- I. The basics of the Act on Corporate Due Diligence Obligations in Supply Chains
- II. The concept of the supply chain
- III. The scope of application of the Act
- IV. Affiliated enterprises
- V. Protected human rights and environmental issues in detail
- VI. The basics of complying with due diligence obligations
- VII. Due diligence obligation to establish a risk management system
- VIII. Due diligence obligation to carry out regular risk analyses
- IX. Due diligence obligation to issue a policy statement
- X. Due diligence obligation to establish prevention measures
- XI. Due diligence obligation to take remedial action
- XII. Due diligence obligation to establish a complaints procedure
- XIII. Due diligence obligations on documentation and reporting
- XIV. Monitoring by the Federal Office for Economic Affairs and Export Control
- XV. Consequences of the Act for enterprises/questions of liability
- XVI. Implementation aids for enterprises
- XVII. Effects of the Act on small and medium-sized enterprises
- XVIII. The Act on Corporate Due Diligence Obligations in Supply Chains in an international context
I. The basics of the Act on Corporate Due Diligence Obligations in Supply Chains
1. What is the relationship of the Act on Corporate Due Diligence Obligations in Supply Chains to the National Action Plan for Business and Human Rights?
In December 2016, Germany’s Federal Government passed the National Action Plan for Business and Human Rights (NAP). The aim was to work with enterprises towards improving the human rights situation around the world and to give globalisation a social dimension while taking the 2030 Agenda for Sustainable Development into account. The NAP is based on the United Nations Guiding Principles on Business and Human Rights. Corporate responsibility, in addition to both state protection and judicial and extra-judicial remedies, is key to this. In the NAP, Germany’s Federal Government set out its expectations for all enterprises based in Germany to comply appropriately with the core elements of human rights due diligence. The way they do this depends on their size, sector and position in supply and value chains. They are expected to respect human rights throughout their supply and value chains.
A representative survey of enterprises conducted by the Federal Government in 2020 monitoring the NAP, has, however, shown that less than one fifth of enterprises with more than 500 employees based in Germany fulfilled their supply chain due diligence obligations. Voluntary commitments are therefore not enough. In the coalition agreement, the Federal Government of the time, committed to taking legal action on this issue at the national level and also to promoting binding rules at the European level. The Act on Corporate Due Diligence Obligations in Supply Chains (LkSG) was promulgated in the Federal Law Gazette on 22 July 2021.
2. What do the Act’s regulations cover?
The Act puts enterprises under its scope under an obligation to exercise due regard for the human rights and environment-related due diligence obligations in their supply chains in an appropriate fashion. The obligations that enterprises have to fulfil vary according to their ability to exert influence, specifically in relation to
- their own business area,
- the actions of contractual partners, and
- the actions of other (indirect) suppliers.
3. When does the Act come into force? To whom does it apply?
Starting in 2023, the Act will apply to enterprises that have their central administration, their principal place of business, their administrative headquarters, their statutory seat or branch office and 3,000 employees in Germany. Starting in 2024, it will also apply to enterprises with 1,000 or more employees in Germany.
The Act is also significant for enterprises that do not fall within its direct scope of application. They may be indirectly affected, for example as a supplier of an enterprise that has a legal responsibility. Enterprises outside the scope of application are not subject to fines or legal obligations.
II. The concept of the supply chain
1. What exactly is a "supply chain"?
The supply chain within the meaning of the Act refers to all products and services of an enterprise. It includes all steps in Germany and abroad that are necessary to produce the products and provide the services, starting from the extraction of the raw materials to the delivery to the end customer and includes
- the actions of an enterprise in its own business area,
- the actions of direct suppliers and
- the actions of indirect suppliers.
This includes the use of necessary services, such as transporting or temporarily storing goods.
2. Does the Act apply to the entire supply chain?
Yes. The business relations and production methods of direct suppliers must also be taken into account in addition to an enterprise’s own business area. If an enterprise has actual indications that suggest a violation of a human rights-related or an environment-related obligation at indirect suppliers, it must take action without undue delay and as warranted.
The principle of appropriateness applies: Enterprises are only required to do what they can given their individual context, for example, their size, the nature of their business or their proximity to the supplier. Enterprises are not required to tackle all human rights challenges they have identified at the same time, but rather to focus on the main risks first. If a human rights violation does occur in its supply chain despite all (appropriate) efforts, an enterprise cannot be prosecuted.
3. The concept of supply chain covers all actions that are "necessary" to produce the products and provide the services. How is the term "necessary" to be understood in this context?
The term "necessary" is to be understood broadly. For example, an industrial enterprise’s office supplies are also covered. This broad definition must be distinguished from the question of which supply chains and risks an enterprise must address first as part of its risk management system. Risk management is about assessing risks, prioritising them and addressing them appropriately. One of the main aspects in setting priorities is the influence an enterprise can exert (cf. Section 3 (2) LkSG). Risks that are not a priority can be handled with less urgency.
