The new German Supply Chain Due Diligence Act (LkSG) – what needs to be done


last updated on 2 January 2023 | reading time approx. 8 minutes

by Carla Everhardt, Dr. Susana Campos Nave and Clemens Bauer


The new German "Act on Corporate Due Diligence to Prevent Human Rights Violations in Supply Chains" (Supply Chain Due Diligence Act – German: Lieferkettensorgfalts­pflichtengesetz, short: “LkSG”), more commonly known as the German Supply Chain Act, imposes extensive new obligations on companies with regard to human rights along the supply chain, the so-called "due diligence obligations". The LkSG is effective as of 1 January 2023, and creates an urgent need for businesses. In order to meet the responsibility to protect human rights all along the supply chain, companies need to implement extensive compliance measures.





Scope of the Supply Chain Due Diligence Act

From 1 January 2023, the rules of the LkSG will affect all German companies directly, regardless of their legal form, head office, principal place of business or statutory registered office. In all of these cases, the legislator assumes that the relevant decisions for supply chain risk management are made in Germany.

In the first step, the scope of the LkSG covers companies of at least 3,000 employees. From 2024, the Act will cover companies with more than 1,000 employees per average per fiscal year. In the interests of better planning and thus legal compliance, changes in the size of the workforce should not affect the application of the LkSG.

However, small and medium-sized companies that do not meet the aforementioned minimum size must also focus on the requirements of the LkSG. The implementation of due diligence obligations in contractual relation­ships as well as the delegation of obligations, for example based on terms and conditions of the supplier, is becoming an essential component of supplier contracts which was also intended by the legislator in the inter­est of effective human rights protection.

Protected rights and obligations of companies

The protected rights are defined in § 2 para. 1 LkSG. The clause refers to largely universally ratified international treaties on the protection of human rights as listed in the annex to the Act. In addition to this – general – reference to international treaties as framework, § 2 para. 2 LkSG moreover contains a specific catalog of human rights-related risks that have a typical link to labor law. Among others, child labor, forced labor and classic aspects of occupational health and safety (including obviously inadequate safety standards, lack of appropriate protective measures) can be found there.

During the legislative process, the inclusion of environmental protection in the scope of the LkSG was contro­versial. According to the current state of affairs, environmental protection is covered at least insofar as environ­mental damage indirectly affects human rights such as human health or the human rights standards listed in § 2 para. 1 LkSG and in the annex of the LkSG. The annex among others refers to environmental protec­tion. In the future, with the introduction of the European Supply Chain Directive, environmental protec­tion will play a more significant role and the LkSG will have to be adapted in line with European law. For exam­ple, the first draft of the European Supply Chain Directive provides a higher level of regulation with regard to environ­mental issues, including a detailed catalog of environment-related violations and matters of biodiversity.

The catalog of protected rights that can be found in the LkSG must be understood as conclusive. However, due to the general reference to an international legislative framework, companies are faced with the challenge of interpreting the international treaties and determine the relevant aspects in the company.

Overview of due diligence obligations and possible fines

According to § 3 LkSG, companies are required to comply with specified human rights and environmental re­quirements along the supply chain in an appropriate manner. This obligation shall ensure that companies live up to their responsibility to protect human rights.

The central obligation for companies therefore is to integrate due diligence obligations as part of the corporate policy. This includes various supplementary and linked measures, namely:

  • the implementation of a human rights-related risk management system (§ 4 para. 1 LkSG)
  • the implementation of an in-house body, responsible for human rights protection (§ 4 para. 3 LkSG)
  • the implementation of a human rights-related risk analyses (§ 5 LkSG)
  • the declaration of basic principles for the protection of human rights in business (§ 6 para. 2 LkSG)
  • the implementation of preventive measures in the own business area (§ 6 para. 1, 3 LkSG) and vis-à-vis direct suppliers (§ 6 para. 4 LkSG)
  • remedial action in the event of a human rights violation (§ 7 para. 1-3 LkSG)
  • the implementation of a complaints procedure (§ 8 LkSG) with regard to the notification of human rights violations
  • the implementation of due diligence measures with regard to risks connected to indirect suppliers (§ 9 LkSG)
  • the implementation of documentation (§ 10 para. 1 LkSG) and reporting (§ 10 para. 2 LkSG) measures connected to the fulfillment of mandatory due diligence obligations


§ 24 LkSG stipulates a range of fines in the event of violations. The penalty against natural persons may go up to 800,000 euros; against companies, fines in excess of 400 million euros and up to 2 per cent of the average annual turnover can be imposed in certain cases. In terms of administrative offenses, the company's managers, but also, for example, the human rights or compliance officer, can be addressees of the fines.


Scope of the due diligence obligations

The LkSG establishes a duty of effort, but not a duty to succeed. Thus, the legislator does not require compa­nies to guarantee that human rights violations will be prevented in every case. However, companies must prove that they have done everything in their power to prevent human rights-related risks along the supply chain. In this context, the principle of adequacy – an undefined legal concept open to interpretation – is of crucial impor­tance.

