This is the first time that a court has ruled on the merits of a case on the basis of the duty of care law. It is also the first time that a company has been condemned for failure to comply with this duty.
On 5 December 2023, the Court ruled that the vigilance plan drawn up by La Poste was not sufficient and ordered the latter to:
- Complete its vigilance plan with a risk map designed to identify, analyze and prioritize risks;
- Establish procedures for assessing subcontractors on the basis of the specific risks identified in the risk map;
- Supplement its vigilance plan with an early-warning mechanism drawn up in consultation with representative trade unions; and
- Put in place a system for monitoring vigilance measures.
However, the Court did not impose a penalty on this injunction, as it considered such a measure unnecessary given the radical improvements undertaken by La Poste, and the significant changes between the plan drawn up for 2020 and the one drawn up for 2021.
The Court also refused to order La Poste to take specific remediation measures, pointing out that, while the law authorized the Court to order companies to draw up more concrete and effective safeguard measures and complementary actions, it was not the Court's role to take the place of the company and its stakeholders in requiring them to introduce precise and detailed measures.
The Court consequently rejected the request for an injunction to establish safeguard measures relating to the prevention of undeclared work by subcontractors, situations of bargaining and illicit lending of manpower in the context of subcontracting, the prevention of psycho-social risks, and the fight against harassment.
The Court also refused to grant the union's request seeking the disclosure of a comprehensive list of suppliers and subcontractors of each of La Poste's subsidiaries, departments, and geographical areas, ruling that the precise identification of the company's co-contractors was not essential to ensure the implementation and evaluation of the company's action plan.
Finally, the Court recognized the possibility for a company to keep the detailed version of the risk map confidential, as long as the published version enables the public and stakeholders to know the precise identification of the risks that the company's activity poses to human rights, health and safety, and the environment.
This decision–which is subject to appeal-clarifies the scope of the obligations with which companies subject to the duty of care must comply.
To summarize:
1) The Tribunal reiterates the fundamental nature of risk mapping.
- Prioritization based on "net" risks (i.e., after the application of prevention and mitigation measures) relativizes the concrete implications of the activity, and does not make it possible.
- To pinpoint priority areas for vigilance; prioritization based on "gross" risks should be preferred.
- Particular attention needs to be paid to the degree of precision of risk mapping: a description of risks "at a very high level of generality" does not enable us to grasp the specific risks associated with the activity and organization of the company subject to the law.
The nature and severity of the risks, and the criteria used to prioritize them, must also be sufficiently documented to enable the implementation of risk mitigation and damage prevention actions tailored to the results of the mapping.
2) Assessment tools for subsidiaries and regular partners, including subcontractors, must be adapted to the nature and seriousness of the risks identified in the risk map, and enable us to identify therisks that need to be addressed as a priority.
3) Consultation with representative trade unions as part of the alert mechanism and the collection of alerts cannot be limited to"the simple collection of an opinion on a mechanism that has already been finalized." Companies must be able to demonstrate that the alert mechanism has been set up in cooperation with trade unions.
4) Appropriate actions to mitigate risks or prevent serious harm cannot be limited to general statements of intent. Nor is a reminder of group policies or commitments sufficient. Measures must be sufficiently specific to be effective in preventing the most serious risks and limiting the impact of other identified risks. Measures must be adapted to the risks identified in the risk map, be precise and concrete, and likely to produce measurable results.
5) Last but not least, companies need to put in place a system to monitor the measures taken to remedy identified risks. In particular, this system should make it possible to usefully assess the effectiveness of the measures put in place, and help guide the company's action plan. A report that briefly and arbitrarily presents certain remedial measures and analyzes only two areas is deemed insufficient.
Click here to read the French version.
1 2Article L.225-102-4 of the French Commercial Code.
