Supplier Due Diligence in India: Quality, Compliance & ESG Audit Guide

Why Supplier Due Diligence in India Has Changed Permanently

Until recently, supplier due diligence in India meant a factory visit, a quality check, and a signed declaration. That era is over. Three converging forces have transformed how foreign companies must evaluate Indian suppliers:

• SEBI's BRSR Core (FY 2025-26): India's top 250 listed companies must now report ESG performance of major suppliers and customers accounting for 2% or more of total purchases. This pushes ESG compliance requirements downstream to every supplier in the value chain
• EU Corporate Sustainability Due Diligence Directive (CSDDD): Although the implementation timeline has shifted to July 2029 with higher thresholds (5,000 employees and EUR 1.5 billion turnover), EU-headquartered companies are already embedding supply chain due diligence into procurement contracts with Indian suppliers
• Buyer liability exposure: Foreign companies sourcing from India face reputational, legal, and financial risk if suppliers are found violating labour laws, environmental standards, or human rights norms. Product AQL failure rates in India have been cited around 30% in industry commentary, making upstream quality audits essential

For companies establishing sourcing operations, setting up a liaison office or subsidiary in India, or managing existing supplier relationships, a structured due diligence framework is no longer optional — it is a baseline expectation from regulators, investors, and end customers.

The Five Pillars of Supplier Due Diligence in India

Pillar 1: Legal and Corporate Verification

Before evaluating quality or ESG, verify that the supplier is a legitimate, properly registered entity:

• MCA verification: Check the company's CIN (Corporate Identification Number) on the MCA portal to verify incorporation date, authorised capital, registered office, director details, and annual filing history
• GST registration: Verify GST registration status on the GST portal. An unregistered supplier means you cannot claim input tax credits on purchases
• IEC verification: For export-oriented suppliers, verify their Import Export Code (IEC) on the DGFT portal
• MSME registration: Check Udyam registration status — this affects payment terms (the MSME Act mandates payment within 45 days to registered MSMEs)
• Litigation search: Check for pending cases on the NCLT, High Court, and district court portals. Services like IndiaKanoon provide searchable court records
• Director disqualification: Verify that no directors are disqualified under Section 164 of the Companies Act, 2013

Pillar 2: Financial Due Diligence

A supplier's financial health directly impacts delivery reliability:

• Audited financial statements: Request the last 3 years of audited financials. Look for revenue trends, debt-to-equity ratio (healthy: below 2:1 for manufacturing), and working capital adequacy
• Bank references: Obtain bank references confirming credit facilities and account standing
• Credit rating: For larger suppliers, check CRISIL, ICRA, or CARE ratings. For MSMEs, NSIC performance and credit ratings are available
• Payment history: Request references from 3-5 existing customers, particularly export customers, to verify payment and delivery track records
• Insurance coverage: Verify product liability insurance, fire/natural disaster coverage, and marine cargo insurance for export shipments

Pillar 3: Quality Management Systems

Quality audits in India require both systems-level and process-level evaluation:

Systems Assessment

• ISO 9001 certification: The baseline for quality management. Verify the certificate's validity, scope, and certifying body on the IAF CertSearch database
• Industry-specific certifications: ISO 13485 (medical devices), IATF 16949 (automotive), AS9100 (aerospace), ISO 22000/FSSC 22000 (food safety), GMP (pharmaceuticals)
• Quality manual review: Request the quality manual, inspection procedures, and non-conformance reporting process
• Calibration records: Verify that measuring instruments are calibrated per schedule and traceable to national/international standards

Factory Audit Checklist

A comprehensive factory audit evaluates multiple dimensions. Experienced auditors from agencies like Bureau Veritas, Intertek, SGS, or Indian firms like RSJ Inspection and Pro QC assess:

• Production capacity utilisation and equipment condition
• Raw material inspection and storage protocols
• In-process quality control checkpoints
• Testing laboratory capabilities and equipment
• Finished goods inspection and packaging standards
• Traceability systems from raw material to finished product
• Non-conformance handling and corrective action procedures
• Worker training records and competency assessments

A standard factory audit by a third-party agency in India costs INR 25,000-75,000 (USD 300-900) per day. A comprehensive 2-day audit with report is typically INR 60,000-1,50,000. For ongoing quality monitoring, pre-shipment inspection services cost INR 15,000-30,000 per inspection.