III. The scope of application of the Act
1. Do public-sector enterprises fall within the scope of application?
Economically active, publicly owned private-law legal entities fall within the scope of application if the other requirements of Section 1 LkSG are met. Public corporations that perform the administrative tasks of a public body determined by territorial criteria do not by contrast fall within the scope of application, as long as they are not economically active in markets.
2. Do hospitals that purchase products from manufacturers and then use them for patients fall under the Act on Corporate Due Diligence Obligations in Supply Chains? Or does this only apply to the manufacturers, who should be monitoring their suppliers in this regard?
In principle, hospitals also fall under the scope of application of the Act, provided they reach the employee threshold, are economically active in markets, offer health services for a fee, bear the associated financial risks, and are purchasers (of medical equipment, for example). They must also exercise due diligence.
The term enterprise in the LkSG is a generic term for all forms of enterprise. It is neutral in terms of legal form. It does not matter whether it is a limited liability company or a publicly traded company. The LkSG does not provide for any restrictions here because the existence of human rights or environment-related risks does not depend on an enterprise’s chosen legal form. Public-law legal entities and private-law spin-offs, such as those that perform administrative tasks of a public body determined by territorial criteria, do not fall within the scope of application of the LkSG unless they are economically active in markets. That must be reviewed on a case-by-case basis.
IV. Affiliated enterprises
1. When can an enterprise be considered to be one "belonging to the group" within the meaning of Section 1 (3) LkSG?
"Belonging to the group" is a nontechnical collective term and is not limited to enterprises that fall under Section 18 of the Stock Corporation Act (AktG). All forms of affiliated enterprises within the meaning of Section 15 of the AktG are covered.
2. Does the parent company have to include the subsidiaries' subsidiaries’ employees etc. in the count? If so, according to what criteria?
Yes, if the parent company, its subsidiaries and subsidiaries’ subsidiaries are affiliated enterprises (cf. Section 15 of the AktG).
3. Do German subsidiaries also have to count the employees of the respective parent company or even of all the parent company’s other subsidiaries (i.e., ultimately all group employees) or do the subsidiaries only count their own employees and those of their subsidiaries?
Counting is always from "bottom to top", i.e., the employees of the subsidiaries count for the parent company. The employees of the parent company are, however, not counted for the subsidiary.
4. If counting is always from "bottom to top", are employees counted at each level or only up to the top parent company?
Employees are only counted up to the top parent company (in Germany).
5. Do subsidiaries count as part of the parent company's own business area?
Apart from the company itself, own business area also includes affiliated enterprises in Germany and abroad. A prerequisite for this is for the parent company to exercise a decisive influence on the other enterprise in the group. It must be able to exert influence in accordance with the respective applicable law. Whether decisive influence is judged to be possible is determined by taking an overall view of the business, staff, organisational and legal ties between the subsidiary and the parent. Holding a large majority share of the subsidiary, having a group-wide compliance system, being responsible for steering key processes in the subsidiary, having a similar business area or employing overlapping personnel are indications.
6. Does each enterprise covered in a group have to fulfil its own obligations under the LkSG, or can these obligations also be fulfilled by the parent company in centralised fashion?
You have to draw distinctions between different kinds of setups in this regard:
- The case when both parent company and subsidiary fall under the LkSG, but there is no decisive influence (cf. Section 2 (6) LkSG) of the parent on the subsidiary.
- Both enterprises must comply with the due diligence obligations for their business area and their supply chains. Separate implementation is to be assumed. For example, both have to publish their own reports in line with Section 10 (2) LkSG. Independently of that, enterprises may coordinate the measures they take. For example, subsidiaries can adopt appropriate measures initiated by parent companies (e.g., policy statements/training etc.) implementing them themselves on own responsibility. This can be then presented in the required report.
- If the subsidiary is also a direct supplier (cf. Section 2 (7) LkSG) of the parent company, the parent must then also perform its due diligence for direct suppliers with regard to that subsidiary.
- The case when both parent company and subsidiary fall under the LkSG, but there is decisive influence (cf. Section 2 (6) LkSG) of the parent on the subsidiary.
- The parent company must comply with the due diligence obligations for its own business area and its supply chains. This also includes the business area and supply chains of the subsidiary (cf. Section 2 (6) LkSG). The responsibility covers the subsidiary’s commercial activity concerning the manufacture and exploitation of products and the provision of services. It does not matter whether a subsidiary supplies its products or services to the parent company or whether it sells them to third parties.
- Depending on the individual susceptibility to risk, the subsidiary's risk management system can be established in the parent company itself or in the subsidiary.
- The subsidiary itself is also responsible for ensuring that due diligence obligations are met in its own business area and supply chains.
- It may be appropriate in these situations for the obligations of the parent company to be reduced to mere monitoring obligations with regard to the subsidiary. Another option is for the subsidiary to show the fulfilment of the duties by the parent company. This depends on the group’s structure and the respective susceptibility to risk of the parent company and its subsidiaries.
- Only the group’s parent company, not the subsidiary, falls within the LkSG’s scope of application.
- The parent company must fulfil the due diligence obligations for its own business area and its supply chains. This also includes the business area and supply chains of a subsidiary if the parent company exerts decisive influence over the subsidiary (cf. Section 2 (6) LkSG).
