German Supply Chain Act – Why Due Diligence Matters in 2023

What Is the German Supply Chain Due Diligence Act (GSCA)?

On June 11, 2021, the German Parliament passed a new law on corporate due diligence in supply chains called Lieferkettengest, or the German Supply Chain Due Diligence Act (GSCA). It takes effect on January 1, 2023 and companies in violation of it can be required to pay fines of up to 2% of their annual revenue.

Similar to the 2015 UK Modern Slavery Act, France’s Duty of Vigilance Law, and Australia’s Modern Slavery Act, Germany’s Supply Chain Due Diligence Act requires companies to assess human rights and environmental risks across their entire supply chain. It combines various German laws with the intent to eliminate child labor, ameliorate poor labor working conditions, and provide certain environmental protections within global supply chain activities.

Starting on January 1, 2023, organizations with a registered office or branch in Germany with more than 3,000 employees – and other foreign-based companies of the same size with registered German branch offices – need to comply with the GSCA. From 2024 onwards, the law will extend to companies with 1,000 employees or more. In-scope companies are obligated to establish preventive measures and be accountable for any infraction in their entire supply chain.

The Act applies to all of an organization’s direct and indirect suppliers, starting with the extraction of the relevant raw materials through to the delivery to the end customer. This means that even if your operations are not based in Germany if you have a German customer impacted by the Act, you will need to comply with the GSCA to ensure your customer’s compliance.

Read on for more background on the GSCA, its requirements, and how to ensure your company and suppliers throughout your supply chain are in compliance.

Need more transparency in your supply chain? Consider Exiger’s supply chain risk management software that can help surface all risks that might be hiding deep within your supply chain.

 

German Supply Chain Act Requirements

Recently, German companies have been involved directly and indirectly in exploitative child labor, incineration, and rainforest destruction. Since businesses are failing to voluntarily fulfill their ethical responsibility in global supply chains, the supply chain law was created as a remedial action. It introduces the requirement that human rights and certain environmental risks must be identified and eliminated or at least appropriately minimized.

The GSCA is poised to become a regulatory standard that will defend human rights and mitigate environmental threats with two main objectives:

• Ensure that organizations take precautionary measures to defend human rights and environmental standards for sustainability.
• Provide remediation for affected parties with a complaints procedure that is both accessible and effective.

There are several related human rights and corporate social responsibility guidance documents produced by the German government for corporations and available in English.

 

How to Comply with Germany’s Supply Chain Act

Corporations often have thousands of suppliers, particularly you consider sub-tier suppliers. When managing so many direct and indirect suppliers in a multi-tier supply chain, there is a strong need for a risk management system supported by technology and data solutions to do this cost-effectively and efficiently.

The German Supply Chain Due Diligence Act mandates companies to identify and assess potential human rights violations and environmental risks within their supply chains by developing effective risk management systems, which can be supported with risk management software.

The GSCA requires companies to establish a risk analysis and risk management system. Companies should further develop a human rights and environmental strategy with which their direct and indirect suppliers must comply. All supply chain due diligence activities must be documented for proof of appropriate due diligence.

The principle of appropriateness applies under the Act: organizations are only required to do what they can, given their individual context, for example, their size, the nature of their business or their proximity to the supplier. Organizations are not required to tackle all human rights challenges they have identified at the same time, but rather to focus on the main risks first. If a human rights violation does occur in its supply chain despite all appropriate efforts, an organization cannot be prosecuted.

To fulfill the requirements of the GSCA and ensure vendors are as compliant as possible, organizations should conduct human rights and environmental due diligence using the following framework:

 

1. Establish a Supply Chain Risk Analysis and Risk Management System

Companies should analyze and assess supply chain risks in the following areas:

• Slavery, child labor, and forced labor
• Minimum wage compliance
• Occupational health, safety, and working conditions
• Unlawful breaching of water bodies, lands, and forests
• Environmental damage

The corporation or organization should set up effective compliance and preventative management systems from direct to indirect suppliers. This includes education and raising awareness within the organization and with suppliers. It should also establish monitoring requirements with due diligence obligations within the organization, and assess whether the organization has the skills and capabilities to investigate and address human rights issues within the total supply chain. This may require additional resources, such as the appointment of a human rights officer.

Organizations should carry out risk analysis systematically and share the results with relevant decision-makers. Employing a risk management information system such as Exiger’s Supply Chain Explorer, Insight 3PM, and DDIQ can assist companies in discovering potential risks in their supply chain to help comply with German Supply Chain Act obligations.

 

2. Develop a Human Rights and Associated Environmental Strategy for Your Supply Chain

Once the risk management system is defined, the next step in GSCA compliance is to establish a risk management strategy that will mitigate or eliminate human rights violations and environmental standards issues that have occurred in the past or could be anticipated in the future.

