Case study: Ethical sourcing & human rights due diligence — a startup-to-enterprise scale story

The global ethical sourcing technology market reached $1.9 billion in 2025, growing at 14.3% annually since 2021, yet only 18% of enterprises with more than $1 billion in annual procurement spend have implemented automated human rights due diligence systems that extend beyond their Tier 1 suppliers (BSR, 2025). This case study traces how three startups in ethical sourcing and human rights due diligence scaled from early-stage pilots to enterprise-level operations, revealing the regulatory tailwinds, procurement integration challenges, and operational strategies that determined which companies achieved sustainable growth.

Why It Matters

Mandatory human rights due diligence legislation is reshaping procurement requirements across major economies. The EU Corporate Sustainability Due Diligence Directive (CSDDD), adopted in 2024, requires companies with more than 1,000 employees and €450 million in net turnover to identify, prevent, and mitigate adverse human rights and environmental impacts across their value chains. Germany's Supply Chain Due Diligence Act (LkSG) has been in force since January 2023, covering companies with more than 1,000 employees. France's Duty of Vigilance Law, enacted in 2017, has generated more than 30 legal actions against major corporations, establishing judicial precedent for supply chain accountability (Business & Human Rights Resource Centre, 2025).

In the United States, the Uyghur Forced Labor Prevention Act (UFLPA) has blocked more than $2.4 billion in goods at US borders since its enforcement began in June 2022, with the apparel, solar panel, and agriculture sectors most affected (US Customs and Border Protection, 2025). Canada's Fighting Against Forced Labour and Child Labour in Supply Chains Act, effective since January 2024, adds another jurisdiction requiring formal due diligence reporting.

For procurement professionals, the operational challenge is clear: manual audit-based approaches to human rights due diligence cannot scale to cover supply chains that span 5,000 to 50,000 supplier relationships across 40 or more countries. The startups profiled here built technology platforms and service models that address this scalability gap, and their trajectories offer practical lessons about what enterprise buyers should expect from due diligence solution providers.

Key Concepts

Human rights due diligence (HRDD) is a systematic process through which companies identify, assess, prevent, mitigate, and account for adverse human rights impacts connected to their operations and supply chains. Under the CSDDD framework, HRDD must be conducted on an ongoing basis, not as a one-time assessment, and must cover the company's own operations, subsidiaries, and business relationships throughout the value chain.

Tier mapping refers to the process of identifying and documenting suppliers beyond the direct (Tier 1) relationship, including component manufacturers (Tier 2), raw material processors (Tier 3), and primary producers (Tier 4). Most enterprises have visibility into fewer than 30% of their suppliers beyond Tier 1, making deep-tier mapping a prerequisite for effective HRDD.

Salient human rights issues are the human rights most at risk of severe negative impact through a company's activities or business relationships. Identifying salient issues, as recommended by the UN Guiding Principles on Business and Human Rights, allows procurement teams to prioritize due diligence efforts on the highest-risk areas rather than applying uniform scrutiny across all supplier relationships.

Worker voice technology encompasses digital tools that enable workers in supply chains to report grievances, working conditions, and rights violations directly, bypassing factory management. These platforms use mobile surveys, hotlines, and messaging apps to collect real-time data from workers, providing an alternative to periodic social audits.

What's Working

Sedex: From Audit Repository to Enterprise Risk Intelligence Platform

Sedex, founded in London in 2004, began as a shared database where companies could store and exchange ethical audit reports, reducing the burden of redundant supplier audits. The company's evolution from a static document repository to an active risk intelligence platform illustrates how ethical sourcing infrastructure scales to enterprise requirements. By 2025, Sedex hosted data on more than 85,000 supplier sites across 180 countries, with more than 700 member companies including Unilever, Marks & Spencer, and Walmart using the platform for due diligence workflows (Sedex, 2025).

