Thomas Trier, Tereza Kramlová, Joachim Delventhal

February 5, 2023

Prepare your business for new supply chain due diligence

Germany, the world’s 4th largest economy and arguably an economic leader in the EU, is taking a lead in global supply chain legislation by introducing its new Supply Chain Due Diligence Act. Other countries and not least the EU are introducing similar legislation and companies must prepare for the impacts it will have on them.

Crossing the Makurungwe River in Rwanda can be a dangerous undertaking. But something members of the Gashyushya community must do to get to the market, school or hospital. The river frequently floods for days at a time, causing injuries and death for people who attempt to cross. Five Ramboll engineers helped to change that.
If your company is present on the German market or connected to large German corporations as part of their supply chain, you could benefit from this article, where our experts will bring you advice on why and how to prepare for compliance with the requirements of the German Act.
The EU and an increasing number of national governments are introducing legislation mandating that companies undertake human rights due diligence and report on the progress made in preventing and addressing negative human rights impacts in their operations and supply chains.
One such law is Germany's Supply Chain Act (Lieferkettensorgfaltspflichtengesetz or LkSG), which came into force on the 1st of January 2023. This law requires companies to do due diligence and reporting on their operations and supply chains, including upstream and downstream suppliers, from raw materials extraction until delivery to the end-user.
This article provides an overview of the context and main obligations of the German law, including obligations for companies to comply with the new legislation and upcoming EU regulation on mandatory human rights due diligence.
Why did Germany introduce the Supply Chain Act?
The German government had introduced a National Action Plan on Business and Human Rights already in 2016, acknowledging the need to improve human rights in global value chains.
Despite the plan to promote the improvement and transparency of human rights performance among German companies, it became clear that it was difficult to assess how these companies were managing their human rights risks.
There remained a lack of adequate risk assessment by most companies. Findings of various studies show that governance measures aimed at improving human rights and sustainability performance across businesses often fail to achieve significant improvements, when they rely on self-regulation and voluntary measures, rather than mandatory requirements.
These findings suggest that relying on companies’ willingness to assume responsibility may not be sufficient to effectively address human rights and environmental issues.
Which companies need to be aware of the German Supply Chain Act?
From January 2023, the Act applies to:
- companies with >3.000 employees that have their central administration, principal place of business or statutory seat in Germany
- foreign companies that have a branch office with >3.000 employees physically located in Germany.
The scope will be expanded in January 2024, where the Act will apply to:
- companies with >1.000 employees based in Germany
German-registered branches of foreign companies with >1.000 employees.
Nonetheless, companies currently outside its scope should still familiarise themselves with the requirements and take necessary steps to ensure compliance.
The reason is that larger companies will, as part of their due diligence obligations, also require their supply chain to adopt the same obligations, which indirectly impacts other companies operating in the German market or with German companies, clients and customers.
Therefore, most of these companies will be covered by the “sphere of influence" of the Act.
Which sustainability topics and risk areas are covered by the law?
The Act requires companies to manage their risks both in the context of human rights and the environment. It also provides a specific reference to the risks that must be considered during the due diligence obligations under each of the risk areas.
What are the requirements for companies to comply with the German Supply Chain Act?
The German Supply Chain Act requires companies to conduct human rights and environmental due diligence in their supply chains with the aim to prevent, mitigate and address any risks or actual adverse impacts uncovered. The Act specifically obligates companies to undertake the following steps:
  • Designating responsibilities within the organisation: Companies must appoint a person responsible for overseeing risk management within their own operations and supply chains e.g. a human rights officer. This person may be part of an existing department such as compliance or sustainability. The “human rights officer” must report to the senior management about the due diligence activities undertaken by the company on an annual basis as a minimum.
  • Establishing a risk management system and performing regular risk assessments: Companies must establish a management system to comply with its due diligence obligations and embed it across all relevant business processes. This risk management system must enable the company to carry out a risk assessment in its own operations and in relation to its direct suppliers. The identified risks must be weighted and prioritised appropriately and assessed based on whether the company has caused or contributed to these risks and violations. Companies must conduct risk analyses at least once a year and on an ad hoc basis e.g. when introducing new products, projects or business areas and communicate the results internally to relevant decision-makers.
