The German Supply Chain Due Diligence Act: what does it mean for companies with a presence in Germany or doing business with German customers?
On 1 January 2023, the German Supply Chain Due Diligence Act (“Gesetz über die unternehmerische Sorgfalt in Lieferketten”, or “Lieferkettensorgfaltspflichtengesetz”) entered into force. It requires large German companies (including some German subsidiaries of foreign multinationals) to conduct far-reaching due diligence on human rights and environmental issues in their supply chain. In this client alert, we consider what this will mean in practice (including for companies who are not directly caught by the Act). We also compare the German Act to other mandatory human rights due diligence mechanisms and the underlying international standards.
(1) To which companies does the Act apply?
The Act applies to all companies, irrespective of their legal structure, which have their headquarters, main branch, centre of administration or registered seat in Germany and have more than 3,000 employees on 1 January 2023 (falling to 1000 employees on 1 January 2024).
In more detail:
- The Act will apply to the German subsidiaries of non-German multinationals, provided that the subsidiary meets the headcount threshold.
- The headcount threshold is calculated on a “bottom-up” basis. This means that employees of subsidiaries count towards the parent company’s headcount. However, employees of a parent company do not count towards the headcount of a subsidiary.
- Neither temporary workers nor short-term fluctuations in the work force are taken into account when determining headcount.
Even where the Act does not directly apply to a particular company, it may still have an indirect effect (irrespective of where that company is based or its headcount). For example, where a foreign company supplies a purchaser company caught by the Act, the purchaser may look to cascade its due diligence obligations (see below) by way of contractual provisions. A failure adequately to implement such obligations could lead to contractual liability. This is a trend seen in practice following the introduction of the Norwegian Transparency Act in 2022 (see our client alert here).
(2) What are companies within the scope of the Act required to do?
The Act imposes “due diligence obligations” (“Sorgfaltspflichten”), which require companies to verify, document and monitor that suppliers comply with basic human rights and environmental standards. These obligations include, among others:
a) Setting up a risk management system that allows it to identify risks of human rights or environmental standards violations, to prevent such violations and to mitigate their impact, should they occur (if the company has, at least in part, caused them);
b) Performing regular risk analysis, in order to identify risks of human rights and environmental standard violations, at least once a year and whenever the risk exposure alters, e.g., through the introduction of new products or the development of a new business field;
c) Should it identify a risk, taking preventive measures like adopting a company policy that addresses the human rights and environmental standards, implementing the policy across the supply chain, training relevant personnel and setting up a control mechanism;
d) Taking corrective action, should a violation occur or be imminent, in order to stop the violation or to mitigate its consequences;
e) Establishing a reporting system which allows involved persons across the supply chain to report risks or violations to a neutral body within the company confidentially and protected from retaliation or discrimination;
f) Documenting the fulfillment of the due diligence obligations and keeping the records in the company for seven years, preparing an annual report and publishing it on the company’s website.
These obligations broadly align with the standards for supply chain human rights due diligence under the UN Guiding Principles on Business and Human Rights and OECD Guidelines for MNEs, as well as under mandatory human rights due diligence legislation already in force in France and Norway and expected to come into force at a European level.
However, a key difference is that the due diligence obligation under the German Act is restricted to operations and supply chains. Unlike under the Norwegian Transparency Act or proposed EU Directive, for example, companies are not obliged to conduct due diligence on their downstream value chains. Further, the supply chain due diligence obligation is limited to tier-one suppliers and extends to sub-tier suppliers only in cases where there is “substantiated knowledge” of a human rights or environmental impact. There is no such qualification in the underlying international standards, which require action to be taken in relation to sub-tier impacts to which a company contributes or is directly linked through its operations, products or services, irrespective of actual knowledge.
(3) What are the deadlines for compliance, etc.?
Companies must publish their annual reports for each year at the end of April of the following year. This means that the first round of annual reports for companies with more than 3,000 employees for fiscal year 2023 will be due at the end of April 2024.
(4) How is the Act enforced and what are the sanctions for non-compliance?
The Federal Office of Economic Affairs and Export Control (known as “BAFA”) is authorized to verify that the annual report has been made, demand improvements on it and take all necessary actions to ensure compliance with the due diligence obligations, either on its own initiative or if an affected individual files a request to this effect. Companies are obliged to cooperate, for example by producing documents in their custody (or that of their suppliers) or by allowing access to their premises.
Should a company not comply with an enforcement measure, the competent authority may impose a fine (“Zwangsgeld”) of up to EUR 50,000.00. A company that intentionally or negligently violates the Act itself is, depending on the violation, subject to a fine (“Bußgeld”) of up to EUR 8 million. For companies with an average annual turnover of more than EUR 400 million the fine can amount to up to 2 percent of their average annual turnover. The exact amount of the fine depends on how significant the violation is, what the motives of the offender were and the consequences of the violation. In addition to a sanction and depending on its severity, companies may be excluded from public tenders for up to three years.
Unlike other mandatory human rights due diligence legislation, the German Act expressly excludes civil claims arising out of a failure to conduct due diligence.