Navigating Obligations under The German Supply Chain Act  

10th October 2023


The German Supply Chain Act (Lieferkettensorgfaltspflichtengesetz – the “Act”) came into force on 1 January 2023 and its scope will expand from 1 January 2024. Find out whether your firm is required to take into consideration the requirements of the German Supply Chain Act.


The German Supply Chain Act regulates German firms by requiring that they respect human rights, such as right for protection against child labor, the right to fair wages, as well as the protection of the environment through newly imposed due diligence obligations on the supply chain. The term “supply chain” relates to all products and services provided by a company. It includes all steps at domestic and international level that are necessary to manufacture the products and provide the services, starting with the extraction of raw materials and ending with delivery to the end customer.

On a European level the proposed European Corporate Sustainability Due Diligence Directive (Proposal for a Directive on Corporate Sustainability Due Diligence and amending Directive (EU) 2019/1937 – “CSDDD”) which will mandate impacted entities to identify, mitigate and report on the impact of their operations and supply chains on human rights and environment, and builds on the Act and the French Loi relative au devoir de vigilance. The CSDDD  provides for liability of companies for human and environmental rights violations. The proposal is currently still pending before the Council and Parliament of the European Union, who will have to approve it and it is set to enter into force shortly after publication, whereby Member States will be granted two years to implement the same into national law. It is important to note that it applies to both EU and non-EU companies operating in the EU and targets especially those operating in high-risk industries.

Unraveling legal responsibilities

The German Supply Chain Act affects companies that have their head office, principal place of business, administrative headquarters, registered office or branch office in Germany and employ at least 3000 employees in Germany. From 1 January 2024, the employee threshold will be reduced to 1000.

For the purpose of calculating the number of employees, the Act provides that temporary agency workers and workers on secondment abroad are to be included in the calculation of the number of employees of the impacted firm if the duration of the assignment exceeds six months. This applies also to employees of a subsidiary and / or sub-subsidiary companies, if these fall within the definition of “affiliated companies” of Section 15 of the German Stock Corporation Act (Aktiengesetz – AktG”).

In the context of tangible goods, the supply chain encompasses procurement, production, and distribution. However, in relation to financial services, such as those offered by credit institutions, the supply chain is not so structured.

Unlike the linear process of creating physical products, financial services involve simultaneously the service provision and production. This production may include activities like investing or lending, often in real-time as the service reaches the end customer. In this regard, when extending credits, providing collateral, or investing customer funds, providers are not held to the same due diligence standards for end customers as for the production of physical goods, unless those transactions are so significant that they must be accompanied by special information and controls. If the service is primarily about intermediating financial services, due diligence requirements do not extend to the end customers.

Specifically in relation to the investment of assets and investment service providers, the application of the Act is not entirely clear. Legal relationships with suppliers necessary for investment services (outsourced fund/portfolio management, i.e. investment decisions at fund and portfolio level) might not fall under the Act. However, relationships with suppliers providing other services, independent of investment activities, would indeed fall under the Act (e.g. IT service providers). It is therefore essential to distinguish between relationships critical for providing investment services and those involving ancillary services like IT support.

We, therefore, recommend investment firms to monitor as and when any further clarification and guidance in this regard is issued.

Delving into the due diligence obligations

Supply Chain: Direct and indirect suppliers

The Act imposes due diligence obligations on a company in relation to its own business, to the actions of a contractual partner and to the actions of indirect suppliers where the company has substantiated knowledge of a violation by such indirect suppliers.

This means that the suppliers include a) direct suppliers, i.e. a contractual partner of the company, whose delivery of goods or provision of services is necessary for the manufacture of the company’s product or for the provision and use of the relevant service; as well as b) indirect suppliers who are also part of the supply chain, but who are not direct suppliers and whose supplies are nevertheless necessary for the production of the company’s product or for the provision and use of the service in question.

As a result, a company’s due diligence responsibility applies throughout the entire supply chain.

Due diligence obligations

Companies that fall within the scope of the Act must establish and document appropriate and effective risk management processes and procedures to comply with due diligence obligations.

In relation to risk management, the Act requires that companies perform, amongst other obligations, a risk analysis at least once a year, and to perform it on an ad hoc basis, if there are actual indications of an infringement.

The Act requires the following diligence obligations to be implemented and carried out on a regular basis:

  • The establishment of a risk management system (Section 4(1) of the Act);
  • The establishment of in-house responsibility (Section 4(3) of the Act);
  • The performance of regular risk analysis (Section 5 of the Act);
  • Issuing of a policy statement (Section 6(2) of the Act);
  • The establishment of prevention measures in their own business area (Section 6(1) and (3)) and in relation to direct suppliers (Section 6(4) of the Act);
  • Taking of remedial measures (Section 7(1) of the Act);
  • The establishment of a complaints procedure (Section 8 of the Act);
  • The implementation of due diligence with respect to risks associated with indirect suppliers (Section 9 of the Act); and
  • Documentation (Section 10(1)) and reporting (Section 10(2) of the Act).

In addition, specifically where a company has substantiated knowledge of a violation by an indirect supplier, there are additional obligations: the complaints framework must allow for the reporting of an indirect supplier’s violation, the company must amend its risk management and mitigation process, perform an ad hoc investigation, take preventive measures and update its policy statement in case there are actual indications of an infringement.


Implementation and compliance with the requirements of the German Supply Chain Act is monitored by the German Federal Office of Economics and Export Control (Bundesamt für Wirtschaft und Ausfuhrkontrolle – “BAFA“). BAFA can impose sanctions and fines and is allowed to enter business premises, demand information and inspect documents. BAFA can also request companies to take specific actions and enforce those by imposing fines.

In case a company violates its due diligence obligations under the Act, fines may amount to 2% of the average annual turnover when the company has an average annual turnover (worldwide) of more than EUR 400 million.

Companies with an average annual turnover below 400 million may be fined up to EUR 800,000, if, for example, they violate their obligations to take prevention measures, or if remedial measures are not taken. Companies may be fined up to EUR 500,000, if, for example, they violate their obligations to establish an in-house responsibility or if they fail to perform a risk analysis. Other violations may be subject to a fine of EUR 100,000

How can Zeidler Group help?

Please do not hesitate to contact the Zeidler Group ESG Legal Team should you require further information regarding the German Supply Chain Act or the CSDDD.


Elisa Forletta-Fehrenberg


Patricia Nitschke