ESG & Supply Chain Monitoring: What You Need to Know

In the last few years, the EU (and its Member States) has been bullish on regulating the environmental, social and governance-related behavior of companies. Ever since the experiments with voluntary disclosure yielded too little of an effect, the push for mandatory disclosure has gained momentum. This has led to two key pieces of regulation already coming up as of 2023: the Corporate Sustainability Reporting Directive (CSRD) and Germany's own Supply Chain Due Diligence Act (LkSG). In addition to this, the EU has issued its own proposal on the Directive on Corporate Sustainability Due Diligence (DCSDD) which broadens the scope of the German Supply Chain Due Diligence Act and adds a layer of complexity to the requirements of corporate disclosure. ‍And even if you managed to avoid your lawyers' newsletters until now: In case you lead or work in a company of over 250 employees, now is the time to get acquainted with how these documents affect your business. This article will tell you what you need to know.

June 23, 2022

Quick summary of different regulatory frameworks to keep close

The 4th Trilogue on the CSRD is finalized, and the draft proposal is moving to adoption. This means: a lot more intersection between the legislation is coming and companies are rightfully asking how many reports they are supposed to submit, as well as which data is nice to have and which is mandatory. Here is a short overview of three key pieces of legislation currently observed from the point of view of the German market.

Legislative Table
In case you prefer a table view, just click here or click on the image.

EU: Corporate Sustainability Reporting Directive

Applicable as of:

Companies needing to react: 

EU-based companies that meet at least two out of three following criteria:

  • More than 250 employees, and/or
  • More than €40M net turnover, and/or
  • More than €20M of total assets.

All publicly listed companies which have more than 10 employees or more than €20M net turnover are also subject to regulation.

Main obligations:

Disclosure of relevant environmental, social and governance metrics under the "double materiality" principle - sustainability risks affecting the company, as well as the impact of the company to the society and the environment.

Reports should be audited and provided in a machine-readable format, submitted to European Single Access Point. All reports should be prepared in accordance with European Sustainability Reporting Standards.


The sanctions are yet to be set but are expected to be significant. 

The nature and the amount of the fines are left to be decided by each Member States. Germany is implementing these through different existing frameworks: for example, an amended German Commercial Code stipulates the penalty of either EUR 2 million or twice the unlawfully generated economic advantage (the profits gained or losses avoided because of the breach). In addition, fines may comprise of as much as 5 % of the annual turnover and the monetary penalty may be increased by up to EUR 10 million. Moreover, reputational damage of the company is not to be neglected.

Estimated costs of adhering to obligations:

  • Costs of establishing a data management system within the company;
  • Costs of auditing and having data readily available for audit;
  • Costs of timely submitting reports in the right format.

EU: Directive on Corporate Sustainability Due Diligence

Applicable as of:

Proposal is adopted in 2022. Once approved by European Parliament and the Council, countries will have two years to implement it.

Companies needing to react:

EU-based companies, either:

  • Group 1: 500+ employees and net turnover of EUR 150+ million worldwide; or
  • Group 2: 250+ employees and net turnover of EUR 40+ million worldwide, and operating in defined high impact sectors (textiles, agriculture, extraction of minerals, and more).

Non–EU companies which:

  • Generate the turnover requirements per groups above (EUR 150+ or EUR 40+ million) in the EU.

Main obligations:

Companies are expected to:

  • Integrate due diligence into policies, 
  • Identify adverse human rights and environmental impacts,
  • Prevent or mitigate potential impacts,
  • Bring to an end or minimize actual impacts,
  • Establish and maintain a complaints procedure,
  • Monitor the effectiveness of the due diligence policy and measures, and
  • Publicly communicate due diligence findings.

Additionally, Group 1 companies need to ensure that their business strategy is compatible with limiting global warming in line with the Paris Agreement.


