Supply Chain (CSDDD & LkSG) - Reading time: 18 Min
The Supply Chain Due Diligence Act (LkSG) for companies came into force in Germany on January 1, 2023. Since January 1, 2024, it has already applied to companies with at least 1,000 employees. The law on corporate due diligence obligations in supply chains obliges companies to take human rights and environmental standards within their value chain into account. The due diligence obligations defined in the law apply to both the business activities of companies and their suppliers. The law presents companies with the challenge of ensuring ethical standards in their supply chains. Nevertheless, implementing the law can not only improve a company's image, but also its competitiveness. In our article, we have summarized the most important points and background information on the law and explain how the Supply Chain Act can be implemented in Germany.
The Supply Chain Due Diligence Act obliges companies with their registered office or branch office in Germany to identify, assess and prevent human rights and environmental risks in their supply chains.
Since January 1, 2023 for companies with more than 3,000 employees, since January 1, 2024 also for companies with more than 1,000 employees.
In addition to German companies, foreign companies are also affected if they have a German branch with a corresponding number of employees.
You must introduce a risk management system, appoint a responsible person, carry out regular risk analyses, take preventive and corrective measures, set up a complaints procedure and report annually.
The supply chain comprises the company's own business division, direct suppliers and - if specific risks are known - also indirect suppliers.
The Federal Office of Economics and Export Control (BAFA) monitors compliance. Violations can result in fines, exclusion from public contracts and loss of reputation.
It aims to strengthen respect for fundamental human rights and environmental standards along global supply chains - e.g. prohibition of child and forced labor, protection against health hazards, fair working conditions and environmental protection.
The law lists nine specific obligations that companies must systematically implement:
Status January 2026:
The law on corporate due diligence obligations in supply chains was passed back in June 2021. It officially came into force in Germany on January 1, 2023 and is intended to regulate the due diligence obligations of companies in a binding manner. The law also aims to oblige companies to protect human rights and environmental standards in the global economy.
The Supply Chain Due Diligence Act is an important step in the global economy. It aims to implement the United Nations (UN) Guiding Principles on Business and Human Rights in a binding manner. The term "supply chain" refers to all of a company's products and services. This includes all steps, both at home and abroad, that are required to manufacture a product or provide a service.
To protect the environment and human rights, companies must now pay greater attention to the following points:
In order to identify, avoid or minimize the risks of human rights violations and environmental damage, the establishment of a risk management system is one of the core elements of the 9 due diligence obligations. Effective risk management, including risk analysis, preventive and remedial measures and a complaints procedure, is important. Compliance should be documented internally. Although a reporting obligation is currently still regulated by law, the review and submission are currently suspended and an amendment to the law to remove the reporting obligation is currently in the process.
In 2023, the Supply Chain Due Diligence Act (LkSG) initially came into force for companies with at least 3,000 employees. Since 2024, it has been extended to companies with at least 1,000 employees in Germany. The law obliges all companies that have their head office, principal place of business, administrative headquarters or registered office in Germany to implement the due diligence obligations
Companies can also fall under the LkSG if they have a branch office in Germany in accordance with Section 13d HGB. This applies to both private companies and publicly owned companies. Direct suppliers are therefore not automatically subject to the law themselves. In practice, however, they are often indirectly involved because the companies concerned pass on requirements via contracts, purchasing conditions or audits along the supply chain.
Direct suppliers, i.e. those upstream or downstream of a company in the supply chain, are also affected by the Supply Chain Duty of Care Act. In most cases, companies that are subject to the law will contractually oblige at least some of their direct suppliers to comply with the rules of the law. These suppliers must then also ensure that their own suppliers comply with the rules. This means that the Act is also important for many small and medium-sized enterprises (SMEs).
The LkSG set two timeframes for implementation:
In the event of violations, the companies concerned must expect the following penalties:
Planned (not yet in force): In the draft amendment of 2025, fines are to be more limited and essentially focused on serious infringements. The draft also includes a cap of up to €800,000 in the new version of Section 24. In addition, the BAFA can impose fines of up to €50,000 for failure to cooperate.
With the planned amendment to the LkSG, the federal government wants to simplify key points without abolishing the law as such. The focus is primarily on two changes:
It remains important: Due diligence obligations continue to apply. Companies should continue to properly set up risk management, risk analysis and preventive and remedial measures. If external reporting obligations no longer apply, internal documentation becomes all the more important, for example for customer requirements and critical questions from stakeholders.
Procedural status: The Bundestag debated the bill for the first time on 16.01.2026. The procedure continues in the committees.
The German Supply Chain Due Diligence Act (LkSG) obliges companies to take risks to human rights and certain environmental aspects in their supply chain seriously. This is not a guarantee of "zero risk". It is crucial that companies identify risks at an early stage, prioritize them correctly and take appropriate measures to reduce them effectively.
Companies do not have to check every part of the supply chain with the same intensity. Instead, they should concentrate on the areas where risks are particularly likely or particularly serious. In practice, the focus is therefore more on countries, sectors or product groups with a high risk situation than areas with lower risks.
