ESRS S2 Workers in the Value Chain: How to Document the File When Labour Risks Sit Outside Your Client’s Payroll

When ESRS S2 applies and who it covers

ESRS S2 is materiality-gated. It applies only when the double materiality assessment identifies material impacts, risks, or opportunities related to workers in the value chain. No special justification is required if the topic is assessed as not material. Standard ESRS 1 paragraph 30 treatment applies.

The standard’s scope is broad. “Workers in the value chain” covers everyone who works in the company’s upstream or downstream value chain but falls outside the scope of ESRS S1 Own Workforce. That includes supplier employees, workers at sub-suppliers further down the chain, outsourced workers performing services on the company’s premises, workers at contract manufacturers, temporary agency workers supplied to the company’s business partners, and independent contractors in the downstream distribution chain. If a person performs work connected to the company’s products, services, or business relationships and isn’t counted in the S1 workforce, they fall under S2.

The sub-topics covered by S2 mirror those in S1: working conditions, equal treatment and opportunities for all, and other work-related rights. The specific issues within these sub-topics include forced labour, trafficking in human beings, child labour, adequate wages, social dialogue, collective bargaining, health and safety in the supply chain, and work-life balance. Companies assess materiality at sub-topic level, so a client with material forced labour risks in its upstream supply chain can report on that sub-topic without reporting on work-life balance, provided the DMA supports the conclusion.

The practical materiality trigger for S2 fires most often for companies with manufacturing supply chains in high-risk geographies, those using outsourced labour at scale, those sourcing agricultural commodities or raw materials from regions with documented labour rights issues, and those operating in sectors flagged by the OECD due diligence guidance (garments, agriculture, extractives, electronics). But it can also be material for service companies. A professional services firm outsourcing data processing to a provider using gig workers in a jurisdiction with weak labour protections has a potential S2 exposure.

The four disclosure requirements explained

The November 2025 Amended ESRS restructured S2 from five disclosure requirements to four, aligning with the simplified ESRS social architecture. Policies, engagement and grievance mechanisms, actions, and targets. S2-1 through S2-4 map directly to the ESRS 2 General Disclosure Requirements (GDR-P, GDR-A, GDR-T).

S2-1: Policies related to workers in the value chain (paragraph 10)

The company discloses its policies for managing material impacts on value chain workers, per ESRS 2 GDR-P. The disclosure must specify whether policies cover all value chain workers or specific groups (workers in a particular country, factory, or age group). Paragraph 10 requires the company to describe whether it has committed to human rights standards relevant to value chain workers.

The amended draft points practitioners to specific policy content: whether the policy addresses trafficking in human beings, forced labour, and child labour, and whether a supplier code of conduct is in place. For assurance, the test is whether a documented policy exists and whether the disclosed description matches the actual document. A supplier code of conduct that mentions “fair labour practices” without referencing any of the ILO core conventions or the UN Guiding Principles on Business and Human Rights is a qualitative gap.

Human rights policy disclosure was moved to ESRS 2 General Disclosures in the November 2025 draft. If the client has a standalone human rights policy that covers both own workforce and value chain workers, the assurance team should check that the S2-1 disclosure cross-references ESRS 2 rather than duplicating it.

S2-2: Engagement with workers in the value chain and channels to raise concerns (paragraphs 12–15)

This requirement combines two 2023-version disclosures into one. The company must describe how it engages with value chain workers (or their legitimate representatives), how it gains insight into vulnerable or marginalised workers (such as migrant workers or workers with disabilities), and whether grievance channels exist for workers to raise concerns.

The amended draft references the UN Guiding Principles effectiveness criteria (Principle 31) when assessing grievance channel quality. A grievance mechanism is only meaningful under S2-2 if workers can actually access it, trust it, and are protected from retaliation. For assurance purposes, the question is whether the company can demonstrate that the mechanism meets the effectiveness criteria, or at least describe what steps it has taken toward meeting them. A hotline number in a supplier code of conduct that no one has ever called is not a functioning grievance channel.

