How to Comply: German Supply Cha...
How to Comply: German Supply Chain Due D...

How to Comply: German Supply Chain Due Diligence Act and Forthcoming EU Rules

Protect people and the environment when you comply with the LkSG

Kelly Maxwell Content Marketing Specialist, OneTrust

clock7 Min Read

Featured Image

Jurisdictions around the world are passing a wave of new regulations focused on human rights, environmental risks, and labor rights, creating a new set of obligations for companies. These regulations include the Dutch Due Diligence Act, the EU Corporate Sustainability Due Diligence Directive, the German Supply Chain Due Diligence Act, the Norwegian Transparency Act, and the Swiss Human Rights Due Diligence Law. The United States, the United Kingdom, and Australia have also joined their EU counterparts, increasing their focus on human rights in the business sector. Developing a strategic plan for compliance will help your company eliminate human rights or environmental violations from your supply chain and escape costly consequences for noncompliance.

Today, we’re unpacking how to comply with the German Supply Chain Due Diligence Act (Lieferkettensorgfaltspflichtengesetz, or LkSG). If you’d like more background on the legislation itself, check out our blog post on the German Supply Chain Due Diligence Act and come back here once you’re ready to shift your focus to the practical tactics for compliance.

Key Requirements of the German Supply Chain Due Diligence Act

Before the LkSG goes into effect on January 1, 2023, companies who operate in any capacity (central administration, principal place of business, administrative headquarters, or a domestic branch of operations) within Germany and have 3000+ employees globally need to examine their related protocols. The key requirements that will determine your LkSG compliance include risk management systems and responsibilities, risk assessment, preventative measures and remediation plans, grievance mechanisms, speak-up processes, and due diligence obligations. Don’t gamble on the health of your current supply chain processes; examine the key requirements of the LkSG below and avoid any potential financial repercussions for noncompliance.

Is your organization prepared for January 1, 2023? Put the proper resources in place before the deadline by downloading our interactive German Supply Chain Due Diligence Act Readiness Checklist.

Risk management systems and responsibilities

To comply with the LkSG, your organization will need to have both a full end-to-end map of your current supply and value chains, as well as an assessment of the risks in your own business operations. Without an exhaustive understanding of the risks present in your third-party relationships, collecting as much critical information on the sectorial, jurisdictional, and operational risks as possible, the rest of your efforts will be fruitless. Take the time to drill down into as many third-party relationships as possible, knowing that a definitive comprehensive review of every third party will be next to impossible. The goal is to understand the risks present in your supply chain and identify the exact nature of the business relationship. This step will ensure accuracy for the related risk management requirements.

Your organization must designate a “responsible person” to lead LkSG compliance – maybe that’s you. Ideally, you will lead both the organization’s compliance efforts and a cross-functional working group that includes representation from related departments such as legal, compliance, sustainability, and procurement. Their efforts should help determine priorities and ownership, while identifying any overlaps or areas of concern. Take some time to engage with the working group’s recommendations to determine exactly where and how your risk management systems will support effective measures to prevent, end, or minimize violations.

Human rights policy and reporting

Your organization’s risk management system must be embedded within all other related business processes across your organization. If it doesn’t include a human rights strategy policy, heavily influenced by the risk assessment efforts detailed above, then compliance under the LkSG will be impossible. In order to provide updates on the progress made and the issues identified, annual reporting is also required and must be made available on your organization’s website for seven years.

Preventative measures and remediation plans

If you become aware of violations within an indirect supplier’s practices, you must act. These actions include carrying out a risk analysis and the adoption of preventive or remedial measures. Other preventative measures include reviewing and amending the supplier selection process, implementing a supplier code of conduct and attestation, training, and auditing.

One of the key steps to address risks with indirect suppliers is to ensure contractual assurances from your direct suppliers, establishing the requirement that they conduct due diligence on their own suppliers and obtain similar contractual assurances from them. When a risk or violation is detected, can your organization deploy appropriate risk remediation plans to immediately end the risk or violation? Is your company able to identify, prevent, remediate, and monitor issues with suppliers of Germany? The obligation applies no matter where the supplier is located.

Remediation plans are essential to mitigate and prepare for potential risk in areas where immediate resolution is impossible. For example, if specific issues such as forced labor and/or child labor are found, then a targeted and specific remediation plan should be implemented. You’ll need to have provisions in place that can mitigate risk over time and influence suppliers to improve their practices. Termination of the business relationship should be reserved for when a supplier has refused to commit to improvement after repeated violations. Preparation and remediation are equally essential to LkSG compliance, so make sure your plans are comprehensive enough to endure strict scrutiny.

Grievance process

The LkSG requires companies to establish an internal reporting channel and a process for responding to complaints throughout the supply chain. Similar to the EU Whistleblower Protection Directive, the goal of establishing internal reporting channels is to empower and enable individuals, both inside a business and its supply chain, to report potential human rights and environmental violations without fear of retaliation or other consequences. Compliance under both the EU Whistleblower Protection Directive and LkSG is possible if all whistleblowing efforts meet both sets of requirements. The LkSG complaints mechanism must define its procedures in writing, be reviewed on at least an annual basis, and be able to answer the following questions:

  • Who are the target groups? Can they access the complaint channels via different channels?
  • What happens when a complaint is made? Is this process transparent?
  • What are the steps and processes that will ensure confidentiality and data protection?
  • What are the public ways, such as on your website or via targeted distribution of printed materials, your complaints procedures are made available?

Due diligence obligations

Your organization must have due diligence processes that help screen direct suppliers for potential risks or violations of environmental and human-rights related obligations. The LkSG mandates the ability to execute your due diligence and screening programs at onboarding of a direct or indirect supplier and throughout your organization’s business relationship with said suppliers.

Conduct automated due diligence checks on all suppliers and build a risk management program with a third-party risk management solution. 

Fines for noncompliance can be as high as €8M ($8.96M USD), or up to 2% of a company’s annual global turnover if it surpasses €400M ($448M USD), depending on the level of infraction. Noncompliance can also earn exclusion from public tenders for up to three years. Beyond the financial incentive to comply with the LkSG, ethical companies simply perform better in the marketplace. Embrace the spirit of the LkSG and see why governments and investors alike have called for stronger corporate ESG programs.

Is your organization prepared for January 1, 2023? Put the proper resources in place before the deadline by downloading our interactive German Supply Chain Due Diligence Act Readiness Checklist.

You Might Also Be Interested In

JANUARY 13, 2023

Addressing UK app Code of Practice requirements with OneTrust

JANUARY 12, 2023

Ultimate guide to the EU CSRD ESG regulation for businesses

JANUARY 11, 2023

Continuous improvement: The leading indicator for successful compliance programs

JANUARY 10, 2023

Build trust, promote your program in the Third-Party Risk Exchange

JANUARY 9, 2023

Building trust in a zero trust world

JANUARY 9, 2023

Consent management by the numbers: 2022 DMA report summary

JANUARY 9, 2023

Navigating the California Privacy Rights Act as a HIPAA-compliant business

JANUARY 6, 2023

US state privacy bills on the horizon in 2023

Onetrust All Rights Reserved