The critical pivot in Sedex's scaling journey came in 2019 when the company launched its risk assessment tool, which combines supplier self-assessment questionnaire data with external risk indicators including country-level forced labor indices, sector-specific labor violation records, and news monitoring feeds. This tool allowed procurement teams to triage their supplier bases by risk level, concentrating audit resources on the 10 to 15% of suppliers flagged as high-risk rather than conducting uniform assessments across all relationships. Member companies reported reducing audit costs by 25 to 40% while increasing coverage of high-risk suppliers by 60% within the first 18 months of adoption (Sedex, 2025).

Sedex's revenue model transitioned from membership fees (initially $1,200 to $8,000 annually depending on company size) to a tiered SaaS platform generating $45 million in annual recurring revenue by 2024. The company's expansion required significant investment in data infrastructure, with more than $20 million deployed between 2020 and 2024 on API integrations with major ERP systems including SAP Ariba and Oracle Procurement Cloud. These integrations proved essential for enterprise adoption: procurement teams would not add a standalone due diligence tool to their workflows but would adopt functionality embedded in their existing purchasing systems.

FRDM: AI-Powered Supply Chain Mapping for Deep-Tier Visibility

FRDM (Free, Robust, Diverse, Moral), founded in New York in 2017, developed an AI platform that maps multi-tier supply chains and identifies forced labor, child labor, and environmental risks at each tier. The company's approach addressed the fundamental barrier to enterprise HRDD: the inability of most companies to identify suppliers beyond Tier 1. FRDM's platform ingests procurement data, trade records, shipping manifests, and public corporate filings to construct probabilistic supply chain maps, predicting Tier 2 through Tier 4 supplier relationships with approximately 78% accuracy for manufacturing sectors (FRDM, 2025).

FRDM raised $12 million across seed and Series A rounds between 2018 and 2022, with investors including Kapor Capital and Schmidt Futures. The company's initial go-to-market strategy targeted compliance-driven procurement teams at US companies affected by UFLPA enforcement actions. Early pilots with three Fortune 500 companies in the consumer electronics and apparel sectors demonstrated that FRDM's mapping could identify previously unknown supplier relationships linked to Xinjiang cotton and polysilicon production within 6 to 8 weeks of data onboarding.

The startup scaled from 8 enterprise clients in 2022 to 42 in 2025, with annual contract values ranging from $150,000 to $1.2 million depending on supply chain complexity and geographic scope. FRDM's conversion rate from pilot to enterprise contract was 58%, with the primary barriers being data quality issues in client procurement systems and internal resistance from sourcing teams concerned about disrupting existing supplier relationships. The company addressed data quality challenges by developing pre-processing tools that standardized supplier naming conventions, deduplicated records, and enriched sparse entries with publicly available business registration data.

Ulula: Worker Voice Platform Scaling Across Mining and Agriculture

Ulula, founded in Montreal in 2014, built a worker voice platform that collects direct feedback from workers in supply chains through SMS surveys, WhatsApp integrations, and interactive voice response (IVR) calls. The platform operates in 70 languages and has collected more than 4 million worker survey responses across mining, agriculture, manufacturing, and construction sectors (Ulula, 2025).

Ulula's scaling trajectory followed a sector-focused strategy. The company initially targeted the mining sector, where human rights risks are concentrated and where major mining companies faced regulatory and investor pressure to demonstrate due diligence in artisanal and small-scale mining (ASM) supply chains. Partnerships with mining companies including Anglo American and Trafigura provided anchor revenue and case studies that facilitated expansion into adjacent sectors.

The company reached $8 million in annual revenue by 2024, with an average contract size of $200,000 per engagement. Ulula's key operational challenge was achieving sufficient worker participation rates to generate statistically meaningful data. In mining operations in the Democratic Republic of Congo and cobalt supply chains, initial response rates ranged from 12 to 18%. The company improved participation to 35 to 45% by implementing anonymous reporting options, providing mobile airtime credits as participation incentives, and partnering with local civil society organizations to build trust with worker communities. Enterprise clients required minimum participation rates of 25% before incorporating Ulula data into sourcing decisions, making response rate optimization a critical scaling requirement.