The scope of due diligence obligations is a question of the individual case and is specified in more detail pursuant to § 3 para. 2 LkSG on the basis of the following criteria:

  • the nature and scope of the company's business
  • the company's ability to influence the direct cause of a human rights-related or environment-related risk or the violation of a human rights-related or environment-related duty
  • the expected severity in case of a violation, the ability to reduce the violation, and the likelihood of the violation of a human rights-related or environmental obligation
  • the nature of the company's contribution to the human rights or environmental risk or to the violation of a human rights or environmental obligation

With regard to the question of whether a company has complied with the various levels of due diligence obli­gations, it is crucial to perform an individual risk assessment and consider the individual risk factors. In addi­tion to the general business sector, typical criteria for the assessment are the actual and regulatory framework conditions that can be found at the production site (e.g. child labor in third world countries, occu­pational safety in textile production).


It is clear that the legislator relies on the threefold approach of avoidance, prevention and remediation. The due diligence obligations must be understood as dynamic obligations. The question of the efficiency of the sustain­ability policy in the company must be examined at regular periods, but at least annually, as well as on an ad hoc basis. Furthermore, changes in the business operations and the business environment can be reason for a review. In this context, the greater the company's ability to exert influence and the greater the degree of risk involved in the business activity (i.e., the severity of the violation of the protected legal position that can typi­cally be expected), the greater the standard that must be applied to the due diligence obligations.

Even though the LkSG primarily applies due diligence obligations only to the company's own business opera­tions and direct suppliers, misconduct by indirect suppliers can give reason to act as soon as a company has gained substantiated knowledge of possible human rights violations by the supplier. In these cases, the obligation to initiate appropriate measures rises.

The German Federal Office for Export Control has been entrusted with monitoring and enforcing the LkSG and in the course of its audits, it follows a risk-based approach, ranging from plausibility checks to in-depth audits and on-site visits, also abroad.

Some of the new due diligence obligations in detail

Obligation "Identification of risks and implementation of a risk analysis regarding own activities and business relationships within the supply chain"

The LkSG requests companies to implement a risk analysis with regard to their own business activities and business relationships along the supply chain. Companies must ensure that someone in the company is res­ponsible for monitoring human rights risks, e.g. by appointing a human rights officer.

This obligation serves as a basis for the subsequent definition of preventive and remedial measures with the goal of identifying, preventing, ending or at least minimizing human rights risks and violations along the supply chain. Unforeseen risks shall be assessed and dealt with in a prioritized way. If facts are unclear, there is an obligation for the company to investigate the individual case.

Obligation "Implementation and communication of a human rights strategy and preventive measures"

Based on the findings of the risk analysis, companies should implement a company policy and implement specific compliance measures based on the individual situation. This also includes the continuous update of human rights-related guidelines.

The legislator emphasizes the so called "tone from the top" – the human rights declaration must be adopted by the company management and contain a clear commitment to the company’s human rights strategy.
The human rights strategy shall contain the following:

  • identification of the relevant human rights and environmental risks
  • description of the corporate risk management
  • explanation of the company's objectives, standards and human rights guidelines


Obligation "Consideration of human rights strategy and preventive measures in business activities and monitoring of compliance"

The legislator requests the integration of the general principles set out in the human rights strategy in everyday business. All business processes must be reviewed on the basis of the human rights strategy and, in this context, among others, codes of conduct or guidelines must be established. Furthermore, the human rights strategy must become a binding component of business relationships by being taken into account in business relationships, especially contracts.

In individual cases, the importance of human rights in the course of business activities can go as far as re­quiring companies to support their suppliers in preventing risks, for example through training or ongoing support with regard to human rights issues.

Obligation "Take remedial action, establish a concept to minimize human rights violations and suspend the business relationship, if necessary"

It is important, to find solutions for human rights violations along the supply chain. If remedial action is not possible, a concept must be developed to minimize the negative impact in the individual case. In a cooperative approach, companies should find a joint solution with their suppliers. As a last step, the termination of the business relationship may be considered, while the temporary suspension of the business relationship may be considered as a milder remedy.


Obligation "Implementation and maintenance of a complaint system and subsequently review"

The LkSG requests the establishment of a complaints system, which must be accessible in a simple way. Furthermore, the requirements of confidentiality and data protection must be considered.

The complaints procedure should also be accessible for people whose rights were violated by the business activities of an indirect supplier. Consequently, the complaints procedure must be set up in such a way that third parties who become aware of the violation of a protected legal position also have the opportunity to compliant.

Obligation "Information Duties"

By documenting due diligence obligations and at the same time requiring that the documentation must be kept for a period of seven years, the legislator creates the prerequisite for monitoring and enforcing the duties set in the LkSG.

In addition to the obligation to provide relevant information and to cooperate in inspections upon request, companies must prepare an annual report on the due diligence measures implemented, namely on risk identification and the preventive and remedial measures taken.


The LkSG is an important new compliance task introducing high liability risks. Company managers must ana­lyze all new obligations set out in the LkSG and examine the situation in their own businesses. In case due diligence requirements are not implemented in the right way, there is a risk of an administrative procedure and of heavy fines being imposed.


The human rights related compliance measures can be set up on already existing compliance management systems. Management and compliance officers must now take action in the interests of corporate governance and adopt their existing compliance system with regard to the new requirements and moreover also adjust the contracts with their suppliers with regard to the new specifications.

Deutschland Weltweit Search Menu