Samah Nour Eddine
The German Supply Chain Act is part of a growing trend around the world to hold companies accountable for sustainable and ethical business practices within their global supply chains. Passed by the German government in March 2021, the German Supply Chain Act, also known as the Lieferkettengesetz in German, requires German-based corporations to address human rights and environmental violations within their global supply chains.
- The purpose of the Supply Chain Act is to help companies to improve their supply chain sustainability, but it also presents challenges to adhere to due diligence obligations.
- Challenges include the breadth of the law that requires companies to probe deep into their supply chains and the difficulties of gathering accurate data.
- To overcome these challenges, companies should introduce a third-party risk management programme, including due diligence platforms, risk assessment tools and supplier data management systems.
Starting 1 January 2023, the law applies to companies with over 3,000 employees in Germany but will expand to cover companies with 1,000 or more employees by early 2024.
Failure to comply with the law may result in fines of up to 2 percent of annual global turnover, as well as any likely reputational damage.
Challenges posed by the Act
The German Supply Chain Act surely presents an opportunity for affected corporations to improve their supply chain sustainability and enhance their reputation. However, these companies may also struggle to meet their due diligence obligations under this law. Specific challenges likely include:
- Expansiveness: One unique challenge is that the law focuses on third-party risks beyond just a company’s immediate first-tier suppliers and requires companies to look deeper into their supply chains. This is a difficult if not sometimes impossible task due to the size of a global supply chain network, lack of visibility beyond first tier suppliers, and supplier locations in jurisdictions with weaker labour and environmental standards. Such a lack of transparency would challenge companies to obtain information about their suppliers’ practices and may have limited control over their activities especially those deeper in a supply chain.
- Data accuracy and availability: Some suppliers may not have the necessary processes or controls to collect and provide the data that corporates need to comply with the law. For example, they may not have the ability to track and report on their environmental impacts, labour practices, or human rights compliance. So, even when corporations are able to obtain data from their suppliers, it may be limited, incomplete or inaccurate. This can make it difficult to assess risks, conduct effective due diligence and take appropriate preventive or remediation measures. The challenge doesn’t stop here but extends to information gathering as well. Corporate organisations face the challenge of complexities when it comes to data gathering and analysis, especially when creating and managing questionnaires, to be assessed at different phases of their suppliers’ lifecycle.
- Resource constraints: Implementing a due diligence process requires significant resources, including personnel, operational and financial investments, which may be a challenge for small to mid-tier corporate companies.
- Data integration challenges: Companies may also face challenges in integrating data from multiple sources and systems to provide a comprehensive view of their supply chain risks and performance. An exercise that can prove to be complex, expensive and time-consuming.
The route to effective due diligence
Companies need to adopt a risk-based due diligence towards their third-party risks when complying with the German Supply Chain Act and achieve this by implementing a comprehensive third-party risk management programme and investing in systems and tools. This includes:
- Due diligence platforms: These platforms provide a centralised location for companies to manage their due diligence processes and track compliance with the German Supply Chain Act. They can include workflows, risk assessment, checklists, remediation and reporting tools that enable them to manage their end-to-end due diligence activities more efficiently.
- Risk assessment tools: These tools use data analytics and machine learning algorithms to identify, assess and monitor a supply chain’s potential risks in various areas like environmental, social and governance (ESG), identity, integrity, operations, financial and cyber, among others.
- Supplier data management systems: These systems enable corporate companies to collect and manage data about their suppliers, apply a risk-based approach in gathering additional information for higher-risk entities and continuously monitor the business relationship from inception to renewal and beyond.
In summary, complying with the German Supply Chain Act brings forward opportunities to elevate responsible business practices. However, many companies will face challenges to comply due to the law’s expansive requirements, the complexity of their supply chains, limited resources and a lack of trusted data.
By leveraging data and technology, companies can improve their third-party risk programmes by adopting a comprehensive risk-based due diligence approach to their supply chain, demonstrating a commitment to responsible, ethical and sustainable business practices.
Republication or redistribution of LSE Group content is prohibited without our prior written consent.
The content of this publication is for informational purposes only and has no legal effect, does not form part of any contract, does not, and does not seek to constitute advice of any nature and no reliance should be placed upon statements contained herein. Whilst reasonable efforts have been taken to ensure that the contents of this publication are accurate and reliable, LSE Group does not guarantee that this document is free from errors or omissions; therefore, you may not rely upon the content of this document under any circumstances and you should seek your own independent legal, investment, tax and other advice. Neither We nor our affiliates shall be liable for any errors, inaccuracies or delays in the publication or any other content, or for any actions taken by you in reliance thereon.
Copyright © 2023 London Stock Exchange Group. All rights reserved.
The content of this publication is provided by London Stock Exchange Group plc, its applicable group undertakings and/or its affiliates or licensors (the “LSE Group” or “We”) exclusively.
Neither We nor our affiliates guarantee the accuracy of or endorse the views or opinions given by any third party content provider, advertiser, sponsor or other user. We may link to, reference, or promote websites, applications and/or services from third parties. You agree that We are not responsible for, and do not control such non-LSE Group websites, applications or services.
The content of this publication is for informational purposes only. All information and data contained in this publication is obtained by LSE Group from sources believed by it to be accurate and reliable. Because of the possibility of human and mechanical error as well as other factors, however, such information and data are provided "as is" without warranty of any kind. You understand and agree that this publication does not, and does not seek to, constitute advice of any nature. You may not rely upon the content of this document under any circumstances and should seek your own independent legal, tax or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither We nor our affiliates shall be liable for any errors, inaccuracies or delays in the publication or any other content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the publication and its content is at your sole risk.
To the fullest extent permitted by applicable law, LSE Group, expressly disclaims any representation or warranties, express or implied, including, without limitation, any representations or warranties of performance, merchantability, fitness for a particular purpose, accuracy, completeness, reliability and non-infringement. LSE Group, its subsidiaries, its affiliates and their respective shareholders, directors, officers employees, agents, advertisers, content providers and licensors (collectively referred to as the “LSE Group Parties”) disclaim all responsibility for any loss, liability or damage of any kind resulting from or related to access, use or the unavailability of the publication (or any part of it); and none of the LSE Group Parties will be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, howsoever arising, even if any member of the LSE Group Parties are advised in advance of the possibility of such damages or could have foreseen any such damages arising or resulting from the use of, or inability to use, the information contained in the publication. For the avoidance of doubt, the LSE Group Parties shall have no liability for any losses, claims, demands, actions, proceedings, damages, costs or expenses arising out of, or in any way connected with, the information contained in this document.
LSE Group is the owner of various intellectual property rights ("IPR”), including but not limited to, numerous trademarks that are used to identify, advertise, and promote LSE Group products, services and activities. Nothing contained herein should be construed as granting any licence or right to use any of the trademarks or any other LSE Group IPR for any purpose whatsoever without the written permission or applicable licence terms.
Risk & Compliance