Two key benchmarks for implementation are appropriateness and effectiveness.
It is crucial that the company can demonstrate how measures are implemented, how results are reviewed and how corrective action is taken in the event of deviations.
The Supply Chain Act in Germany exists because supply chains today are often very complex. In the past, voluntary rules were often not enough to prevent serious human rights violations or environmental damage. The law therefore lays down binding rules on how companies must identify risks in their supply chain and take action against them.
The law does not expect measures to be taken "only when something happens". Instead, companies should create fixed processes that work on a permanent basis. . Companies should anchor risk management and risk analyses, establish preventive measures, organize remedial measures, provide a complaints procedure and document the implementation in a comprehensible manner.
In terms of content, the law is aimed at both the company's own business area and supplier relationships. The focus is initially on direct suppliers, as they generally have greater scope for influence. Indirect suppliers come into focus when there are concrete indications of risks or violations.
The law follows a graduated approach: companies do not have to fully audit the entire supply chain at all times. Instead, they should take a closer look if there is a specific risk or reason and carry out a more in-depth check where it is really necessary.
For companies, this means that responsibilities and decision-making channels must be clear, and the procedure must be documented in such a way that prioritizations and measures can still be comprehensibly justified at a later date.
The law in Germany has led to the introduction of a similar law in Europe called the Corporate Sustainability Due Diligence Directive (CSDDD).
The German Supply Chain Act does not stand alone. It is based on international standards, in particular the UN Guiding Principles on Business and Human Rights. These require companies to respect human rights, identify risks at an early stage and take remedial action in the event of problems. This is precisely what the LkSG addresses, for example through a declaration of principles, risk analysis, preventive and remedial measures and a complaints procedure.
In addition, the OECD Guidelines and OECD Due Diligence Guidance provide practical orientation for implementation, for example on prioritizing risks, anchoring expectations in supplier relationships and effectiveness testing. The LkSG is therefore essentially the binding national formulation of what is considered good international due diligence practice.
The LkSG does not apply "to everyone", but is aimed at companies that have a clear connection to Germany and meet certain threshold values. It is important to note that even if a company is not formally subject to the law, it can still be very specifically affected as a supplier because larger customers pass on the requirements in purchasing conditions, contracts and audit processes.
Whether a company falls directly under the LkSG depends on two questions: Does it have a relevant connection to Germany and does it meet the employee threshold?
Employee thresholds (direct impact):
This means that "large" in the context of the LkSG is not defined by turnover or balance sheet total, but quite practically by the number of employees. Companies with fewer than 1,000 employees typically do not fall directly within the scope of the law, but can still be indirectly affected (see SME section below).
Reference to Germany (when the LkSG applies):
The law covers companies if they are anchored in Germany, e.g. through:
In addition, companies that have a branch office in Germany (e.g. in accordance with Section 13d of the German Commercial Code (HGB)) and conduct business through it, even if their head office is abroad, may also be affected.
In practice, this means
In reality, only "one" company is rarely affected. The question often arises as to who bears the obligations within the Group and how they are implemented in practice.
Typical borderline cases are:
It is important to distinguish between legal obligation and de facto involvement:
In practice, this often leads to a cascade effect:
Small and medium-sized enterprises are often part of larger supply chains. Even if they do not export directly, they can act as suppliers for large corporations. Dealing with the law not only protects against legal consequences, but also strengthens the company's image and enables more sustainable and ethical business practices.
Small and medium-sized companies with fewer than 3,000 or 1,000 employees should also get to grips with the law in good time. Companies that act early have the opportunity to set standards and gain a head start.
The Corporate Sustainability Due Diligence Directive (CSDDD) exists in parallel at EU level. As part of the latest EU simplifications, the obligations will primarily affect very large companies (including >5,000 employees and >€1.5 billion turnover) in future; application is planned from July 2029. The exact structure remains dependent on the final legislative process in the European Union.
The following 9 due diligence obligations are defined therein and must be observed by companies both in their own business area and by their suppliers:
The protected legal positions or violations of human and environmental rights arising from § 2 may include, among other things
The human rights due diligence obligations require companies to introduce a complaints procedure and risk management. If they identify violations in their business or supply chain, remedial action must be taken. With this law, companies must now ensure that international human rights are respected both in their own business operations and throughout their supply chain.
The German Supply Chain Act is not a completely new idea. It builds on international standards and existing guidelines, for example the UN Guiding Principles on Business and Human Rights, the OECD Guidelines for Multinational Enterprises and BAFA handouts and guidelines.
The debate was primarily triggered by scandals and serious incidents in which companies were linked to human rights violations or environmental damage. In addition, pressure from civil society and NGOs as well as global developments contributed to the introduction of the law.
