A renewed focus on global trade policy and tariffs has led many businesses to take a closer look at their supply chains and the compliance expectations that arise from the cross-border movement of goods.
In Canada, that scrutiny increasingly comes not only from within the organization, but also from customers and other supply chain partners asking what the business is doing to address forced labour and child labour risk in the goods it produces or imports.
Canada’s Fighting Against Forced Labour and Child Labour in Supply Chains Act (the “Act”),[1] which we discussed in a previous WeirFoulds article, came into force on January 1, 2024 and requires certain entities and government institutions to report annually on the steps they have taken to prevent and reduce the risk of forced labour and child labour in their activities and supply chains. Annual Reports must be submitted on or before May 31 of each year and must address the reporting entity’s previous financial year.[2]
In December 2025, Public Safety Canada updated its guidance for entities preparing reports under the Act. The updated guidance provides additional direction on who is expected to report, what counts as producing or importing goods, what a compliant report must include, and the practical steps entities should take to avoid delay or resubmission. In particular, it gives more detail on “very minor dealings,” approval and attestation requirements, privacy expectations, and the relationship between the online questionnaire and the annual report itself.
What is an “entity”?
The Act defines an “entity” as a corporation, trust, partnership or other unincorporated organization that is either listed on a stock exchange in Canada, or has a place of business in Canada, does business in Canada or has assets in Canada and meets at least two of the following thresholds for at least one of its two most recent financial years:
- At least $20 million in assets;
- at least $40 million in revenue; and
- an average of at least 250 employees.
The analysis is based on the organization’s consolidated financial statements.[3]
Public Safety’s guidance adds useful interpretive detail to that threshold analysis. For example, “assets in Canada” is treated as referring to tangible property in Canada and does not include intangibles such as intellectual property, securities or goodwill. Employee counts are treated as including full-time, part-time and temporary employees in Canada or elsewhere, but do not include independent contractors. Subsidiaries must still assess whether they are themselves an “entity” based on their own financial statements, rather than assuming they are captured simply because a parent company is in scope.
Similarly, whether an organization has a place of business in Canada or does business in Canada remains a fact-specific question. Relevant considerations include where goods are produced, sold or distributed, where employees are located, where contracts, payments or purchases are made, and where assets, inventories or bank accounts are located.
When is an Entity Required to Report?
Meeting the definition of an “entity” is only the first step. The Act’s reporting obligation arises only where the entity engages in certain specified activities, including producing goods in Canada or elsewhere, importing goods produced outside Canada, or controlling another entity that engages in those activities.[4]
As clarified in the updated guidance, entities solely engaged in distributing and selling goods, without producing or importing goods or controlling an entity that does, are not expected to report under the Act. This clarification narrows the reporting requirements for some businesses, particularly downstream sellers and distributors that do not produce or import goods and do not control entities that do.
The concepts of “produce” and “import” have also been framed more clearly. “Goods” refers to tangible physical property that is the subject of trade and commerce. Real property, electricity, software services and insurance plans are excluded. “Producing goods” includes manufacturing, growing, extracting and processing goods.[5] An entity is “importing goods” if it is the true importer that, in reality, caused the goods to be brought into Canada, which is generally the entity that accounts for or pays the duties on the goods. Simply purchasing foreign-produced goods from a third party that is itself the importer does not amount to importing for purposes of the Act.
The updated guidance also provided additional direction on “very minor dealings.” There is still no prescribed minimum value of goods that an entity must produce or import before reporting obligations arise. However, importing or producing activities that are incidental, low-volume, or not central to an entity’s core business may qualify as “very minor dealings,” to be assessed in light of the scale, frequency and relevance of the activity within the entity’s broader operations. This does not create a bright-line exemption, but it does provide a more practical basis for scoping analysis.
What Must the Report Include?
The Act requires a reporting entity to describe the steps it has taken during its previous financial year to prevent and reduce the risk that forced labour or child labour is used at any step of the production of goods in Canada or elsewhere by the entity, or of goods imported into Canada by the entity. The report must also include information about the entity’s structure, activities and supply chains, its policies and due diligence processes, the parts of its business and supply chains that carry risk and how that risk is assessed and managed, any remediation measures taken, any measures taken to remediate loss of income to vulnerable families, training provided to employees, and how the entity assesses its effectiveness.[6] Public Safety’s current guidance is explicit that a compliant report must address each mandatory requirement of the Act.
Annual reports should describe concrete actions taken during the previous financial year, rather than relying on broad or aspirational statements. At the same time, entities may be at different stages of maturity and can appropriately explain where they are in the process of developing and improving their response.
The guidance also emphasizes that the annual report is the primary, public-facing compliance document. The online questionnaire mirrors the Act’s mandatory topics and includes examples of measures and activities that may be relevant, making it a useful drafting checklist – but it does not replace the report, and its structured fields may not allow the nuance that belongs in the annual report itself.
Joint Reporting
An entity may file an annual joint report covering itself and any entities it controls, including subsidiaries, as well as multiple entities within the same corporate group. Joint reporting can be a practical alternative to separate filings, particularly where entities operate within an integrated corporate structure and share common policies, processes, and risk-management frameworks. That said, joint reporting does not eliminate the need for entity-specific threshold analysis.
The concept of control is therefore central. For purposes of the Act, control is interpreted broadly and includes both direct and indirect control throughout the organizational chain. It is not limited to formal ownership and may also extend to joint control. While accounting standards may assist in the analysis, they are not determinative.
