On 11 June 2021, the German Federal Parliament approved the draft bill on corporate due diligence in supply chains (Supply Chain Due Diligence Act), which was approved by the German Federal Council without any changes on 25 June 2021. The act will come into force on 1 January 2023. The change of the abbreviation from Due Diligence Act to Supply Chain Due Diligence Act in the course of the legislative process is very welcomed as a specification of the purpose of the law. The act is also referred to as Supply Chain Act. It implements the UN Guiding Principles on Business and Human Rights, dated June 2011 (like the Modern Slavery Act 2015 in the United Kingdom).
Intended Purpose of the Law
The Supply Chain Due Diligence Act is intended to protect human rights and to ensure a sustainable production. Under the Supply Chain Due Diligence Act, companies are obliged to identify and assess human rights and environmental risks and to establish an adequate and effective risk management system. This includes the prohibition of child labour, forced labour, slavery, servitude and the prohibition to disregard occupational health and safety, freedom of association, etc. Based on such an analysis, the respective companies have to take adequate measures to prevent or minimise the risk of human rights and environmental violations in these areas.
The law establishes a duty of effort, but neither a duty to succeed nor a guarantee liability, since no company may be required to do something that is legally and factually impossible. The due diligence obligations are therefore already considered to have been fulfilled if a company has made a serious effort, even if it could not trace its entire supply chain or take certain preventive or remedial measures because this was actually or legally impossible.
Scope of Application
The new law is applicable to companies having their head office, principal place of business, administrative headquarters or registered office in Germany and employing more than 3,000 employees. In addition, foreign companies with a branch office and a corresponding number of employees in Germany are also subject to the new law. From 2024 onwards, this threshold shall be reduced to 1,000 employees.
Scope of Due Diligence Obligations
The scope of the due diligence obligations under the new law covers both direct and indirect suppliers. However, the extension of the due diligence obligations to indirect suppliers requires substantial knowledge which presupposes actual indications of a (potential) violation of human rights or environmental obligations of its indirect supplier. The risk analysis regarding direct suppliers is to be carried out at least once a year as well as on an as-needed basis if the company expects a significant change or significant expansion of the risk situation in its supply chain. In addition, a risk analysis has to be carried out also for indirect suppliers in case intermediaries are used only to avoid a risk analysis for such suppliers.
Companies in scope of the Supply Chain Due Diligence Act have to issue a policy statement on their human rights strategy and introduce appropriate preventive measures in their own businesses and procure the same at their direct suppliers. In the event of any (actual or imminent) human rights or environmental duties violations within its own business or at a direct supplier, the company must immediately take appropriate remedial action (including prevention, reduction, remediation, suspension of business relationship and termination in case of material violations). However, the non-ratification of human rights or environmental agreements or their non-implementation into national law does not by itself constitute an obligation to terminate business relationships with companies based in these countries.
According to the original draft bill, remedial action should lead to the cessation of violations of human rights or environmental obligations in the company’s own business area. In this respect, a regional differentiation is now made in such a way that the remedial measures (i) must lead to the cessation of violations in the company’s own business operations in Germany and (ii) must generally lead to the cessation of violations in the company’s own business operations abroad. However, since even under German law supplier contracts cannot always be terminated without further ado in the event of violations of human rights or environmental obligations (burden of proof), the unrestricted obligation in Germany will present the companies concerned with corresponding legal challenges. In case the company obtains substantial knowledge of a potential violation by an indirect supplier, a risk analysis must be conducted on the indirect supplier, and appropriate preventive measures must be taken.
Whistleblower System and Annual Report
The new law obliges companies to set up a whistleblower system. The law does not require the whistleblower to be personally affected. Such a restriction was discussed, but in the end did not find its way into the new law. In the context of harmonization on a European level, this aspect should be monitored and further discussed in order to keep an appropriate internal company complaints procedure practicable.
Affected companies must publish an annual report on the fulfilment of their due diligence obligations in the preceding business year on the company website within four months after the end of the business year.
The Federal Office for Economic Affairs and Export Control (BAFA) is responsible for monitoring and enforcing the new law by requesting information, issuing remediation orders and imposing civil fines. Complaints regarding (potential) violations can be directly reported to the BAFA.
Liability and Sanctions
The Supply Chain Due Diligence Act does not introduce an additional legal basis for civil law damage liabilities of companies resulting from any human rights or environmental duties violations in their supply chain. Instead, companies will face fines for failure to comply with their due diligence obligations. The new law stipulates fines of up to EUR 800,000, while for companies with an average worldwide annual turnover of more than EUR 400 million, fines of up to 2 % of their total worldwide annual group turnover can be imposed. If a potential fine exceeds EUR 175,000, companies can also be barred from public tender offers in Germany for a period of up to three years.
