What exactly does the Supply Chain Act regulate and who does it apply to?
The full name of the Supply Chain Act is the "Lieferkettensorgfaltspflichtengesetz" (LkSG, meaning Supply Chain Diligence Obligations Act) and it is regarded by organizations as an important step towards putting into practice the "UN Guiding Principles on Business and Human Rights" (UNGP), passed by the United Nations Human Rights Council in 2011.
The Supply Chain Act has the aim of better protection of human rights in supply chains and combating the use of child labour. Environmental issues are also considered insofar as they violate human rights or put people's health at risk.
By its very nature, the situation in worldwide supply chains is often complex and unclear: production sites are distributed throughout the world, intermediaries and subcontractors are often numerous. Critics point out that due to this complexity companies can all too easily neglect their responsibility to comply with human rights standards. The business practices of the other companies in the supply chain are unknown and the effort needed to achieve transparency is often great.
The new law is intended to change this situation: as of 1st January 2023, certain companies based in Germany will have responsibility for the protection of human rights in their supply chains. To achieve this, a system of levels has been defined that is based on the possibilities of having an influence.
Which tasks result from the Supply Chain Act for companies?
Within the area of their own business and their immediate suppliers, companies must be able to prove in future that they have taken the following measures to observe their diligence obligations in a satisfactory manner:
- Setting up a risk-management system
- Designating internal responsibility for protection of human rights
- Carrying out regular risk analyses
- Adoption of a policy statement
- Anchoring of preventative measures into their own business activities and in relation to immediate suppliers
- Taking remedial measures in the event of a violation of a protected legal position
- Installation of a complaints procedure for reporting human rights violations
- Realization of diligence obligations in relation to risks with immediate suppliers
- Documentation and reporting in relation to the fulfilment of diligence obligations
Which companies does the Supply Chain Act apply to?
Companies based in Germany with more than 3000 employees must comply with the Supply Chain Act from 1st January 2023, regardless of their legal form. From the 1st January 2024 all companies with more than 1000 employees will be included. According to the German Federal Ministry for Economic Cooperation and Development (BMZ) from 2023 around 900 companies and from 2024 around 4800 companies will be subject to the Act. It also applies to foreign companies if they employ more than the relevant number of people on German territory.
Suppliers also affected
Although the Supply Chain Act only applies to companies with more than 3000, and later 1000 employees, it has to be assumed that these companies will make contracts with their suppliers obliging them to fulfil diligence obligations and to document them transparently. This means that smaller companies that are part of supply chains will also be indirectly affected by the Supply Chain Act.
What should companies do now due to the passing of the Supply Chain Act?
Firstly, company managers must take a close look at the details of the Supply Chain Act and carefully consider the situation of their company: how good is the existing compliance management system and what needs to be adapted or extended?
The costs for any particular company will heavily depend on the extent to which their existing compliance system already fulfils the requirements of the Supply Chain Act.
A lot of things, however, are still very unclear. How exactly should the risk analysis in companies be performed? Which consequences will particular incidents have? How should companies react to particular events and how can the whole thing be performed most efficiently? And who should be responsible for this in the company? What is already clear is that personnel resources will be needed. In order to keep the costs as low as possible, suitable IT support will also be essential.