The German Supply Chain Act – a focus on the new due diligence obligations


published on 29 June 2022 | reading time approx. 6 minutes


The German Supply Chain Act imposes extensive new obligations on companies with regard to human rights in the supply chain, referred to as Due Diligence Obligations.

 As consequence, the Supply Chain Act establishes an urgent need to act for all com­panies. In particular, existing compliance management systems must be adapted and supplementary measures introduced to comply with the new regulation.






Scope of the Supply Chain Act

The Supply Chain Act will apply from 1. January 2023 to all companies – regardless of their legal form – whose head office, main branch or statutory seat is in Germany. Furthermore, the company must have at least 3,000 employees, and from 2024, the scope will be extended to companies with more than 1,000 employees. The benchmark is calculated on the number of employees generally employed in the company, usually in relation to the fiscal year. Fluctuations in the number of employees shall not have any influence on the application of the Supply Chain Act.


Those human rights protected by the Act are defined in § 2 para. 1 Supply Chain Act, which refers to ratified in­ternational treaties on the protection of human rights as listed in the annex to the act.


In addition to this more general reference as framework, § 2 para. 2 Supply Chain Act also contains a catalog of human rights risks such as child labor, forced labor and aspects of occupational health and safety (including obviously inadequate safety standards and lack of suitable protective measures)


One point of controversy in the past was the inclusion of environmental protection in the scope of protection of the law. Critics accused the act of disregarding environmental protection. In fact, environmental protection is at least indirectly covered by the act insofar as human rights are directly affected by environmental damage or international environmental agree-ments explicitly refer to environmental protection.

Overview of Due Diligence Obligations

According to § 3 Supply Chain Act, companies are obliged to observe human rights and environmental due di­li­gence obligations in their supply chain in an appropriate manner. This is to ensure that companies fulfil their responsibility to protect human rights.


Accordingly, the scope includes various measures that build on each other and are interlinked, namely

  1. the establishment of a risk management system (§ 4 para. 1)
  2. the definition of an in-house representative for human rights (Art. 4 para. 3),
  3. the performance of a regular risk analyses (§ 5),
  4. the adoption of human rights policies (§ 6 para. 2),
  5. the establishment of preventive measures in its own business area (§ 6 para. 1,3) and vis-à-vis direct suppliers (§ 6 para. 4),
  6. taking remedial action in the event of a violation of a protected legal position (§ 7 para. 1-3),
  7. the establishment of a complaints procedure (§ 8) for the notification of human rights violations,
  8. the implementation of due diligence measures with regard to risks at indirect suppliers (§ 9)
  9. documentation (§ 10 para. 1) and reporting (§ 10 para. 2) with regard to the fulfilment of due diligence obligations.


Due Diligence Obligations establish a duty of effort

The Supply Chain Act establishes a duty of effort, yet not a duty of succeed. Consequently, the act does not require companies to guarantee that human rights violations will always be prevented. However, companies must prove that they have done everything possible to prevent human rights-related risks in the supply chain. In this context, the principle of adequacy – an undefined legal concept open to interpretation – is of decisive importance.

Each effort depends on the individual case and is specified in more detail in accordance with § 3 para. 2 Chain Supply Act on the following criteria:

  • the nature of the company's business activities,
  • the company's ability to influence the perpetrator of the violation of a protected legal position or an environ­mental obligation,
  • the expected severity of the violation, the reversibility of the violation, the probability of the occurrence of the violation of a protected legal position or an environmental obligation,
  • the contribution to the risk.


Due diligence benchmark

Compliance must be assessed on basis of an individual risk assessment including various factors. In addition to the company’s sector, typical criteria for the assessment are the actual and regulatory framework conditions of the production site abroad (e.g. child labor in third-world countries, occupational safety in textile produc­tion).


Since the human rights situation is dynamic, the measures, in particular the risk analysis, must be reviewed at regular intervals, but at least annually. Furthermore, changes in business activities and in the business environment may give cause for a review. The greater the company's ability to exert influence and the greater the tendency for risks in its business acti­vi­ties, the greater the standard that applies to the due diligence obligations.


Even though the Supply Chain Act primarily applies due diligence obligations only to a company's own busi­ness operations and its direct suppliers, misconduct by indirect suppliers can justify the obligation to act as soon as a company has gained substantiated knowledge of (possible) human rights violations in the supply chain. In these cases, the obligation arises to initiate appropriate measures (risk analysis, preventive measures, remedial measures).

The implementation of the Supply Chain Act is controlled by the Federal Office of Export Control, which also follows a risk-based approach in its review of companies, from plausibility checks to in-depth audits and on-site visits abroad.