- In cases where influence is not decisive, the parent company only has to review the subsidiary's risk management activities in line with the requirements of the LkSG if the subsidiary is a (direct) supplier of the parent company.
- In these cases, the subsidiary itself is not legally obliged to implement or report on due diligence measures on its own. The Federal Government does however expect enterprises outside the scope of the Act to comply with their human rights due diligence obligations as set out in the National Action Plan for Business and Human Rights.
- Only the subsidiary, not the parent company, falls within the scope of application (e.g., subsidiary of a US parent company).
The subsidiary must fulfil the due diligence obligations for its own business area and its supply chains, but not for the whole group. The parent company’s activities need not be taken into account by the subsidiary.
7. How should the criteria of "decisive influence" within the meaning of Section 2 (6) sentence 3 LkSG be interpreted in practice for enterprises? In what form must these criteria be given?
An affiliated company is counted as part of the parent company's own business area if the parent company exercises a decisive influence over the affiliated company. For there to be a decisive influence, it is required that influence be possible under the respective applicable laws. To determine whether there is decisive influence, all relevant aspects are to be considered in an overall view. All business, staff, organisational and legal ties between the subsidiary and the parent company must be considered and weighted in context. This may be different from case to case.
Indications (not conclusive) of a decisive influence include:
- a large majority stake in the subsidiary,
- there being a common compliance system for the group,
- taking on the responsibility for the control of key processes in the subsidiary,
- there being a legal framework foreseeing the possibility of exerting influence,
- overlapping staff at the (highest) management level,
- a decisive influence on the subsidiary's supply chain management,
- exerting influence via shareholders' meetings and
- that the business area of the subsidiary correspond to the business area of the parent company, for example, when the subsidiary manufactures and exploits the same products or provides the same services as the parent company.
These indications must already be in existence. It would not be enough, for example, for a group-wide compliance system to only be planned, but not yet implemented. It is not necessary, however, that the decisive influence has already been exercised with a view to complying with the due diligenceobligations pursuant to the LkSG.
8. Does a foreign enterprise whose German subsidiary is covered by the LkSG have to set up a risk management system in line with the LkSG at the level of the subsidiary, or can this also be done at the global level?
A subsidiary of a foreign group within the LkSG’s scope of application must comply with the Act’s due diligence obligations, just as it must comply with Germany’s product and consumer standards to be allowed to offer products or services on the German market, for example. The subsidiary must thus also establish a risk management system for its own business area and integrate it into its relevant business processes.
In terms of the LkSG, the decisive aspect is that (subsidiary) enterprises are complying with the statutory requirements. This can be accomplished via a uniform risk management system at group level or via a risk management system designed by the German subsidiary itself.
9. To what extent do enterprises of a German parent company abroad fall within the LkSG’s scope of application as part of the "business area"? Does being part of a parent company's business area mean that subsidiaries have to comply with the full list of due diligence obligations even if they do not do any business in Germany?
If the German parent company has a decisive influence on a foreign subsidiary (cf. Section 2 (6) LkSG), then it must fulfil all due diligence obligations with respect to the subsidiary, regardless of whether or not the subsidiary does business in Germany or exports to Germany.
10. How are subsidiaries’ subsidiaries to be treated? When is the parent company assumed to have decisive influence on the subsidiary of the subsidiary? If "only" the subsidiary has influence over the subsidiary of the subsidiary? Or must decisive influence also be exercised by the parent company?
The parent company is considered to have a decisive influence if it exerts this influence itself. This may also come via an intermediary subsidiary.
V. Protected human rights and environmental issues in detail
1. Which human rights are at issue?
The Act on Corporate Due Diligence Obligations in Supply Chains identifies the international conventions enshrining human rights and defines supply chain-specific risks that must be considered when fulfilling due diligence obligations. These include the prohibition of child labour, protection against slavery and forced labour, freedom from discrimination, protection against unlawful taking of land, occupational health and safety and related health hazards, prohibition of withholding an adequate living wage, the right to form trade unions and workers' representations, the prohibition of causing any harmful soil change or water pollution and protection against torture.
2. What environmental issues are considered?
Certain environment-related risks are also covered: When they lead to human rights violations (e.g., poisoned water), for example. Also, banning substances that are dangerous to humans and the environment. The LkSG focuses on certain environment-related obligations that are mandatory for enterprises taken from three international conventions: the Minamata Convention on Mercury, the Stockholm Convention on Persistent Organic Pollutants and the Basel Convention on Transboundary Movements of Hazardous Wastes and their Disposal. Violations of environment-related obligations are also sanctioned by the monitoring authority.
VI. The basics of complying with due diligence obligations
1. What specific obligations are contained in the Act?
Enterprises must comply with due diligence obligations concerning human rights and environment-related issues in their supply chains in appropriate fashion. To comply with due diligence obligations, enterprises must implement appropriate risk management systems. They must establish responsibilities within the enterprise for monitoring compliance with due diligence obligations, for example by appointing a human rights officer.
