EU Supply Chain Law: How to Best Equip Your Organization for Compliance
The increasing complexity of global supply chains has raised concerns that some companies, taking advantage of opaque interactions with their suppliers, are indirectly abusing human rights or harming the environment. Several European countries have already passed national legislation to improve human and environmental rights along the supply chain - including Germany. Now, the European Commission presented an initial proposal for a European Supply Chain Act to uniform European regulation. As of February 23, 2022, the proposal is under consideration and will be presented to the European Parliament and the Council for approval. The design of concrete measure and final approval of the law is expected around 2024 at the earliest. Once adopted, Member States will have two years to transpose the Directive into national law and communicate the relevant texts to the Commission.
This “European Supply Chain Act”, (Corporate Sustainability Due Diligence Directive), is a response to the lack of transparency in global supply chains which endangered human rights or the environment, such as Uyghur forced labor in China or other modern slavery cases making the news in the past few years. Putting ESG back at the top of organizations' priorities, the EU Supply Chain Law sets up far-reaching standards to foster sustainable and responsible corporate governance throughout global supply chains. The following changes can be expected.
EU Supply Chain Act scope and main requirements
A uniformed and stricter EU sustainability directive
Global supply chains are getting increasingly complex and getting reliable information on suppliers’ operations is a challenge. Some countries already took some initiatives to enhance due diligence requirements in supply chains, but this fragmentation of national rules makes implementing good practices slower and more difficult.
The new EU Supply Chain Law aims to integrate broader due diligence obligations for companies and requires them to identify, prevent, end or mitigate the negative impact of their activity on human rights and the environment. It will set new rules and harmonize the legal framework for organizations’ activity, including their suppliers and subsidiaries through the entire supply chain.
For consumers and investors, this means increased transparency and trust in businesses, allowing for more informed choices.
For companies, in addition to creating legal certainty and leveling the playing field for a fairer sustainable production of goods and services, the EU Supply Chain Law will also improve risk management (including reputational risk) and awareness of the negative consequences and impacts of their activity.
Developing countries will also benefit from better protection of human rights and the environment, better access to justice for victims, more awareness about sustainable issues, and improved living conditions.
Who does the EU Supply Chain Law apply to
The scope of the EU Supply Chain Law is divided into two groups according to the size and industry of EU organizations:
- Group 1: organizations with over 500 employees and a net turnover of €150 million or more worldwide
- Group 2: limited liability companies operating in defined high-impact sectors that don’t meet Group 1 thresholds, but have more than 250 employees and a net turnover of €40 million or more worldwide.
High-impact sectors include textiles, agriculture, and extraction of minerals - this group will have 2 more years than the first group to comply with this law.
In addition to these groups, third-country companies active in the EU with a turnover generated in the EU, aligned with thresholds of groups 1 and 2 will also fall under the scope of the law.
While SMEs are not targeted in the scope of this proposal, they could be indirectly impacted through supporting measures.
What are the diligence obligations?
Organizations falling under the scope of the EU Supply Chain Law have an obligation of means, meaning they need to take appropriate measures in order to protect human rights and prevent adverse environmental impacts included in international conventions more effectively.
The requirements apply to companies’ operations, subsidiaries, and value chains (direct and indirect established business relationships). To comply with the corporate due diligence duty, organizations must:
- Integrate due diligence into policies
- Identify actual or potential adverse human rights and environmental impacts
- Prevent or mitigate potential impacts
- Bring to an end or minimize actual impacts
- Establish and maintain a complaints procedure accessible to all along the supply chain
- Monitor the effectiveness of the due diligence policy and measures
- Publicly communicate on due diligence
Organizations falling under the scope of Group 1 also need to have a plan to ensure that their business strategy is compatible with limiting global warming to 1,5°C in line with the Paris Agreement.
In terms of responsibilities, directors of companies need to be involved in order to ensure that the due diligence measures are adopted into the whole functioning of their operations. They are required to set up and oversee the implementation of due diligence and its integration into the corporate strategy.
Requirements of the EU Supply Chain Law also include accompanying measures to support all companies, including SMEs, that may be indirectly affected. This can consist of developing dedicated websites, platforms, or portals, and potentially financial support for SMEs.
The supervision of the respect of these new rules falls under the responsibility of national administrative authorities appointed by the Member States. In case of non-compliance, they can impose fines and victims will have the opportunity to take legal action for damages that could have been avoided with appropriate due diligence measures.
Other European requirements for supply chains
A comparison of European due diligence laws
Some countries, including Germany, France, Austria, and the Netherlands, have already implemented some form of supply chain laws. The EU Supply Chain Law proposal aims to harmonize and align the various national laws and regulations already in place.
