The EU Forced Labour Regulation (FLR) set 14 June 2026 as the date by which the European Commission was required to publish its implementation guidelines. That date has passed. As of late June, the guidelines have not appeared, and neither has the public database of forced labour risks by geography and product category that was due at the same time.
There has been no official announcement, no explanation of the delay, and little public commentary from the compliance community. Law firms have quietly adjusted their language, describing the guidelines as expected "before the end of June 2026" rather than by the 14th. The Commission's own webpage still describes the guidelines in the future tense. The deadline came and went without so much as an acknowledgment.
For compliance teams tracking this regulation, the situation deserves a clear-eyed read. The delay is inconvenient, but it does not change the underlying logic for acting now.
What Was Supposed to Be Published
Under Article 11 of the regulation, the Commission committed to issuing three interconnected packages of guidance by 14 June. The first, aimed at competent authorities, would cover investigation procedures, risk benchmarks, standards of evidence, and frameworks for calculating financial penalties. The second, directed at economic operators, would define what adequate forced labour due diligence looks like in practice, including how to approach different types of suppliers across different sectors. The third would provide civil society and other stakeholders with procedures for submitting information on suspected violations.
Alongside the guidelines, the Commission was also required to launch a public database that would identify forced labour risks in specific geographic areas and product categories. This database was expected to draw on ILO data, the US Department of Labor's TVPRA list, and civil society research, and it was intended to serve as a core reference point for both companies assessing their exposure and authorities deciding where to focus enforcement.
Why the Silence Is Somewhat Understandable
The Commission was consulting 160 stakeholder submissions and running targeted roundtables through the first half of 2026. Building a credible, globally scoped forced labour risk database is not a trivial task. And the broader context matters: the EU is simultaneously managing the Omnibus simplification package, which has introduced significant uncertainty around the CSDDD, the regulation the FLR is designed to complement.
Enforcement does not begin until 14 December 2027, which means there is no immediate operational harm from a two-week or even a two-month slip. The regulated community is not waiting on the guidelines to begin importing or exporting products. The practical consequence of the delay is uncertainty, not non-compliance.
But uncertainty is not nothing. The guidelines were specifically designed to answer the questions that compliance teams most urgently need answered: What does adequate due diligence look like under this regulation? Which geographies and product categories are enforcement priorities? How will investigators weigh a company's pre-existing due diligence program when deciding whether to open a formal investigation?
Without the guidelines, companies are operating without the official benchmarks they were promised.
What This Means for Compliance Programs
The absence of formal guidance does not mean there is no basis for action. The FLR is explicit that due diligence carried out in advance will be taken into account during investigations and can prevent one from being opened at all. The regulation's investigative framework is risk-based: authorities will prioritize cases where concerns are most serious and where companies appear to have done the least to identify and address them.
Companies with well-documented, risk-based supply chain due diligence programs will be in a materially stronger position than those who waited for the guidelines before starting. The Commission's forthcoming guidance is widely expected to align closely with established international frameworks, including the OECD Due Diligence Guidance for Responsible Business Conduct and the UN Guiding Principles on Business and Human Rights. Companies already building toward those standards are not working in the dark.
There are several practical steps that do not require the guidelines to be in place. Mapping your supply chain to identify where forced labour exposure is most concentrated, particularly in high-risk geographies and sectors, can begin now. Reviewing existing supplier questionnaires and onboarding workflows to incorporate forced labour risk criteria is work that can and should precede the official risk database. Establishing clear documentation practices for due diligence decisions builds the evidentiary record that investigators will look for.
For organizations with mature TPRM programs, this is an opportunity to assess how forced labour risk fits into your existing risk assessment and continuous monitoring framework. For organizations earlier in their program journey, the regulation's delayed guidance is a reminder that waiting for regulatory certainty before building program infrastructure is a risky strategy. The enforcement clock does not pause because the guidelines are late.
The Broader Pattern
The FLR delay is consistent with a pattern across EU supply chain legislation. The CSDDD has gone through multiple rounds of revision and simplification since its adoption. The EU Deforestation Regulation missed its original implementation date. Regulatory complexity at this scale tends to produce slippage.
What that pattern should not produce is regulatory fatigue among the companies that need to prepare. The underlying obligation, the prohibition on placing products made with forced labour on the EU market, is not in question. The enforcement architecture, with the Commission leading investigations for forced labour occurring outside the EU and national competent authorities handling cases within member states, is already established in law. The guidelines, when they arrive, will clarify the details. They will not change the direction of travel.
Getting Ahead of the Curve
GAN Integrity works with compliance teams across regulated industries to build third-party risk programs that are designed for exactly this kind of regulatory environment: evolving, interconnected, and requiring documentation and oversight that goes beyond a spreadsheet. Our TPRM platform supports continuous monitoring, risk-based supplier assessment, and the kind of structured due diligence documentation that investigations will scrutinize.
The guidelines will come. When they do, the companies that have used the intervening period to build and strengthen their programs will be ready. The ones that waited for Brussels to tell them where to start will have less time and less cover.
If you want to understand where your third-party risk program stands today relative to the FLR's expectations, reach out to our team who can walk you through a full TPRM Maturity Assessment.
Colin Campbell is Gan Integrity's VP of Marketing with over 15 years of experience in the SaaS software and tech industry. Colin has led analyst relations and product marketing growth strategies in North America, EMEA, UK and APAC, growing revenues in multiple industries. At GAN Integrity, Colin drives market expansion, demand generation and significantly enhancing customer retention, with a talent for aligning marketing strategies with business goals to deliver results.