The Dyson Case Is a Preview of What the EU Forced Labour Regulation Will Demand

When 24 migrant workers from Nepal and Bangladesh filed a lawsuit in London's High Court against Dyson in 2022, most compliance professionals took note. When the UK Supreme Court ruled the case could be heard in England (meaning a British company could be held accountable in UK courts for the actions of an overseas supplier) the entire corporate world should have sat up straighter.

The settlement, announced in February 2026, was reached without any admission of liability. But the legal and reputational journey Dyson endured over nearly four years offers a powerful case study for EU operators now looking ahead to December 2027, when Regulation (EU) 2024/3015- the EU Forced Labour Regulation (FLR) comes into full force.  

What Happened to Dyson — and Why It Matters

The workers in the Dyson case were employed not by Dyson directly, but by ATA Industrial (M) Sdn Bhd, a Malaysian supplier that manufactured components for Dyson products. The alleged abuses were serious: unlawful wage deductions, physical beatings for failing to meet production targets, withheld passports, denied toilet breaks, and forced shifts of more than 12 hours. A migrant workers' rights specialist first raised these concerns with Dyson in 2019. Six audits followed. Dyson ultimately terminated its contract with ATA in 2021, a decision later criticised by advocates as an "irresponsible disengagement" that left thousands of workers without remedy.

The key legal development from the case was not the settlement itself, but the jurisdictional precedent: UK courts can hear claims against UK-domiciled companies for the actions of their foreign suppliers. The Court found that Dyson's UK entities were at the centre of management control and bore responsibility for supply chain policies and oversight.

This is precisely the logic that underpins the EU Forced Labour Regulation, and EU operators would be wise to recognise the parallel.

What the EU Forced Labour Regulation Actually Requires

The FLR- Regulation (EU) 2024/3015 was signed on 27 November 2024 and entered into force on 13 December 2024. It will become fully applicable on 14 December 2027, giving companies a three-year implementation window that is now more than halfway consumed.

Here is what the law actually does:

A product ban, not just a disclosure requirement.

Unlike the EU's Corporate Sustainability Reporting Directive (CSRD) or even the Corporate Sustainability Due Diligence Directive (CSDDD), the FLR is a hard product ban. Any product — or component of a product — made using forced labour at any stage of the supply chain cannot be placed on the EU market or exported from it. There is no revenue threshold, no size exemption, and no sectoral carve-out.

No SME exemption — and that matters

This point deserves emphasis. Laws like the German Supply Chain Act and the CSDDD include size and revenue thresholds that place many small and medium-sized enterprises outside their scope. The FLR does not. Every economic operator placing products on or exporting from the EU market is in scope, regardless of company size, legal form, or industry sector. This will catch many businesses that have to date assumed they were too small to be subject to supply chain legislation.

Whole supply chain liability

The prohibition covers every stage of production: extraction, harvest, manufacture, and processing. If forced labour is used at the raw material level — as was alleged in the Dyson case — the finished product is tainted. This is not limited to tier-one suppliers.

Risk-based investigations with teeth

The European Commission leads investigations for suspected forced labour outside the EU; national competent authorities handle cases within the EU. EU Member States were required to designate their competent authorities by December 2025. Investigators will prioritise based on the scale and severity of suspected abuses, the volume of goods in the EU market, the share of the tainted component in the final product, the operator's size and economic resources, and the steps in the value chain closest to forced labour risk.

A 30-working-day response window

When an investigation opens and the competent authority requests information on due diligence actions, companies have just 30 working days to respond. This is not the time to start building your documentation. Operators need audit trails, supplier engagement records, and remediation evidence ready before an inquiry lands — not after.

The burden shifts to operators

During an investigation, authorities will request specific information on the steps taken to identify, prevent, mitigate, and remediate forced labour risks in operations and supply chains. Companies will need to demonstrate what they actually did — not just what their policy says. Critically, demonstrating effective due diligence at the preliminary stage can lead regulators to decide not to initiate a full investigation at all.

Penalties and market consequences for non-compliance

If a product is found to have been made with forced labour, it must be withdrawn from the market. Member States are required to implement effective, proportionate, and dissuasive penalties for companies that fail to comply with enforcement decisions. However, there is an important nuance: for products of critical importance, authorities may allow operators additional time to eliminate forced labour from the supply chain before disposal is ordered. And where only an exchangeable component is tainted — not the whole product — only that component needs to be disposed of. Once forced labour has been demonstrably eliminated, products may be allowed back onto the market.

Mutual recognition across Member States

A decision by one national authority is recognised across all Member States, meaning a ruling in one country has effect across the entire EU single market. The newly established Union Network Against Forced Labour Products will coordinate joint investigations and share enforcement priorities across the bloc.

