The Act on Corporate Due Diligence in Supply Chains is a federal law that was passed by the Bundestag on June 11, 2021 and published in the Federal Law Gazette on July 22, 2021. It is part of the Civil Code as well as the Commercial Code and will enter into force on January 1, 2023. It initially applies to all companies based in Germany (head office or branch) regardless of their legal form, with 3000 or more employees. From January 1, 2024, it will also apply to companies with 1000 or more employees. As of December 31, 2021, there are 1347 companies in Germany with 3000 or more employees and 4291 companies with 1000 or more employees.
The most important aspects of this law and their impact in operations are highlighted in this section.
The law regulates the due diligence of these companies and their supply chains with regard to the observance of human rights and environmental protection.
§3 of the Act defines the duties of care as follows:
(1) Businesses are required to exercise due regard for the human rights and environmental due diligence obligations set out in this section in their supply chains with the aim of preventing or minimizing human rights or environmental risks or ending the violation of human rights or environmental obligations.
Duties of care include, in particular:
- the establishment of a risk management system
- the definition of an internal responsibility
- the performance of regular risk analyses
- issuing a policy statement
- anchoring preventive measures in the company’s own business area and vis-à-vis direct suppliers
- taking corrective action
- Implementing risk due diligence with indirect suppliers; and
- documentation and reporting
In order to gauge the impact of these due diligence requirements on the operational activities of companies, it is first necessary to consider the most important definitions of terms. These are regulated in §2 of the law.
The supply chain within the meaning of this law refers to all products and services of a company. It includes all the steps, both at home and abroad, required to manufacture the products and provide the services, starting with the extraction of the raw materials and ending with delivery to the end customer, and covers
1. the actions of a company in its own business area,
2. the actions of a direct supplier, and
3. the actions of an indirect supplier.
Own Business Unit
For the purposes of this Act, a company’s own business area covers any activity undertaken by the company in order to achieve the company’s objective. This includes any activity for the manufacture and exploitation of products and the provision of services, irrespective of whether it is carried out at a location in Germany or abroad. In affiliated companies, the parent company’s own business operations include a company belonging to the group if the parent company exercises a determining influence on the company belonging to the group.
For the purposes of this Act, a direct supplier is a party to a contract for the supply of goods or the provision of services whose supplies are necessary for the manufacture of the entity’s product or for the provision and use of the relevant service.
For the purposes of this Act, an indirect supplier is any company that is not a direct supplier and whose supplies are necessary for the manufacture of the company’s product or for the provision and use of the service in question.
In concrete terms, this now means that all companies covered by this law are liable for violations of human rights as well as environmental protection in
- their own business
- that of their direct suppliers, and
- that of their indirect suppliers
Due diligence further means that each affected company must (1) designate a responsible person, (2) issue a policy statement, (3) establish a risk management procedure with respect to this law and immediately use it to (4) conduct a risk analysis, (5) define and implement preventive and remedial measures and review their (6) effectiveness, and finally (7) document and report everything.
All these obligations are very reminiscent of the requirements of ISO 9001 management systems, so it can be assumed that the effort and scope of implementing the due diligence obligations of the Supply Chain Act will be similar to that of ISO 9001 certification. There is already a separate standard for the supply chain due diligence law, ISO 37301 (Compliance Management System). Furthermore, companies can voluntarily be certified according to SA8000.
All of this must happen in the calendar year 2022. Companies that have not yet taken action in this regard will feel significant resource and time pressure here. No later than 4 months after the end of the fiscal year, a report must be prepared and made public via the company’s website, containing the following elements:
- whether and, if so, which human rights and environment-related risks or violations of a human rights-related or environment-related duty the company has identified,
- what the company, […] has done to fulfill its due diligence obligations; this includes the elements of the policy statement as well as the measures taken by the company in response to complaints,
- how the company evaluates the impact and effectiveness of the measures and
- what conclusions it draws from the assessment for future action.
