The Supply Chain Due Diligence Act (Lieferkettensorgfaltspflichtengesetz or the "LkSG") enters the second stage of its implementation on January 1, 2024. This landmark German legislation imposes formal screening and reporting requirements for a host of environmental, social, and governance (“ESG”) issues, and carries with it substantial penalties for non-compliance.
Under the LkSG, organizations must contend with a novel regulatory framework, which requires organizations to uphold a duty of care that extends beyond their own operations to cover persons within their supply chain. Compliance with the Act is overseen by the German Federal Office for Economic Affairs and Export Control (Bundesamt für Wirtschaft und Ausfuhrkontrolle, or “BAFA”).
With the Supply Chain Act, Germany has raised the profile of ESG issues to be among those that corporations simply cannot afford to ignore in their operations.
Who will be affected?
The Supply Chain Act covers companies with a headquarters, domestic branch, or primary business location in Germany. For the year 2023, the Act covered only those companies with a global workforce of 3,000 or more employees. The Supply Chain Act defines “employee” broadly, to encompass all individuals employed by affiliated companies globally, along with any temporary employees whose duration of employment exceeds six months. However, beginning on January 1, 2024, the employee headcount threshold automatically drops to include firms with a global workforce of 1,000 or more employees. This second phase of the Act’s implementation brings its enhanced ESG standards to medium-sized companies.
As of January 1, 2024, large and medium-sized firms with operations that reach Germany should assume the Supply Chain Act applies to them and have all appropriate procedures in place. The LkSG applies to all companies, both public and private, irrespective of their legal structure. Likewise, the Act offers no exemptions to specific industries or products; the standards are applied universally.
Even companies that are not themselves covered by the Act should be prepared to comply with its requirements. Because the act imposes due diligence requirements on covered companies for their entire supply chain, out-of-scope companies within the supply chains of in-scope companies may jeopardize those relationships by that failing to maintain the Act’s ESG standards within their organization. The risks associated with continued engagement will be too great for in-scope companies.
Discover the Integrity Platform's TPRM solution
With its flexible no-code workflow technology, embedded integrations, and reporting and analytics, you can build a program that accommodates multiple work streams and unique business processes.Learn more
What are the Due Diligence obligations?
The Supply Chain Act mandates companies to adopt a more proactive role in preventing human rights violations, including environmental harms that carry human rights implications, across their global supply chains. Under the LkSG, manufacturers are accountable for violations occurring throughout the product lifecycle, from raw material extraction to the use of the finished product. While the act primarily targets direct suppliers, companies must promptly investigate and address potential human rights violations reported by indirect suppliers. Notably, these obligations encompass financial institutions, which can be held responsible for violations within the supply chains of entities that they finance.
Under the Supply Chain Act, companies must conduct adequate due diligence screening to prevent the following from occurring within their supply chain, and those of their partners: forced labor and human trafficking, slavery and other forms of oppression, non-compliance with obligatory labor protections, discrimination, withholding of wages, production or use of certain pollutants discussed immediately below, and the unlawful disposal or transfer of hazardous waste. Due diligence obligations also extend to specific environmental risks, particularly when there is a possibility that these risks could result in human rights violations.
To comply with the Supply Chain Act, companies must establish a risk management system that accounts for the above. This calls for the designation of a Human Rights Officer, who is responsible for safeguarding human rights within the supply chain. Covered entities are expected to perform regular risk analyses to review the human rights risks within their supply chains, and undertake preventative measures vis-à-vis their own operations and those of their direct suppliers. For indirect suppliers, companies must investigate upon learning of any potential violation of the Act’s provisions. Companies must promptly investigate any such complaints, whether fielded internally or from members of the public. The Act further requires that companies take remedial action upon learning of any violations.
Engage third parties with confidence
Track the lifecycle of third-party relationships across different risk types from initial due diligence to real time monitoring on one platform.Learn more
How can organisations prepare for the Supply Chain Act?
To align their compliance programs with the Supply Chain Act, companies should begin with a wholistic assessment of existing due diligence policies and whether they meet the Act’s ESG standards. Many will find it necessary to adjust their screening processes, as well as their policies on discrete issues like environmental risk mitigation or protecting the rights of workers.