  • Issuing a policy statement: Companies must issue a policy statement that describes their human rights strategy, including their due diligence procedures and priorities related to human rights and environmental risks identified in the risk assessment. The statement must be adopted by senior management and stipulate the expectations placed on employees and suppliers. Companies should also make the statement publicly available to demonstrate their commitment to respecting human rights and protecting the environment.
  • Adopting preventive measures in its own operations and for direct suppliers: The company must take appropriate actions to address the identified risks through the risk assessment. The company must implement appropriate measures within its own business e.g. training and risk-based control measures, and in relation to its direct suppliers including selection, contractual assurances, training and control mechanisms. The effectiveness of these measures must be reviewed annually and updated, if necessary.
  • Implementing due diligence obligations for risks at indirect suppliers: If a company has an actual indication about a potential violation by an indirect supplier, it must immediately conduct a risk analysis using its risk management system to assess the situation. The Act also obligates companies to be vigilant in their supply chains and take prompt action to address any risks or violations.
  • Taking remedial action: If a company determines that a negative human right and/or environmental impact is imminent in its own operations or at a direct supplier, the company must take immediate action to prevent, stop or minimise the negative impact. This may include working with the company causing the violation to minimise the risk, suspending business relationships while efforts are made to minimise the risk or terminating business relationships as a last resort in the case of serious and irreparable impacts. In the case where the negative impact has already occurred, the company must take appropriate remediation actions depending on the company’s connection to the risk. The effectiveness of preventive and corrective measures must be reviewed regularly.
  • Establishing a complaints procedure: Companies must establish a publicly available and easily accessible grievance mechanism through which individuals or groups can report concerns or violations of human rights or environmental obligations in direct operations or supply chains (direct and indirect suppliers). The effectiveness of this procedure must be reviewed on annual basis and whenever circumstances change, and the rules of procedure must be publicly available.
  • Documenting and reporting: Companies must document and report on their compliance with the Act, including the risks they have uncovered and the measures they have taken to address human rights and environmental risks in their supply chains. The German Federal Office for Economic Affairs and Export Control (BAFA) has published a questionnaire on its website to help companies fulfill their reporting obligations under Article 10, Paragraph 2 of the Act. In Spring 2023, BAFA will also make an online input mask available to make it easier for companies to complete the questionnaire. By accurately answering the questions and publishing the resulting report on their website, companies will be compliant with their reporting obligations under the Act. Companies must also ensure that the reports are publicly accessible for a period of at least seven years.
The BAFA questionnaire with an overview of mandatory and voluntary reporting questions can be found here (in German)
What are the consequences of non-compliance?
Financial consequences for non-compliance will be significant. Fines can range from EUR 50.000 in administrative enforcement proceedings to up to EUR 8 million.
In cases where the company's average annual turnover exceeds EUR 400 million, fines can be as high as 2% of the company's average annual turnover. It is important to note that penalties will be given also for not fulfilling some parts of the obligations, such as reporting with a delay or not appointing a human rights officer.
Besides facing significant damage to the company’s reputation, brand image and competitive advantage, companies that fail to implement the due diligence obligations set out in the Act will face fines, periodic penalty payments and exclusion from public tenders.
Moreover, non-compliance can also result in exclusion from public tenders in Germany for up to three years. These penalties will be enforced by The German Federal Office for Economic Affairs and Export Control (BAFA).
Finally, the Act specifically clarifies that companies have a mere duty of care and not a duty to succeed or guarantee liability. However, companies may be held civilly liable for breaches of their duty of care and violations of foreign law under section 823 of the German Civil Code.
The Act also extends the rights of trade unions and non-governmental organisations (NGOs) to bring legal proceedings on behalf of individuals claiming to be victims of "paramount protected legal position" violations. These organisations may be authorised by the individual to bring the proceedings in their own capacity, known as "special transfer of procedural authority."
How does the German Supply Chain Act differ from other legislations? What are the overlaps?
