Germany’s Due Diligence Act – What You Need to Know

In less than one year, Germany’s Due Diligence Act will come into force. Also referred to as the German Supply Chain Act (Lieferkettengesetz), it requires companies to respect human rights along the entire supply chain. To comply, enterprises will have to establish a risk management system that includes preventative measures. And there are high fines for violations. We tell you what to expect and how you can prepare. Act quickly – time is running out.

1. What is the German Due Diligence Act (Supply Chain Act)?

For companies in Germany, measures ensuring human rights and sustainability in the supply chain have been voluntary until now. This was prescribed by the National Action Plan for Business and Human Rights from 2016. However, fewer than one in five companies took responsibility for their supply chains, according to a NAP-monitoring survey presented to the German government in 2020.

With the new Due Diligence Act – also called Supply Chain Act – ethical standards of conduct will be required by law. The new law applies to all companies that have branch offices in Germany, not only those based or headquartered in the country. Violations will be subject to sanctions, including fines and penalty payments. Trade unions and non-governmental organizations will be empowered to bring claims against companies in Germany. This includes legal action by employees of direct suppliers based abroad.

2. Who Is Affected by the Supply Chain Act?

Beginning January 1, 2023, the Due Diligence Act will apply to companies based in Germany, depending on their number of employees. Enterprises with at least 3,000 employees must comply. From 2024, the law extends to companies with more than 1,000 employees.

However, small and medium-sized businesses will also be affected as part of the supply chain of larger customers. As businesses are concerned about their reputations, large companies are likely to pass on the due diligence obligations on to their suppliers. For public sector tenders, companies will be evaluated according to their compliance with the Due Diligence Act – whatever the size of the company or number of employees in Germany.

And there are other reasons that waiting is not an option for smaller businesses. Similar laws in other nations of Europe reflect the public outcry to protect human rights at every stage of the supply chain. The European Parliament has adopted a draft directive that in some respects goes significantly beyond the German federal Due Diligence Act.

3. What Are the Liability and Sanctions for Non-Compliance?

Under the new German supply chain law, due diligence obliges companies to prohibit human rights violations both domestically and internationally. These include child labor, forced labor, slavery, torture, occupational health and safety violations, wage exploitation, discrimination, and withholding the right to form trade unions and workers’ representation.

Punishment for violations include fines of at least €175,000, or up to 2 % of the annual turnover, with a periodic penalty of up to €50,000. The law includes certain environmental obligations as well. These are primarily activities that endanger humans, such as poisoning soil and water. Negative environmental impacts in value chains are expected to be more strongly regulated from 2023.

4. What Are the Corporate Due Diligence Requirements?

According to the Due Diligence Act, companies in Germany must demonstrate that human rights are respected in their supply chains. To meet minimum requirements, businesses must:

• Implement a company-wide risk management system, and define internal responsibility
• Conduct regular risk analysis to review hazards within the company’s own business operations, and those arising from direct suppliers (Tier-1)
• Take preventive action on potential violations. Initiate remedial action on actual breaches
• Assess due diligence of risks at indirect suppliers (Tier-n)
• Establish a publicly accessible complaints procedure
• Adopt a policy statement
• Document the company’s human rights strategy. Publish identified risks and actions taken

So the question is: Do you have processes in place that focus on identifying, assessing, and minimizing (compliance) risks, and creating proactive mitigation plans? Your program will depend on the maturity of your compliance structures and existing risk management. This includes reviewing the existing set of tools in the company − a task especially for those responsible for purchasing and supply chain.

5. What Are Practical Next Steps If the Law Applies to Your Business?

It’s best to create a roadmap with specific steps for implementing the requirements early on. The following top three things should already be included in your company strategy. Ideally, they are also embedded in your purchasing and supply chain management:

In the company:

1. Analyze risks Check the entire value chain for potential violations. This goes from material procurement all the way to product use. Prioritize risk by countries and industries.
2. Determine actions Review within your organization which gaps need to be closed. Develop risk mitigation measures within your sphere of influence. Develop your project plan.
3. Involve employees Make it clear to everyone in the organization that they are part of the task. Train them on the requirements. Set goals and measure implementation.

In purchasing and supply chain management:

4. Gain transparency and minimize risk. Establish holistic supply chain risk management that you can integrate with enterprise resource management. Prioritize by countries, industries, and commodity
5. Check master data Review, revise, and cleanse your supplier master data. Enable digital monitoring. Get rid of deadbeats and refine your supplier strategies.
6. Create (digital) structures This includes processes, contracts, and audits. Adjust purchasing processes. Adjust supplier audits to identify at-risk suppliers and detect violations. Commit your suppliers to compliance.

6. Why Digitalization Makes the Difference

By following your roadmap, you build the foundation for comprehensive risk management as required by the Due Diligence Act. Digitalization makes the difference here. Use the AI-driven technology to support your implementation:

• Employ automated supply chain risk management (SCRM). This is the only way to create the transparency across the entire supply chain, including sub-suppliers, necessary for the required risk profiling
• Continuously monitor your supply chains. Receive real-time notification of risk events. Have ready-made mitigation plans
• Integrate internal and external data (including sustainability rankings, sanctions, compliance fines or penalties)
• Create reports and documents easily to satisfy stakeholders, management, auditors, and customers

In short: Your company must be able to demonstrate that it is monitoring its supply network for risks and rule violations. It also must prove that it is proactively planning remedial measures. Otherwise, any fines or penalties could be followed by reputational damage, lost sales and profits.

And finally, don’t wait until the Act on Corporate Due Diligence Obligations in Supply Chains takes effect. Supply chain risk management is not performed solely to comply with a law. Among other things, companies aim to guarantee trouble-free supply, and protect their reputation by knowing where products are sourced. And to do that, businesses need to manage all types of supply chain risks. Seen in this light, the German Supply Chain Act, or similar laws in other countries, also offer you the opportunity to professionalize your risk management.

riskmethods was acquired by Sphera in October 2022. This content originally appeared on the riskmethods website and was slightly modified for sphera.com.