If the company has not identified any human rights or environment-related risk or violation of a human rights-related or environment-related obligation and has plausibly stated this in its report, no further elaboration is required.
In addition to publication, the report must also be submitted to the Federal Office of Economics and Export Control (BAFA). The BAFA is the responsible control authority that examines the reports and takes action if necessary. It acts according to the text of the law (§14 Abs. (1) ):
1. ex officio according to dutiful discretion,
(a) to monitor compliance with the obligations under sections 3 to 10(1) with respect to potential human rights and environmental risks and violations of a human rights-related or an environmental obligation; and
(b) to detect, remedy and prevent violations of obligations under subparagraph (a);
2. upon request, if the person making the request makes a substantiated claim,
(a) to be injured in a protected legal position as a result of a failure to comply with an obligation contained in sections 3 to 9; or
(b) that an infringement referred to in subparagraph (a) is imminent.
BAFA is responsible for monitoring compliance with the due diligence requirements, identifying violations as administrative offenses, ordering measures and, if necessary, imposing coercive penalties or fines. In doing so, it has rights of access to the company concerned (§16) and the company concerned has extensive obligations to provide information and surrender (§17) as well as obligations to tolerate and cooperate (§18).
The law also requires the company to establish an appropriate internal complaints procedure.
Section 8, paragraph (1), sentence 2 states:
The complaints procedure enables individuals to point out human rights and environmental risks, as well as violations of human rights-related or environmental obligations that have arisen as a result of the economic actions of a company in its own business sector or a direct supplier.
Furthermore, §9, para (1) states:
The company must set up the complaints procedure in accordance with Section 8 in such a way that it also enables persons to point out human rights-related or environmental risks as well as violations of human rights-related or environmental obligations that have arisen as a result of the economic actions of an indirect supplier.
This “Whistleblower Policy” means de facto that companies are obliged to act if, as a result of a complaint, you have been made aware of a violation of human rights-related or environmental obligations within your own company, within a direct supplier or within an indirect supplier. It is easy to imagine what this can mean for companies as a consequence.
Failure to comply with or breach of the duty of care is sanctioned with severe coercive penalties and fines:
- with a penalty payment of up to € 50,000, which is twice the regular administrative enforcement rate
- with a fine of up to € 800,000 or
- with a fine of up to 2% of the average annual turnover (of the last 3 financial years) for companies with an annual turnover of more than € 400 million
It is therefore urgently recommended that this new law be taken very seriously and that the due diligence requirements be implemented without delay.
The complete and valid text of the law can be found in the Federal Law Gazette No. 46 of July 22, 2021.
To illustrate the potential impact of the law, several realistic case studies are outlined below.
Case Study 1:
German machine builder H, which is covered by the Supply Chain Act due to its size, procures its entire requirements of screws, nuts and washers from German wholesaler W, which is also covered by the Act due to its size. The latter has its machine elements manufactured by a contract manufacturer in India. It turns out that there are deficiencies in occupational safety there. It is now not only the wholesaler W who has to exercise due diligence, but also the machine manufacturer H. Both have to define the necessary remedial measures within the framework of the supply chain law, ensure their implementation and provide evidence of their effectiveness.
Case Study 2:
Food retail chain E, which is subject to the Supply Chain Act, procures part of its fruit and vegetable requirements from producer M in Spain. A team of investigative journalists from Bavarian radio uncovers that illegal migrants are being employed there in undeclared work, without social security and without adequate occupational health and safety, and informs the retail chain E about the conditions as part of the complaints procedure. E must now take immediate action and define and implement remedial measures, if necessary up to and including termination of the supplier relationship, and check their effectiveness.
Case Study 3:
German automotive supplier C, which is subject to the Supply Chain Act due to its size, procures electronic control modules from a manufacturing service provider P in the Czech Republic. The latter procures a certain auxiliary material necessary for production from a manufacturer Q in Malaysia who uses small quantities of persistent organic pollutants in his manufacturing processes. Although P is not directly subject to the supply chain law, C is responsible for rectifying the grievance.
