Whitepaper Supply Chain Act

Supply Chain Act

Read our white paper on the German Supply Chain Act online now and learn more about effective & economical supplier management.

Whitepaper Supply Chain Act

Solutions for effective and economical supplier management in compliance with the Supply Chain Act

Starting 2023, supply chains – from raw material extraction to delivery to the end customer – must be resilient against infringements of human rights and environmental harm. For affected companies that need to manage such a complex task effectively, but also as economically as possible, there is no way around a thematically oriented, IT-supported compliance solution.

Implement LkSG or CSDDD securely – efficiently & economically: Our IT-supported compliance solutions minimize risk and simplify your obligations.

The supply chain act creates clarity

In July 2021, discussions regarding the legal requirements for upholding human rights within the
supply chain reached their conclusion. With the adoption of the “Act on Corporate Due Diligence in Supply Chains”¹, the German parliament has set out the measures larger companies will have to take from 2023 onwards to prevent infringements of human rights and environmental obligations in their supply chains.

Difficulty of nomenclature

The law has become known as the Supply Chain Act – we use this term in this document for the sake of simplicity and because the name is in common use. Officially, however, it is the “Act on Corporate Due Diligence in Supply Chains” or Supply Chain Due Diligence Act.

The supply chain act and UN guiding principles

The Supply Chain Act is intended to implement the UN Guiding Principles on Business and Human Rights, adopted by the UN Human Rights Council in 2011. These principles apply to all states and companies, regardless of their size, sector or location.

A total of 31 guiding principles are intended to help prevent or eliminate human rights violations in business. They are founded on three pillars which the Federal Ministry for Economic Cooperations and Development describes as follows²:

Every state is obliged to establish the political and economic conditions for companies and investments to protect human rights and uphold occupational standards. These include, for example, environmental monitoring and occupational inspections.
Companies must have processes in place to guarantee human rights due diligence is carried out, to avoid, reduce or compensate for the negative effects of their business activity on human rights.
People whose human rights are violated by companies must receive effective aid. This includes access to state and non-state complaints bodies and the option to take legal action.

Who needs to consider the issue of compliance in the supply chain

The requirements of the Supply Chain Act are obligatory for larger companies based in Germany. Specifically, the Supply Chain Act will apply from 1. January 2023

to all companies based in Germany that employ at least 3,000 employees. This includes employees who are posted abroad. Temporary workers employed for more than six months also count as employees under the Supply Chain Act. In the case of groups of companies, the employees of all affiliated companies must also be taken into account
to all companies with a branch in Germany that employs at least 3,000 employees.
From 1. January 2024, further companies will be subject to the Supply Chain Act. The aforementioned lower limit of 3,000 employees will then be reduced to 1,000.

Does that mean all companies with fewer than 1,000 employees are in the clear as far as the
Supply Chain Act goes? From an entirely legal standpoint, yes. However, smaller companies should also ensure that every partner in their supply chain complies with human rights, employment standards and environmental requirements.

There are two clear reasons for this: If a company is itself a supplier to a larger company which
is subject to the requirements of the Supply Chain Act, its client must ensure that the provisions
of the Act are complied with at its suppliers.
The second reason is to avoid reputational damage.
If violations of human rights and environmental infractions become known in a supply chain, the
public and customers usually have no mercy – regardless of whether the Supply Chain Act applies
or not. Once discovered, violations spread across social media like wildfire.
The reputational
damage can – if at all – only be repaired at significant expense. And because the internet never
forgets, prevention is the only sensible measure. Simply trusting that nothing will happen can
quickly lead a company into a situation that threatens its existence.

In particular, company officers should act rapidly and intensively engage with the supply chain if
they are active in one of the 29 sectors where human rights risks are particularly high. These have
been named as particularly risky in a research report³ for the Federal Ministry of Labour and Social
Affairs (see table 1, p. 8). However, the Supply Chain Act applies fundamentally to all sectors.