Risk analysis is a central component of the LkSG. It helps companies to identify risks in the supply chain that are related to human rights violations or environmental damage. Companies that fall under the LkSG must carry out this analysis regularly and in a structured manner - especially with regard to direct suppliers and, if there are specific indications, also to indirect suppliers. Companies should take a particularly close look at areas where the risks are typically higher, such as possible cases of forced labor, child labor or environmental violations.
The risk analysis is an essential basis for fulfilling the due diligence obligations of the LkSG. It enables companies to assume their responsibility and ensure compliance with human rights and environmental standards. Based on the analysis, appropriate preventive and remedial measures can be taken and corresponding reports prepared.
For implementation, it is important to clearly understand the current requirements of the LkSG. Companies should first check which areas are affected and whether the existing processes are already sufficient or need to be adapted. To do this, it is worth taking a look at several areas: for example, risk management, supply chain/purchasing, human resources and dealing with complaints or affected parties.
Procurement processes and IT systems should also be reviewed, as should targets and internal guidelines. This gives companies a clear overview of where risks can arise in practice. On this basis, targeted measures can then be derived to reduce risks and reliably comply with due diligence obligations.
If risks are found, corrective measures must be taken to prevent the problems. This can be done by concluding contracts with direct suppliers that set out clear rules on human rights. It is also important to use appropriate purchasing strategies and to carry out training and checks. This will ensure that everything is in order and violations are avoided.
If the risk of a violation of human rights is identified at the company's own site or in the supply chain, appropriate measures must be taken to end or minimize this. This applies in particular if the human rights violation has already taken place.
It is important to also check indirect suppliers for human rights risks. If there are indications of possible violations, measures should be taken to eliminate the risks. Information from authorities or reports of poor working conditions in the production area are also important. It also plays a role whether an indirect supplier belongs to sectors with particular human rights risks. Once an overview has been obtained, a risk management method should be introduced. This includes analyzing the risks and implementing measures to prevent or remedy problems.
How comprehensive these measures can be depends on whether the company only fulfills the basic requirements or whether it wants to take on a pioneering role. It has been shown that clear commitments, training, the use of new technologies and adjustments to existing processes have an impact on how well these concepts can be implemented.
Next, the company should issue a clear statement. This should describe the risks to people and the environment. It also makes sense to explain how these risks are to be avoided. This can be set out in a human rights strategy. To ensure that the due diligence obligations are fulfilled, it is important to carefully document and report on everything. According to § 4 para. 3 sentence 1 LkSG, every company with more than 3,000 employees must ensure that a person is appointed within the company who is responsible for monitoring risk management, such as a human rights officer. This person must be appointed internally and cannot be appointed externally.
The law requires companies to set up a complaints procedure. This allows people to report indications of violations in the supply chain. The aim of the complaints procedure is to uncover, rectify or directly prevent problems in the supply chain. This enables the company to avoid fines and damage to its image. Anonymous reporting channels in particular are an effective means of preventing these risks and damage.
With our Hintbox and the form we have developed, you can implement these requirements quickly, securely and easily. The Hintbox is ISO 27001 certified and GDPR-compliant. It is also permanently accessible to all suppliers worldwide via a link.
The management must issue a declaration known as the Code of Conduct. This sets out how the company fulfills its obligations. This joint declaration of principles must fulfill all requirements in accordance with Section 6 (2) sentence 3 LkSG and identify the most important risks in the area of human rights and the environment for all affected groups.
It also documents the company's expectations of its employees and suppliers in the supply chain. This plays a major role in managing negative impacts on human rights.
If the risk analysis reveals a risk that would result in a violation of the law, the company must take preventive measures in its own business area. These are defined as implementation tactics and control measures resulting from the Code of Conduct. They can take the form of training or the development of strategies to minimize risk, for example.
This also includes preventive measures vis-à-vis a direct supplier in order to cover the entire scope of business activities. It also includes taking human rights and environmental expectations into account when selecting such suppliers. Further measures are described in Section 6 of the Act.
It is important that companies constantly document their internal due diligence obligations. Every year, they must submit a report to the Federal Office of Economics and Export Control (BAFA). This report should provide clear information on the following points:
The report must be submitted to BAFA no later than four months after the end of the financial year. Companies are also obliged to prepare a report on the fulfillment of their legal obligations in the previous financial year and publish it on their website. It should be available there for seven years.
An electronic reporting format is being developed to minimize the effort for companies. The information provided there can also be used to fulfill the CSR reporting obligation.
The German Supply Chain Act already presents major obstacles for many companies. However, the EU Supply Chain Directive (CSDDD) sets even stricter requirements. This directive tightens the existing law by making more companies responsible and extending the monitoring obligations. It is already clear that significantly more companies will have to comply with the due diligence obligations in future and that monitoring will be extended to the entire supply chain.
Stricter liability rules are also being introduced. Companies should therefore act quickly now. It is advisable to keep an eye on the development of the EU directive now when designing processes. Find out more about the EU Supply Chain Act and the legislative process.
To ensure that these requirements do not become individual decisions on a day-to-day basis, you need clean supply chain management: clear responsibilities, reliable data flows, defined escalation channels and supplier management that tracks measures. Read our article on supply chain management to find out how to set up these structures and which processes have proven themselves in practice.
