ESG Compliance (4): The pitfalls of implementing the Supply Chain Act.

 The BAFA guidelines and the EU Corporate Sustainability Due Diligence Directive.

ESG Compliance (4): Die Tücken bei der Umsetzung des Lieferkettengesetzes.

The Supply Chain Sourcing Obligations Act has been in force since January 1, 2023. Many companies find implementing the act a major challenge. However, Brussels is already planning extensive and even stricter regulations. What do employers need to know now?

The vast majority of companies explicitly support the protection of human rights and the prevention of child labor as core principles, regardless of the Supply Chain Sourcing Obligations Act (LkSG), which came into force at the beginning of the year. The Supply Chain Sourcing Obligations Act (LkSG) currently applies to companies in Germany with at least 3,000 employees. This amounts to roughly 900 companies. From 2024 onward, companies with at least 1,000 employees will also have to comply with the new requirements. This will significantly expand the scope, and the Act will then apply to 4,800 companies. We had already reported on the necessary preparatory measures. However, the fact that the guidelines published by the Federal Office for Economic Affairs and Export Control (BAFA) are even stricter than the law itself has been received with incomprehension.

Read the BAFA guidelines carefully

The BAFA is not only responsible for monitoring and enforcing the Supply Chain Sourcing Obligations Act (LkSG). Section 20 of the Supply Chain Sourcing Obligations Act (LkSG) also states that the authority should support companies with implementing the due diligence obligations: via information, assistance and recommendations. The BAFA has since published guidelines on risk analysis and the complaint procedure. There is information about the reporting requirements as well as a catalog of frequently asked questions.

On a positive note, the Risk analysis guidelines describe the key criteria and steps to carry out the various types of risk analysis, whereas Section 5 of the Supply Chain Sourcing Obligations Act (LkSG) only provides an abstract framework. For example, BAFA recommends proceeding in two stages: In step one, companies should analyze industry-specific and country-specific risks, in particular, from an abstract perspective. Step two consists of determining the specific risks for the company and in assessing and prioritizing these on the basis of the criteria set forth in section 3(2) of the Supply Chain Sourcing Obligations Act (LkSG).

The risk analysis guidelines are stricter than the law itself

However, one aspect is problematic for employers: BAFA states that indirect suppliers may also have to be included in the case-specific risk analysis on the basis of Section 5(2) of the Supply Chain Sourcing Obligations Act (LkSG). Pages 7,8 and 17 of the guidelines stipulate that the case-specific risk analysis must be carried out if the business activity in the entire supply chain changes. As such, it is not restricted to the company’s own area of business and that of its direct suppliers. Moreover, it even applies if the company has not yet become aware of a violation of human rights or an environmental obligation but rather only has to reckon with such. Therefore, this raises the question of whether companies have to proactively obtain the relevant information. Yet, neither the wording of Section 5(4)(1) of the Supply Chain Sourcing Obligations Act (LkSG) nor the explanatory memorandum to the Act indicate any intended extension to indirect suppliers, provided there is no specific evidence of violations. In practice, BAFA’s approach creates obligations which are almost impossible to control and, therefore, cause incalculable risks. Frequently, companies are actually unaware of the identity of indirect suppliers and resellers.

No implementation deadline for complaint procedures

Companies which are required to comply with the due diligence obligations from 2023 onward also have to implement a complaints procedure in accordance with the Supply Chain Sourcing Obligations Act (LkSG) as of the act coming into force on January 1. This is stated explicitly in the Complaints procedure guidelines. Yet this is especially problematic because BAFA has also stated that a risk analysis does not have to be carried out by this time. However, companies are supposed to utilize the risk analysis to determine the most important target groups for the complaints procedure.

The consequence for legal, compliance and HR managers is that If they have not already done so, they need to immediately examine the extent to which the regulations regarding establishing, implementing and regularly reviewing the complaint management system comply with the guidelines. Companies which do not have to fulfill the due diligence obligations until 2024, and have already set up a system for protecting whistleblowers or a complaints management system, can draw on the information from BAFA to examine whether the new procedure stipulated by the Supply Chain Sourcing Obligations Act (LkSG) aligns with the existing system. The effectiveness criteria set forth in the UN Guiding Principles also have to be evaluated.

Integrate complaint management for whistleblowers and the Supply Chain Sourcing Obligations Act (LkSG)

To avoid additional work and duplicated processes, we recommend that HR collaborate closely with the legal, compliance, purchasing and sustainability managers. Ideally, this enables the company to create an integrated solution for complaint management which fulfills the requirements of the new Whistleblower Protection Act as well as the Supply Chain Sourcing Obligations Act (LkSG).

The European Parliament and Council of Ministers struggle over EU supply chain law

Companies are also concerned about the plans in Brussels regarding the Corporate Sustainability Due Diligence Directive (CSDD). This “Corporate Sustainability Due Diligence Directive” is also referred to as the EU Supply Chain Act. As already reported, the CSDD intends to impose even stricter regulations than the German Supply Chain Sourcing Obligations Act (LkSG): For example, sanctions shall be imposed not only in the event of human rights violations but also if companies violate environmental and climate standards. Furthermore, the value chain has an even broader definition which also encompasses indirect suppliers and customers.

The European Parliament and the Council of Ministers are currently discussing the final form of the directive. Whereas the Parliament intends to impose even stricter legislation when compared to the EU Commission’s proposal, the Council of Ministers is advocating looser requirements, including a longer grace period. In addition, downstream business partners should only be included to a limited degree. The new due diligence requirements will initially affect large-scale companies with more than 1,000 employees and global net sales amounting to at least 300 million euros. The regulation shall also apply to companies from third countries outside the EU which generate a turnover of 300 million euros or more.

The Supply Chain Sourcing Obligations Act (LkSG) has a major impact on a company’s compliance and involves high liability risks. Violations can result in severe fines and the damage to the company’s reputation is often even more serious. That is why legal certainty is all the more important. The fact that the BAFA risk analysis guidelines suggest even stricter regulations than the Supply Chain Sourcing Obligations Act (LkSG) is concerning. Although the guidelines are not binding, they do reflect the supervisory authority’s stance on the issue. This automatically sows the seeds for legal disputes.

Nevertheless, the guidelines are a valuable source of practical orientation and information, especially for those companies which will not have to comply with the due diligence requirements until 2024. Where the BAFA guidelines exceed the scope of the Supply Chain Sourcing Obligations Act (LkSG), companies need not fear sanctions if they fail to implement these guidelines to the full extent.

However, Brussels’ plans for the EU Sustainability Due Diligence Directive could ultimately force companies to include indirect suppliers in their risk analysis in the future. HR managers need to pay close attention to the legislative developments.