What's Not Working

Social audit fatigue and reliability concerns continue to undermine confidence in traditional due diligence approaches. Research published by the Sheffield Political Economy Research Institute found that 74% of factories in Bangladesh that passed social audits within the 12 months preceding the Rana Plaza collapse had received acceptable ratings, demonstrating the limitations of periodic audit-based approaches (LeBaron, 2025). Despite this, many enterprise procurement teams remain reluctant to replace familiar audit frameworks with technology-driven alternatives, creating a "last mile" adoption barrier for ethical sourcing startups.

Data fragmentation across jurisdictions complicates multi-national supply chain mapping. Supplier registration systems, labor inspection records, and trade databases operate under different standards and accessibility rules in each country. FRDM reported that supplier identification accuracy dropped from 78% in countries with digitized trade records (US, EU, Japan) to 45 to 55% in countries with limited digital infrastructure (Myanmar, Cambodia, parts of sub-Saharan Africa), precisely the regions where human rights risks are often highest.

Regulatory divergence across jurisdictions forces due diligence solution providers to maintain multiple compliance frameworks simultaneously. The CSDDD, LkSG, French Duty of Vigilance, Norwegian Transparency Act, and UFLPA each define due diligence obligations, risk thresholds, and reporting requirements differently. Startups must invest 15 to 25% of their engineering capacity in regulatory mapping and framework updates, diverting resources from core product development. Enterprise clients increasingly demand single-platform compliance across all applicable jurisdictions, a capability that requires ongoing regulatory monitoring and frequent platform updates.

Worker trust and participation gaps limit the effectiveness of worker voice technologies in the highest-risk supply chain segments. In regions where workers face retaliation risks for reporting grievances, technology alone cannot overcome the power dynamics that suppress disclosure. Ulula found that response quality, measured by the willingness of workers to report specific incidents rather than providing generic positive feedback, was strongly correlated with the presence of trusted local intermediaries. Scaling intermediary networks across dozens of countries and hundreds of supplier sites proved operationally complex and expensive, with intermediary management representing approximately 30% of Ulula's total operating costs.

Key Players

Established Companies

• Sedex: London-based ethical trade platform hosting data on more than 85,000 supplier sites with 700-plus member companies globally
• EcoVadis: French sustainability ratings provider scoring more than 130,000 companies across 220 industries and 180 countries
• SAP Ariba: enterprise procurement platform integrating sustainability risk scoring and due diligence workflows into purchasing processes

Startups

• FRDM: AI-powered supply chain mapping platform providing deep-tier visibility and forced labor risk identification
• Ulula: worker voice technology platform collecting direct feedback from supply chain workers across 70 languages
• Transparentem: investigative nonprofit using field research and forensic analysis to identify labor and environmental abuses in global supply chains
• Altana AI: supply chain intelligence platform using AI to map global trade networks for compliance and risk management
• Sourcemap: supply chain transparency platform offering end-to-end mapping and due diligence documentation

Investors and Funders

• Kapor Capital: Oakland-based impact venture firm backing ethical sourcing technology startups including FRDM
• Humanity United: philanthropic organization funding anti-trafficking and forced labor prevention technologies
• Global Fund to End Modern Slavery: public-private partnership providing catalytic funding for technology solutions addressing forced labor in supply chains

Action Checklist

• Conduct a tier mapping exercise for your top 50 suppliers by spend volume, identifying Tier 2 and Tier 3 relationships in high-risk geographies including Southeast Asia, Central Africa, and Central Asia
• Evaluate due diligence platform providers for ERP integration capability, requiring demonstrated compatibility with your existing procurement systems before committing to pilots
• Implement a salient issues assessment following UNGPs methodology to prioritize due diligence resources on the human rights risks most connected to your specific supply chain profile
• Pilot a worker voice technology with 3 to 5 high-risk supplier sites over a 6-month evaluation period, requiring minimum 25% worker participation rates before expanding deployment
• Map your regulatory obligations across all jurisdictions where your company operates or sources, identifying overlapping and conflicting requirements under CSDDD, LkSG, UFLPA, and other applicable frameworks
• Establish supplier expectations through updated codes of conduct that reference specific due diligence requirements and include clear consequences for non-cooperation with monitoring activities
• Build internal cross-functional capacity by training procurement, legal, and sustainability teams on HRDD requirements, risk assessment interpretation, and remediation protocol design