Identification of risks and conduct of risk analysis regarding own activities and business relationships

The Supply Chain Act requires companies to conduct a risk analysis with regard to their own activities and business relationships within the supply chain. Companies must ensure to define a person within the company who is responsible for monitoring risk management by appointing a human rights representative. 


The identification of risks serves as the basis for the subsequent definition of preventive and remedial mea­sures with the aim of identifying, preventing, ending or at least minimising human rights risks and violations of rights along the supply chains.

Identified risks must be assessed and prioritised; if the facts are unclear, there is a duty to investigate the back­ground if further information is required.


Establishment and communication of the human rights strategy and preventive measures

Based on the findings of the risk analysis, companies should adopt a policy statement and take measures based on it. This also includes the continuous adaptation and updating of existing human rights guidelines within the company.


The legislator emphasizes the "tone from the top" – the human rights declaration must be adopted especially by the company management and must contain a clear commitment to the human rights strategy developed.

The Supply Chain Act requests the following minimum content:

  • Presentation of the relevant human rights and environmental risks,
  • Description of the company's risk management concept,
  • Explanations of the company's targets, benchmarks and guidelines (so-called "human rights-related expec­tations").


Importance of a human rights strategy and preventive measures in business activities

The Supply Chain Act requires that the general principles laid down in the company’s human rights strategy must be integrated into everyday business. All business processes must be reviewed on the basis of the human rights strategy and, in this context, codes of conduct or purchasing guidelines must be established. Furthermore, the human rights strategy must become a binding component of business relationships e.g. by contractual design.

In individual cases, the consideration of human rights in business activities can go as far as requiring compa­nies to support their suppliers in preventing risks, e.g. through training or further education with regard to human rights issues.

Action, establishment of a concept for minimizing human rights violations and suspension of the business relationship

Human rights violations in the supply chain must be stopped. If this is not possible, a concept must be deve­loped to minimise negative impacts. In a more cooperative approach, companies should find a joint solution with their suppliers, whereby an action plan may be required. As last measure, the termination of business relations may be considered, while a tempo­rary suspension of business relations may be considered as a milder remedy.


Establishment of a complaints system

The Supply Chain Act requests the establishment of a complaints system that can be accessed easily by any­one. In this context, the duty of confidentiality and data protection must be met.

The complaints procedure shall also be open to persons whose legal positions are violated by the economic activities of an indirect supplier. Consequently, the complaints procedure must be set up in such a way that third parties who become aware of the infringement of a protected legal position also have the opportunity to point this out.

The complaints system can either be established internally, i.e. within the company or externally by taking use of external providers. In this context, the legislator addresses associations, among others.


Information duties

By documenting the company’s compliance with due diligence obligations as stated by the Supply Chain Act, and at the same time obliging companies to retain the documentation for a period of seven years, the legislator has created the prerequisites for monitoring and enforcing the new act.

In addition to the obligation to provide information and to cooperate in inspections upon request, companies must prepare an annual report on the due diligence measures implemented, namely on risk identification and the preventive and remedial measures taken.


Economic view – additional costs for the implementation of the Supply Chain Act

The measures to be implemented to fulfill the due diligence obligations in the company can be extensive and sometimes difficult. The legislator estimates additional annual costs for companies of around 43,47 million Euros. In addition, the legislator estimates one-off compliance costs of around 109,67 million Euros for the implementation of the new due diligence duties. 

In individual cases, it is difficult to quantify the specific amount of effort involved, as this amount depends to a large extent on compliance systems that are already established and just need to be adapted to the new re­quirements. Furthermore, it can be assumed that the contractual passing on of obligations to small and medium-sized supplier companies will be of major relevance in the future.


The requirements of the Supply Chain Act are based on the due diligence standard of the United Nations Guiding Principles, on which the National Action Plan for the Introduction of a Supply Chain Act for Germany is based. As the legislator has based the act to an already established standard, it is likely that the due diligence obligations have already been established in practice in many cases, at least by major companies. German government assumes that of the 2,900 companies that are subject to the act, around 600 already comply with the new requirements.

What companies need to do now

For the sake of corporate governance, management and compliance officers must now take action and consider the new provisions of the Supply Chain Act. This must be done on a case-by-case basis based on the com­pany’s business.


In case the due diligence obligations are not implemented, or if the implementation falls short of what is re­quired by law, there is a high risk of punitive proceedings to be initiated. Particularly because of the highly forma­lized procedure associated with the various reporting obligations, it can be assumed that non-compliance with the act will result in fines in the near future.

The Supply Chain Act in any case sets a framework with obligations for the measures to be implemented and thus creates a uniform standard for all German companies until the European Supply Chain Act will come into force within the next years.

Deutschland Weltweit Search Menu