Initially, it is important to strive for transparency, to understand the company's own supply chain and to analyse risks. Enterprises must thus first identify the parts of their own business area that pose particularly high human rights and environment-related risks. They must do so for their direct suppliers as well. For indirect suppliers, risk analysis must be undertaken if an enterprise has actual indications that suggest a violation of a human rights-related or an environment-related obligation at indirect suppliers to be possible (substantiated knowledge). In addition to what enterprises themselves have learned, actual indications of this may include reports on poor human rights situations in the production regions, the fact that a supplier is in a sector at particular risk of human rights or environment-related violations, and information from the competent authority.
When risks have been identified, appropriate preventive measures must be taken. The measures can include contractual agreements with direct suppliers containing appropriate human rights clauses or training measures. In particular, enterprises must establish procurement strategies and practices that prevent or minimise identified human rights risks and environment-related risks. It is also necessary to verify whether the contractual partner appropriately addresses risks identified in the supply chains. When a risk of a human rights violation has been identified at the enterprise’s own business location or in its supply chain, appropriate measures must be taken to eliminate that risk or minimise it, especially if there has already been a human rights violation.
When an enterprise has actual indications that an indirect supplier may be violating human rights obligations or environment-related obligations in more distant parts of the supply chain, appropriate preventive measures must be laid down vis-à-vis the party responsible. These include implementation of control measures, support in the prevention and avoidance of a risk or the implementation of sector-specific or cross-sector initiatives to which the enterprise is a party. When violations are imminent or have already occurred, a prevention, cessation or minimisation concept must be drawn up and implemented.
Enterprises must also either establish an internal complaint mechanism or participate in a corresponding external complaint mechanism that allows both direct victims and those with information about potential or actual violations to point out risks and violations.
Enterprises must submit an annual report on the fulfilment of due diligence obligations to the competent authority.
Further information on the due diligence obligations established in the Act and on how enterprises are already implementing them in practice can be found here.
2. How does the LkSG relate to existing liability under civil law?
A violation of the LkSG’s obligations does not give rise to any liability under civil law. Any liability under civil law arising independently of this Act remains unaffected (cf. Section 3 (3) LkSG).
3. What scope for assessment is available to the enterprise with regard to the criterion of "the appropriate manner” of acting in accordance with the due diligence obligations (cf. Section 3 (2) LkSG)?
The principle of "appropriateness” ensures that unreasonable burdens are not placed on enterprises, but that they do what they can reasonably be expected to do to prevent or eliminate risks that have been identified given their specific susceptibility to risk.
The principle of appropriateness gives an enterprise a great deal of leeway in deciding which risks to address first and which measures are appropriate.
Authorities must acknowledge this leeway and take it into account when monitoring compliance. Authorities must review whether an enterprise took appropriate action at the time of the decision, i.e., ex ante. They do not review enterprise decisions from an ex post facto point of view.
For the concept of appropriateness to be applicable to the myriad different types of enterprises and risks it is necessary not to define it precisely in legal terms.
The Act does however clearly indicate what the decisive criteria for appropriateness are: the type and scope of business activity, the enterprise's ability to have an influence on the risk, the severity of violations and its role in causing the risk.
Enterprises that keep these criteria in mind and plausibly balance the trade-offs before implementing individual due diligence measures have done everything they have to, even if in retrospect it emerges that human rights violations have occurred.
The key reference documents of the LkSG provide an additional interpretation assistance. They show how the concept of appropriateness works in practice both in cases that cover the situation in specific sectors and cases that involve multiple sectors.
4. Are there relevant reference documents that specify what enterprises can do to fulfil their due diligence obligations?
Reviews of appropriateness should be based on the following documents in particular (they are also listed in the explanatory information on Section 3 of the Federal Government’s draft of the LkSG):
- United Nations Guiding Principles on Business and Human Rights (2011),
- OECD Guidelines for Multinational Enterprises (2011),
- National Action Plan for Business and Human Rights (2016),
- UN OHCHR (2012): The Corporate Responsibility to Respect Human Rights: An Interpretive Guide,
- UN OHCHR (2018): Corporate human rights due diligence – Getting started, emerging practices, tools and resources,
- OECD (2018): OECD Due Diligence Guidance for Responsible Business Conduct.
Sector-specific guidance documents, as relevant, in particular:
- OECD (2016: OECD Due Diligence Guidance for Responsible Supply Chains of Minerals from Conflict-Affected and High-Risk Areas,
- OECD/FAO (2016), OECD-FAO Guidance for Responsible Agricultural Supply Chains,
- OECD (2017): OECD Due Diligence Guidance for Meaningful Stakeholder Engagement in the Extractive Sector,
- OECD (2018): OECD Due Diligence Guidance for Responsible Supply Chains in the Garment and Footwear Sector,
- OECD (2017): Responsible business conduct for institutional investors: Key considerations for due diligence under the OECD Guidelines for Multinational Enterprises,
- OECD (2019): Due Diligence for Responsible Corporate Lending and Securities Underwriting: Key considerations for banks implementing the OECD Guidelines for Multinational Enterprises.
5. How is Section 4 (2) LkSG to be understood? When has an enterprise caused a risk? When has an enterprise contributed to the emergence of a risk or made the risk worse?
