In June 2021, the German parliament passed the German Supply Chain Act as a way to enforce stricter rules surrounding human rights and environmental pollution. With the law, new requirements and challenges will arise for companies of all sizes, both directly and indirectly. Companies should be prepared for an increased number of audits, the request for accurate environmental and social data disclosure, and a greater need for supplier qualification. In this article, we will guide you through the basic framework of the German Supply Chain Act and help your company to prepare accordingly.
With severe, ongoing breaches in human rights and environmental pollution, the 21st century has been marked with unsustainable practices - on top, the COVID-19 pandemic has amplified their visibility. Governments were forced to act and move from voluntary corporate social responsibility (CSR) to a more rigid set of mandatory regulation. The UK published the Modern Slavery Act in 2015, France adopted its own Corporate Duty of Vigilance Law in 2017 and the Netherlands made a strong commitment by issuing the 2019 Child Labor Due Diligence Act. More importantly, not only individual governments are taking a stand: the EU is pushing for a harsher regulation on supply chain due diligence, and though drafts have been delayed, they are expected shortly. We know from current market trends that regulation will be becoming stricter, will mandate the collection and disclosure of more accurate data, and will be increasingly burdensome for companies.
On June 11, 2021, the German Federal Parliament passed the so-called Supply Chain Due Diligence Act ("Lieferkettensorgfaltspflichtengesetz", or in short "LkSG"). The LkSG will officially enter into force on January 1, 2023, and as of such date it will be imposing an increased scope of corporate responsibility on companies with regards to human rights and environmental protection. The German Supply Chain Act is applicable to companies, regardless of their legal form (foreign companies are included) which:
As a consequence, organizations will almost immediately face an increased number of audits and will frequently be asked to supply data on environmental and human rights performance. That is why it is essential to be duly prepared. To enable this, we have created a short checklist of the main obligations under the Germany Supply Chain Due Diligence Act which can guide you and your company to be on time and avoid potential penalties or repercussions.
1) Set up a Risk Management System
Your company needs an effective risk management system that makes it possible to identify and reduce risks to human rights and the environment. In addition, the system needs to prevent, end or minimize the participation of your company to these violations.
The most effective way to do so would be to have a clear overview of all suppliers, conduct regular risk analyses (at least yearly) and request risk-related data sharing on human rights and environmental obligations. It is possible to use already existing guidelines for setting up a risk management system, for example, the ISO 31000 standard.
2) Appoint a responsible person within the company
One person must be appointed as responsible for sustainable business practices - this could be a human rights officer, the head of CSR or an ombudsman. The person needs to inform the senior management on their work, progress and performance at least once per year.
3) Perform regular risk analyses
In the event of a change in risk status, but at least once per year, your company needs to conduct a supply chain analysis, assessing its own performance as well as the performance of all direct suppliers. In some cases, for example after a confirmed manipulation of the supply chain structure or direct knowledge of an ongoing violation, indirect suppliers must also undergo a risk analysis. The findings of these assessments need to be documented and communicated to the company's management and, in particular, to the people in charge of purchasing or partnerships.
4) Establish a complaints procedure
Your company needs to have an internal and external complaints whistleblowing procedure in place. It should address breaches of human rights or environmental risks arising from internal business, direct suppliers or indirect suppliers. The procedure should consist of:
The effectiveness of the complaints procedure must be reviewed at least once per year and, in case of relevant changes, more regularly.
5) Document all actions
The fulfilment of all obligations set out in this guide needs to be continuously documented and stored for at least 7 years from its creation.
6) Issue annual reports
Your company needs to prepare an annual report on the fulfilment of its due diligence obligations and make it publicly available on the company's website no later than 4 months after the end of the financial year. These reports need to be available for a period of 7 years. The annual report should at least consist of:
If there were no breaches identified in the year for which the report is issued, the last three points are not required.
7) Prepare a policy statement
Your company must provide a clear policy statement on its human rights and environmental strategy. This policy statement needs to consist of at least the following parts:
8) Prepare a list of preventative measures for your own business
When it comes to direct business relationships of your company, compile a list of preventative measures, in particular:
These measures need to be reviewed at least once per year and, in case of significant changes, on an ad hoc basis. Significant changes could include new products, projects or business activities.
9) Prepare a list of preventative measures towards direct suppliers
In case there is a breach or an indication of a breach in the business of your company's direct suppliers, you should prepare a list of preventative measures, in particular:
As previously, these measures need to be reviewed at least once per year and, in case of significant changes, on an ad hoc basis.
10) Perform due diligence at indirect suppliers
If there is a substantiated (evidenced) knowledge that a breach may happen at an indirect supplier:
11) React to breaches
If a breach has already happened or it appears to be unavoidable, there are a few things your company needs to do:
If the breach took place at a direct supplier and it is not possible to end it within the foreseeable future, the company needs to issue and implement a concept with a concrete timeline for ending or minimising such breach. In certain cases, the termination of the business relationship with the respective supplier may be necessary. The effectiveness of these actions should be reviewed at least once per year and, in the event of significant changes, more frequently.
Given the initial scope of the law, not every company will immediately fall under the new rules of the German Supply Chain Act. But even if your organization is relatively small, it is likely that you will observe changes ranging from more frequent supplier audits to stricter customer codes of conduct and data requests. The time to ensure that your company is prepared for the upcoming changes is now - and we are happy to support you. To understand your own position, we offer an easy self-assessment to check your company's readiness. If you would like to understand more about how our Codio Impact platform allows you to collect and manage sustainability data to comply with new regulation and customer requests, please contact us directly. We are excited to be part of your sustainability story.
Disclaimer: Nothing in this article is nor should be taken as a legal opinion or advice. This article solely reflects the author's interpretation of existing information and pieces of legislation, and neither the author nor Codio Impact UG (haftungsbeschränkt) take responsibility for the application of the opinion laid out in this article.