The disclosure must also describe whether substantiated human rights incidents connected with value chain workers have been reported during the period. This is a new mandatory datapoint introduced in the November 2025 draft (paragraph 19). “Substantiated” means confirmed through the company’s own processes or through external mechanisms. The disclosure aligns with the SFDR principal adverse impact indicator #14 in Table III of Annex I of Commission Delegated Regulation (EU) 2022/1288.

S2-3: Actions and resources related to workers in the value chain (paragraphs 16–18)

The company discloses its key actions taken or planned to prevent, mitigate, or remediate material negative impacts on value chain workers, per ESRS 2 GDR-A. The disclosure must include the approach taken when tensions arise between protecting workers and other business pressures (for example, practices around planning, pricing, or termination of supplier relationships). AR 32 asks whether the company considers impacts on value chain workers when deciding to terminate a business relationship.

This is one of the more difficult disclosures to document because it requires the client to be honest about trade-offs. A company that dropped a supplier over labour violations without any transition plan for the affected workers has a different disclosure from a company that engaged the supplier in a corrective action programme. Neither is inherently wrong under the standard, but the disclosure must describe what actually happened. The assurance provider tests consistency between the disclosed actions and any evidence of how the company actually managed these situations during the period.

S2-4: Targets related to workers in the value chain (paragraph 20)

Targets per ESRS 2 GDR-T. Targets can be qualitative or quantitative and must link to actions and engagement. “Improve supplier labour conditions” is not a target. “Achieve 80% completion of social audits across Tier 1 suppliers by December 2027” is. If no targets have been set, the company must disclose this fact and explain why.

What the November 2025 amendments changed

The Amended ESRS submitted by EFRAG to the European Commission in November 2025 restructured all four social standards (S1 through S4) to reduce narrative load and concentrate on material disclosures. The overall ESRS set saw a 61% reduction in mandatory datapoints. For S2 specifically, four changes matter.

Restructuring from five to four disclosure requirements. The 2023 version had separate requirements for engagement (S2-2), grievance and remediation (S2-3), actions (S2-4), and targets (S2-5). The November 2025 draft merges engagement and grievance into S2-2, renumbers actions as S2-3, and renumbers targets as S2-4. The substance is preserved but the structure is cleaner.

A new mandatory datapoint on substantiated human rights incidents was introduced. Paragraph 19 now requires disclosure of whether human rights incidents connected with value chain workers have been reported and substantiated during the period. This wasn’t mandatory in the 2023 version. It aligns with the SFDR adverse impact indicators and creates a binary testable datapoint for assurance.

Stronger alignment with UNGP and OECD due diligence frameworks. The amended text references the UN Guiding Principles on Business and Human Rights and the OECD Guidelines for Multinational Enterprises more explicitly than the 2023 version. S2-2 now points to UNGP Principle 31 (effectiveness criteria for grievance mechanisms) and the OECD due diligence guidance. For companies already operating under the Corporate Sustainability Due Diligence Directive (CSDDD), the alignment reduces duplication.

Transitional relief was extended. Under the amended ESRS 1 transitional provisions, Wave 1 companies may omit all S2 disclosure requirements for financial year 2026. This gives an additional year of preparation before S2 reporting becomes mandatory. For Wave 2 companies (delayed to FY 2028 by the stop-the-clock directive), S2 preparation has a longer runway. But the double materiality assessment must still cover value chain workers even during the transitional period. If the topic is material, at least high-level narrative disclosures describing policies, actions, metrics, and targets are expected per ESRS 1.

The S1/S2 boundary: which workers go where

Getting the S1/S2 classification right is a prerequisite. The boundary is defined in ESRS S1 paragraph 3: S1 covers people in an employment relationship with the undertaking (“employees”) and people who are non-employees but work for the undertaking (such as agency workers or self-employed persons who perform work for the reporting entity). Everyone else in the value chain falls under S2.

The practical difficulty is with outsourced and agency workers. A temporary agency worker placed at the client’s own production facility is typically S1 (non-employee performing work for the undertaking). A temporary agency worker placed at a supplier’s facility is S2. The same person, doing similar work, can fall under different standards depending on who they work for.