Case Study 4:
The Swedish fashion label H, which employs more than 3,000 people in its retail outlets in Germany, has its textiles produced in Turkey by company T. The latter procures fabrics for the sewing shop from a Pakistani family company F. Children under the age of 14 are employed there. The latter procures the fabrics for the sewing shop from a Pakistani family business F. Children under the age of 14 are employed there. H is responsible for stopping the violation of human rights and occupational health and safety.
List of agreements that define human rights and environmental protection:
- Conventions No. 29 (including Protocol), No. 87, No. 98, No. 100, No. 105, No. 111, No. 138 and No. 182 of the International Labor Organization (written down in various federal law gazettes)
- International Covenant of December 19, 1966 on Civil and Political Rights, (Federal Law Gazette 1973 II pp. 1533, 1534)
- International Covenant of December 19, 1966 on Economic, Social and Cultural Rights (BGBl. 1973 II p. 1569, 1570)
- Minamata Convention on Mercury of October 10, 2013 (BGBl. 2017 II p. 610, 611) (Minamata Convention).
- Stockholm Convention of May 23, 2001 on Persistent Organic Pollutants (BGBl. 2002 II p. 803, 804) (POPs Convention), as last amended by the resolution of May 6, 2005 (BGBl. 2009 II p. 1060, 1061)
- Basel Convention on the Control of Transboundary Movements of Hazardous Wastes and their Disposal of March 22, 1989 (Federal Law Gazette 1994 II pp. 2703, 2704) (Basel Convention), as last amended by the Third Ordinance Amending Annexes to the Basel Convention of March 22, 1989 of May 6, 2014 (Federal Law Gazette II p. 306/307).
Recommendation for Action
The most important recommendation for action on the Supply Chain Act is: act now!
- Provide resources. Regardless of whether you as a company are affected from 1/1/2023, or from 1/1/2024, or if you are a direct supplier to the above. Designate a:n officer:n within the company and give him/her the resources (funding, personnel, etc.) needed to successfully implement the program.
- Create a staff position for this responsibility. “Hanging it on Purchasing” would be the wrong way to go.
- Start today. Not tomorrow, next month, or six months from now. Time is running out and one year for such a measure is not a long time.
- Inform your workforce of the obligations that come to the company under the Supply Chain Act.
- Inform your immediate suppliers about your plan and seek close cooperation with them on this issue from the beginning. Simply requesting a supplier declaration is not enough here.
- Start with the risk analysis in your own company. Apply the findings to your immediate suppliers.
- Prepare to audit not only your immediate suppliers but also your indirect suppliers. Create an audit plan.
- Prepare your reporting requirements. Both in terms of content and infrastructure.
- Provide a sufficient budget.
- Get external support
Thurner & Suadicani Unternehmensberater Partnergesellschaft was founded in 2017 by merging the former thurner consulting and Suadicani Consulting into a new company with the label xprts4xlnc (“experts for excellence”). The founders bring complementary skills and knowledge from almost 70 years of combined professional experience.
Juergen Thurner brings 34 years of experience in various senior management positions at companies such as Hewlett-Packard, Sanmina, M-Flex and Flextronics. He is a lecturer in International Operations Management at the European School of Business at Reutlingen University. His core areas of expertise are supply chain design, business process modeling and supply chain sustainability. His other areas of expertise include Industry 4.0 / Smart Factory, the Internet of Things and digital transformation.
Robert Suadicani builds on a proven successful career in the automotive industry, where he has worked for companies such as Mercedes-Benz do Brasil, MAN and Knorr-Bremse SfS, to name a few. He specializes in all aspects of quality and risk management. Robert Suadicani is a certified EOQ and VDA 6.3 auditor and an experienced coach for sustainable business process management and lean management. He brings 35 years of professional experience to the table.