Defence industry: the boundaries of the duty of vigilance
The French law of 27 March 2017 on the duty of vigilance forms part of a broader movement aimed at holding large companies accountable for the impact of their activities on human rights and the environment. It requires the companies concerned to identify and prevent serious violations of human rights, as well as risks to the health and safety of individuals and to the environment resulting from their activities.
This national framework now forms part of a broader European dynamic, with the European Union’s adoption of the Corporate Sustainability Due Diligence Directive (CS3D), intended to harmonize and extend these obligations across the internal market.
In the defence industry, this requirement raises a key question: does the duty of vigilance stop at the company’s organizational sphere and its supply chain, or may it extend to the operations carried out by its clients?
This issue is no longer confined to academic debate; it has become an explicit litigation risk.
1. The structure of the law on the duty of vigilance
Article L.225-102-1 of the French Commercial Code structures the vigilance plan around three categories of activities:
the activities of the company itself;
the activities of companies it controls;
the activities of subcontractors and suppliers with which it maintains an established commercial relationship.
This wording suggests a framework organised around the company’s organisational and contractual sphere: the corporate group and the supply chain with which it maintains ongoing economic relationships.
Clients are not expressly mentioned in this list.
The legislative history also invites the provision to be read in light of the context in which it was adopted. Parliamentary debates largely focused on violations likely to occur within global supply chains, particularly within subsidiaries or among suppliers located abroad. In this perspective, the mechanism appears primarily oriented toward the internal governance of the corporate group and toward the upstream segment of the value chain.
2. The concept of “activities” and the temptation of expansion
The current debate focuses on the scope of the notion of the company’s “activities”.
In the defence sector, a company’s activities include the design, production and sale of military or dual-use equipment. The subsequent operational use of such equipment by a purchasing State appears, by contrast, to fall within a distinct sphere characterised by the exercise of sovereign powers.
Treating the final use of a product as part of the supplier’s “activities” would significantly alter the balance of the law. To date, such an interpretation has not been endorsed by French case law.
Litigation brought since 2017 has primarily focused on the quality of risk mapping, the precision of preventive measures, and the management of supply chains. No landmark judgment has established that a company could be held responsible, under the duty of vigilance, for operations carried out by a client.
3. Downstream activities at the heart of current claims
The landscape is nevertheless evolving.
At the European level, discussions surrounding the Corporate Sustainability Due Diligence Directive (CS3D) explicitly addressed the integration of downstream activities within the company’s “chain of activities.” The directive adopted in 2024 indeed adopts a broader approach based on this notion, which may include certain downstream operations, in particular those related to “the distribution, transport and storage of the product.” It nevertheless excludes such an approach for products subject to export control regimes, including arms, munitions and dual-use items once their export has been authorized.
In France, recent formal notices addressed to companies in the defence sector illustrate this trend. The claims raised focus specifically on the absence of a dedicated analysis of risks linked to the use of equipment in conflict zones and on the alleged inadequacy of risk mapping with regard to this downstream dimension.
The objective appears to be to bring the operational use of products within the scope of the duty of vigilance, arguing that the associated risks should be identified and assessed as part of the company’s “activities”.
4. A strategic point of vigilance for the defence industrial base
For companies forming part of the defence technological and industrial base, this issue cannot be ignored.
Legal certainty depends on:
risk mapping adapted to the specific nature of defence activities;
clear articulation between vigilance plans and export control mechanisms;
careful documentation of the analyses carried out prior to commercial decisions.
The challenge is not to transform companies into guarantors of the operational decisions of their clients. Rather, it is to secure their own decision-making framework in an environment where the boundaries of the duty of vigilance are subject to increasing interpretative pressure.
5. Conclusion
The French duty of vigilance law remains structured around organisational control and supply chain governance. At this stage, the explicit inclusion of downstream activities appears more closely linked to European policy debates and litigation strategies than to established case law.
In the defence sector, the scope of the duty of vigilance is likely to remain one of the key legal tensions in the years ahead. Addressing this issue requires careful reading of the legislation, close attention to European developments, and robust internal governance commensurate with the legal and strategic challenges faced by the industry.