Sanctions, as well as implementation and supervision over the law, are to be set by the national administrative authorities appointed by Member States. These authorities may also impose fines in case of non-compliance. In Germany, this role is currently taken by the BAFA - Federal Office for Economic Affairs and Export Control.

Victims will be entitled to request damages that could have been avoided with appropriate due diligence measures.

Additionally, EU published a Communication on Decent Work Worldwide, confirming that it is preparing a separate initiative to prohibit goods made with forced labour, including forced child labour, from the EU market.

Estimated costs of adhering to obligations:

  • Costs of establishing and operating the due diligence procedures;
  • Transition costs, including investments to change operations and value chains to comply with the due diligence obligation, if applicable.

Germany: Supply Chain Due Diligence Act

Applicable as of:

1st of January 2024, for the financial year of 2023

Companies needing to react:

Germany based companies, or international companies acting in Germany, which have:

  • From 2023, more than 3,000 employees;
  • From 2024, more than 1,000 employees.

Other than full-time employees, companies need to also account for temporary staff which are engaged for over 6 months as well as all employees of affiliated entities which are employed by the German company, posted abroad or not.

Main obligations:

Similar to the EU draft, most prominent obligations relate to establishing a risk management system and performing regular supply chain analysis of its own performance as well as all the direct suppliers. In addition to this, companies are expected to have preventative policies in place, establish complaints procedures and prepare a list of preventative measures which should take place in case a breach occurs. 

Each company should also prepare an annual report on the fulfillment of its due diligence obligations and make it publicly available on the company's website.


Periodic fines per breach up to EUR 50,000 and up to a total of EUR 8 million or 2% of total worldwide annual turnover. Fines against natural persons for negligent acts may go as high as EUR 800,000.

Companies that have been substantially fined (determined by the amount of the fine) can also be banned from participation in public tenders for up to 3 years.

Estimated costs of adhering to obligations:

  • Costs of establishing and operating the due diligence procedures.
  • Transition costs, including investments to change operations and value chains to comply with the due diligence obligation, if applicable.

Companies prepare for increasingly demanding corporate disclosures

What are the next steps?

It is quite a lot of preparatory work to reach the stage of comfortably issuing a sustainability report, answering your supply chain audit or publishing any other sustainability-related data.

What we know for sure is that both the CSRD and supply-chain focused regulations will impose a lot of new labor for companies. Broadly speaking, it ranges from the collection and structuring to the analysis and communication of data which is distributed throughout the organization - just think about all the different sources of such a broad scope of data: From waste generation and disposal, to injuries at work, to corruption incidents. This is a task that should not be taken lightly, even having the best resources available. The costs of establishing processes and transitional expenses are often underestimated. From our experiences, the first issuance of a sustainability report can take companies as long as 18 months of work. In order to avoid the unforeseen consequences of the transition, there are some steps every company should prepare to take as soon as possible:

  1. Find and empower your internal sustainability champions, and
  2. Digitalize your data collection.

We have been working with some amazing companies and incredible individuals in the past years. Despite all the work, there is a shared sentiment: ESG brings a lot of opportunities and employee gratification. Having that in mind, we want to finalize this blog on a high note and get you some…

Good News!

While we are waiting for universally applicable standards, there is some good news in this space: No standard is fully reinventing the wheel. This means that sustainability data is the same, it is just differently asked for by different stakeholders. In order to utilize the full potential of your performance and unlock the opportunities that ESG is bringing, digitize your data collection now. This will not only spare resources of your employees (instead of endless calls and emails and scribbles trying to capture the data point, source and format), but it will also make sure that your data is accurate and ready for auditing. 

Get in touch with us at Codio Impact to help you do this most efficiently.


Disclaimer: Nothing in this article is nor should be taken as a legal opinion or advice. This article solely reflects the author's interpretation of existing information and pieces of legislation, and neither the author nor Codio Impact UG (haftungsbeschränkt) take responsibility for the application of the opinion laid out in this article.