Article by Isabel J. Barreto

The new German Act on Corporate Due Diligence Obligations in Supply Chains (Lieferkettensorgfaltspflichtengesetz) is set to go into force in January 2023, adding to other recent supply chain regulations that have broadened to incorporate social and environmental aspects in due diligence requirements. Elsewhere regulatory changes include the 2017 French Loi de Vigilance, the 2021 Norwegian Transparency Act, and the European proposal for the Directive on Corporate Sustainability Due Diligence, adopted in February 2022. In September, the European Parliament voted in favor of legislation requiring companies to ensure that certain goods sold in the EU do not originate from deforested or degraded land. These new regulations are in line with growing consumer demands for ethical sourcing and ethical supply chains. This means that companies essentially need to comply with both legal requirements and customer expectations.

A wide spectrum of businesses will be directly or indirectly impacted by the new German supply chain rules. Published in July 2021, the German Supply Chain Act aims to promote international human rights by establishing requirements for responsible and ethical supply chain management. These requirements are based on the United Nations Guiding Principles on Business and Human Rights and include, among other things: the prohibition of child labor and slavery, safe and fair working conditions, fair remuneration, the right to form trade unions or worker representation, equal treatment of workers (regardless of social conditions, gender, ethnicity, religion, etc.), and access to food and water.

Within this context, here is what you need to know in order to be prepared for the German Supply Chain Act’s implications:

Will your company be affected? If so, when?

The law applies to companies that have their headquarters, principal place of business, administrative office or registered office in Germany. As of January 1, 2023, companies with 3000 or more employees must comply with the new legislation. The same applies to companies with more than 1000 employees from January 1, 2024.

It is important to note that these changes can apply to smaller businesses too. Any company that provides services to those affected by the German Supply Chain Act may also be impacted by it. The reason is simple: under the Act, the supply chain includes all of a company's goods and services, from the extraction of raw materials to delivery to the end customer. It includes all national and international processes required to produce the goods and provide the company's services. It also includes the transportation or temporary storage of products. In other words, the law applies to the company's own actions, to its direct suppliers and - in the case of questionable practices - also to its indirect suppliers. Additionally, the EU’s proposed Due Diligence Directive on sustainability will include even more companies: European and non-European companies operating in the EU and employing more than 500 people and, one year later, companies with 250+ employees.

Who will enforce it? And what happens if companies do not comply?

The German Federal Office for Economic Affairs and Export Control (BAFA) will be responsible for monitoring and ensuring compliance with the German Supply Chain Act. It is currently working on content and requirements to assist companies with handling their new responsibilities. BAFA will be responsible for checking if companies are fulfilling their reporting obligations; carrying out inspections; identifying violations; and issuing penalties and fines. Companies can be fined up to €8 million for non-compliance, or up to 2% of their annual global turnover if it exceeds €400 million. In some cases, companies in violation of the legislation may be excluded from public procurement contract awards.

How can companies comply?

To comply with the Act’s due diligence obligations companies are recommended to:

Create a risk management system and conduct a risk analysis regularly (in most cases, once a year). See BAFA guidance on how to do so. In order to set up an effective human rights risk management system, companies have to embed human rights into their business strategies creating enough resources, incentives and measurements to achieve the level of transparency needed for reporting, as well as to identify and prioritize risks. The UN Global Compact offers further insights into what an effective risk management plan looks like.

Adopt a policy statement on the organization's human rights strategy. The Act requires company leadership to issue a policy statement and communicate it to its employees, suppliers and the public. The statement should describe how the company will comply with its obligations and, based on the risk analysis, prioritize human rights and environmental risks identified for the company. To develop a human rights policy, businesses should involve cross-functional personnel in the process, map existing company policies as well as identify its key potential impacts.

Establish preventive measures within the company and regarding its direct suppliers, and implement corrective measures in the event of identified violations of the law. According to the Act, preventive measures can include developing appropriate procurement strategies and purchasing practices, conducting training and education for employees and direct suppliers, and implementing risk-based control measures. Corrective measures should include a joint plan with suppliers on how to end violations. Multi-stakeholder, industry initiatives defining human rights and environmental standards can also help minimize infractions.

Create complaints procedures by designing an easily accessible system, for both internal actors and the public to report potential and actual violations. Impartiality must be ensured during proceedings. Companies can develop their own complaints mechanism, but cooperation with other companies and associations in order to establish external procedures can also be helpful.

Document due diligence compliance obligations in an ongoing basis within the company, including publishing an annual report on the fulfillment of their due diligence obligations in the previous fiscal year, the identified risks (and violations), the effectiveness of its mechanisms and future measures. The report must be submitted to BAFA no later than four months after the end of the fiscal year, and all reports must be made publicly available free of charge on the company's website for at least seven years.