For assurance, the test is straightforward: does the worker perform work for the reporting entity? If yes, S1. If they perform work for a business partner in the value chain, S2. Misclassification creates a double error: understating S1 headcount or metrics while simultaneously understating S2 scope. Check the client’s outsourcing and contractor arrangements against this boundary before drafting the sustainability statement.

One further boundary question arises with the CSDDD. The Corporate Sustainability Due Diligence Directive requires companies to identify, prevent, and mitigate human rights and environmental harms across their value chains. The due diligence obligations under the CSDDD overlap substantially with the S2 disclosure requirements. Where a company has already mapped its supply chain for CSDDD purposes, that mapping feeds directly into the S2 materiality assessment and the policy disclosures. The assurance provider should check whether the client’s S2 disclosures are consistent with any CSDDD due diligence reports or supply chain mapping exercises already completed.

The data problem: how to document S2 when your client has limited supply chain visibility

S2 is the standard where the gap between disclosure requirements and available data is widest. For most mid-market companies, direct data on value chain workers (headcount, working conditions, wage levels, grievance outcomes) is either unavailable or limited to Tier 1 suppliers.

The amended ESRS 1 transitional provisions acknowledge this. For the first two years of ESRS application, companies may limit value chain information where data is not yet available, provided they explain the gaps and describe plans to improve coverage. This relief is a disclosure tool, not an exemption. The company still reports on S2 if it’s material. But it can state “we have social audit data covering 17% of our upstream cocoa supply chain; we plan to increase coverage to 40% by FY 2030” rather than remaining silent.

For assurance purposes, the practitioner tests whether the disclosed limitations are consistent with the client’s actual supply chain management capabilities. A company that claims it has no data on Tier 1 supplier working conditions but operates a supplier management platform with annual performance reviews has an internal consistency issue. The lack of data must be genuine, not convenient.

Worked example: documenting S2 for a Dutch food manufacturer

Van Houten Zuivel B.V., an Amersfoort-based dairy products manufacturer with €92M revenue and 340 employees. Sources milk from 45 Dutch dairy farms (all owned and operated by independent farmers). Imports cocoa powder from two West African suppliers through an intermediary in Rotterdam. Uses a logistics subcontractor (85 drivers) for Benelux distribution.

Step 1. Confirm S2 materiality at sub-topic level

The DMA identifies two material sub-topics. First, child labour and forced labour risks in the upstream cocoa supply chain (West Africa, specifically Côte d’Ivoire). The intermediary purchases from cooperatives that source from smallholder farms. The company has no direct relationship with the farmers. Second, working conditions for the logistics subcontractor’s drivers (zero-hours contracts, no collective bargaining agreement, reports of excessive working hours during peak seasons). Dutch dairy farm workers are assessed as not material (all farms operate under Dutch CAO dairy farming, a collective labour agreement with strong worker protections).

Step 2. Disclose policies (S2-1)

Van Houten has a Supplier Code of Conduct (last updated January 2025) that requires all Tier 1 suppliers to prohibit child labour and forced labour. The Code references the ILO Minimum Age Convention (No. 138) and the Worst Forms of Child Labour Convention (No. 182). It does not reference the UN Guiding Principles on Business and Human Rights. The working paper records the policy’s existence, its date, its scope (Tier 1 only), and the gap (no UNGP reference, no coverage of Tier 2 or beyond).

Step 3. Describe engagement and grievance channels (S2-2)

Van Houten participates in a cocoa industry initiative (the cocoa cooperative’s sustainability programme) that conducts annual social audits of participating farms. The company does not engage directly with cocoa farm workers. For the logistics subcontractor, Van Houten holds quarterly review meetings with the subcontractor’s management but has no direct channel to the drivers themselves. No grievance mechanism accessible to value chain workers exists.

The working paper records that no substantiated human rights incidents connected with value chain workers were reported during the period (paragraph 19 datapoint). It also records that the absence of a grievance mechanism means the company cannot demonstrate Principle 31 effectiveness criteria are met.

