The Supply Chain Due Diligence Act – Part 2

On 11 June 2021, the German Federal Parliament (Bundestag) passed the so-called Supply Chain Due Diligence Act (Lieferkettensorgfaltspflichtengesetz, LkSG). The Act requires businesses to undergo significant efforts in order to achieve compliance. In this article, we will address the question as to what businesses can do already at this early stage to be well prepared when the Act comes into force in 2023. You can also read the first article in the series here, in which we give a first outline of the material contents of the Act and already provide an in-depth analysis of the applicability of the Act to various corporate structures.

This article forms part of a series of articles in which we will take a closer look at further key issues, especially addressing the question as to what liability will ensue from the Act and what consequences the Act will have for indirect suppliers in the supply chain. We would be happy to provide you with individual advice, as well. Please do not hesitate to contact us.

We would be happy to notify you of further articles in this series dealing with the Supply Chain Due Diligence Act. Sign up here:

Please keep me posted

I. Overview

On 1 January 2023, the Supply Chain Due Diligence Act will enter into force. Its goal is to bind undertakings with footage in Germany to comply with due diligence obligations in order to ensure or to improve compliance with human rights and material standards of environmental protection in supply chains. To this end, the Act provides for various due diligence obligations applying to undertakings falling within its scope, the extent of which will increase the more concrete a violation of protected human rights or environmental legal positions becomes. Already at this stage can undertakings prepare for such due diligence obligations in particular that affect every undertaking regardless of its concrete situation of risk (stage 1 due diligence obligations).

At the instigation of the European Parliament in March 2021, the European Commission has been working on a directive to govern the due diligence obligations of undertakings in the field of ESG (ie environment, human rights and corporate governance). This process is planned to be completed in 2024, which means that changes to align the German legislation can also be expected. The European Parliament’s present draft of the directive provides for a clear civil liability, among other things. Under the German Supply Chain Due Diligence Act, such civil liability is excluded, at least according to its wording. One of our next articles in the series will address the issue of liability under German law.

II. Preparatory actions

In general, undertakings should develop and implement an ESG compliance policy that specifically addresses the relevant compliance risks in their own supply chain. This policy should take into account, but not be rigidly limited to, the due diligence obligations imposed by the new legislation. The regulatory requirements in this area are undergoing constant change and tend to become more tight. We advise that undertakings assiduously prepare for this to not end up chasing after the changing requirements:

1. Getting an overview by taking stock and collecting information on the undertaking’s own supply chain

• Ascertaining its own operational elements of the supply chain for all products in the portfolio
• Ascertaining the (material) third parties involved in the supply chain for all products in the portfolio with regard to the (if known, also indirect) suppliers and customers
• Identifying any abstract risks / risk indicators relevant to the undertaking and the corresponding industry with regard to the violation of human rights and environmental legal positions; in this regard, the existing ESG compliance policy (if any) can be drawn on; this action serves as a concretization and limitation to relevant topics within the almost unlimited field of environment, human rights and corporate governance
• Ascertaining and collecting any relevant information available in the undertaking with regard to the risks to human rights and the environmental legal positions posed by the parties in the supply chain, also with the aid of the information rights provided for under the existing supplier contracts
• Introducing a uniform company documentation of the information obtained in this way
• As the case may be, using a digital solution to collect and process information

2. Identifying and assessing risks arising from the undertaking’s own supply chain

• Identifying and appropriately documenting the concrete existing risks
• Assessing and weighing the relevant risks according to their severity and urgency (high urgency = imminent realization of the risk due to the occurrence of a violation)
• Ascertaining the suppliers and own operational divisions that expose the undertaking to a certain risk in the supply chain and, as the case may be, analysing the risk profile of such parties involved in more detail

3. Developing and implementing an actions plan to prevent/remedy risks and violations

• Reviewing and, as the case may be, revising existing contract templates and general terms of purchase so as to contain sufficient information and interference rights, such as regular audits, control mechanisms and inspections, as well as termination rights in the event of a violation, where applicable
• Reviewing the concrete existing contracts, in particular those concluded with the risk suppliers identified, with regard to such rights and entering into talks/negotiations to improve the legal status
• Reviewing and ascertaining the contractual obligations to (strategically and economically important) clients and assessing compliance with these obligations, in particular the rights contained in supplier contracts to pass on such obligations
• Implementing appropriate preventative measures against risks identified and/or appropriate remedial measures against violations of rights identified in the undertaking’s own sphere of business and vis-à-vis direct suppliers; in the case of substantiated knowledge, also vis-à-vis indirect suppliers (stage 2 and 3 due diligence obligations)

4. Introducing an internal risk management system with the processes and responsibilities to be defined

• Adjusting and supplementing the existing compliance management system in the undertaking so as to include the field of ESG/supply chains and defining in-house responsibilities, as the case may be, designating a human rights officer, and identifying all internal stakeholders
• Adjusting the internal reporting obligations to ensure that information is used and pooled efficiently
• Including a or increasing the risk management budget
• Defining tasks for the compliance management:
  • Creating and/or reviewing a human rights/ESG policy statement (stage 2 due diligence obligation) and incorporating this standard in the contractual documentation
  • Carrying out regular risk assessments
  • Working through risks and violations identified according to their severity and urgency by implementing the respective actions plan (stage 2 and 3 due diligence obligations)
  • Monitoring the effectiveness of the preventative and remedial measures (stage 2 and 3 due diligence obligations)
  • Using and revising the existing sources of information and procedures, such as the anti-money laundering and KYC questionnaires for business partners and the self-disclosure form for suppliers
  • Identifying further sources of information and integrating them into the operational process
  • Preparing and informing employees, especially in the field of sales, by way of training, guidelines and information material
  • Putting an internal complaints procedure into place or participating in an external complaints procedure and monitoring the effectiveness of the procedure
  • Documenting the fulfillment of the due diligence obligations
  • Preparing annual reporting on the fulfillment of the due diligence obligations

5. Reviewing, updating and improving the risk assessment and the processes launched on a regular basis

The data situation to be assessed is ever changing, be it as a result of a change in the legal situation, a market practice that has changed with regard to certain due diligence requirements, or actual developments such as the circumstances at a production site abroad. It will therefore be necessary to regularly review, update and improve the risk assessment as well as the processes and measures listed above.

6. Further sources of information

You should keep an eye on the following as additional sources of information or relevant developments:

• Legislative procedure of the EU Directive
• Publications by the Federal Office of Economics and Export Control (Bundesamt für Wirtschaft und Ausfuhrkontrolle, BAFA), which will issue guides relating to compliance with due diligence obligations; BAFA refers to the questions and answers list on the webpage economy & human rights of the Federal Ministry of Labour and Social Affairs (https://www.csr-in-deutschland.de/DE/Wirtschaft-Menschenrechte/Gesetz-ueber-die-unternehmerischen-Sorgfaltspflichten-in-Lieferketten/FAQ/faq.html); according to our information those FAQ are continuously updated and results from specific questions by the enterprises are added.
• Trade associations and communities of interest (here, especially also information about certifications)

Please note: This article was last updated on the date of publication and, therefore, does not include any developments that may have arisen after such date.