Reports Trends

The German Supply Chain Act — Steps You Can Take to Comply

The German Act on Corporate Due Diligence in Supply Chains — also known as The German Supply Chain Act, Supply Chain Due Diligence Act (SCDDA) or Lieferkettensorgfaltspflichtengesetz (LkSG) — is new legislation passed in June 2021 which will take effect on January 1, 2023. It will then be further expanded on January 1, 2024. 

This new piece of legislation is intended to hold companies responsible to human rights and environmental standards regarding their global supply chains.

This article will look at what you’re obligated to do as stated in the Act and give you advice at each stage. It will also talk about what kind of penalties you could face if you fail to comply.

We, the International Compliance Workshop (ICW), will further give our projections on new developments related to the LkSG and go over our step-by-step service — for companies that source from Asian countries — which will take you through the whole compliance process unscathed.

Who will be affected?

Companies based in Germany and German-registered branches of foreign companies will be required to conduct supply chain due diligence activities.

This means if you’re a foreign enterprise but with subsidiaries, joint ventures and even branch offices in Germany, you’ll have to comply.

Furthermore, both direct and indirect suppliers will be affected, though the latter to a lesser extent.

Indirect suppliers belong to your supply chain but aren’t your contractual partners.

If you try to circumvent the Act by structuring a direct supplier relationship as an indirect one, they’ll be treated as a direct supplier.

The LkSG will initially apply to companies with more than 3,000 employees. This is for those with their head office, administrative seat or statutory seat in Germany. 

Companies with a branch in Germany that employ at least 3,000 employees at this branch will also be affected.

Beginning in January 2024, this threshold will be reduced, applying to companies with more than 1,000 employees.

Employees of both parent and group companies are included in this calculation. Temporary workers employed for over six months and workers posted abroad are also included.

Possible penalties

Fines of up to €800,000 can be imposed on companies that violate their due diligence and reporting obligations.

Failing to remediate matters with direct suppliers in the event the company receives “substantiated knowledge” of human rights or environmental violations could result in even greater penalties.

Fines for non-compliance could reach up to 2% of average annual global turnover for companies with an average annual global turnover of over €400 million.

Companies can also be excluded from winning public contracts in Germany for up to three years.
Contrary to popular opinion, civil liability cannot be discounted, and damages may have to be paid to victims of human rights violations.

Due diligence obligations and advice

A. Risk management and analysis

I. What you must do

Your company needs to set up or review existing risk management and analysis systems.

This is to determine the risks that business activities — both your own and those in your supply chain — will violate the new Act.

You must appoint someone to oversee risk management, such as a human rights officer. The term for such a person is “responsible person” (RP).

Senior management must obtain information from the RP at least once a year regarding such issues.

All risk analysis results must be communicated to the relevant decision-makers at your company, such as the board of directors or the purchasing department.

Risk analysis must be carried out once a year as well as when new risks are involved in your firm’s or your suppliers’ activities, such as due to a new project undertaking.

II. Advice

Taking child labour as an example, one thing to look out for would be areas or regions that are known hotspots.

Another would be whether your suppliers have systems in place to prevent forced or child labour, such as age verification processes.

Constant labour shortages or low school attendance rates in an area may also be a risk for suppliers to recruit children.

This is an entire industry in itself and it would be sensible to leave the nuts and bolts to a specialised team, with the help of the appropriate analytical tools from experts with a far-reaching database of suppliers.

Note that while the LkSG raises the example of appointing a human rights officer as your RP, there’s no reason why you cannot integrate risk management — as well as this particular role — into existing departments.

B. Write a policy statement

I. What you must do

Your company will need to issue a policy statement on your human rights and environmental strategies.

In general, this statement must contain:

  • The procedures by which your company will ensure itself and its supply chain follows human rights and environmental due diligence obligations;
  • The specific risks identified;
  • Your company’s expectations of its employees and suppliers regarding human rights and environmental issues.

II. Advice

One of the first things you want to do is consider the values your company’s policy will base its objectives on.

The LkSG itself draws on conventions set by the International Labour Organization (ILO).

Organisations and initiatives like Sedex and BSCI take these values — as well as others such as the UN Guiding Principles — into account in their auditing methodologies.

Apart from what the Act sets out for you, you can also include additional sections such as who your policy applies to, how it affects your relationships with suppliers, the tools you will provide your employees and suppliers and so on.

You can further give an overview of how you developed your policy, including the setting up of task forces and the results of stakeholder consultations.

One last thing to include — and consider — is legal jurisdiction issues. There may be differences between Federal and State legislation.

