The German supply chain act explained: How compliance teams can prepare

The German Supply Chain Due Diligence Act — referred to more simply as the German Supply Chain Act or the German Supply Chain Law — came into law in June 2021. It comes into force on January 1, 2023, with an extended remit from January 1, 2024.

Welcoming the passing of the law, Germany’s Labour and Social Affairs Minister, Hubertus Heil said: “We cannot build our prosperity permanently on the exploitation of people, so this law is an important step.”

The legislation has been bubbling since 2019, when a mandatory due-diligence law was first proposed.

The new German supply chain law requires companies to meet extensive obligations to ensure human rights and environmental best practices in their supply chains.

A recent Forbes article identifies the German Supply Chain Act as one of the top supply chain trends to watch as we head toward 2023. Organizations must act swiftly to assess and adapt their supply chain compliance processes and controls to avoid potential fines and restricted market access, reputational damage or even possible lawsuits.

What do you need to know if you’re a compliance professional responsible for your business’s compliance with the new German Supply Chain Act? What exactly does this new supply chain law require? And what steps can your compliance team take now to prepare?

Here we explore:

• What is the German Supply Chain Act?
• Which businesses are in scope?
• Requirements of the law
• How to comply
• How third-party risk management software can make compliance more straightforward and quicker
• Results of noncompliance

What is the German Supply Chain Act?

The German Supply Chain Act (in German, Lieferkettensorgfaltspflichtengesetz, LkSG) requires companies in scope to “make reasonable efforts” to ensure there are no violations of human rights in their own business operations or their supply chain.

The German Supply Chain Act is part of a broader focus on supply chain due diligence, especially around ESG. The EU Supply Chain Directive (more on which below) has also proposed new legislation around corporate sustainability due diligence, tackling issues like forced labor and human rights abuses.

Insurers are increasing rates and limiting coverage in response to potential noncompliance with a growing panoply of ESG legislation. As a result, compliance teams are under growing pressure.

The German Supply Chain Act is a “welcome step towards creating a level playing field for sustainable business operations and managing companies’ social and environmental impacts.” But it also heralds another set of rules that compliance professionals need to understand and obey.

Scope of the German Supply Chain Act

Although the first tranches of the new German supply chain law come into effect in January 2023, some companies are not impacted until January 2024. This is good news for smaller businesses, as they still have time to get to grips with the requirements.

The German Supply Chain Act applies to:

From 1 January 2023:

• German-based companies with at least 3000 employees
• Foreign companies that operate and employ more than 3000 employees in Germany

From 1 January 2024:

• German-based companies with at least 1000 employees
• Foreign companies that operate and employ more than 1000 employees in Germany

It’s worth noting, in addition to the above:

• Group companies should be included when you calculate your number of employees
• Temporary workers with contracts longer than six months should also be included
• Companies with fewer employees than those listed above may also need to comply with measures in the Act. This is because in-scope organizations must enforce compliance along their supply chain to the best of their ability.

Suppose you supply a company that falls into the categories above. In that case, the said company may require you to comply with the rules as part of your contractual obligations to allow them to meet their obligations.

Does the Act Apply Only to Companies Operating in Germany?

The current Act applies only to German-based businesses or those operating in Germany but is part of a wider move towards greater supply chain visibility and due diligence.

The German Supply Chain Act 2023 is a precursor to the EU Supply Chain Directive, which has broader scope and obligations.

Although still in draft and due for debate in the EU Parliament in 2023, the proposed Directive will apply to more companies than the German law (those with upwards of 500 employees or 250 employees in some sectors). It will also be more stringent, requiring companies to audit their entire supply chain, rather than just direct suppliers.

Therefore, companies across the EU must audit their supply chains and weed out any suppliers or practices that might see them fall short of the EU Directive’s standards. Whether or not you operate in Germany, supply chain due diligence and sustainability are facing increased scrutiny.

Requirements of the German Supply Chain Law

Companies in the scope of the German Supply Chain Act requirements must make reasonable efforts to remove any potential human rights violations from their operations and supply chain. The “reasonable efforts” point is essential, as organizations have no obligation to ensure that violations don’t occur.

The duties cover the following:

• Your own business operations
• Your supply chain including: direct suppliers and any indirect suppliers where you have information that they may not comply with human rights or environmental requirements

How Are “Human Rights” Defined in the German Supply Chain Act?