(1) Risk Analysis
Companies should first scrutinize their own operations, and identify areas where there could be an increased susceptibility to human rights or environmental harm. If any issues are identified, remedial action must be taken and catalogued for inclusion in the company’s annual Supply Chain Act compliance report to BAFA. Wherever possible, similar assessments should be carried out for direct suppliers.
Beyond this initial review, the designated risk management team must take an active role in monitoring the company’s supply chain for human rights abuse moving forward. For this reason, it is imperative that companies employ advanced screening software that is capable of tracking adverse media, enforcement actions, or other potential red flags for their suppliers. Error-prone manual screening processes are woefully ill-equipped to digest and keep up with the volume of data that must be processed in order to comply with the Supply Chain Act.
Where a direct supplier faces heightened human rights risk––perhaps due to their geographical or industrial context––companies must confirm that the supplier has implemented appropriate preventive measures. Due diligence expectations are more lenient for indirect suppliers under the Supply Chain Act; companies are only required to scrutinize indirect suppliers if there is credible knowledge suggesting potential human rights or environmental violations. However, should such information become known to the company, they must investigate, sever ties with, and report the offending entity to BAFA.
(2) Complaints Procedure
The Supply Chain Act mandates that companies must institute a complaints system specifically designed for human rights abuses. The system must facilitate both internal and external reporting of potential violations. Companies must have policies in place to assure whistleblowers reporting such violations that they can do so without the fear of facing reprisals. Regarding external reporting, the Act instructs companies to ensure that their complaints system is publicly available, and to promptly investigate reports from direct victims and individuals possessing information about potential or actual violations. The Act further specifies that the complaints mechanism must be documented in writing, publicized, and subject to annual reviews.
BAFA has made available its own complaints system, which can serve as an effective model. BAFA’s complaints portal enables complaints to be filed online, anonymously, and within minutes using a simple one-page form. This is the level of accessibility that German regulators expect to see from in-scope entities.
(3) Reporting Requirements
The risk management team is required to maintain documentation verifying compliance with the above due diligence obligations and produce this documentation upon request from BAFA or other investigative bodies. This documentation must be preserved for a period of seven years. Risk management must prepare annual reports on the preventative and remedial measures taken, if any, to comply with the Supply Chain Act during that year and submit it to BAFA.
(4) Policy Statement
In-scope companies must adopt a human rights policy statement, which is to be publicized annually. The statement should outline the entity’s risk management framework, risk analysis procedures, preventative measures, remediation process, and complaints procedures. The policy statement should also detail the company’s specific priorities vis-à-vis human rights and the environment, as well as the relevant expectations that it places on its employees and suppliers.
What are the penalties for violations?
The Supply Chain Act empowers BAFA to enforce human rights standards. BAFA may investigate and undertake enforcement actions on its own volition, or in response to violations reported by a third party. The Act confers serious enforcement powers to the BAFA, such as the right to access companies’ internal information, and impose monetary fines or other sanctions for severe violations.
Companies found to be in violation of the Supply Chain Act can be fined up to €8,000,000. To prevent larger firms from treating penalties as the ‘cost of doing business,’ those with annual revenues exceeding €400 million may be fined up to 2% of their average annual revenue. Violators can also be excluded from public tenders for as many as three years.
There are also reputational risks associated with non-compliance. To be labeled as complicit in or indifferent to human rights abuses could lead to public backlash and other consequences outside of conventional enforcement actions. The court of public opinion is harsh, and word travels faster than ever.
EU regulators are committed to the elimination of human rights abuses from global supply chains. The Supply Chain Act aims advance the cause of human rights by enlisting industry as a partner. As of January 1, 2024, a great many more companies than are currently covered will be subjected to the Supply Chain Act’s mandates.
The Act elevates human rights an issue that companies must account for, and does so by creating liability and risk where there previously was none. Although violations can be costly, the Supply Chain Act offers clear guidelines and expectations for compliance. By investing in their risk management program, prioritizing compliance, and equipping them with the right tools, companies can mitigate the business risks posed by the German Supply Chain Act.