Within the framework of risk management systems, enterprises are only required to address those human rights and environment-related risks that they have caused or contributed to, regardless of whether the risks occur as part of their own business area, at their direct suppliers or at their indirect suppliers (see explanatory information Ref-E on Section 4 (2) LkSG). "Causing" means that an enterprise has directly caused a risk by itself or has made a causal contribution to the emergence of a risk or made it worse through its actions.
This point has been reached when the enterprise has at least contributed to the emergence of a risk or made it worse through its actions, i.e., when it is not possible to think that if the enterprise had not taken that action, the specific consequences (emergence of the risk) would not have come about. What constitutes a relevant contribution is to be assessed on a case-by-case basis.
The idea of “contributing" makes clear that cases are also covered in which the enterprise did not act alone. For example, when several enterprises order from the same factory, each enterprise is contributing. How an enterprise can appropriately respond to risk depends largely on the criteria set out in Section 3 (2).
Enterprises are not accountable for events that an objective, informed third party would consider to fall completely outside of what they have experienced and would expect given their normal perspective.
6. Is there a detailed, legally binding catalogue of which requirements enterprises have to fulfil under the Act on Corporate Due Diligence Obligations in Supply Chains? Is there any kind of checklist with fulfilment criteria?
For every enterprise, implementing the LkSG’s corporate due diligence obligations is an individual, ongoing process that must be regularly reviewed and improved. Checklists alone cannot cover this process comprehensively. The explanatory information on the Act (e.g., on Section 3 LkSG) mentions pertinent guidance documents that are relevant for practical implementation. More support for fulfilling due diligence obligations can be found at www.wirtschaft-menschenrechte.de. Development of practice-oriented guidelines on all due diligence obligations will continue in the multistakeholder process within the framework of the sector dialogues on the National Action Plan for Business and Human Rights. These will also be available starting in summer 2022. Review of other support possibilities is ongoing.
VII. Due diligence obligation to establish a risk management system
1. Are there any special requirements for the "responsible persons within enterprises"? Does the person have to be a lawyer?
The LkSG does not state any special requirements. The enterprise is obliged to implement an effective risk management system. The enterprises themselves can best judge what qualifications are suitable given their respective context.
2. Section 4 (4) stipulates that the interests of employees and those who may otherwise be directly affected by the economic activities of the enterprise must be given due consideration when establishing and implementing risk management systems. How is the term "employee" to be understood?
The term “employee” is to be taken broadly to effectively protect human rights. It also covers an enterprise’s self-employed suppliers and employees who are not covered or inadequately covered by statistics and labour and social law and those not allowed to work.
3. When does Section 4 (4) of the LkSG require involving “those who may otherwise be directly affected ... by the economic activities of the enterprise”?
Those who are directly affected by the consequences of the enterprise's commercial activity in its supply chains must be involved. Typical situations in which this is the case include residents/communities near production sites (of one's own business area, of the direct suppliers or of the indirect suppliers) directly affected by the production (e.g., environmentally harmful emissions/land expropriation). Involvement can take the form of direct consultations or consultations with an authorised stakeholder group.
VIII. Due diligence obligation to carry out regular risk analyses
1. When must the initial risk analysis be carried out? When must the first policy statement then be issued?
The initial risk analysis is to be carried out as part of an appropriate, effective risk management system after the entry into force of the Act (2023 or 2024). Analyses must be performed annually (also in the first financial year) and on an ad hoc basis. Ad hoc analyses must be carried on an ad hoc basis if an enterprise must expect a significantly changed or significantly expanded risk situation in the supply chain. Knowledge obtained from information gained in the complaints procedure must be taken into account. Several ad hoc analyses may be necessary in the first financial year as well.
When the initial risk analysis must be completed varies from case to case, because the time required depends on the enterprise’s particular circumstances and susceptibility to risk. When in the course of this analysis an enterprise identifies risks as defined by the LkSG, it must take appropriate preventive measures without undue delay. This includes, in particular, a policy statement pursuant to Section 6 (2) LkSG.
2. What is appropriate risk analysis? How does risk analysis work? How far down the supply chain is it necessary to look in a dynamic global network of suppliers with numerous sub-suppliers?
Enterprises should use risk analysis to identify, assess and prioritise human rights and environment-related risks.
In the first step of the process, enterprises should aim for transparency in their supply chains and gain an overview of their own procurement processes as well as the structure and actors of their supply relationships. This can take the form of mapping risks according to business fields, locations, products, raw materials or countries of origin (cf. explanatory information on Section 5 (1) of the Federal Government’s draft).
The second step is to assess and, if necessary, prioritise the risks. On the basis of this, enterprises can decide which risks (and which supply relationships) to look more closely at and address first. Enterprises have a large amount of leeway for this. The crucial factor here is that enterprises be able to plausibly justify why a certain risk is being addressed as a priority in accordance with the criteria of appropriateness laid down in Section 3 (2) LkSG. For example, one criterion is the severity of the identified risk in connection with a causal contribution in causing harm (e.g., large purchasing volume of a certain raw material).