To ensure that due diligence obligations are not only imposed on suppliers "retrospectively", the topic should be incorporated into the supplier relationship as early as possible, ideally during onboarding. A code of conduct or self-disclosure can be a good start. However, this alone is often not enough, especially if the risk situation is elevated or if customers or inspection bodies expect verifiable evidence.
A staged approach has proven itself in practice: For suppliers with a low risk situation, basic requirements and a plausibility check can be sufficient. For higher risks, additional information and clear rules on how to deal with deviations are required. It is important to note that a signed code of conduct is only reliable if it is linked to specific expectations, responsibilities and control mechanisms.
Typical building blocks that companies anchor in purchasing are:
The LkSG not only looks at whether rules are written down, but also whether they work in practice. Monitoring is therefore an important part of implementation. Companies must be able to show how they check supplier requirements and what they do if there are indications of risks or violations. This does not mean "audits everywhere", but a risk-based approach, with appropriate evidence, spot checks, assessments and consistent follow-up.
In practice, monitoring can look like this, for example, depending on the risk:
It is crucial that responses and evidence are not only collected but also evaluated and that deviations lead to concrete measures. This is precisely where "paper compliance" separates itself from implementation that also stands up to critical scrutiny.
Not every risk can be resolved by replacing suppliers immediately. In many cases, breaking off the business relationship only makes sense as a last resort. Supplier development is therefore a key lever in the LkSG: risks are reduced in the long term by companies demanding, supporting and following up on improvements.
Above all, supplier development means agreeing specific measures with suppliers, including clear responsibilities, fixed deadlines and clear follow-up. Depending on the situation, this may also include training, joint standards or improvement programs. It is important that the measures are measurable and that they are regularly checked to see if they are really working.
Typical elements in practice are
This transforms supplier management from "querying standards" to a system that actually minimizes risks and at the same time strengthens the supply capability and stability of the supply chain.
The LkSG protects fundamental human rights. This is particularly important in countries or sectors where controls are weak or there is strong price pressure. Child labor and forced labor are among the most serious risks and are therefore monitored particularly closely. This does not only apply to clearly visible cases. There are also risks if workers are recruited through dubious intermediaries, have to pay high fees or hand in their ID cards. Discrimination also plays a role, for example when certain groups are systematically paid less or disadvantaged.
This means for companies: They should pay attention to typical warning signals in the risk analysis. These include, for example, high-risk sectors, country profiles, indications from audits or complaints and anomalies in the recruitment or employment of workers. Companies can take preventative measures by having clear rules for recruitment, proper documentation of employment relationships, training and an easily accessible complaints channel. If there are indications of violations, they must investigate them and initiate concrete measures, not just take note of them.
In many supply chains, it is not only the major "scandalous issues" that are a problem, but above all the day-to-day working conditions. This is why the LkSG also covers occupational health and safety, health protection, fair wages and basic employee rights. This is particularly important in sectors with a high risk of accidents, very long working hours or many subcontractors. Typical weak points are a lack of protective measures, poor accommodation, too much overtime or wage deductions that can make employees dependent.
It is important to note that these topics are not just "nice to have", but are part of what companies must check for plausibility as part of their due diligence obligations. In practice, this means that verification and controls should not only focus on paper documents, but also on the question of whether minimum standards are actually being implemented. This is particularly effective when requirements are anchored in purchasing and supplier management - e.g. through clear minimum requirements, risk-based verification checks, action plans and consistent follow-up.
The LkSG applies not only to human rights, but also to certain environmental issues. This primarily refers to cases in which environmental problems directly harm people. For example, when pollution makes people ill, there is a lack of clean water or people lose their livelihoods. Typical risks include polluted air or water, incorrectly disposed waste and the use of hazardous chemicals, especially in countries where environmental regulations are hardly monitored.
It is crucial for companies to take a risk-based approach to environmental aspects: Not every supply relationship is automatically an environmental risk, but depending on the raw material, production process or location, environmental factors can very quickly become a key compliance issue. Clear expectations of suppliers, evidence of relevant procedures and approvals as well as monitoring that identifies anomalies and investigates them in depth if necessary can help with implementation. Here, too, it is not the existence of a policy that counts, but the ability to identify risks, derive measures and provide verifiable evidence of their effectiveness.
The collapse of the Rana Plaza building in Bangladesh in 2013 was a terrible tragedy. Clothing for many well-known brands was manufactured there. Over 1,100 people died in the collapse and thousands were injured. This showed that working conditions in the garment industry are often very poor and that workers had no job security.
A supply chain law would have put pressure on garment manufacturers to provide better conditions in the factories where they produce. The law would have provided clear rules for companies to abide by and introduced penalties for those who do not. This would have made manufacturers scrutinize their supply chains more closely and ensure that everything is fair.
Such a law would not only have helped the workers in Bangladesh, but also in other countries where similar problems exist. It would have been an important step towards better working conditions and a more sustainable textile industry.