Compared to other countries' legislations, the new EU Supply Chain Law will concern a broader scope of companies (approximately 12,000 companies within Group 1 and 4,800 companies for Group 2), and affects more stakeholders within the global supply chain by extending due diligence obligations beyond direct suppliers.
EU regulation also contains a civil liability for companies and affected parties can sue for damages in European courts.
The EU Supply Chain Law will also work in tandem with the Sustainable Finance Disclosure Regulation (SFDR) and the Taxonomy Regulation, which are applied to investors and those structuring and facilitating sustainable investments.
How can companies best prepare for the Supply Chain Act?
Extend the scope of your current compliance program to external stakeholders
Since the new law encompasses all tiers of the global supply chain, companies with already in place compliance programs will need to extend their reach to their established business relationships, and make audits and reporting accessible to external stakeholders. The choice you make when selecting a whistleblowing solution can give you a head-start in your compliance program.
A good way to provide easy access to your reporting system throughout your supply chain is to rely on online and mobile solutions. Ensuring the accessibility of your platform via any internet connection and providing a mobile app will get your compliance program directly where employees work, whether it be your direct suppliers or indirect business partners.
Furthermore, you should consider selecting reporting channels that employees will trust and are willing to use. Traditional reporting systems such as an internal email address or telephone hotline will simply not cut it for a system at a global level for your supply chain. Turning to technology and a user-friendly interface, while ensuring the highest level of security will help alleviate some barriers to speaking up for your people, while making follow-up and investigation on cases easier for your case managers and Human Rights Officer.
Power up your risk prevention and mitigation actions with qualitative data
Leveraging technology for your whistleblowing solution will also make you gain in efficiency when dealing with the processing and triage of risks thanks to automations. When gathering information through your whistleblowing system, a technological solution will make you benefit from the possibility to set up workflows that will help you sort out and classify large numbers of feedback and reports. You can assign categories to differentiate risks and threats within your supply chain and simplify your investigation processes. An automatic triage allows you to navigate more efficiently through the collected information, making connections between reports appear in a few clicks. Workflows will systematize the treatment of the risks and generate data that will allow a statistical analysis.
In addition, the ability to connect your whistleblowing solution with the tools you already use through APIs, and to plug it directly into other applications (HRIS, GRC tools, BI tools, communication channels, etc…) will make you gain time in your investigations.
Another feature you should look for when implementing a reporting system through all levels of your supply chain is the possibility to exchange with whistleblowers after the submission of a report. A solution, such as Whispli, with the possibility to have two-way secure conversations between whistleblowers and case managers, exchange files, and easily provide follow-up, will make the investigation process faster and more efficient.
With qualitative data crossed within your risk management tools, you can complete more investigations in less time and make more informed decisions. This way, you can implement sustainable prevention measures within your supply chain processes and due diligence policies.
Stay up to speed with the evolution of your legal environment
The proposal for this new EU Supply Chain Law is still subject to change until it fully comes into force. Member States will also have the opportunity to transpose it into national law and add specific requirements for organizations operating within their borders. This is to be taken into account, along with the already existing variety of obligations of the multiple jurisdictions a global supply chain will encounter by design.
For these reasons, it is crucial to turn to agile and scalable solutions, able to swiftly adapt to any change and evolution without having to overhaul the entirety of your compliance program.
A highly secure platform with several certifications like Whispli will offer you the guarantee of compliance with any existing and future regulations, saving you time and resources in the long run.
Parameters to take into account when selecting a whistleblowing solution for your supply chain should include:
- The ability to meet data security standards around the world, including in highly restricted regions such as China or Russia
- The level of flexibility and configuration of the platform. Making sure that you have access to a scalable configuration of your platform in a few clicks to match the evolution in requirements will make a huge difference
- The user-friendliness of the solution in order to alleviate the barriers to speaking up, and ensure that your whistleblowing system is an efficient detection tool throughout your supply chain. This can be translated into an intuitive interface, guaranteeing the anonymity of whistleblowers, automatic translations, ...
Aiming for better protection of Human Rights and sustainable compliance management systems
The EU Supply Chain Act provides an unprecedented opportunity for companies to communicate to the world that they are taking social and environmental responsibility for their actions. However, it also leads to a host of new corporate and due diligence obligations for the companies affected, some of which lead to synergies.
Companies should therefore keep a close eye on further (European) legal developments in good time when aligning their sustainability strategy and adapting their compliance management systems. In addition to the above-mentioned directive proposal, examples include the EU Whistleblowing Directive and its transpositions in the Member States, the German Supply Chain Due Diligence Act (SCDDA), data transfer agreements between the EU and other countries like the USA, China, etc…
This article (and any information accessed through links within it) is provided for information purposes only and does not constitute legal advice. For advice on whistleblowing systems, please see https://www.whispli.com/compliance/ or email firstname.lastname@example.org