Enterprises must undertake more detailed assessments of prioritised risks when they need more information to take action. This might concern the severity of possible human rights violations and their likelihood, or it might concern the groups of people affected, the suppliers where there are risks. It might also concern the political, legal or cultural situation where production takes place.
In the explanatory information concerning Section 3, the Act refers to relevant guides that are especially suitable as introductions to the issue of due diligence obligations.
Risk analysis must be carried out annually as well as on an ad hoc basis (cf. Section 5 (4) LkSG). This enables enterprises to react to supply network dynamics.
3. What happens when risk analysis cannot be undertaken because an enterprise was not able to achieve transparency in the supply chain despite making an effort?
The due diligence obligations establish an obligation to make an effort, not an obligation to succeed. That means that enterprises must make continuous, reasonable efforts to fulfil their due diligence obligations: this includes aiming for supply chain transparency. If they are unable to achieve this for plausible reasons, they are nevertheless acting in line with the LkSG. Risk analysis must be updated ad hoc as required and at least annually.
4. Do goods that are not intended for resale, such as office supplies and software, fall under priority risks according to Section 5 (2) LkSG when they are very similar to the goods of the core business?
All goods that an enterprise purchases to manufacture its products or provide its services are part of the supply chain (cf. Section 2 (5) LkSG) and are therefore part of the risk analysis. This also applies to goods that enterprises purchase to ensure they continue to exist, but which are not directly incorporated into the final product.
However, enterprises do not have to consider all risks in equal detail. They should focus on the most important ones (cf. Section 5 (2) LkSG), i.e., prioritise them. Whether risks associated with the production of these goods are to be prioritised by the enterprise depends on the criteria for appropriateness defined in Section 3 (2), in particular on how serious the risks are seen to be and what the enterprise’s potential influence is on effectively countering these risks.
IX. Due diligence obligation to issue a policy statement
1. According to Section 6 (2) sentence 2 of the LkSG, policy statements must be adopted by senior management. In the case of a German subsidiary GmbH, does "senior management" mean "management board" ? And in what form is the policy statement to be "adopted"? And to whom is it to be issued? Is the reference to a group-wide code of conduct sufficient?
In the case of a German subsidiary GmbH, "senior management" means "management board". The statement is considered to have been issued when it is public and accessible to all relevant persons, i.e., it has been communicated to employees, the works council (if applicable), the direct suppliers, the indirect suppliers if necessary, and the public. If the group-wide code of conduct also satisfies the legal requirements for the policy statement for the subsidiary (cf. Section 6 (2) LkSG), the reference to a group-wide code of conduct is sufficient. It is important that the statement also address the specific risk situation of the subsidiary.
2. Do policy statements have to have a uniform, outwardly coherent form? Or is it sufficient to place the elements in separate documents (e.g., corporate policy, code of conduct for suppliers, integrated strategy report, risk assessment and implementation)?
Policy statements can be made up of several documents. They must, however taken together meet the substantive legal requirements for a policy statement and be communicated to employees, the works council, the relevant suppliers and the public (cf. explanatory information in the Federal Government’s draft).
X. Due diligence obligation to establish prevention measures
1. Do enterprises have to review the complete supply chain for each individual product as part of their preventive measures?
No. The important thing is for preventive measures to be linked to prioritised risks, not to the entire range of products that the enterprise deals with.
2. Can affected enterprises require their suppliers to provide lists of their business relationships and audit reports of their suppliers in particular?
The Act does not specify in detail which documentation must be provided by suppliers or agreed upon with suppliers in specific cases. Audits may be evidence of the fulfilment of expectations, provided that the audit in question takes into account the requirements of the LkSG.
3. Is a self-disclosure statement signed by a supplier sufficient to fulfil the due diligence obligation with regard to that supplier?
Due diligence obligations are not automatically fulfilled by relying solely on written assurances. Rather, all other obligations set out in the LkSG regarding risk analysis and preventive measures and remedial action must also be fulfilled.
XI. Due diligence obligation to take remedial action
1. When is there an obligation to withdraw from a business relationship in line with Section 7 (3) LkSG?
The LkSG’s provisions in Section 7 (2) and (3) encourage enterprises to work with suppliers or with the sector’s stakeholders first to find solutions to complex problems that are difficult to solve before withdrawing from a business field. The principle here is: staying and helping is better than cutting and running. The termination of business relationships is only required if, first of all, the violation of a protected legal position or an environment-related obligation is assessed as very serious; second, the implementation of the measures developed -- together with the supplier -- in the concept does not remedy the situation after the time specified in the concept has elapsed; third, the enterprise has no other less severe means at its disposal; and fourth, increasing the ability to exert influence has no prospect of success.
It should be kept in mind that the mere fact that a state has not ratified one of the conventions listed in the Annex to this Act or has not implemented it into its national law does not automatically result in an obligation to terminate the business relationship.
The ratification of conventions and their implementation into national law is the responsibility of states and not enterprises. Not having ratified human rights or environmental conventions or not having implemented them into national law does not in itself give rise to an obligation to break off a business relationship or an obligation not to enter into that relationship in the first place.