Table 1

Automotive
Construction
Mining and minerals
Chemistry
Electronics
Energy supply
Waste disposal
Financial services
Forestry
Gastronomy and accommodation
Glass, ceramics and stoneware
Rubber and plastics
Retail
Wood and paper
Real estate
Coking and oil processing

Agriculture and fisheries
Mechanical engineering
Metallurgy
Furniture and other consumer goods
Food and consumables
Recruitment, cleaning and security services
Pharmaceuticals
Travel and leisure
Telecommunications and digital
Textiles and leather
Transport and logistics
Security and defence
Water supply

Germany is not alone: regulations in other countries

Although the german national Supply Chain Act is leading the way with its national Supply Chain Act, the clear intent is to adopt an EU-wide set of laws. It is clear that the German law has served as a blueprint for the EU since the CSDDD came into force.

In other countries, other regulations are already enforced, some of which are not as comprehensive as the German Supply Chain Act. In France, the “Loi de vigilance”, has been enforced since 2017, punishing serious violations of human rights, infringements on health and safety and damage to the environment carried out in the supply chains of large companies. The Dutch “Wet Zorgpflicht Kinderarbeid” obliges companies to investigate the supply chains of goods and services distributed or rendered in the Netherlands for potential child labour.

Many companies need to catch up

The fact that the Supply Chain Act was adopted at all shows that many companies in Germany have some catching up to do with regard to upholding human rights and environmental protection in the supply chain. Originally, the Federal Government relied on companies to voluntarily engage with the “National Action Plan (NAP) on Business and Human Rights”. It was the original means by which the UN guiding principles were to be anchored in the supply chain. A review in 2020 revealed, however, that less than 20 percent of companies were fulfilling the requirements of the NAP.

Another independent study⁴ supported the results of the Federal Government’s evaluation. According to this study, 18 of the 20 largest German companies could not prove how and whether they were sufficiently managing risks to human rights. They were not carrying out due diligence where human rights were concerned. All in all, it was found that none of the companies “completely upheld the full range of fundamental expectations arising from the UN Guiding Principles for Business and Human Rights”.

The most important rules in the Supply Chain Act

The Supply Chain Act has the goal of preventing risks to human rights and the environment, minimising them as necessary and ending any violations that are already taking place.

The provisions of the Supply Chain Act apply, in principle, to the entire supply chain; starting from the extraction of raw materials and running all the way to delivery to the end consumer – no matter whether each process is controlled by the company itself or by a supplier.

To this end, the act requires the following measures to be taken by companies in their own field of activity and for direct suppliers (Tier 1) in order to uphold their human rights and environmental obligations:

the submission of a declaration of principle
at least one annual risk assessment to discover potential or existing detrimental effects on human rights and the environment
establishing risk management to prevent harmful effects on human rights and the environment or eliminate them if they have already occurred
establishing a complaints process
the continuous documentation and annual reporting of this management and the measures taken
Because the Supply Chain Act makes the degree of responsibility dependent on the depth of the
supply chain and the concomitant ability to influence it, companies only need to act sufficiently
and immediately on indirect Tier 2 suppliers if they gain substantiated knowledge of a potential
violation of the requirements.

What does this mean for your company?

For companies, analyzing and monitoring supply chains involves some effort.

Example for risk analysis: In the risk analysis, you must first determine which suppliers themselves and which of their activities present a risk to compliance with human rights and where violations of environmental protection are threatened. An example of potential risks: Some examples of potential risks include:

Where are occupational health and safety rights at risk?
Where might forced or child labor be taking place?
Are there risks in the procurement of raw materials?
Where do dangers hide with regard to environmental protection?
Are there any risks associated with waste disposal?
Are there areas that are vulnerable to the discrimination and unequal treatment of employees?

In addition to the processes in your own company and at your direct suppliers, you must also consider the processes at indirect suppliers if there are specific indications – this ranges from the procurement of raw materials and parts to transport and production.

Example for risk management: Risk management is based on the results of the risk analysis. Now, you must determine suitable measures to exclude all the risks determined in your own company and avoid any individual violations of human rights and environmental protection that may have been determined. The same applies to your direct suppliers. Because of the complexity of supply chains and the large number of suppliers, risk management can rapidly become a largescale project.