The risk management measures include:

• Supplier compliance: Businesses must deploy an appropriate procurement and supplier management strategy and take into account the potential supplier’s compliance with human rights and environmental standards. Suppliers should provide assurance to their customers that they will comply with the required due diligence activities, but corporations should not rely solely on written assurances. Both parties should mutually agree on appropriate contractual control and risk management mechanisms.
• Remedial action: After a violation or breach, the organization should initially endeavor to mitigate the poor HR practices of the supplier. This action should be taken immediately with the supplier to prevent, cease, or mitigate the violation.
• Temporary or permanent cessation: The organization can also choose to temporarily suspend the business relationship with the supplier if appropriate corrective actions are not being taken. If the supplier has caused a serious human rights violation that is beyond remedy, the organization can cease its partnership.

Businesses and agencies should review these risk management measures annually and whenever they deem a significant change in the risk exposure profile has occurred.

 

3. Impose Certain Obligations on Direct (First Tier) Suppliers

An increasing number of multinational corporations have pledged to partner only with suppliers who comply with relevant environment, social, and governance (ESG) standards. These corporations expect their first-tier suppliers to comply with ESG standards and also ensure their lower-tier suppliers do the same. The objective of this pledge is to create a cascade of sustainable practices down to the nth tier supplier.

To ensure that direct suppliers comply with GSCA, businesses can impose specific obligations such as a Code of Conduct backed up by appropriate compliance and ongoing risk assessment measures, adherence to forced or child labor laws, employment of safe environmental practices, and avoiding pollutants in operations.

 

4. Create Measures for Lower-tier Suppliers

While direct suppliers may violate regulations, businesses must exercise the same caution in each successive tier of their supply chain. Unfortunately, common business practices concerning supply chains can easily raise a company’s exposure to detrimental social, environmental, and financial risks. Many times, these are smaller companies with less established governance structures and resources.

As a first step, organizations must gain appropriate visibility beyond their first-tier suppliers, particularly in respect of supply chains that are regarded as higher risk. They can leverage DDIQ, Insight 3PM, and Supply Chain Explorer to help illuminate their relevant supply chains down to the nth tier. This supply chain risk management software brings improved transparency to all tiers and helps organizations discover, understand, and mitigate potential threats.

 

5. Report Annually on Compliance with Due Diligence Obligations

The GSCA mandates organizations to generate annual reports on due diligence activities, risk analysis, and risk management actions. These reports must be in German and provide a full audit trail detailing the compliance program’s effectiveness, as the organization is expected to show the progress they have made during the year. Supporting software that contains the appropriate audit trail and workflow reporting is critical and should also include relevant preventative or mitigation activities.

The reports must be available online no later than four months after the end of the financial year and publicly accessible for seven years.

The annual report must cover:

• Whether the organization has identified any human rights and environment-related risks and if so, which ones
• What the organization has done to fulfill its due diligence obligations
• How the organization assesses the impact and effectiveness of the measures
• What conclusions the organization draws from the assessment and how they can apply to future measures.

Organizations can leverage templated questionnaires like the Slavery and Trafficking Risk Template (STRT), which is an industry-standard and available as an open-source document. The template can be used with the Exiger workflow solution to probe their direct suppliers. The supply chain risk management software then calculates an appropriate risk score and potential areas to take further action.

 

What Are the Consequences for Non-compliance with the German Supply Chain Act?

The Supply Chain Act will be monitored by the German Federal Office for Economic Affairs and Export Control (BAFA). Businesses and agencies who fail to follow the code of conduct will be subject to the following sanctions:

• Fines: Failing to act on corporate due diligence will result in penalty payments of EUR 50,000 in administrative enforcement proceedings and can amount up to EUR 8 million where the revenue is below EUR 400 m. If the organization’s annual revenue is more than EUR 400 million, companies will be fined two percent of the average annual revenue.
• Civil liability: Domestic trade unions, NGOs, and competitors have been extended the right to represent aggrieved parties before German courts in the event of non-compliance.
• Barred from public tenders:  If human rights violations are found or environmental obligations are not met, companies stand to lose public contracts in Germany for up to three years.

Looking to empower your company or government agency to protect your supply chains from lurking risks? Look no further than Exiger’s risk management solutions: DDIQ, Insight 3PM, and the world’s first real-time Supply Chain Explorer.

 

Ensure German Supply Chain Act Compliance with Exiger

Discovering the hidden risks in large supply chains is challenging for organizations striving to meet GSCA requirements but Exiger supply chain risk management software can aggregate timely and accurate data to help you confidently assess supply chain risks. Request a free, comprehensive trial to Exiger’s Supply Chain Explorer for visibility into all tiers of your supply chain and for help to ensure your company is compliant with the GSCA.