Supply Chain Due Diligence Requirements
Navigate global supply chain due diligence regulations including EU CSDDD and German Supply Chain Act.
1. Regulatory Landscape
Supply chain due diligence regulations represent a fundamental shift in corporate accountability, requiring companies to identify, prevent, and mitigate human rights and environmental risks throughout their entire value chain. Multiple jurisdictions have introduced or are developing mandatory due diligence laws, creating a complex compliance landscape for global businesses.
The two most significant regulations currently in force are the EU Corporate Sustainability Due Diligence Directive (CSDDD) and Germany's Supply Chain Due Diligence Act (Lieferkettensorgfaltspflichtengesetz or LkSG). These laws establish legal liability for companies that fail to conduct adequate due diligence on their suppliers and business partners.
Global Trend:
Similar regulations are emerging worldwide, including France's Duty of Vigilance Law, Norway's Transparency Act, and proposed legislation in the UK, Canada, and Australia. Companies with global operations should prepare for increasing due diligence obligations across multiple jurisdictions.
2. EU Corporate Sustainability Due Diligence Directive (CSDDD)
Scope and Applicability
The EU CSDDD, adopted in 2024, applies to:
EU Companies
Companies with >500 employees and > €150M worldwide turnover
Non-EU Companies
Companies generating > €150M turnover in the EU (phased implementation starting 2027)
Key Obligations
- Integrate due diligence: Embed human rights and environmental due diligence into policies and risk management systems
- Identify impacts: Map value chain and identify actual or potential adverse impacts
- Prevent and mitigate: Take appropriate measures to prevent, stop, or minimize adverse impacts
- Remediate: Provide remediation when company causes or contributes to adverse impacts
- Engage stakeholders: Conduct meaningful stakeholder engagement, including affected communities
- Report publicly: Publish annual statements on due diligence efforts and findings
Enforcement and Penalties
The CSDDD includes significant enforcement mechanisms:
- Administrative fines up to 5% of worldwide turnover
- Civil liability for damages resulting from failure to comply
- Exclusion from public procurement
- Naming and shaming through public registers of non-compliant companies
3. German Supply Chain Act (LkSG)
Germany's Supply Chain Due Diligence Act entered into force in January 2023, making it one of the first comprehensive supply chain laws in Europe. It serves as a model for the broader EU CSDDD.
Applicability
Since 2023: Companies with > 3,000 employees in Germany
Since 2024: Companies with > 1,000 employees in Germany
Protected Rights and Interests
The LkSG protects against violations of specific international conventions, including:
- Prohibition of child labor and forced labor
- Occupational health and safety standards
- Freedom of association and collective bargaining
- Equal treatment and non-discrimination
- Environmental protection (mercury, persistent organic pollutants, hazardous waste)
- Land rights and indigenous peoples' rights
Tiered Approach
The LkSG distinguishes between different tiers of the supply chain:
Own Operations
Companies must conduct ongoing risk analysis and implement preventive measures in their own business operations.
Direct Suppliers (Tier 1)
Annual risk analysis required; preventive measures must be implemented and contractually agreed.
Indirect Suppliers (Tier 2+)
Due diligence required only upon substantiated knowledge of potential violations; ad-hoc risk analysis and response measures.
4. Core Due Diligence Requirements
While specific requirements vary by jurisdiction, most supply chain due diligence laws share common core elements based on the UN Guiding Principles on Business and Human Rights and OECD Guidelines:
1. Establish Policy Commitment
Adopt a human rights and environmental policy statement approved at the highest management level, publicly communicated, and embedded throughout the organization.
2. Conduct Risk Assessment
Identify and assess actual and potential adverse impacts in operations and value chain through systematic risk analysis, considering severity, likelihood, and remediability.
3. Implement Preventive Measures
Take appropriate action to prevent or mitigate identified risks, including contractual assurances, supplier audits, capacity building, and industry collaboration.
4. Establish Grievance Mechanism
Implement accessible complaints procedures allowing affected individuals and stakeholders to report concerns, with protection against retaliation.
5. Monitor and Report
Track implementation effectiveness through ongoing monitoring, document due diligence efforts, and publish annual reports on findings and actions taken.
6. Provide Remediation
Where the company causes or contributes to adverse impacts, provide for or cooperate in remediation through legitimate processes.
5. Implementation Framework
Phase 1: Foundation (Months 1-3)
- Establish cross-functional due diligence team with clear governance
- Conduct gap analysis against applicable regulations
- Develop or update human rights and environmental policy
- Secure executive commitment and allocate resources
Phase 2: Mapping & Assessment (Months 3-9)
- Map supply chain tiers, identifying direct and indirect suppliers
- Prioritize high-risk categories, geographies, and business relationships
- Conduct risk assessments using desktop research, supplier questionnaires, and audits
- Engage with stakeholders, including workers, communities, and civil society
Phase 3: Action & Integration (Months 9-18)
- Implement preventive measures and corrective action plans
- Update supplier contracts with human rights and environmental clauses
- Establish or enhance grievance mechanisms
- Provide training to procurement, sourcing, and compliance teams
- Integrate due diligence into procurement and business decision-making
Phase 4: Monitoring & Reporting (Ongoing)
- Monitor supplier performance through audits, certifications, and KPIs
- Track grievances and remediation outcomes
- Prepare and publish annual due diligence reports
- Continuously improve processes based on learnings and evolving risks
6. Common Challenges & Solutions
Challenge: Limited Supply Chain Visibility
Many companies lack visibility beyond Tier 1 suppliers, making it difficult to identify risks in deeper supply chain tiers.
Solution:
Use supply chain mapping tools, require suppliers to disclose their own suppliers, participate in industry initiatives for transparency, and prioritize high-risk categories for deeper investigation.
Challenge: Resource Constraints
Comprehensive due diligence requires significant time, expertise, and financial resources.
Solution:
Adopt risk-based approach focusing on salient risks, leverage industry collaborations and shared audits, use technology platforms for efficiency, and build internal capacity over time.
Challenge: Supplier Engagement
Suppliers may be reluctant to share information or resistant to additional requirements.
Solution:
Communicate business case for compliance, provide capacity-building support, recognize and reward good performers, and establish clear consequences for non-compliance while allowing reasonable timelines for improvement.
Challenge: Balancing Disengagement vs. Leverage
Companies face difficult decisions about whether to terminate relationships with non-compliant suppliers or use their influence to drive improvement.
Solution:
Develop clear decision-making framework considering severity of impact, company's leverage, feasibility of remediation, and potential consequences of disengagement for affected stakeholders. Prioritize responsible exit strategies when termination is necessary.