Make sure you keep the language in your policy statement practical, clear and concise. The last thing you’d want is for there to be misunderstandings — whether with employees, suppliers or worse yet, regulatory authorities.

You should send a copy of your statement to all your suppliers and customers.

Remember to update your policy statement based on new developments regarding the Act.

C. Set up a complaints procedure

I. What you must do

Your company must implement a complaint mechanism — in text form — which should be made publicly available.

Anyone entrusted by your firm to deal with such complaints must be entirely impartial, independent and not “bound by instructions”, such as from their supervisors. They are also bound to secrecy.

This procedure must be accessible to all people involved. Anyone with knowledge of possible human rights and environmental violations — by your company itself as well as its direct suppliers — should be able to point them out.

The identity of complainants cannot be disclosed, and they must also be protected from punishment as a result of a complaint.

The effectiveness of your complaints procedure — including for those regarding your indirect suppliers — has to be reviewed at least once a year. They also have to be reviewed when there are new risks involved in your company’s or your direct suppliers’ activities.

II. Advice

Handling such complaints will be slightly different from doing so with your ordinary customer. Even so, there are similarities.

It won’t be necessary, in this case, to respond to any complainant after you’ve resolved their complaints, many of which may even come from in-house. However, you can still do so just to ensure that your whole complaints handling process has been carried out effectively.

You should also ensure that all communications channels are clear and efficiently set up. It would be best for there to be a short and direct communication path from complainant to decision-maker.

This is where e-commerce SMEs have an advantage, as they are more flexible in this regard.

Setting up a proper complaints mechanism is of paramount importance, especially for e-commerce retailers. The last thing you’d want is for your customers to complain about you on social media. 

Complaints about human rights and environmental violations can be particularly damaging.

Handling complaints promptly and effectively will only improve your reputation. Ensuring you handle ESG-related ones in this manner sends out the right message as well.

You can model your complaint mechanism on that of the European Ombudsman.

D. Apply preventive and remedial measures

I. What you must do

Companies need to apply appropriate preventive and remedial measures based on their risk analysis.

This point is partially tied in with the “Write a policy statement” as well as the “Do proper risk management and analysis” sections.

“Risk-based control measures” must be put in place to ensure compliance with the human rights strategy written down in your policy statement.

Preventive measures need to be taken by implementing purchasing and procurement strategies that prevent or minimise identified risks.

Training must be provided in the relevant business areas.

Your company needs to obtain contractual assurances from direct suppliers that they will comply with all “human rights-related and environment-related expectations”. 

In the case that any violations are discovered in your supply chain, you must draw up a “concept” with a concrete timetable. You must further consider:

  • The joint development and implementation of a plan (with your supplier) to end or minimise the violation;
  • Joining forces with other companies to try and influence the supplier that causes or may cause harm;
  • A temporary suspension of your business relationship with the supplier while efforts are made to minimise the risk.

The termination of your business relationship with a supplier is only required if:

  • The violation of a “protected legal position” or an environment-related obligation is considered very serious;
  • You cannot remedy the situation with your concept after the time specified in it has elapsed;
  • You have “no other less severe means” at your disposal and attempts to increase your ability to influence the supplier fails.

The effectiveness of both your preventive and remedial measures regarding both direct and indirect suppliers must be reviewed once a year. This must also be done whenever there is a development of new risks for you or your direct suppliers.

II. Advice

Take child labour as an example. 

While most global businesses conduct regular supply chain audits to verify their suppliers do not use child labour, these are few and far between and also allow suppliers to prepare in advance.

Forbes estimates that enterprises would have to increase their spending on auditing from about 0.1% today to 1% of their annual profit, to be able to conduct regular inspections in vendors’ workplaces.

One way you can prevent things like child labour is by joining initiatives such as the ILO Child Labour Platform. This initiative provides support to businesses that want to improve their policies regarding child labour.

Another way you can prevent human rights and environmental violations is to use supply chain software. 

This helps you track raw materials and components as well as verify suppliers’ declarations with the help of auditing programs.

E. Document and report everything

I. What you must do

The fulfilment of due diligence obligations must be continuously documented.

A report on this must be prepared and published annually. This report must be publicly available free of charge on your company’s website “no later than four months after the end of the financial year for a period of seven years”.

Furthermore, all documents relevant to these issues need to be kept for at least seven years from its creation.

The contents of the report must state the following:

  • Whether your company has identified any human rights and environment-related risks and violations, and if so, which ones;
  • What your company has done to fulfil its due diligence obligations;
  • How your company assesses the impact and effectiveness of your measures and
  • What conclusions you can draw from your assessment for future measures.