ESG and M&A
The Supply Chain Due Diligence Act is to be considered as part of the general international development that companies should increasingly assume responsibility, especially in the areas of environment, social and governance (ESG). The obligations under the Supply Chain Due Diligence Act should therefore be integrated into companies’ general ESG strategies.
In addition, the new requirements of the Supply Chain Due Diligence Act should be increasingly taken into account in the context of legal due diligence and ESG due diligence in M&A transactions as well.
European and International Dimension
The Supply Chain Due Diligence Act represents only the beginning of a new development towards increased due diligence obligations for German corporates. A new directive on corporate due diligence and accountability is currently being discussed at European level. On 10 March 2021, the European Parliament presented a recommendation to initiate the preparation of such directive. Similar to the Supply Chain Due Diligence Act, additional reporting obligations and duties to monitor supply chains will be introduced at a European level. The EU directive could in particular extend the scope of application to significantly more companies and possibly also introduce civil liability. The German Supply Chain Due Diligence Act would then have to be adapted to the EU directive accordingly.
For international companies compliance with different local requirements in various countries regarding supply chain due diligence will be an increasing challenge in the future. In order to ensure supply chain due diligence programs can be set-up and managed with more legal certainty, harmonization also on an international level would be very welcome.
In France, since 2017 the Duty of Care Act requires companies to develop, implement and publish in their annual report a vigilance plan (including a risks map, assessment proceedings and alert mechanisms) to identify and prevent risks and serious violations of human rights/fundamental freedoms in relation with human health and safety and the environment. The vigilance plan must cover the activities of: (i) the company itself; (ii) its direct and indirect affiliates; and (iii) its subcontractors and suppliers (solely those having an established commercial relationship with the concerned company). The Duty of Care Act applies to companies (i) having their headquarters in France and employing at least 5,000 employees themselves and through direct or indirect affiliates or (ii) having their headquarters in or outside of France and employing at least 10,000 employees themselves and through direct or indirect affiliates. Failure to comply with the Duty of Care Act is not subject to fines. However, such failure can lead to a formal “letter to comply” from an interested party (e.g., NGOs or employees’ associations). The request for issuance of a judicial “injection to comply” (possibly subject to daily fines) can also be considered. Finally, interested parties may consider engaging civil lawsuits against companies that are not in compliance with the Duty of Care Act (subject to the evidence of a damage, a fault of the company and a causal link).
The Italian legislation does not provide for a specific law to implement the UN Guiding Principles on Business and Human Rights (dated June 2011), and a structured debate is still far from being concluded in such direction. However, the Italian legal system includes several statutory provisions and regulations which may have indirectly similar functions. As an example, as far as working conditions are concerned, a due diligence process shall be made in order to comply with occupational health and safety obligations provided for by Legislative Decree no 81/2008, but also those concerning corporate responsibility according to Legislative Decree no 231/2001, as well as to comply with the General Data Protection Regulation (GDPR).
In the United Kingdom, the Modern Slavery Act was already introduced in 2015 to ensure transparency in supply chains. The Act requires the publication of a statement setting out steps that companies have taken to ensure that their businesses are free from modern slavery (including slavery, servitude, forced and compulsory labour and human trafficking). The Modern Slavery Act has a global reach and applies to any corporate body with a minimum annual turnover of £36 million (including subsidiaries), which carries on business or a part of a business in the United Kingdom. The UK government has published statutory guidance on the reporting requirements, which sets out expectations about areas that the statement should cover. The UK government also encourages publication of the statement on a central registry launched in February 2021, and legislative changes enhancing the Modern Slavery Act are expected to make publication on this registry compulsory. In practice, appropriate measures are to be taken by companies in the UK to ensure that the declaration can be made and that the implemented risk protection measures can be outlined.
There are a number of laws and rules in the US in particular on federal and states level comprising risks for civil action as a result of violations of human rights, other international laws or treaties and addressing supply chain due diligence duties more broadly or sector-specific (e.g., Alien Tort Claims Act, California Transparency in Supply Chains Act to combat human trafficking and slavery). In addition, under the Conflict Minerals Rules, listed companies are required to review their supply chains for certain minerals if they may originate in conflict regions, and take action to address any human rights-related risks found. However, so far there is no comprehensive or single source of US law providing for supply chain due diligence duties like in other European jurisdictions.
National and international corporates with activities in Germany and more than 3,000 employees will have to comply with the requirements of the new German Supply Chain Due Diligence Act starting from 1 January 2023. Accordingly, they should review and update their supply chain due diligence processes and systems for risk management and align them with requirements in other applicable jurisdictions. We are here to support you with our international network in Germany, France, Italy, the United Kingdom, the United States and worldwide, in implementing the requirements of applicable Supply Chain Due Diligence Acts in an efficient manner and in order to ensure compliance with legal requirements.