The CSDDD interplay — and the Omnibus delay

The FLR complements but does not duplicate the CSDDD. The CSDDD imposes detailed internal governance and due diligence obligations on in-scope companies; the FLR focuses on the product itself. Entities that comply with the CSDDD may benefit from a degree of discharge on FLR due diligence obligations — but only in relation to overlapping requirements. Note that as part of the EU's first Omnibus package, the "Stop the Clock" Directive has postponed the CSDDD's transposition deadline by one year, giving companies additional preparation time — but this does not alter the FLR's December 2027 application date.

The Dyson Parallel: Five Lessons for EU Operators

Reading the Dyson case through the lens of the FLR reveals practical lessons that EU operators cannot afford to ignore.

1. Supplier relationships do not insulate you from liability

Dyson's core legal defence — that the workers were employed by a third-party supplier and that Dyson was not the direct employer — did not prevent years of litigation, reputational damage, and ultimately a settlement. Under the FLR, the product ban applies regardless of where in the supply chain forced labour occurs. Operators cannot use the intermediary structure of modern supply chains as a shield.

2. Audits are necessary but not sufficient

Six audits of ATA Industrial were conducted between November 2019 and June 2021. A final in-depth audit reportedly identified major forced labour risks. Yet the abuses were alleged to have been ongoing for years. Social auditing firms have themselves acknowledged that standard audits are not designed to surface sensitive violations such as forced labour. The FLR will require operators to demonstrate substantive due diligence (monitoring, remediation, and follow-through) not just a paper trail of completed audits.

3. Disengagement is not remediation

When Dyson cancelled its contract with ATA in 2021, advocates argued the move left thousands of workers without remedy and breached international standards on responsible business conduct. The FLR's risk-based investigation framework will assess what companies did when violations were identified — including whether they engaged responsibly or simply walked away. Operators should understand that terminating a supplier relationship does not extinguish past liability.

4. The geographic reach of enforcement is expanding

The Dyson case established that UK courts can hear claims against UK companies for actions by suppliers in Malaysia. The FLR extends equivalent logic across all 27 EU Member States. Whether your products are manufactured in Southeast Asia, South Asia, or Sub-Saharan Africa, they must be clean of forced labour to enter the EU market. The FLR explicitly applies to imports from all countries, with no preferential treatment for any trading partner.

5. The window for preparation is shorter than it looks

The FLR applies from December 2027. But the Commission's implementation guidelines are due by June 2026. National competent authorities are already being designated. Companies that begin their supply chain mapping, due diligence frameworks, and supplier engagement now will be far better positioned than those that wait for enforcement to begin. The Dyson workers first raised concerns in 2019; the final audit flagging major risks came in 2021. The gap between knowing and acting was costly.

What EU Operators Should Be Doing Now

The FLR does not impose new stand-alone due diligence obligations — those sit primarily with the CSDDD — but it does require operators to demonstrate, when investigated, that they have taken steps to address forced labour risks.

Practically, this means:

• Mapping your supply chain beyond tier one, with particular attention to high-risk geographies and sectors identified in the Commission's forthcoming risk database.

• Reviewing supplier codes of conduct and procurement procedures to ensure forced labour indicators (recruitment fees, passport retention, excessive working hours, wage deductions) are explicitly covered and monitored.

• Enhancing audit practices with worker interviews, unannounced visits, and specialist modern slavery expertise — recognising that standard social audits have documented limitations.

• Establishing grievance and remediation mechanisms so that workers can raise concerns safely, and so that your organisation has a credible response when concerns are raised.

• Training procurement, legal, and senior management on forced labour risks and their obligations under the FLR and the CSDDD.

• Documenting everything — now. When an investigation opens, you will have 30 working days to respond. Documentation of due diligence steps, supplier responses, and remediation actions will be your primary defence and your best chance of avoiding a full investigation altogether.

A Note for German Operators

For businesses operating under the German Supply Chain Act (Lieferkettensorgfaltspflichtengesetz), it is important to understand that the FLR supplements — not replaces — existing German obligations. The FLR's definition of forced labour aligns with both ILO conventions and the German Supply Chain Act's own definition, but the FLR's scope is broader in one critical respect: there is no company-size threshold.

Smaller German businesses that have to date been exempt from the German Supply Chain Act will need to assess their FLR exposure carefully. Germany will also need to pass accompanying national legislation designating a competent authority and setting out enforcement powers — a process to watch as 2027 approaches.

The Bottom Line

The Dyson case is not an outlier. It is a preview. The legal exposure, the jurisdictional reach, and the reputational consequences that one British company faced over a Malaysian supplier are now being codified and scaled across the entire EU market.

Regulation (EU) 2024/3015 is not a reporting exercise. It is a product ban with investigative powers, enforcement teeth, and a mandate to hold economic operators accountable for their entire supply chain — including components sourced thousands of miles away, from workers who are often the most vulnerable and the least visible. Crucially, it applies to businesses of every size, in every sector.

December 2027 is closer than it looks. The time to act is now.

This blog is for informational purposes only and does not constitute legal advice. Operators should seek qualified legal counsel in assessing their obligations under Regulation (EU) 2024/3015 and related EU legislation.