The deficits of states in the field of human rights or violations of human rights by states can, however, give rise to relevant human rights risks or exacerbate them in the context of corporate due diligence. Enterprises can thus in particular be expected to take the lack of ratification or implementation into account in their risk analysis and to review the consequences of that for the risk situation as a whole.
XII. Due diligence obligation to establish a complaints procedure
1. In the case of global groups, what constitutes an “internal” complaints procedure in line with Section 8 of the LkSG? Must the complaints procedure be (organisationally) at the level of the German subsidiary? Or is it sufficient for it to be at the global, group-wide level?
A group-wide complaints procedure is sufficient if it meets the legal requirements. It is possible for enterprises to participate in external complaints procedures, so internal group-level procedures are all the more sufficient.
XIII. Due diligence obligations on documentation and reporting
1. What reporting obligations do affected enterprises have?
Enterprises must submit annual reports on their implementation of their due diligence obligations to the Federal Office for Economic Affairs and Export Control and they must publish them online.
The report must state in a comprehensible manner,
- whether the enterprise has identified any human rights and environment-related risks and if so, which ones,
- what the enterprise has done to fulfil its due diligence obligations,
- how the enterprise assesses the impact and effectiveness of the measures,
- what conclusions it draws from the assessment for future measures.
Reports must be made publicly available online no later than four months after the end of the financial year and must be kept available for seven years. Trade and business secrets are to be given due protection. The reports must be submitted to the Federal Office of Economics and Export Control. An electronic procedure is being developed to keep the burden on enterprises as light as possible.
2. When must an initial report be made in line with the LkSG?
Initial reports in line with the LkSG must be submitted to the competent authority no later than four months after the end of the financial year that ends during the calendar year 2023 (for enterprises with 3,000 or more employees) or 2024 (for enterprises with 1,000 or more employees). The reporting period does not begin until 01.01.2023 (or 01.01.2024).
3. Can sustainability seals, audits and certificates serve as evidence within the framework of the LkSG?
When seals, certificates and audits demonstrably fulfil the legal due diligence requirements, they can be used as important indications of the fulfilment of the due diligence obligations.
4. What reporting obligations do subsidiaries abroad have?
Subsidiaries abroad have no reporting obligations because they do not fall under the scope of application according to Section 1 LkSG (not located in Germany, no branch office).
5. Is it necessary to report on the 2022 financial year starting on 01.01.2023?
No. It is only necessary to report on the state of affairs starting on 01.01.2023 when the enterprise falls under the scope of application starting on that date.
6. Can the reports be in English?
No. Section 12 (1) LkSG explicitly stipulates that reports must be in German.
XIV. Monitoring by the Federal Office for Economic Affairs and Export Control
1. Who monitors compliance with due diligence obligations? In what form?
Implementation of the Act is monitored by the Federal Office for Economic Affairs and Export Control (BAFA).
Enterprises must submit their due diligence reports to BAFA, which reviews the reports, no later than four months after the end of the financial year.
BAFA also carries out risk-based inspections of enterprises. It may summon persons, enter offices, inspect and examine documents and prescribe specific measures to remedy problems. It may also impose financial penalties and administrative fines.
2. What is the BAFA’s stance when assessing the appropriateness of measures taken by enterprises to fulfil their due diligence obligations?
The principle of appropriateness gives enterprises a great deal of leeway in deciding which risks they should address first and which measures are reasonable. Authorities acknowledge this leeway and take it into account when monitoring compliance. BAFA reviews whether enterprises took appropriate action at the time of the decision, i.e., ex ante. Thus, enterprises have to show which criteria they used to assess risks and implement measures. The enterprise's internal decision process must be plausible and comprehensible for BAFA. It does not review the enterprise's decision from an ex-post facto point of view, so enterprises should not be sanctioned for what in hindsight turns out to have been a mistake.
XV. Consequences of the Act for enterprises/questions of liability
1. What happens when enterprises do not comply with the Act?
Enterprises face fines of up to eight million euros or up to two percent of their annual turnover if they fail to meet their obligations to conduct risk analysis, establish a complaints procedure, take preventive measures and eliminate known human rights violations effectively. The turnover-based framework for fines only applies to enterprises with more than 400 million euros in annual turnover.
Similarly, enterprises in violation of the Act can be excluded from the award of public contracts within a period of up to three years if fined an amount above a certain minimum (the threshold depends on the severity of the violation: 175,000 or 1,500,000, 2,000,000 euros or 0.35 percent of annual turnover). The Federal Office for Economic Affairs and Export Control will be given effective enforcement instruments and far-reaching powers of supervision to monitor enterprises' supply chain management.
2. Will German enterprises be held liable for their suppliers in the future?
No. Enterprises are not liable for the behaviour of third parties in the supply chain.
3. Are enterprises liable when human rights violations occur?
The LkSG itself does not change the current grounds for being held liable. However, workers abroad can already sue for damages in German courts if they feel that their rights have been violated by a German enterprise. However, the law of the country in which the damage occurred is then applicable.