Pillar 4: Labour and Social Compliance

India's labour compliance landscape is governed by over 40 central and state-level labour laws. Key areas to audit:

Critical Labour Law Checks

Social Audit Standards

Many foreign buyers require suppliers to comply with international social audit standards:

• SA8000: The most widely recognised social accountability standard, covering child labour, forced labour, health and safety, freedom of association, discrimination, disciplinary practices, working hours, and remuneration
• SMETA (Sedex Members Ethical Trade Audit): A widely used ethical audit methodology. Over 65,000 sites worldwide are registered on Sedex, including thousands in India
• BSCI (amfori): The Business Social Compliance Initiative used predominantly by European retailers and brands
• WRAP: Worldwide Responsible Accredited Production, common in apparel and footwear

Pillar 5: Environmental and ESG Assessment

ESG due diligence for Indian suppliers has evolved from a nice-to-have to a procurement requirement:

Environmental Compliance Checks

• Consent to Operate (CTO): Verify valid CTO from the State Pollution Control Board (SPCB). Every manufacturing unit discharging effluents or emissions must have a current CTO
• Hazardous waste authorisation: For units generating hazardous waste, verify authorisation under the Hazardous and Other Wastes (Management and Transboundary Movement) Rules, 2016
• Extended Producer Responsibility (EPR): For electronics, batteries, and plastics, verify EPR registration with CPCB
• Environmental Impact Assessment (EIA): For large manufacturing units, verify EIA clearance from MoEFCC or SEIAA
• Water and energy consumption: Benchmark against industry standards and look for efficiency improvement trends

SEBI BRSR Framework and Value Chain Impact

For FY 2025-26, India's top 250 listed companies must report ESG disclosures including value chain (supplier/customer) data. The BRSR Core framework requires reporting on:

• Energy consumption and greenhouse gas emissions across the value chain
• Water usage and waste management in supply chain operations
• Percentage of suppliers assessed on ESG criteria
• Corrective action plans for identified ESG risks

From FY 2026-27, BRSR Core value chain disclosures become mandatory with third-party assurance. Indian suppliers to listed companies will increasingly be required to provide ESG data — foreign buyers should align their due diligence with BRSR metrics to help suppliers prepare.

EU CSDDD Implications

The EU Corporate Sustainability Due Diligence Directive requires covered EU companies to identify, prevent, and mitigate adverse human rights and environmental impacts in their supply chains. While the directive's thresholds were raised to 5,000 employees and EUR 1.5 billion turnover (reducing in-scope companies by 70%), large EU companies will contractually require their Indian suppliers to comply with due diligence obligations. Key areas include child labour, forced labour, workplace safety, pollution, deforestation, and biodiversity impact.

Red Flags That Should Stop a Supplier Relationship

While most due diligence findings can be addressed through corrective action, certain red flags should immediately pause or terminate supplier engagement:

• Evidence of child labour: Any worker under 14 years on the production floor, or adolescents (14-18) in hazardous conditions. This is a zero-tolerance issue under Indian law and virtually all international sourcing standards
• Forced labour indicators: Workers unable to leave freely, passport confiscation (common with migrant workers), wage withholding as a retention mechanism, or debt bondage arrangements
• Falsified certifications: Fake ISO certificates, fabricated test reports, or forged Consent to Operate documents. Verify all certifications independently through the certifying body's database
• Environmental violations: Operating without valid CTO from the Pollution Control Board, illegal discharge of untreated effluents, or hazardous waste dumping
• Financial fraud indicators: Multiple sets of books, undisclosed related-party transactions, or significant discrepancies between declared GST turnover and actual production volumes
• Consistent non-compliance history: If previous audit findings remain unresolved after multiple corrective action cycles, the supplier lacks the capability or willingness to comply

Document all red flag findings thoroughly. In jurisdictions with mandatory human rights due diligence requirements (EU CSDDD, German Supply Chain Act, French Duty of Vigilance), failure to act on identified red flags creates direct legal liability for the buyer.

Building a Due Diligence Programme: Step-by-Step

Step 1: Risk-Based Supplier Segmentation

Not every supplier requires the same depth of due diligence. Categorise suppliers into tiers:

Step 2: Desktop Pre-Screening

Before visiting any factory, conduct desktop checks: MCA portal for company status, GST portal for registration, DGFT for IEC, court databases for litigation, and news/media searches for any ESG incidents or controversies.

Step 3: On-Site Factory Audit

Engage a reputable third-party inspection agency. Major agencies operating in India include Bureau Veritas, SGS, Intertek, TUV, and Indian firms like RSJ Inspection and Pro QC. A typical audit includes:

• Opening meeting with management
• Documentation review (quality manuals, compliance certificates, employee records)
• Factory walkthrough (production floor, storage, testing lab, dormitories)
• Worker interviews (conducted privately, away from management)
• Closing meeting with findings presentation

Cost: INR 60,000-1,50,000 for a comprehensive 2-day audit. Many agencies offer combined quality + social + ESG audits at a bundled rate of INR 1-2 lakh.

Step 4: Corrective Action and Remediation

Classify findings as Critical (immediate resolution required), Major (resolution within 30-60 days), or Minor (resolution within 90 days). Work with the supplier on a Corrective Action Plan (CAP) with defined timelines, responsible persons, and verification methods. Follow-up audits should verify CAP completion.

Step 5: Ongoing Monitoring

Due diligence is not a one-time exercise. Implement continuous monitoring through:

• Quarterly self-assessment questionnaires
• Annual or biennial re-audits for critical suppliers
• Pre-shipment quality inspections for each order
• Whistleblower/grievance mechanisms accessible to supplier workers
• Real-time compliance monitoring platforms (emerging technology)

Costs of Due Diligence: What to Budget

For a company managing 20 critical suppliers in India, budget INR 20-40 lakh annually for comprehensive due diligence. This is a fraction of the cost of a single supply chain disruption, recall, or reputational incident.

