate counterparty returned no sanctions matches. The screening could not see the network architecture: the coordinated pattern of entities, the shared ownership structures, and the final destination of goods moving through seemingly unrelated European businesses. German authorities arrested five individuals in January 2025. The architecture was only visible when investigators mapped relationships rather than checked lists.

Enforcement is tightening, unevenly

The legal architecture proliferating around forced labor and supply chain transparency is real. The US has signed forced labor import ban commitments with at least 14 countries since April 2025. The Office of the United States Trade Representative (USTR) launched investigations into 60 countries for forced labor trade practices in March 2026. The EUFLR, the EU Deforestation Regulation (EUDR), and the US Department of Labor's newly launched supply chain self-assessment tools all point in the same direction: regulators are moving from voluntary compliance frameworks toward enforceable transparency requirements.

Enforcement capacity varies enormously. Most jurisdictions lack the customs expertise, staffing, and statutory authority to act on what they already suspect. The EUFLR will not catch everything. It will catch some things, name them publicly, and set precedent. The companies whose names appear in early findings will define what the standard looks like and what the gap between declared compliance and investigative reality costs.

Laura Murphy of Harvard Kennedy School's Carr-Ryan Center for Human Rights has analyzed the Uyghur Forced Labor Prevention Act (UFLPA) rebuttable presumption model as an instructive precedent. The mechanism that makes it the sharpest enforcement tool available is the shift in burden of proof: goods are presumed non-compliant until the importer proves otherwise. The EUFLR's public disclosure mechanism is a different instrument but produces similar pressure. The burden of demonstrating that due diligence was genuine, not performative, falls on the company. The standard being applied is not whether a screening check was run. It is whether investigators saw what there was to see.

Evidencity's approach to the gap standard tools cannot close

The three cases above share a common feature. The risk was accessible. The contamination data existed. The corporate restructuring was documented in filings. The network architecture was visible to anyone mapping relationships rather than checking names. These risks were invisible to standard due diligence not because of their sophistication, but because of the design of the tools being used to find them.

Evidencity's Illicit Network Intelligence (INI) is built around precisely this gap: findings that exist in internal documents, in-language local sources, trade data, and corporate registry relationships rather than in the disclosed record that entity-level screening reads. The Furukawa, Harita, and EUR30 million cases are not outliers. They are illustrations of a category of risk that conventional tools are structurally unable to surface.

When EUFLR investigation findings go public, the gap between what companies declared and what investigators found will be visible to competitors, clients, and counsel simultaneously. The compliance question has shifted from whether a supplier appears on a list to whether a company can see what an investigator can see, before they do.