A new aspect in this Act is that in the future affected persons will be able to authorise domestic trade unions and non-governmental organisations (NGOs) to bring civil proceedings in their own capacity. Special capacity to sue is a procedural tool. It is applicable when there are possible violations of very important legal positions set out in Section 2 (1) LkSG, such as life or limb. In the respective proceedings, the law of the location where the damage occurred continues to apply, i.e., as a rule the law of a foreign country.
4. Can the Act cause German enterprises to withdraw from developing countries?
The principle of "staying and helping is better than cutting and running" is explicitly enshrined in the Act. Enterprises are encouraged not to withdraw from regions with weak standards, but to work with suppliers there or with other industry players to minimise risks. This provides them with legal certainty, especially when dealing with suppliers not yet appropriately addressing human rights risks.
Even in cases of severe human rights violations, terminating business relationships is only required given the following factors:
- severe breach or violation,
- attempts to mitigate the risk within the specified time have failed,
- there are no other less severe means available and
- increasing the ability to exert influence has no prospect of success.
The mere fact that a country has not ratified the international conventions listed in the LkSG does not oblige companies to break off business relationships.
XVI. Implementation aids for enterprises
1. Is information and support available to enterprises?
Within the framework of the NAP, the Federal Government offers extensive support for enterprises regarding the implementation of their due diligence obligations. This includes initial counselling provided by the Business & Human Rights Helpdesk (Helpdesk Wirtschaft & Menschenrechte), which was launched in 2017, and the establishment of support networks abroad around the embassies of the Federal Foreign Office. Another important way to offer support is through the sectoral dialogues on the implementation of the National Action Plan, which are moderated by the Federal Ministry of Labour. These include development of detailed guidance on implementing individual due diligence obligations. This makes the basis for taking action more secure, especially in sectors with special human rights challenges. On the Federal Government’s information portal at www.wirtschaft-menschenrechte.de you can find a good overview of the support offered by the Federal Government and other actors for implementing corporate due diligence, as well as detailed information on fulfilling due diligence obligations.
The Federal Office for Economic Affairs and Export Control (BAFA), which is responsible for enforcing and monitoring the Act, also publishes cross-sector and sector-specific information and advice on compliance with the Act.
2. Selling both their own and third-party brands is part of their "own business area" for department stores, which offer a broad range of goods including their own brands and a high proportion of brands of manufacturers and third-parties. Do their due diligence obligations also extend to these third-party brands? The enterprise may have a direct contractual relationship with as many as 5,000 suppliers, but they usually have no knowledge of their supply chains. Or are the obligations arising from the LkSG limited exclusively to companies’ own brands and their associated supply chains?
The LkSG’s definition of supply chain covers both companies’ own brands and third-party brands. The capacity to exert influence may be greater in terms of their own brands. The LkSG takes this into account, for example on the issue of whether the measures taken were appropriate and the prioritisation of risks comprehensible.
3. The LkSG announced three statutory instruments: one on indirect suppliers, one on report audit by the authorities and another statutory instrument concerning action taken by the authorities. When are they expected?
The provisions provide for the possibility to issue statutory instruments, but not the obligation to do so. Currently (as of November 2021), no statutory instruments are in planning.
XVII. Effects of the Act on small and medium-sized enterprises
1. What are the consequences of the Act for smaller enterprises supplying larger enterprises that fall under the Act?
Even enterprises that do not fall within the LkSG’s scope of application ought to implement due diligence obligations. The UN Guiding Principles on Business and Human Rights are addressed to all enterprises. The National Action Plan for Business and Human Rights (NAP), which sets out corresponding expectations for all enterprises based in Germany, has been in force since 2016.
In addition, when enterprises that fall outside the LkSG’s scope of application directly supply enterprises that fall within its scope, their contractual relationship may require them to implement due diligence obligations (by, for example, setting out human rights-related expectations).
By their nature, the obligations under the LkSG cannot simply be handed on to suppliers. This applies, for example, to obligations to report to the authority and the public. Suppliers outside the legal scope of application also do not have to fear inspection measures or sanctions by BAFA. Enterprises that do fall within the scope of the Act also remain responsible for monitoring their supply chains and fulfilling the obligations concerning risk analysis, preventive and remedial measures.
XVIII. The Act on Corporate Due Diligence Obligations in Supply Chains in an international context
1. Are there due diligence regulations or legislation outside of Germany?
On 23 February 2022 the European Commission has presented an ambitious EU-wide legislative proposal on sustainable corporate governance that is to include binding due diligence obligations for global value chains. An EU-wide arrangement will increase the effectiveness of human rights protection measures and create a level playing field within the internal market.
2. What is the relationship between the German legislation and the European legislation? What happens when an EU directive imposes "stricter" requirements on enterprises?
European Union law takes precedence over German law, i.e., if the two are in conflict, the EU requirements apply. In the case of a directive they must be transposed into German law.
3. What is the relationship of the reporting obligations under the LkSG to the new non-financial reporting requirements?
There is currently only a draft by the Commission. No new directive has been adopted yet. The Federal Government is committed to ensuring that regulations are as coherent as possible.