BLOG — Mar 13, 2023

Regulatory Spotlight: The New Act Shaping the German Supply Chain

In this issue, we're putting the spotlight on an act that will significantly change the treatment of the supply chain in Germany, both for German firms and for international firms with significant German operations.

Enacted in January 2023, the German Supply Chain Due Diligence Act (GSCDDA) aka the 'Lieferkettensorgfaltspflichtengesetz' or LkSG is set to be one of the front-running regulations in the supply chain due diligence space in Germany. Notably, it focuses on due diligence on suppliers from an ESG perspective, similarly to the Corporate Sustainable Due Diligence Directive (CS3D) we have highlighted previously.

The new GSCDDA rules

The GSCDDA introduces specific due diligence rules, differentiated according to whether they apply to an organization's own business and direct suppliers with whom they have a contractual relationship, or whether they apply to indirect suppliers (i.e, 4th, 5th or N-th parties).

Organizations in scope, and their direct suppliers, have to abide by all of the following rules. (For indirect suppliers some are mandatory but some are only required on an ad-hoc basis on the basis of substantiated knowledge.) Overall, GSCDDA requires that:

  • A policy statement is adopted by the board covering the required topics and describing the governance in place
  • A Code of Conduct must be maintained
  • Preventative measures are taken, and remedial actions are pursued
  • A complaint management system is in place
  • Reviews of the effectiveness of measures and procedures are conducted
  • Internal documentation and external reporting (annually, no more than 4 months after year end)

What risks are included?

For Human Rights and Environmental Risks, the main coverage areas are:

  • Child labor
  • Slavery
  • Working rights and conditions
  • Fair pay
  • Use of excessive force by security personnel
  • Environmental violations leading to human rights violations (e.g., damage to soil, water pollution, air pollution, noise pollution, and excessive water consumption)
  • Specific other environmental breaches in relation to mercury, organic pollution, and import / export of waste

What is the scope of the GSCDDA and how will supervision be conducted?

The Act covers all industry sectors and will directly apply to companies that have their central administration, their principal place of business, their administrative headquarters, their statutory seat or a branch office in Germany. Specifically, it applies:

  • From 1 January 2023: Firms with at least 3,000 employees in Germany (estimate: ~900 firms)
  • From 1 January 2024: Firms with at least 1,000 employees in Germany (estimate: between 2,900 and 4,800 firms)

The act indirectly affects businesses who are suppliers to companies directly within its scope, regardless of whether they have a German presence. Such companies will be subject to their German customers' Code of Conduct' and their reporting or due diligence obligations to support compliance.

Who will enforce the GSCDDA?

The provisions will be enforced through a German government agency; 'BAFA', aka the German Federal Office for Economic Affairs and Export Control. BAFA has the power to inspect, visit, request documents and require action.

BAFA can also issue fines for non-compliance of up to EUR 8m or 2% of annual revenue, and also bar companies from public tenders in Germany. Non-compliant organizations may also be subject to civil penalties through court actions undertaken by parties on or their behalf by non-governmental organizations.

What does this mean for Third Party Risk and Vendor Management professionals?

German firms or any firm with a presence in Germany will have to perform due diligence on their entire chain of suppliers. Developing such a due diligence approach is complex and executing it is operationally time consuming. Starting now, TPRM and Vendor Management professionals should:

Step One: Ensure that their entire organization is fully compliant regarding respect for human and labor rights.

Step Two: To the fullest extent possible, ensure that suppliers also comply with the same requirements.

Step Three: Report on Steps One and Two to your corporate clients. This ensures that they know the risks that their suppliers have and know to what extent they are acting in compliance with the law. This can largely be done certification/audits, but also via reporting and direct inspection visits from business partners.

How does the GSCDDA interact with other frameworks?

The Act has a similar scope to CS3DIt also ties into a diverse range of other (local) frameworks. As a first important example, it aligns with Human Rights Due Diligence (HRDD) process described in UN Guiding Principles, pillar II (UNGP) and OECD guidelines (2011) and guidance (2018). Also, some European territories already have similar frameworks in place, i.e., the EU-wide CSDD (in proposal)1, the Netherlands2, Germany3 and Norway4.

1European Commission - Corporate Sustainable Due Diligence Directive (CS3D) - In proposal phase

2France - Loi de Vigilance (2017) - on Human Rights and Environment

3The Netherlands - Wet zorgplicht kinderarbeid (2019) - on Human Rights only (specific on child labor)

4Norway - Transparency Act (2021) - on Human Rights only


S&P Global provides industry-leading data, software and technology platforms and managed services to tackle some of the most difficult challenges in financial markets. We help our customers better understand complicated markets, reduce risk, operate more efficiently and comply with financial regulation.


This article was published by S&P Global Market Intelligence and not by S&P Global Ratings, which is a separately managed division of S&P Global.


Sign up for a free demo