As most of the current and upcoming EU legislation, the Act is largely based on internationally recognised and accepted frameworks on business and human rights - the UN Guiding Principles on Business and Human Rights (UNGPs) and the OECD Guidelines for Multinational Enterprises (OECD Guidelines). However, there are some limits to the Act that make it less strict than the UNGPs and the OECD Guidelines. Following are some of the key differences:
First, the Act does not mandate comprehensive human rights due diligence across a company's entire value chain, but instead only requires examination of the supply chain, focusing primarily on the assessment of direct suppliers and the company’s own operation.
In the case of indirect suppliers, the company’s due diligence obligation is triggered, only if the company has an actual indication that suggests the possibility of a human rights or environmental violation by an indirect supplier. Further, the Act does not apply the broader concept of business relations as the UNGPs i.e., entities in the value chain, including any non-State or State entity directly linked to a company’s business operations, products or services.
Second, companies affected by the Act need to be conscious that the EU Taxonomy requires the application of human rights due diligence throughout the entire value chain as part of the Minimum Safeguards provision (Art. 18). The Act also does not spell out the requirement for stakeholder engagement which is a critical element of the due diligence process under the UNGPs.
Third, while the UNGPs, the OECD Guidelines and the EU legislation mandate the inclusion of all internationally recognised human rights and broader environmental standards, the Act circumscribes the focus of due diligence efforts to specific human rights and environmental risks.
Fourth, the Act entails certain unique requirements, such as for reporting through a formalised online questionnaire submitted to the German Federal Office for Economic Affairs (BAFA).
Finally, following the UNGPs and the OECD Guidelines when establishing or revising human rights due diligence processes is advisable as it will position companies to meet other obligations related to human rights and business.
Specifically, undertaking due diligence processes in line with these frameworks is a requirement under the Minimum Safeguards provision of the EU Taxonomy regulation which companies need to follow, if they wish to claim that their activities are sustainable and aligned with any of the six environmental objectives of the EU Taxonomy.
Therefore, companies of all sizes are also advised to start adopting effective human rights due diligence processes as soon as possible, as achieving full alignment with the UNGPs and OECD Guidelines requires time and resources.
By taking proactive measures in line with these international frameworks, companies can mitigate the risk of non-compliance and position themselves to meet their current obligations under the Act and the EU Taxonomy Minimum Safeguards, as well as be prepared for the potentially more stringent requirements of the EU Directive once adopted.
To ensure full compliance with current and upcoming legislation, we strongly advise companies to follow the UNGPs and the OECD Guidelines while fulfilling the specific reporting requirements of the German Supply Chain Act.
Conclusion
The growing global movement on mandatory sustainability due diligence serves as a reminder that companies have not only an ethical responsibility but increasingly a legal responsibility to respect human rights and protect the environment in their operations and value chains. However, companies should avoid seeing human rights due diligence as a necessary measure that needs to be established to achieve compliance.
Demonstrating a strong commitment to respecting human rights can be a differentiator for companies in a competitive market, as consumers and investors increasingly consider a company's social and environmental impact when making purchasing and investment decisions.
Therefore, embracing the requirements of the new Supply Chain Act will help companies gain a competitive advantage and build stronger relationships with stakeholders.
How can Ramboll assist you in adopting effective human rights due diligence processes and fulfilling the requirements of the law?
We understand that adopting effective due diligence procedures and following all requirements of the new regulations can be challenging.
At Ramboll, we offer comprehensive consultancy services to ensure your company is fully compliant with the German Supply Chain Act and other upcoming regulations on human rights due diligence.
With a wealth of experience and expertise, our team can help you navigate the complex landscape of human rights and other relevant legislation with confidence.
Our services are tailored to meet the unique needs of your organisation.
We particularly specialise on the activities below:
• Gap assessments to identify missing or insufficient due diligence processes • Human rights and environmental risk assessments of direct operations and value chains • Development of policies and processes to address and mitigate uncovered risks • Assistance with the establishment of grievance mechanisms • Development of stakeholder engagement strategy • Training and capacity building for your team or business relations • Assistance with reporting and communication efforts on due diligence processes

Want to know more?

  • Thomas Trier Hansen

    Chief Advisor

    +45 51 61 23 59

  • Tereza Kramlová

    Senior Consultant

    +45 51 61 41 58

  • Joachim Delventhal

    Associate Manager

    Not available