Step 4. Disclose actions (S2-3)

Two actions documented. First, Van Houten requires its cocoa intermediary to provide annual social audit reports from the cooperative programme. The company reviewed the 2024 audit report covering 312 of an estimated 1,800 smallholder farms (17% coverage). Second, Van Houten added a contractual clause to its logistics agreement in Q2 2025 requiring the subcontractor to limit driver working hours to the EU Drivers’ Hours Regulation maximum. No independent verification of compliance with this clause has been performed.

The working paper records both actions, their scope limitations, and the absence of effectiveness tracking. Van Houten has not established a process for considering impacts on value chain workers when deciding to terminate a supplier relationship (the AR 32 disclosure).

Step 5. Disclose targets (S2-4)

Van Houten has not set formal S2 targets. The disclosure states this fact and explains the reason: the company is in its first reporting year under the CSRD and intends to set measurable targets after completing a supply chain risk mapping exercise planned for H1 2028.

This file gives a reviewer a complete S2 trail for a mid-market food manufacturer. It’s honest about the gaps (no grievance mechanism, limited audit coverage, no targets, no UNGP reference in the supplier code). That honesty is the point. ESRS S2 doesn’t require the client to have perfect supply chain governance. It requires them to disclose what they have, what they don’t, and what they plan to do about it. An assurance provider testing this file under limited assurance would find documented evidence for each disclosure, clearly flagged limitations, and no inconsistencies between the stated policies and the described actions.

Practical checklist for your current engagement

1. Confirm S2 materiality at sub-topic level and document which value chain worker groups are material. Record the basis for any exclusion, including specific data sources (CAO coverage, sector risk assessments, geographic risk profiles).
2. Verify the S1/S2 boundary classification for outsourced workers, agency staff, and contractors. If a worker performs work for the reporting entity, they belong in S1 regardless of their employment contract. If they work for a value chain partner, they belong in S2.
3. Check whether the client’s Supplier Code of Conduct (or equivalent policy) references the ILO core conventions, the UN Guiding Principles, or the OECD Guidelines. If it doesn’t, record the gap. The amended ESRS S2 explicitly expects this alignment.
4. Confirm whether a grievance mechanism accessible to value chain workers exists and document whether it meets the UNGP Principle 31 effectiveness criteria. If no mechanism exists, that is a legitimate disclosure, not a finding, but it must be stated clearly.
5. Record the paragraph 19 human rights incident disclosure as a binary datapoint (yes/no) for each material worker group. If incidents occurred, document their nature and the company’s response.
6. If no S2 targets exist, document the disclosure under paragraph 20 with the reason and expected timeline. Do not invent targets to fill the gap.

Common mistakes to avoid

• Conflating S1 and S2 disclosures: first-cycle reporters frequently treated all workers mentioned in the sustainability statement as “own workforce” even when they were employed by suppliers or subcontractors. ESMA’s 2025 enforcement review emphasised that the DMA must cover each social standard separately. A single materiality assessment that lumps “labour” into one category without distinguishing between S1 scope (own workforce) and S2 scope (value chain) creates a classification gap that an assurance provider will flag.
• Disclosing policies without describing scope limitations: companies with limited supply chain visibility often disclosed S2 policies without describing the scope limitations. A policy that applies to Tier 1 suppliers only must say so. A policy that has never been communicated to the relevant worker groups must disclose that fact. The CEAOB guidelines expect practitioners to test whether the disclosed scope of policies and actions matches the actual scope of the company’s supply chain management.

Related Ciferi content

Related guides:

Put audit concepts into practice with these free tools:

Frequently asked questions

Further reading and source references

• ESRS S2, Workers in the Value Chain: the source standard governing disclosure requirements for value chain worker impacts, risks, and opportunities.
• ESRS 1, General Requirements: covers the double materiality assessment framework and transitional provisions for value chain data.
• UN Guiding Principles on Business and Human Rights: the international framework referenced by ESRS S2 for policy alignment and grievance mechanism effectiveness (Principle 31).
• OECD Guidelines for Multinational Enterprises: the due diligence framework referenced by the amended ESRS S2 for supply chain governance.