Child labor in the cocoa industry, especially in West Africa, has been a major problem for many years. It is estimated that millions of children work in hazardous conditions on cocoa plantations to meet the growing global demand for cocoa. The Supply Chain Act would have required chocolate manufacturers to ensure that their cocoa is not sourced through child labor.
They should have closely monitored their supply chains to ensure that no child labor is involved. Manufacturers would be responsible for only sourcing cocoa from ethical sources and regularly checking that no child labor is taking place. The law would also have provided for penalties for companies that break the rules, such as fines or exclusion from the market.
Oil palm plantations in South East Asia have a terrible impact on the environment. Due to the high demand for palm oil, large areas of rainforest are being cut down to make room for the plantations. This not only leads to the loss of valuable habitats and endangers many animal and plant species, but also to large amounts of CO₂ emissions, which exacerbate climate change.
In addition, cultivation damages the soil through the use of pesticides and fertilizers, which has a long-term negative impact on agriculture. A supply chain law could help to reduce environmental damage here. Companies that use palm oil would have to comply with strict environmental regulations and ensure that their palm oil comes from sustainable sources.
This would force them to look for more sustainable cultivation methods. Such laws should also ensure the protection of the indigenous population, who are often displaced from the plantations. It is important that governments and consumers become more aware of the issue of palm oil and support sustainable alternatives. By buying products without palm oil or with certified sustainable palm oil, we can all help to protect the environment and the rainforest.
There is a major problem with conflict minerals in the Congo. People work under dangerous conditions in the mines. The money earned from the sale of these minerals is often used to finance armed conflicts. To change this, a law was proposed that would have obliged companies to monitor the origin of their minerals.
This was to ensure that they did not originate from conflict areas. This measure would have been an important step towards reducing the demand for conflict minerals.
However, despite global efforts, such laws have so far only been implemented in isolated cases. Many companies are reluctant to disclose their supply chains transparently or find it difficult to trace the actual origin of their minerals. This makes it difficult for consumers to make ethically responsible decisions when purchasing electronic devices, as coltan is used in many electronic products such as cell phones.
It is important that governments and companies show more initiative and take action to stop the trade in minerals. This could mean, for example, that companies have to comply with stricter rules or that alternative jobs are created in the areas where the minerals are mined.
The electronics industry in China is known for repeated violations of labor laws and poor working conditions in factories. Workers are often confronted with unfair wages, excessive working hours and a lack of protective measures. These abuses have led to public outrage and increased calls for a supply chain law.
Such a law would oblige companies to ensure that their suppliers respect workers' rights. It would hold them accountable and give them clear guidelines on how to ensure that their products are manufactured under humane conditions.
A supply chain law would force companies to scrutinize their supply chains more closely and ensure that these social standards are met. This could be done through regular on-site inspections or cooperation with independent organizations. Otherwise, such a law would also increase the pressure on companies to be more transparent and disclose information about their supply chains. This would enable consumers to make informed purchasing decisions and opt for more ethical products.
Clear responsibilities are needed to ensure that due diligence obligations do not become individual decisions. The LkSG is therefore not just a "purchasing issue", but a question of management within the company.
Duties and responsibilities within the company
This makes it clear that accountability is not just about policy, but also about process discipline - who decides, who documents, who escalates, who follows up on measures.
The first and most important mechanism is self-regulation. Companies must be able to demonstrate that they are not only aware of risks in theory, but also manage them in practice.
Typical instruments of self-control are
Important: These instruments are only resilient if they are linked together. A code of conduct without monitoring or escalation remains "paper compliance". BAFA handouts on a risk-based approach also provide guidance here.
In addition to internal control, there is also external supervision. BAFA monitors compliance with the LkSG, can carry out checks and respond to information or complaints. The focus here is on whether a company has established a plausible, risk-based and effective system.
What BAFA essentially wants to ensure
Note on current practice (as you already have it in there):
The review of company reports has been discontinued by BAFA and submission via BAFA access is currently not possible (as of fall 2025). At the same time, supervision and controls on due diligence obligations continue. Many companies also voluntarily use independent third parties (e.g. audits, certifications) to ensure the effectiveness of their measures.
For the purposes of classification, it is helpful to briefly combine enforcement and legislative development: It may feel like "less is happening", but the core expectation of functioning processes remains.
Since October 1, 2025, the BAFA has been pursuing a more restrictive practice: Proceedings on offenses that are to be deleted in the draft are discontinued or not reopened; fines are only considered for serious violations and under high conditions.
The legislative process for the amendment is running in parallel; among other things, the draft provides for the deletion of the reporting obligation and focused sanctions, while inspections are to continue.
In practical terms, this means that even if reporting issues are toned down, internal documentation, clean processes and audit readiness become even more important, especially when dealing with customers, stakeholders and in individual case audits.
When inspections take place, it is rarely about "perfect supply chains", but rather about reliable traceability: Can the company show that it systematically fulfills its obligations and acts in the event of risks?