The new supply chain law draws on the International Labour Organization (ILO)’s Core Labour Standards, identifying issues such as:

• Child labor
• Forced labor
• Modern-day slavery
• Disregard of labor protection obligations and freedom of association
• Inequality
• Failure to pay an adequate wage

How to Comply With the German Supply Chain Act

Compliance with the German Supply Chain Act requires several steps:

1. Identify the risk in your and your suppliers’ business activities.

Is there a risk that your activities violate human rights or related environmental legislation? How about those of your suppliers? Review your supply chain risk management approach to ensure it captures the risks you need to measure.

2. Write and adopt a policy statement on your human rights strategy.

Use the findings of your risk analysis to create a policy statement and implement supply chain risk management measures based on it. The German Supply Chain Act sets out rules about what this statement must include:

• Assessment of the human rights and environmental risks you face
• The business’s risk management strategy
• The targets, benchmarks and guidelines you’ve set to tackle supply chain human rights risk. A third-party risk management solution can help here, making it easier to identify and prioritize the highest risks for remediation

3. Identify and implement preventative and remedial actions.

The new Act demands that you put in place — or review, where they already exist — measures to prevent or remediate the risks identified in your risk analysis. This might include:

• More robust third-party screening and risk analysis
• Distributing due diligence questionnaires to third parties and documenting responses (this is another area where third-party risk management software can make the process quicker, more accessible and more watertight)
• Ensuring all third parties undertake code of conduct training

4. Write and publish a complaints procedure.

The German Supply Chain Act demands that companies define, publish and implement a complaints procedure that enables anyone affected or potentially affected by human rights violations, or aware of possible violations to report their concerns.

This complaints procedure needs to cover your company’s activities and those of your suppliers in scope.

5. Document a robust and defensible third-party compliance program.

Documenting and reporting annually on your obligations and actions around supply chain sustainability and human rights is another requirement of the new German supply chain law.

Automation is the key to building a robust program and enabling you to report on it accurately and comprehensively. Managing your supply chain risk through a single, centralized platform puts you in control of your supply chain risk documentation and decisions.

How Can Technology Aid Compliance? 

Effectively Screen, Onboard and Monitor Third Parties:

• AI-driven monitoring and search tools, like Risk Intelligence Data, can provide critical information live, aiding in policy and strategy creation
• Automated monitoring allows you to identify and tackle supplier issues in real time, while media monitoring parses negative news and accesses state-owned entity data to support a risk-based due diligence program
• In-country and in-person investigations for your highest risk vendors with due diligence technology help to ensure they comply with all local regulations
• Conduct business seamlessly worldwide with a multilingual user interface

Manage the Third-Party Lifecycle and Provide Vendor Training:

• Third-party compliance tools facilitate the consolidation of third-party data in a single centralized system to track and audit activity
• Set notifications and reminders, track red flags, manage approvals and receive alerts for renewals and ongoing monitoring
• Implement and distribute code of conduct training with an integrated third-party training module

Strengthen Your Program With Robust Analysis:

• Advanced analytics provide critical insights into the health of your compliance program
• Analyze key metrics such as type, category, risk level and more of your entire third-party population
• Benchmark your program to evaluate future outcomes

Penalties for Noncompliance With the Act

Compliance with the German Supply Chain Act is enforced by the Federal Office for Economic Affairs and Export Control (BAFA).

BAFA can impose penalties on businesses that don’t comply, including:

• Fines of up to €8 million
• Being banned from public tenders for up to three years

Take a Structured Approach to Comply With the German Supply Chain Act

Adapting your ESG strategy to incorporate measures required by the German Supply Chain Act involves transition risk, as all significant change does. But the risk of noncompliance is far more extensive. Not only this, but as ESG is increasingly recognized as being good for business and inherent to good business practices, creating robust supply chain due diligence and risk management processes is non-negotiable.

If this is a challenge you face, a robust third-party risk management solution is invaluable. The best software solutions bring structure and rigor to the process. Assess, manage and remediate supply chain risk in a single platform and make compliance with the German Supply Chain Act simpler, quicker and less labor–intensive.

Find out more about how third-party risk management software from Diligent can help your organization comply with new or existing regulations or speak to one of our advisors today.