Since the start of this year, German companies that work with suppliers* around the world are obliged under the Supply Chain Act to observe human rights and environmental due diligence throughout the supply chain. In this article you can find out what these are and how you can meet the requirements of the Supply Chain Act in your company.

The Supply Chain Act explained briefly

In 2021, the German federal government agreed on a draft law on corporate due diligence in supply chains. On January 1, 2023, the German Supply Chain Act came into force under the official name Supply Chain Due Diligence Act (LkSG), and it is therefore legally valid.

The law requires companies to document and improve the processes along the entire value chain – with the aim of protecting fundamental human rights in global supply chains.

Who does the Supply Chain Act apply to?

The Supply Chain Act applies to all companies that are based in Germany and employ at least 3,000 people.

Foreign companies with subsidiaries in Germany and a corresponding number of employees in Germany are also affected by the law.

From 2024, the threshold will be lowered from 3,000 to at least 1,000 employees. In the long term, there are plans to also create a European directive. A draft for a corresponding EU Supply Chain Act is currently still being negotiated. This contains even lower thresholds than the German Supply Chain Act, which would then have to be adjusted, as necessary.

Objectives of the Supply Chain Act

In short, the Supply Chain Act is intended to protect people and the environment in the global economy.

The focus is, for example, on protecting against forced and child labor, slavery and exploitation. In return, physical integrity, fair working conditions, occupational safety and health must be ensured.

The law thus makes companies responsible for ensuring that all their suppliers comply with basic human rights standards. They are obliged to assess possible risks, develop preventive measures, and take action, if there is evidence of violations.

Overall, the law is intended to bring more transparency to global supply chains and create binding guidelines. This provides more legal certainty – for the companies and for the people affected.

Obligations under the Supply Chain Act

According to the Supply Chain Act (Section 3 para. 1, sentence 2 LkSG), you have the following due diligence and reporting obligations:

• Issue a policy statement on respect for human rights
• Define internal responsibilities, e.g. appoint a human rights officer
• Set up systematic risk management
• Carry out regular risk analysis
• Implement preventive measures and corrective actions
• Set up an internal complaints procedure
• Document measures and violations, and publish an annual report

The due diligence requirements relate to the entire supply chain, from the procurement of raw materials to the sale of the end product. They are organized according to the different stages of the supply chain: First and foremost, they affect the company's own business area and the direct suppliers. In the case of indirect suppliers, the obligations are event-related – i.e. measures such as a risk analysis are always mandatory as soon as the company has evidence of a possible violation.

What are the consequences of non-compliance?

The Federal Office for Economic Affairs and Export Control (BAFA) checks compliance with due diligence requirements. With the new Supply Chain Act, those affected can now also lodge a complaint directly with authorities.

Businesses that violate the Supply Chain Act face hefty fines. In the case of serious violations, companies can also be excluded from public tenders for up to three years.

How to comply with due diligence requirements

The Supply Chain Act sets out clear requirements that you must follow in order to meet your due diligence obligations. This includes particularly the following three activities:

1. Identify and analyze risks

A central requirement of the Supply Chain Act is a systematic and transparent supply chain risk management (SCRM) process. This means you need to identify human rights and environmental risks in the supply chain so that you can then take appropriate action to minimize or eliminate them.

The possible risks are listed in Section 2 LkSG. This includes (potential) violations of relevant prohibitions on child labor, forced labor, slavery, torture, unequal treatment or freedom of association. Environmental risks are, for example, the use of certain chemicals or the non-environmentally-friendly storage and disposal of waste.

Regularly evaluate risks

In order to identify risks in one's own business area and with direct suppliers, the law requires companies to conduct risk analyses once a year and on an ad hoc basis. An ad hoc risk analysis can be triggered, for example, by the launch of a new product or the development of a new business area, since both are associated with an expanded risk situation. The identified risks must then be assessed according to criteria such as the likelihood of the anticipated infraction, its severity, and its irreversibility.

For an efficient risk analysis, it is advisable to carry out supplier audits and to pay attention to certifications, for example, in accordance with the quality management standard ISO 9001:2015.

2. Develop and implement measures

It is part of the risk management process to develop appropriate actions based on the risks identified.

Preventive measures

This includes measures to reduce risks and prevent violations. Among other things, you have to provide a policy statement about your company's human rights strategy, describing your risks identified and practices. Other preventive measures include training, monitoring activities, and developing suitable purchasing practices.

Corrective actions

Once there is evidence of a violation of human rights or environmental obligations, or a violation has occurred, your company must take appropriate corrective action. In your own business area, violations must be eliminated immediately. In the case of direct suppliers, you must at least develop a concept and monitor its implementation.

Complaints management

In addition, you must establish an internal complaints handling process that enables people to report risks and violations. Complaints management is carried out according to a defined procedure, which must be available publicly.

3. Create a report

Last but not least, everything you do to meet your due diligence requirements has to be documented. You must keep this documentation for at least seven years.

Another requirement is to prepare an annual report explaining the risks and violations identified during the previous financial year, the measures you have taken, and your assessment of the actions taken. You must make this report available publicly on your website free of charge.

On one hand, the report is essential for verification by the authorities. On the other hand, it provides consumers with clear documentation.

Transparent supply chain management with software

The most important prerequisites for being able to meet your due diligence requirements under the Supply Chain Act are transparent processes for supply chain management and supplier management. It is important to have the right software, in order to remove information silos and promote collaboration with everyone involved.

For example, an enterprise content management (ECM) solution with an interface to your ERP system can help you to obtain and manage all the necessary information about your suppliers.

Best practice: Supplier onboarding with ECM and ERP

When you add a new supplier to your value chain, you have to obtain a number of certificates, among other things. Our ECM solution does this for you automatically:

• A digital supplier file is created in the ECM for every new supplier.
• This triggers automatic workflows, e.g. to obtain additional documents, to send reminders about deadlines, or to notify users before certificates expire.
• All workflows, information and documents are documented, and then archived in an audit-proof manner.
• Thanks to our standard interface to SAP, you can access supplier files directly from your ERP system and all the relevant documents that you need to comply with the Supply Chain Act.

A document management system like Doxis is therefore ideal for expanding your ERP with an audit-proof archive and for meeting the compliance requirements for digital documents. It is also a great way comply with the documentation requirements of the Supply Chain Act.

Frequently asked questions about the Supply Chain Act