Typical topics that are asked in practice:
So "we have done something" becomes "we can always explain why we are doing it this way and what the consequences are".
If companies do not comply with the requirements of the LkSG, the BAFA can impose fines. Fines of up to 50,000 euros are possible for minor infringements.
In the case of more serious breaches of duty, for example if no risk analysis is carried out, no complaints procedure exists or known human rights violations are not effectively ended - fines of between 100,000 and 800,000 euros can be imposed.
For companies with an annual turnover of over 400 million euros, the penalty can be up to 2% of the average annual turnover. For serious violations, the penalty is at least 175,000 euros.
Current enforcement notice (since 01.10.2025): The BAFA currently only applies fines very restrictively and essentially in the case of serious, grave allegations; in addition, the report review has been discontinued.
In the event of serious breaches of the rules, companies can be excluded from public procurement. As this has financial implications, it increases the pressure on companies to act in accordance with the rules. Some companies may prefer to pay fines rather than change their supply chain. However, this can lead to them being excluded from public procurement.
Fines under the Supply Chain Act are entered in the competition register and can be queried by awarding authorities. Even if an award process is almost complete, a company can be excluded due to a breach of the law. Competitors could use this to disadvantage other bidders.
Further problems are looming in the context of funding law. Companies that apply for or receive funding must expect severe consequences if they violate due diligence obligations. Even if the law does not address this directly, it is to be expected that funding bodies will stipulate compliance as a prerequisite for granting funding. This applies to tenders, contracts and funding decisions.
If companies violate the rules, subsidies could either not be granted or reclaimed. It is not yet clear whether this will only happen in the event of legally binding fines or if there is already suspicion while an application for funding is on hold or approved funds are not paid out.
In addition to legal obligations, reputational risk also plays a major role. You can find out how greenwashing arises and how you can avoid it in your communication in the article on greenwashing.
If a violation occurs in the company, whether at home or abroad, immediate action must be taken to end the violation. If a direct supplier or service provider commits a violation that cannot be stopped immediately, a plan must be drawn up immediately to stop or minimize the violation.
If legal violations are disclosed, business relationships do not have to be terminated immediately. In addition, solutions should be sought together with those affected in the supply chain. A corresponding action plan can help here.
The termination of a business relationship is the last resort. This would have to be a serious breach where no remedial measures have brought about a termination or where no more lenient means are available.
Section 3 (3) sentence 1 clarifies that there is no civil liability in the event of a breach of the duty of care. The applicability of the law depends on the registered office of the company. The LkSG does not establish any new liability under civil law, but does not affect existing liability rules and also introduces a special procedural status.
Many German companies have been directly or indirectly involved in disasters in other countries in the past. For example, in 2019 when a dam burst in Brazil, killing more than 250 people, or in 2012 when a fire broke out in a textile factory in Pakistan.
According to the law, German companies will also have to take responsibility for incidents of this kind in future. This primarily affects companies in the textile, electronics and automotive industries. The same applies to the pharmaceutical and food industries, as Germany imports many foodstuffs, chemicals and medicines from abroad.
These examples show why supply chain laws and compliance with the law are necessary and why responsibility does not end with mere knowledge, but begins with implementation. You can read about how to translate due diligence obligations into purchasing processes and anchor sustainability in supplier management in the article Sustainable procurement: how to implement requirements in practice.
The LkSG already applies in Germany. It obliges affected companies to systematically review risks to human rights and certain environmental aspects in their own operations and those of their direct suppliers and to manage these risks with preventive and remedial measures.
The EU Directive on Corporate Sustainability Due Diligence (CSDDD, Directive (EU) 2024/1760) pursues the same goal, but sets a uniform framework for the entire EU. It came into force on July 25, 2024.
Differences that count in practice
Timeline (planning view)
The CSDDD must first be transposed into national law; this deadline was postponed as part of the "stop-the-clock" package. It is currently planned:
At the same time, the EU is working on simplifications ("omnibus"). Although the framework is in place, individual details may still change. Companies should therefore not wait until everything has been finalized. It makes more sense to establish stable basic processes now - for example for risk analysis, supplier management, remediation, complaints procedures and documentation.
Germany is not alone with the LkSG. Other countries have also had regulations in place for years that make companies more responsible for human rights and the environment in their supply chains. Although the approaches differ in detail, they follow the same basic idea: companies should not only be aware of risks, but also actively manage them and effectively address violations.
France is a frequently cited example. For some years now, France has had regulations in place that oblige large companies to draw up and implement a structured due diligence plan. Similar to the LkSG, the focus is on topics such as risk analysis, prevention, remediation and the question of whether measures actually work. The practical effect is similar: due diligence obligations are being transformed from a "voluntary CSR issue" into a fixed component of governance and supplier management.
Other countries have also introduced or further developed supply chain or due diligence obligations - sometimes with a stronger focus on transparency and reporting obligations, sometimes with special priorities or enforcement mechanisms. The decisive consequence for companies with international procurement is that individual national regulations can quickly become a patchwork quilt. This is precisely why the EU is focusing on a harmonized framework with the CSDDD.