Example for documentary and reporting obligations: It is not enough to just determine what the risks are. The law requires them to be documented in detail. The same applies to risk management and the actual measures taken. In addition to this, there is a requirement for a transparent annual report that you must not only submit to the supervisory authority but also publish online.

IT-supported analysis and monitoring of the supply chain brings advantages

As the examples just mentioned show, supply chain analysis, management, monitoring, documentation and reporting is a very costly and complex process. Manual work steps, Excel lists, individually written mails and protocols in Word are only of limited help here. Rather, end-to-end digitization in conjunction with a workflow-supported IT solution is the order of the day. This is the only way to achieve efficient data management and a high degree of automation.

An example from the business partner due diligence, which is part of a digital supply chain compliance solution, shows the enormous savings potential of IT-supported processes: If an employee manages and monitors the business partners manually, he is already fully occupied with the handling of 50 critical business partners. With an IT-supported business partner check with automated processes, the workload can be significantly reduced and the quality improved.

What does compliance solutions offer?

With its Supply Chain Compliance System, Compliance Solutions offers a comprehensive supply chain risk management solution meeting the requirements of the Supply Chain Act. The system identifies risks along the supply chains with a high degree of automation. In doing so, it recognizes and evaluates the potential for damage at an early stage so that you can initiate appropriate measures. Thanks to compliance with human rights and environmental standards, fines, sanctions such as disqualification from public tendering processes or reputational damage can be averted.

The Supply Chain Compliance System from Compliance Solutions guides users through the necessary steps for risk analysis and reporting it through a guided process with defined roles in an audit-proof manner:

Upfront Risk Assessment
Detailed examination of suppliers including survey
Sanctions list check (PEP, Black, Watch lists, Adverse media)
Structured internet research about the suppliers
Automated risk identification and setting of red flags
Supplier risk assessment
Permanent screening and monitoring for the immediate identification of new risks
Compliance audits
BI & Reporting

Compliance Solutions is continuously developing the supply chain compliance system. The supply chain solution not only shows the status quo of legislation, but also dynamically maps new developments. The CSDDD Compliance System is also the right solution for the EU’s Corporate Sustainability Due Diligence Directive.

Don't wait. Act now!

Since January 2023, the Supply Chain Act came into force for companies with more than 3,000 employees, and from 2024 it will also apply to companies with 1,000 or more employees.

Branches of foreign companies in Germany will also be covered if the company employs more than 3,000 employees (from 2023) or 1,000 employees (from 2024) in Germany.

As of January 1, 2023, the German Federal Office of Economics and Export Control can impose fines on companies for violations of the Supply Chain Act of up to two percent of their annual global sales. In case of serious violations, there is also the threat of exclusion from public procurement for up to three years. Therefore, do not take any risks and start today. We will of course be happy to assist you with our many years of comprehensive experience in digital compliance solutions.

About Compliance Solutions

Compliance Solutions is a leading provider of digital legal and compliance solutions. Our core product is the powerful MCS Compliance Platform, which digitally represents all relevant areas of corporate compliance featuring a selection of over 20 innovative IT systems.

With locations in Stuttgart, Cologne, Zürich, Salt Lake City and Singapore, Compliance Solutions runs its servers in full compliance with the GDPR and within the EU. Its solutions are deployed across the globe by internationally active groups such as Mercedes-Benz Group AG, E.ON SE, Schaeffler SE, Metro AG, Deutz AG, TK Elevator, Telia Company, Marel and Phoenix Group.

You can also download the white paper as a PDF here:

Contact & Initial Consultation

Get in touch with us

If you want to consider implementing a digital supply chain compliance solution or would like a demonstration of our systems, we will be happy to hear from you. Make an appointment with our compliance experts and find out how Compliance Solutions can support you in implementing the Supply Chain Act. unterstützen kann.

¹ published in Federal Gazette 46 of 22.7.2021
² website of the BMZ, UN guiding principles for business and human rights; accessed 10.8.2020
³ Research Report 543; Respect for human rights along global value creation chains; July 2020
⁴ School of Management and Law, Business & Human Rights Resource Centre: Respect for human rights; a short assessment of the largest German companies

Source Table 1: Research report 543: Respect for human rights along global value creation chains