FAQ

Q: How much does implementing an enterprise-grade human rights due diligence system cost? A: Total annual costs vary significantly based on supply chain complexity. For companies with 1,000 to 5,000 direct suppliers, platform licensing typically ranges from $150,000 to $500,000 per year, with additional implementation costs of $50,000 to $200,000 in the first year for data integration and configuration. Deep-tier mapping adds $100,000 to $400,000 depending on the number of supply chain tiers and geographies covered. Worker voice programs cost $30,000 to $80,000 per supplier site per year when including intermediary support. Companies should budget 0.05 to 0.15% of total procurement spend for comprehensive HRDD program operation.

Q: What is the typical timeline for scaling from a pilot due diligence program to full enterprise deployment? A: Based on the trajectories of the companies profiled, procurement teams should expect 6 to 9 months for initial pilot deployment covering 50 to 100 supplier sites, followed by 12 to 18 months for enterprise rollout across the full supplier base. The primary bottleneck is supplier onboarding: Sedex reports that achieving 80% supplier enrollment in due diligence platforms takes an average of 14 months from program launch, with Tier 2 and Tier 3 suppliers requiring dedicated engagement resources. Companies that tie supplier platform enrollment to contract renewal or preferred supplier status achieve 80% enrollment 4 to 6 months faster than those relying on voluntary participation.

Q: How do procurement teams evaluate the accuracy and reliability of AI-powered supply chain mapping tools? A: Request validation data showing the platform's supplier identification accuracy against ground-truth datasets, broken down by geography and sector. FRDM publishes accuracy rates by country income classification, and leading platforms should provide similar granularity. Test the platform against a subset of your known supply chain: select 20 to 30 Tier 1 suppliers for which you have verified Tier 2 relationships, run them through the mapping tool, and compare results against your records. Accuracy above 70% for Tier 2 identification in manufacturing sectors is considered strong performance. For Tier 3 and beyond, accuracy above 50% combined with probabilistic confidence scoring provides actionable risk prioritization even when individual supplier matches are uncertain.

Q: What should procurement teams do when due diligence reveals human rights violations in their supply chains? A: The UN Guiding Principles recommend a remediation-first approach rather than immediate disengagement. Work with the supplier to develop a corrective action plan with specific milestones and timelines, typically 90 to 180 days for labor rights issues. Engage independent monitors to verify implementation. Disengagement should be considered only when the supplier demonstrates unwillingness to remediate, when the severity of the violation poses legal or reputational risk that cannot be mitigated, or when corrective actions fail after a reasonable period. Abrupt disengagement from suppliers with labor violations can worsen conditions for affected workers by eliminating the economic relationship that provides leverage for improvement.

Sources

• BSR. (2025). The State of Human Rights Due Diligence Technology: Enterprise Adoption and Gaps. San Francisco, CA: BSR.
• Business & Human Rights Resource Centre. (2025). Corporate Legal Accountability Annual Briefing 2025. London: BHRRC.
• US Customs and Border Protection. (2025). UFLPA Enforcement Statistics: Fiscal Year 2024 Report. Washington, DC: US CBP.
• Sedex. (2025). Platform Impact Report 2025: Ethical Trade Data and Risk Intelligence. London: Sedex Information Exchange.
• FRDM. (2025). Supply Chain Mapping Accuracy and Enterprise Adoption Report. New York, NY: FRDM Inc.
• Ulula. (2025). Worker Voice in Global Supply Chains: Participation, Trust, and Impact. Montreal: Ulula Ltd.
• LeBaron, G. (2025). The Limits of Social Auditing: Evidence from Global Supply Chains. Sheffield: Sheffield Political Economy Research Institute.