One conclusion in particular is worth drawing from this in practice: If you set up your due diligence system in such a way that it is risk-based, comprehensibly documented and effective, it is usually much easier to bundle requirements from different countries - instead of repeatedly rebuilding processes for each market.
Critics believe that the law does not go far enough. One point is that companies with fewer than 1,000 employees are currently not directly covered. In addition, environmental and human rights organizations criticize the fact that companies cannot automatically be held legally liable for problems in their supply chain.
Industry associations see it differently: a stricter law causes high costs for the economy. After the entire economy has already suffered enormously during the coronavirus pandemic, the strict implementation of the Supply Chain Due Diligence Act will only further damage Germany as a business location. In particular, it is hardly feasible for small and medium-sized companies to check the entire supply chain accordingly.
The BDI warns that the law could slow down German investment in Africa. The concern is that this could ultimately make Germany even more dependent on Asia. Others are therefore calling for a uniform EU regulation in order to avoid competitive disadvantages for individual countries. They are also calling for more support from politicians in auditing global supply chains - for example via the German Chambers of Commerce Abroad (AHK).
More and more consumers are making sure that products are manufactured under good and fair conditions. The younger population group in particular is becoming increasingly interested in environmental and social issues. Companies therefore need to find innovative business models and safe production methods and establish clean value chains in order to win them over.
The LkSG strengthens the idea of corporate social responsibility (CSR). It obliges companies to actively assume responsibility in their supply chain and implement due diligence obligations. This can visibly increase corporate responsibility and have a positive impact on the company's image.
The law motivates companies to develop more sustainable and responsible business models in the long term. Those who do this consistently can not only strengthen their own image, but also better protect the supply chain against risks.
Similar supply chain laws also exist in other countries, for example in the UK, France, the Netherlands and Switzerland. This helps to harmonize rules internationally. This allows common standards to develop - and competition becomes fairer because companies do not have to meet completely different requirements in every country.
Implementation can result in additional costs, for example for compliance, data and controls. It can also restrict the choice of possible locations - and thus affect competitiveness. More bureaucracy can also slow down processes and cause uncertainty among investors or customers.
Large companies may try to pass on the cost of compliance to their suppliers. As a result, the costs may ultimately lie with smaller companies that were previously exempt from the Supply Chain Act for competitive reasons.
How easy or difficult it is to implement depends heavily on the complexity of the supply chain. With simple supply chains, many things can be controlled more quickly. With very complex supply chains, it becomes much more complex. A fashion brand, for example, can often influence working conditions in a few production facilities more directly than a chemical company that works with many preliminary products and numerous suppliers.
The law could lead to companies no longer relocating their production sites to countries with lower labor costs. This could be the case if it is too costly to check suppliers or the political conditions preclude compliance with the Supply Chain Act. These production sites are often located in poorer countries. The supply chain directive could prevent investment and therefore economic growth in these countries.
The LkSG obliges companies to avoid or reduce risks to human rights and certain environmental aspects in their supply chain. To do this, companies must analyze risks, prevent them and respond to problems. They also need a complaints procedure, must record their principles and document measures well - and, depending on the requirements, also report on them.
The responsibility lies not only with purchasing, but also with management. Companies must create clear rules and processes and ensure that their suppliers are aware of and comply with the requirements.
Whether companies comply with the requirements is checked on two levels: by internal controls within the company and by external bodies - for example, authorities or independent auditors. Sanctions may be imposed if due diligence obligations are not met.
Even if the law can mean additional work, it brings long-term benefits: Companies strengthen their credibility, reduce risks and gain the trust of customers and partners. Overall, the LkSG should help to better protect human rights and promote more sustainable business practices in global supply chains.
The law does not stipulate any specific requirements. However, the company is obliged to introduce effective risk management. The department, competence and position of the person in question must be assessed accordingly by the company. The person responsible may also be based outside Germany.
Responsibility must be defined within the company and cannot be determined externally. However, companies can call on external help to support the internal officers. However, this external assistance may only provide support and may not assume independent responsibility.
Companies must carry out the first risk analysis as part of appropriate and effective risk management from the date the law comes into force (2023 or 2024). This analysis should take place every year, including in the first financial year, and be carried out additionally if necessary.
If a company expects major changes in the supply chain, situation-based analyses are necessary. Information from complaints procedures must also be taken into account. Several incident-related analyses may be required in the first financial year. The exact timing for completing the first risk analysis depends on the specific company circumstances and the risk potential.
If a company identifies risks during this analysis, it must immediately take appropriate preventive measures, including a policy statement in accordance with Section 6 (2) LkSG.
According to Section 5 (1) LkSG, risk analyses must take into account both the company's own business risks and the risks of its direct suppliers. However, this does not mean that risk management and preventive measures can be limited to these risks.