If it so happens that you have not identified any such risks or violations, only point 1 would be needed in your report.

Lastly, you need to consider the implications of disclosing business and trade secrets.

II. Advice

You can base your report on what is laid out in the Act as well as your policy statement.

Go through each point and ask yourself, “Have we achieved this?” Have your employees and suppliers satisfied all the criteria laid out in the Act?

Again, make sure the language used is practical, clear, concise and gives no opportunities for misunderstandings.

The documentation that comes with this report will also be important.

Proper documentation, while being a requirement in the Act, also protects you from penalties and fines, cuts down duplicative work and makes important information easily available to everyone who needs it.

It demonstrates to your employees and customers that you are serious about safeguarding critical information and providing this information to stakeholders.

The best thing you can do to ensure you have all your compliance documents in order is to use a supply chain management platform.

Practical steps you can take

International Compliance Workshop (ICW) provides cloud-based compliance management software and a certification marketplace that helps global retailers and brands comply with market-entry requirements, digitise compliance workflow processes and increase transparency between businesses.

ICW’s QMAS is a supply chain compliance management system (CMS) that allows you to store and manage all your compliance documents. It also alerts you when your testing reports and audit certificates are about to expire.

In addition — for e-commerce platforms looking to source from manufacturers in Asia — a sensible thing to do would be to integrate a platform that provides comprehensive supplier information.

ICW’s i-Source Supplier Profile Database gives you over 30,000 supplier profiles, allowing you to compare and contrast between vendors of apparel, fashion accessories, toys and the like.

What sets our database apart is the fact that apart from the more typical supplier information — ranging from product allocation to line and monthly capacities — we also include information about compliance with Sedex, BSCI, BEPI and ISO 14000 auditing standards and methodologies. 

These are internationally recognised standards and methodologies associated with the ESG values that the German Supply Chain Act is based on. 

With the help of these products and more, including an AI reports management system, ICW helps you achieve your compliance and due diligence obligations in a five-step process.

  • We prepare and send out a comprehensive Request for Information (RFI) questionnaire to suppliers for a preliminary evaluation of their capabilities. We then help you do a more in-depth analysis of their operations and compliance status.
  • Next, we help you establish your compliance statement, policy and procedures.
  • We further provide you with a supplier audit program that helps you comply with the above-mentioned Sedex, BSCI, ISO 14000 standards and more.
  • With our QMAS supply chain management platform, you can housekeep your suppliers’ certificates and compliance documents and data. 
  • Lastly, we provide an appropriate analytical tool that helps you with compliance risk analysis.

At ICW — a service used by Boots, Kroger and Walgreens — we ensure your business complies with the latest laws and regulations.


The German Supply Chain Act is part of a worldwide shift towards stronger environmental, social and governance (ESG) values.

Issues such as the carbon footprint of a company, the sustainability of its sourcing practices and its human rights policies are increasingly coming to the forefront of consumers’ minds — particularly the younger generation — and hence of international agendas.

A global report from HSBC found that 86% of businesses expect their sales to grow over this year through a stronger focus on sustainability.

Even the world’s leading investment banks are now using ESG maturity to inform valuation and investment.

Nevertheless, this has been a relatively recent trend. The LkSG is still in its infancy and some of its language is still as yet unclear. 

The Federal Ministry of Labor will issue regulations and the Federal Office of Economics and Export Control (BAFA) will publish guidance for companies regarding this piece of legislation at a later date.

It should be noted that BAFA, the competent authority, has the power to enter business premises, demand information and inspect documents.

The European Commission is expected to present a draft EU directive in some time, setting considerably higher standards than the LkSG. The German government would then be obligated to amend this legislation.

This does not mean that you should ignore the Supply Chain Act, as complying with it will help you minimise risk, strengthen your marketing and also prepare you for future amendments.

Be on the alert for further legislation that’ll address other areas of ESG-related matters.

While larger e-commerce retailers and importers will probably have the resources to deal with the implications of this Act, smaller enterprises such as SMEs will have to start preparing for when the LkSG is expanded in 2024.

Note that even if you have less than 1,000 employees, the Act could still affect you if you are a direct or indirect supplier of a larger company with operations in Germany.

So if you’re an e-commerce enterprise with business ties in Germany it’d be best to confirm if this Act applies to you in any way, and if so, make preparations for the law coming into effect in 2023 and 2024. 

It would also be prudent to stay on top of news and updates.