Industry-Specific Due Diligence Considerations

Textiles and Apparel

India is the world's second-largest textile manufacturer. Key due diligence areas include Azo dye compliance (banned in EU), OEKO-TEX or GOTS certification for organic claims, child labour risk in spinning and ginning units, and water/chemical management in dyeing facilities. The Tirupur, Ludhiana, and Surat clusters require particularly rigorous social audits due to historical child labour concerns.

Pharmaceuticals and Active Pharmaceutical Ingredients

India manufactures approximately 20% of the world's generic drugs. Due diligence must cover WHO-GMP or EU-GMP certification, FDA warning letters and import alerts (searchable on FDA.gov), data integrity practices (a major regulatory focus area), stability testing and bioequivalence documentation, and pharmacovigilance systems. Hyderabad and Ahmedabad are the primary API manufacturing hubs.

Auto Components and Engineering

India's auto component industry exports over USD 20 billion annually. Critical checks include IATF 16949 certification for automotive quality management, PPAP (Production Part Approval Process) documentation, SPC (Statistical Process Control) implementation, tool and die maintenance records, and IMDS (International Material Data System) compliance for EU automotive suppliers. The Pune, Chennai, and Delhi NCR clusters dominate this sector.

Electronics and Electrical Components

With India's electronics manufacturing growing rapidly under PLI schemes, due diligence must cover BIS certification for applicable products, RoHS compliance for EU-destined goods, ESD (electrostatic discharge) controls in manufacturing, component traceability and counterfeit detection measures, and UL/CE/FCC certification as applicable to destination markets.

Food and Agricultural Products

India is among the world's top food exporters. Essential checks include FSSAI license verification (mandatory for all food businesses in India), HACCP/ISO 22000/FSSC 22000 certification, pesticide residue testing capabilities, allergen management protocols, cold chain integrity for perishable goods, and organic certification (NPOP/NOP/EU Organic) for organic products.

Technology-Enabled Due Diligence: Emerging Tools

The due diligence landscape is evolving with technology-driven solutions that complement traditional audits:

• Supplier management platforms: SAP Ariba, Jaggaer, and Coupa provide supplier risk scoring, document management, and compliance tracking in a single platform
• ESG data platforms: EcoVadis, Sedex, and CDP provide standardised ESG assessments that can be shared across multiple buyers, reducing audit fatigue for suppliers
• Satellite and IoT monitoring: For agricultural and forestry supply chains, satellite imagery can verify land use claims and deforestation risk. IoT sensors monitor cold chain compliance in real time
• AI-driven risk scoring: Platforms like Kharon and Refinitiv provide automated screening against sanctions lists, adverse media, and ESG incident databases
• Blockchain traceability: Emerging solutions for mineral, textile, and food supply chains provide immutable records of provenance and processing steps

While technology cannot replace physical factory audits, it significantly enhances the efficiency and coverage of due diligence programmes, particularly for companies managing hundreds of Indian suppliers.

Setting Up a Sourcing Entity in India

Many foreign companies establish a dedicated presence in India to manage supplier relationships. The common structures are:

• Liaison Office: Can coordinate sourcing but cannot conduct commercial activities or earn revenue in India. Suitable for buyer's representative functions. Learn about branch office vs liaison office options
• Branch Office: Can act as a buying/selling agent, render professional services, and carry out export/import trading
• Wholly-Owned Subsidiary: Full operational flexibility including procurement, quality control, vendor development, and sales. The most comprehensive option for serious sourcing operations

For companies sourcing more than USD 1 million annually from India, a subsidiary with a dedicated quality/sourcing team typically delivers better outcomes than managing due diligence remotely through third-party agents. Contact Beacon Filing's FDI advisory team for guidance on the right structure for your sourcing operations.

Key Takeaways

• Supplier due diligence in India must now cover five pillars: legal verification, financial health, quality systems, labour/social compliance, and ESG performance
• SEBI's BRSR Core mandates ESG value chain disclosures for India's top 250 companies from FY 2025-26, pushing ESG requirements upstream to all suppliers
• The EU CSDDD will require covered EU companies to embed human rights and environmental due diligence in supply chain contracts with Indian suppliers
• A comprehensive factory audit costs INR 60,000-2,00,000 (USD 720-2,400) — a fraction of the cost of supply chain failures or reputational damage
• Segment suppliers into Critical, Important, and Standard tiers to allocate due diligence resources proportionally
• Desktop pre-screening (MCA, GST, DGFT, court databases) before any factory visit eliminates obviously non-compliant suppliers early
• Budget INR 20-40 lakh annually for comprehensive due diligence across 20 critical Indian suppliers
• For sourcing above USD 1 million annually, establish a subsidiary or branch office in India for hands-on vendor management