Rather, the law requires that the overall risk management must be appropriate and effective in order to avoid all prioritized risks that the company has caused or contributed to in the supply chain (Section 4 (1) and (2) LkSG). It is therefore necessary that the preventive measures also address the risks at the suppliers in the supply chain.
The risk analysis helps companies to identify, assess and prioritize potential problems in the area of human rights and the environment. To do this, it is important that companies clearly map their supply chains and procurement processes and thus have a clear overview of their relationships with their suppliers. The risks are then assessed and, if necessary, sorted. Companies have a certain amount of freedom of choice here, but must be able to explain clearly why certain risks are more important than others.
If more information is required, for example to take action, a more detailed assessment of the risk must be carried out. The law refers to helpful instructions and guidelines to help companies with their obligations. The risk analysis should be carried out annually and as required in order to be able to react to changes in the supply networks.
The due diligence obligations oblige companies to make continuous and appropriate efforts to fulfill them. This also includes transparency in the supply chain. If this is not possible for plausible reasons, you are still acting in accordance with the Supply Chain Act if you document the reasons. The risk analysis must be updated at least once a year and whenever necessary.
The policy statement must contain all legally required elements in a clear document. It is permitted to refer to additional documents in order to explain certain parts of the policy statement in more detail. The declaration is deemed to have been made as soon as the company management makes it publicly available, for example on the company website. In order to implement the prevention measures in accordance with Section 6 LkSG, the policy statement must also be communicated to employees and possibly the works council.
The same applies to direct suppliers in accordance with the obligations in Section 6 (4) LkSG. A purely passive provision, such as the storage of documents in systems or on the intranet, is not sufficient to be considered "communication" within the meaning of the law. In the case of direct suppliers, however, it is sufficient if a link to the company's website is included in the general terms and conditions of supply on which the policy statement is published.
According to Section 6 (1) LkSG, companies must take immediate action if they identify risks in their own business area and with direct suppliers through regular analyses. These measures should also address other risks in the supply chain to which the company contributes and which must be prioritized accordingly. In addition, the company should strive for transparency in the supply chain and define appropriate measures vis-à-vis direct suppliers. Finally, the company must have accurate knowledge of specific risks.
A company focuses its prevention measures on specific risks and does not apply them to the entire product range. Suppliers may be required to provide evidence. However, the law does not specify exactly what evidence is required. A signed supplier self-disclosure alone does not automatically fulfill the duty of care. Other obligations such as risk analysis and measures for prevention and remediation must also be fulfilled.
In accordance with Section 7 (2) and (3) LkSG, companies are encouraged to seek solutions to complex problems together with suppliers or within their industry before withdrawing from a business area. The principle here is "empowerment before withdrawal". Termination of the business relationship is only justified if there is a serious violation of rights or environmental obligations and other measures cannot remedy the situation.
It does not automatically lead to the termination of cooperation because a state has not ratified or implemented certain agreements. The responsibility for approval lies with the states and not with the companies. However, state deficits in the area of human rights can increase the risks for companies. Companies should therefore include non-approval or non-implementation in their risk analysis and examine its impact.
An internal complaints procedure within the company is sufficient as long as it complies with the legal requirements.
Every year, companies must submit a report on their due diligence obligations to the Federal Office of Economics and Export Control (BAFA) and publish it online. This should be done no later than four months after the end of the financial year. The report must clearly state what risks the company sees for human rights and the environment, what measures it has taken and how effective these are.
It must also show what conclusions will be drawn for the future. A company's secrets must be protected. Information on how the report is to be submitted to BAFA and published on the company's website is also included.
Companies must submit their first report to the competent authority no later than four months after the end of the financial year. For companies with more than 3,000 employees, the financial year ends in 2023, while for companies with more than 1,000 employees it ends in 2024. The reporting period begins on January 1 of the corresponding year. The following applies to all reports to be submitted to BAFA between January 1, 2023 and June 1, 2024 and published on the company's website: BAFA will verify the existence of the reports and their publication for the first time on the reporting date of January 1, 2025.
If a report was due before this date but is not submitted to BAFA until January 1, 2025, no sanction will be imposed. However, if such a report is submitted after January 1, 2025, BAFA may issue a reminder and impose a sanction if necessary. No special provisions apply to reports whose submission deadline ends on or after January 1, 2025; BAFA may take immediate action and impose sanctions if necessary.
Companies reporting before January 1, 2025 will only receive instructions from BAFA on how to comply with the requirements in future reports in accordance with Section 10 (2) and (3) LkSG. Reports submitted from January 1, 2025 onwards may be requested by BAFA to be rectified if the requirements under Section 10 (2) and (3) LkSG are not met, and sanctions may be imposed in the event of violations. The other due diligence obligations pursuant to Sections 4 to 10 (1) LkSG and their monitoring and sanctioning by BAFA remain unaffected by this deadline regulation.
If seals, certificates or audits clearly show that they meet the legal requirements, they can serve as important indications that due diligence obligations are being fulfilled.
Do not wait too long.
DE
