What Germany's supply chain law means for procurement

posted by Chancelle Blakey
in Law
10 November 2022

British exporters and multinationals with a footprint in Germany are being warned of the potential impact of new legislation that demands they take action to comply with new rules coming into force at the start of next year. 

The Supply Chain Due Diligence Act was passed by the German Federal Parliament on 11 June 2021, after lengthy negotiations with the German Federal Council. Due to come into force on 1 January 2023, it is known as Lieferkettensorgfaltspflichtengesetz in German, or more commonly as the LkSG.

Legally, the act requires companies to adapt and update their compliance, purchasing and contract processes on human rights and environmental matters, including establishing a reporting mechanism – called “complaints procedure” – open to relevant stakeholders.

The move by the German government is supported by the European Union’s adoption of a proposal for a Directive on corporate sustainability due diligence. The EU’s aim is to foster sustainable and responsible corporate behaviour, and to anchor human rights and environmental considerations in companies’ operations and governance. The Directive will ensure businesses address adverse impacts of their actions, including in their value chains inside and outside Europe.

It’s better for responsible businesses to act now and be compliant, rather than wait to see what happens. Further, implementation of due diligence efforts as defined will require significant lead time before processes are effectively implemented as required.

Aims of the legislation

The LkSG compels businesses operating in Germany to improve their global supply chain compliance with human rights and material standards of environmental protection by placing due diligence obligations on those responsible for activities that fall within its scope.

With whistleblowing in mind, the act requires organisations to extend their whistleblowing processes into their global supply chain, if the organisation or any of its significant subsidiaries operates within Germany and falls within the scope of the act.

Who's going to be impacted?

From 1 January 2023, it will apply to any company or organisation with a headcount of over 3,000 employees working in Germany, and has a head office, administrative seat or statutory seat in the country, or any company or organisation with a branch in the country and usually employs over 3,000 people. From 1 January 2024, it will apply to companies with over 1,000 employees working in Germany.

But – and this is important – even if a company or organisation with fewer employees is not directly affected by the LkSG, they might still be affected indirectly.

That’s because these companies might still be obliged to enforce best efforts to improve due diligence within their supply chain. In other words, just because you don’t have to comply, doesn’t mean that your customer might not have to.

If your customer is in scope of the LkSG, they are obliged to seek contractual assurance that you – as part of their supply chain – are making best efforts to improve due diligence yourself through training and audits, and you address the issue in your own supply chain as well.

Enforcing compliance

The LkSG gives far-reaching powers of intervention to the authorities. For the LkSG, the competent authority is the Federal Office for Economic Affairs and Export Control (BAFA). BAFA can, at the request of an affected person or because of its own initiative, impose remedial measures on the business or organisation concerned to ensure compliance. It has wide-ranging powers over information and access and must be supported to enforce the remedial actions.

In addition, trade unions also have the power to conduct litigation on behalf of an affected person.

In both the above cases, the affected person might be anyone along the supply chain, not just the employees of the company or the direct supplier affected.

BAFA also has the mandate to actively conduct audits, including information requests and on-site audits, of companies in scope of the LkSG. If BAFA considers compliance measures non-existing or inadequate, BAFA can impose hefty administrative fines on the company, as well as on individuals in charge.

Penalties for violations

Penalties can be sweeping and heavy depending on the gravity and nature of the violation. Fines for a lack of due diligence can be up to €‎8 million for companies, and up to €‎800k for individuals.

Companies with an average turnover of more than €‎400 million might be fined up to 2% of their average annual global turnover. Organisations might also be excluded from significant public tenders for up to three years.

What do you need to do?

Responsible businesses must develop and implement a robust whistleblowing process as part of their environmental, social and governance compliance. They must extend this service into their supply chain, to enable all relevant stakeholders launching reports, including their own employees, employees of direct suppliers, but also those of indirect suppliers further down the supply chain.

Additionally, the LkSG mandates specific requirements for the whistleblowing process, including publicly accessible rules of procedure, impartiality of the person entrusted with the operation, confidentiality, comprehensive and public information on accessibility and responsibility, and annual effectiveness review.

By doing so, the organisation can be shown to be making best efforts to comply with the respective due diligence obligation on the complaints procedure as imposed by the new LkSG legislation.

There will undoubtedly be future changes that will tighten up the legislative demands, but a reliable external whistleblowing provider will ensure that their reporting system and processes are able to adapt to any changes.

The process to take:

 1) Review your supply chain

2) Identify concrete supply chain risks

3) Choose how best to manage any risks

4) Put regular supply chain reviews in place

Supply chains change over time. Old suppliers depart, new suppliers arrive.

It’s not enough to conduct a risk/mitigation exercise regarding the LkSG once.Instead, these need to be conducted on a regular basis, as well as ad-hoc if risk-significant circumstances of the business change, and records must be kept of when they are conducted.

This flags to the authorities that your organisation is making best efforts to ensure there are no human rights and environmental law violations, or that if they do occur, your organisation has the best possible awareness of when they take place and can rectify them and prevent future damage.

Chancelle Blakey is a business development manager at Safecall

CIPS Knowledge
Find out more with CIPS Knowledge:
  • best practice insights
  • guidance
  • tools and templates