Supply chain act

Implementation by enterprises

The specific due diligence obligations for enterprises regarding respect for human rights are laid down in the new Act on Corporate Due Diligence Obligations in Supply Chains. It requires enterprises to establish an appropriate and effective risk management system that is integrated into all relevant business processes. A risk management system is effective when human rights and environment-related risks are identified, prevented, minimised or eliminated.

The five core elements of the National Action Plan for Business and Human Rights (NAP) form the basis for the due diligence obligations set out in the Act. These due diligence obligations address

  1. the implementation of a risk management system
  2. the designation of a responsible person or persons within the enterprise
  3. the performance of regular risk analyses
  4. issuing a policy statement
  5. laying down preventive measures in an enterprise’s own area of business, vis-à-vis direct suppliers and – if there are indications that suggest a possible violation of human rights – vis-à-vis indirect suppliers
  6. taking remedial action
  7. establishing a complaints procedure
  8. documentation and reporting

In order to comply with their human rights due diligence obligations as defined by the Act, enterprises must define responsibilities within their organisation, for example by appointing a human rights officer.

Every enterprise within the scope of application is obliged to conduct a risk analysis as a first step. This means that they must first strive for transparency and identify the parts of their production and supply chain that carry particularly significant human rights and environment-related risks. This also includes the business areas of suppliers.

Below we have set out how such risk analysis can succeed in practice (German video with English subtitles):

 

If risks are identified, suitable preventive measures must be taken on the basis of the analysis in order to prevent violations. These include, for example, agreeing appropriate contractual human rights clauses with the direct supplier, implementing suitable procurement strategies, providing training or taking supervisory measures. If the risk of a human rights violation at an undertaking’s own location or in the supply chain has been identified, appropriate measures must be taken to end or minimise it. This applies all the more if the human rights violation has already occurred.

Human rights risks at indirect suppliers, i.e. in the lower parts of the supply chain, must also be analysed, monitored and addressed if enterprises have real indications of possible human rights violations – for example, due to the condition of their goods as well as the countries of origin of their raw materials and upstream suppliers, due to information provided by the authorities, due to reports of poor human rights records in the production region, or the fact that an indirect supplier belongs to an industry sector with particular human rights risks.

Looking at measures that have been successfully implemented in practice illustrates how this can be successfully achieved (German video with English subtitles):

 

In addition, enterprises must set up a complaints procedure that allows those who are directly affected, as well as those who are aware of potential or actual violations, to report risks and violations.

The establishment of complaints procedures can take different forms, as these enterprises show (German video with English subtitles):

 

The Act on Corporate Due Diligence Obligations in Supply Chains requires enterprises that are subject to the Act to issue a policy statement on their human rights strategy. The statement must identify the environment-related and human rights-related risks identified and given priority in relation to the enterprise within the risk analysis. On this basis, any preventive and remedial measures derived from this must be described. The expectations placed on the enterprise’s own employees and suppliers in the supply chain must also be addressed. The policy statement must be approved by senior management.

Take a look at how a policy statement is implemented in practice (German video with English subtitles):

 

The fulfilment of the due diligence obligations must be continuously documented within the enterprise. Enterprises must provide an annual report providing transparent information to the Federal Office for Economic Affairs and Export Control (Bundesamt für Wirtschaft und Ausfuhrkontrolle, BAFA) on

  • whether and which human rights and environment-related risks the enterprise has identified,
  • what the enterprise has done to fulfil its due diligence obligations,
  • how the enterprise assesses the impact and effectiveness of the measures,
  • what conclusions it draws for future measures.

The report must be submitted to BAFA and made publicly available on the enterprise’s website no later than four months after the end of the financial year and must be kept available there for seven years. Business and trade secrets are protected in this context. An electronic reporting format is currently being established to keep the burden on enterprises to a minimum. Enterprises may also use the information provided to fulfil the CSR reporting obligation. See how enterprises already report on the fulfilment of their due diligence obligations (German video with English subtitles):

 

You can find the full text of the Act in the Federal Law Gazette (in German). Here you will find more information about the five core elements of the NAP.

Effects of the Supply Chain Act on SMEs

As a rule, enterprises that do not fall within the scope of the Act shall also comply with their due diligence obligations. The National Action Plan on Business and Human Rights (NAP), which lays down corresponding expectations for all enterprises based in Germany, has already been in force since 2016. The Act is broadly inspired by the due diligence obligations of the NAP.

In addition, if enterprises outside the scope of the Act are direct suppliers of enterprises covered by the Act, they may additionally be required to meet due diligence obligations as part of their contractual relationship (which may, for example, include provisions laying down human rights-related expectations).

However, owing to their nature, the obligations under the Act on Corporate Due Diligence Obligations in Supply Chains cannot simply be passed on to suppliers. This applies, for example, to reporting obligations vis-à-vis the authority and the general public. Nor does a supplier outside the scope of application of the Act have to fear control measures or sanctions by BAFA. In addition, enterprises that are subject to the Act remain responsible for keeping an eye on their supply chains and for complying with the obligations of carrying out a risk analysis and taking preventive and remedial measures.

Further information on how small and medium-sized suppliers, too, can meet their responsibilities for the individuals in their supply chains as well as offers of support and practical examples.