German Supply Chain Act (LkSG): Takeaways for compliance

1. Introduction

The German "Act on Corporate Due Diligence to Prevent Human Rights Violations in Supply Chains" (Supply Chain Due Diligence Act – German: Lieferkettensorgfalts­pflichtengesetz, short: “LkSG”), more commonly known as the German Supply Chain Act, is a groundbreaking legislation that has been effective since 1st January 2023. The Act imposes extensive new obligations on companies with regard to human rights and environmental issues along the supply chain, the so-called "due diligence obligations".

2. The scope of the LkSG

The LkSG affects all German companies directly, regardless of their legal form, head office, principal place of business, or statutory registered office. Initially, the Act covers companies with at least 3,000 employees. From 2024, it will extend to companies with more than 1,000 employees per average per fiscal year.

3. Protected rights and obligations of companies

LkSG refers to universally ratified international treaties on protecting human rights. It includes a specific catalog of human rights-related risks that have a specific link to labor law, such as child labor, forced labor, and aspects of occupational health and safety.

4. Due diligence obligations and possible fines

Companies are required to integrate due diligence obligations as part of their corporate policy. This includes implementing a human rights-related risk management system, an in-house body responsible for human rights protection, a human rights-related risk analysis, and the declaration of fundamental principles for protecting human rights in business. Violations can lead to fines of natural persons up to 800,000 euros, and against companies, penalties over 400 million euros and up to 2% of the average annual turnover can be imposed.

5. Detailed compliance requirements

The LkSG requires companies to establish a risk managementsystem that includes measures to identify, prevent, and mitigate human rights risks in their supply chains. This involves conducting regular risk analyses, establishing preventive measures, and taking remedial actions when identifying human rights violations.

Companies must also establish a complaints mechanism that allows third parties to report potential human rights violations. They must also document their due diligence measures and notify them annually.

More specifically, the LkSG lays down the following requirements for organisations:

• Establish a risk management system
• Designate a responsible person or persons within the enterprise
• Perform regular risk analyses considering the enterprise and its third parties
• Issue a policy statement on human rights and make it publicly available
• Lay down preventive measures for both the enterprise as well as its third parties
• Take remedial actions in case of a (suspected) violation
• Establish a complaints procedure
• Implement due diligence obligations regarding risks at indirect suppliers
• Document and report on all performed activities

For all the requirements above, the LkSG states that senior management must adopt them and should provide oversight.

6. How 3rdRisk could help

Complying with the LkSG can be a complex task, but with the right tools, it becomes manageable. 3rdRisk is an all-in-one third-party risk management platform that provides everything you need to comply with the German Supply Chain Act quickly and affordably.

3rdRisk has an advanced supplier due diligence capability, which allows you to efficiently send out and analyse due diligence assessment questionnaires. In addition, the platform also has an integrated global news monitoring capability, which constantly monitors if a supplier is negatively mentioned in the news. Finally, the platform can be enriched with external data sources, such as ESG ratings from well-known providers.

A significant advantage of the 3rdRisk platform is that you can easily manage all your risk and compliance activities in one platform. Also, cyber security experts, for instance, can use the 3rdRisk platform to perform due diligence activities and monitor cyber threats. Even internal audit professionals could use the 3rdRisk platform for conducting internal control self-assessments.

7. Conclusion

The LkSG is a crucial new compliance task introducing high liability risks. German businesses must analyse all new obligations set out in the LkSG and examine the situation in their businesses. In case due diligence requirements are not implemented in the right way, there is a risk of an administrative procedure and of heavy fines being imposed. Remember, compliance is not just about avoiding penalties—it's about demonstrating your commitment to human rights and ethical business practices.