A subsidiary or other controlled entity does not become a reporting entity merely because its parent or controlling entity is in scope. Each legal entity must separately assess (i) whether it meets the Act’s definition of an “entity” and (ii) whether it carries on the types of activities that trigger a reporting obligation. Where multiple entities are independently subject to the Act, a joint report may provide an efficient means of disclosure, provided it accurately reflects the circumstances of each covered entity.
A joint report is only appropriate where the disclosure generally applies across the group and can accurately describe each covered entity. The annual joint report must clearly identify the legal name of every entity included, although the online questionnaire generally need only be completed by the submitting entity. [7] Where covered entities have materially different risk profiles, policies, operations, or supply chains, a single report may be inaccurate or misleading, and separate reports may be preferable. Where joint reporting is appropriate, however, entities should distinguish between group-level frameworks and measures taken by particular subsidiaries or controlled entities.
The New Optional International Reporting Template May Help Streamline Reporting
Public Safety has also highlighted a new optional International Reporting on Modern Slavery, Forced Labour and Child Labour template developed with the governments of the United Kingdom and Australia. The template is intended to reduce the administrative burden for organizations subject to supply chain reporting requirements in all three jurisdictions and to support the development of a single report that can be used across Canada, the United Kingdom and Australia.
For entities with cross-border reporting obligations, the template may be a useful starting point. A single report may be used across jurisdictions so long as all of the Canadian Act’s reporting requirements are included and the report covers the appropriate Canadian reporting period. The template is therefore a harmonization tool, not a substitute for a Canadian legal analysis.
That distinction matters in practice. The Canadian Act has its own administrative requirements, including use of the online questionnaire, inclusion of a signed attestation in the PDF report, and publication of the report on the entity’s website after submission.[8] Entities using the international template should still confirm that their final Canadian filing addresses each mandatory requirement of the Act.
Submission and Publication Requirements
The annual report and the online questionnaire are separate requirements. Completing the questionnaire alone does not satisfy the Act. The questionnaire is the mechanism through which the report is submitted, but the annual report is the public-facing document that appears in Public Safety Canada’s online open catalogue and on the reporting entity’s own website. Entities should therefore ensure that the questionnaire is accurate and consistent with the annual report, while including any necessary detail or nuance in the report itself.
Public Safety Canada’s guidance also sets out certain submission requirements. The annual report must be submitted in PDF format, must not exceed 100 MB, and should use an alphanumeric file name. Reports are subject to a high-level quality assurance review before publication in the online catalogue, and Public Safety Canada does not provide a fixed publication timeline
Once the annual report has been submitted, the reporting entity must publish it in a prominent place on its website so that it is readily accessible to the public. Entities do not need to wait until the report appears in Public Safety Canada’s catalogue before posting it to their own websites. If the reporting entity is incorporated under the Canada Business Corporations Act or another Act of Parliament, the report must also be provided to shareholders together with the entity’s annual financial statements. [9]
Approval, Attestation and Privacy Should Not be Left to the Last Minute
The report must be approved by the appropriate governing body or bodies, and the submitted annual report must include a signed attestation confirming that approval. In practice, many organizations evidence approval through a board or other governing body resolution or written consent approving the final report and authorizing one or more members to sign the attestation. For a joint report, the attestation should specify whether approval was given by the governing body of each entity covered or by the governing body of the controlling entity that approves on their behalf. The attestation should also confirm that the signatory has authority to bind the entity or entities. The guidance indicates that governing body approval is required for the annual report, not the questionnaire, although the questionnaire must remain accurate and consistent with the annual report. Wet signatures and electronic signatures are both acceptable. An annual report submitted without the required attestation will not be published in the online catalogue. [10]
Organizations should allow sufficient time for internal review, governing body approval and execution of the attestation, particularly where multiple entities are covered by a joint report, to ensure these requirements can be met.
The annual report is a public document. Personal information should not be included in either the report or the questionnaire. Public Safety Canada’s guidance is explicit that entities must not provide personal information, as defined in the Privacy Act, in the questionnaire or in their annual reports. Submissions that include personal information cannot be published and will need to be corrected and resubmitted. Entities should also avoid including commercially sensitive information or other details that could create legal risk or compromise privacy.
What’s Next?
As the May 31 deadline approaches, businesses should revisit how they have assessed the Act’s application to their operations, rather than assuming their earlier approach still holds. This year’s filing is also an opportunity to confirm that the report still reflects the business’s operations, meets the Act’s disclosure requirements, and can be finalized in time to complete the necessary approval, attestation and website publication steps.
While the updated guidance does not change the law, it does provide additional direction for this year’s reporting cycle. Businesses that may be in scope should use this opportunity to ensure their disclosure is current, complete and aligned with the Act.
Contact Us
Our lawyers are available to assist businesses in assessing whether they are required to report under the Act, preparing or reviewing annual reports and attestations, advising on import and supply chain scoping questions, and developing supply chain due diligence, procurement and internal governance processes.
The information and comments herein are for the general information of the reader and are not intended as advice or opinion to be relied upon in relation to any particular circumstances. For particular application of the law to specific situations, the reader should seek professional advice.
Citations
[1] Fighting Against Forced Labour and Child Labour in Supply Chains Act, S.C. 2023, c. 9.
[2] Ibid., ss. 5, 6(1), 9, 11(1).
[3] Ibid., s. 2 (definition of “entity”).
[4] Ibid., ss. 3(b), 9, 10.
[5] Ibid., s. 2 (definition of “production of goods”).
[6] Ibid., s. 11(1), (3).
[7] Ibid., ss. 10, 11(2).
[8] Ibid., ss. 11(5), (6), 13(1).
[9] Ibid., s. 13(1), (2).
[10] Ibid., s. 11(4), (5); see also s. 12(3).
