In the wake of globalized efforts to protect vulnerable communities and the environment, many European countries are adopting new due diligence rules to limit environmental and labor risks in corporate supply chains. The German Act on Corporate Due Diligence Obligations in Supply Chains or SCDDA - Lieferkettensorgfaltspflichtengesetz (LkSG) in German - comes into force on 1 January 2023. Applicable to all sectors, it requires German companies with more than 3,000 employees in Germany to prevent or at least minimize human rights and environmental rights infringements in their supply chains.

A key element of this new Act includes establishing a company-internal complaints procedure to enable reporting of human rights and environmental law infringements (Section 8 SCDDA).

In this article, we will give a brief overview of the due diligence requirements companies must meet and how we can support you in doing so.

Overview of the German Supply Chain Due Diligence Act

Who is affected

The legislation comes into effect on January 1, 2023, and it will initially apply to companies with a registered office or branch in Germany and 3,000 or more employees (this concerns approximately 600 companies). 

By 2024, the law will extend to companies that have more than 1,000 employees (this concerns approximately 2,800 companies). 

However, even if your own company does not reach the thresholds mentioned, you can expect small and medium-sized enterprises (SMEs) to be affected as well since the large companies addressed will likely pass on the due diligence obligations imposed on them by law to their suppliers. In the future, smaller companies will also be covered by the "sphere of influence" of the German Supply Chain Act without themselves being in-scope companies.


Direct and indirect suppliers

The Act covers any activity, whether it be the production of products or services. Corporations must align with their suppliers, and third-/fourth-/fifth-party companies across their multi-tier supply chain, to ensure that the appropriate steps are taken to monitor, aggregate, and report the relevant documentation to verify compliance. 

This means that companies must monitor and act upon violations in their own operations, as well as operations of their direct suppliers worldwide starting from the extraction of the raw materials to the delivery to the end customer. 

In addition, if companies obtain substantiated knowledge of a possible violation of human rights or environmental standards by one of their indirect suppliers, they must immediately conduct a risk analysis for these violations.


Consequences of non-compliance

For the LkSG act, the competent authority is the Federal Office for Economic Affairs and Export Control (BAFA), which has the mandate to actively conduct audits (including information requests and on-site audits) of companies in the scope of the LkSG act. Regulatory offenses are punishable with fines of up to EUR 8 million depending on the nature and gravity of the violation. Companies with an average annual turnover of more than EUR 400 million may be fined up to 2% of their average turnover for breaches of the law. In addition to harsh monetary fines and negative publicity, more serious are the potential lost sales opportunities; companies that are not compliant can be excluded from winning public contracts in Germany for up to three years.


What are the SCDDA obligations?


Blog article-SCDDA infographics (1)


Implement a risk management system (section 4)

An organization’s risk management system must make it possible to identify human rights and environment-related risks in order to prevent, end, or minimize harm to the most possible extent. The risks include: 

  • Unsafe working conditions
  • Discrimination
  • Child labor
  • Forced labor
  • Unethical employment 
  • Environmental degradation
  • Violations of freedom of association

In addition, organizations are recommended to appoint a Human Rights Officer to monitor risk management, assess and prioritize the risks uncovered, and conduct further investigation when facts are unclear or information is missing. Additionally, senior management must also be informed about the work of the responsible person at least once a year.

This will serve as a basis for the definition of the measures that can be taken in order to identify, prevent, end, or at least minimize the violations of human rights along the supply chain.

banner article risk management (2)-1


Conduct a risk analysis (section 5)

Practically speaking, an assessment of the current situation and analysis of the risks must be carried out. In this process, the company must determine the human rights and environmental risks in its own business area and at its direct suppliers. 

Organizations should leverage internal knowledge as well as conduct supplier interviews, stakeholder interviews, on-site inspections, and discussions with stakeholders such as workers, trade unions, and local residents. Organizations should also incorporate information from section 8 (complaints procedure).


Adopt a policy statement (section 6)

Organizations must establish a policy statement that clearly defines their procedures for addressing human rights and environmental due diligence obligations, their strategy, and communication with their employees, the Works Council, direct suppliers, and the public. 

The German Supply Chain Act emphasizes the “tone at the top” when establishing and communicating the new measures taken by organizations. The policy statement must include the following elements: 

  • the procedures by which the company fulfills its German Supply Chain Act obligations.
  • the company’s priorities related to human rights and environmental risks.
  • expectations from the company towards its employees and suppliers.


Take remedial actions (section 7)

When a violation of any legal position from the Act has occurred or is imminent, an appropriate remedial action must be taken immediately. Whether the violation is occurring within the organization or through an indirect supplier, the risk has to be addressed in order to prevent, stop or minimize the violation. This can be followed by the implementation of preventive measures and an update of the policy statement if necessary.

If the violation cannot be stopped in the foreseeable future, the organization must outline and carry out concrete actions to end or minimize the violation without delay. Measures that organizations have to consider in this situation include: 

  • Outline a concrete timetable
  • Work on minimizing the violation together with the company that caused it
  • Temporarily suspend its relationship with the supplier while efforts are made to minimize the risk

Termination of business relationships is only required as a last resort in the event of serious human rights violations by suppliers that cannot be remedied in any other way. 

The effectiveness of the preventive and corrective measures must be reviewed annually and on an ad hoc basis in the event of a significant change in the risk exposure profile such as the introduction of new products, projects, or a new field of business.


Establish a complaints procedure (section 8)

One of the key requirements of the SCDDA is the obligation to establish a reporting system easily accessible by anyone along the supply chain. The system must include third parties and allow any person impacted or made aware of a violation to speak up.

In this context, the choice of using an internal or external system is up to the organization. Having an efficient reporting platform allowing for compliance in all countries in which the supply chain has activities can be a huge head start for organizations.

All data and personal information going through the reporting system is subject to the duty of confidentiality and data protection requirements. A person submitting the complaint should be informed of its reception. To ensure the effectiveness of the complaints procedure, it must be reviewed annually and on an ad hoc basis when necessary.

supply chain risks WB banner (2)


Continuous documentation and reporting requirements (section 10)

A company must report on the fulfillment of its due diligence obligations annually. It must make the report publicly available free of charge on the company’s website no later than four months after the end of the financial year for a period of seven years. 

This means that the activity of the supply chain must be assessed regularly under the scope of the code of conduct communicated to the suppliers involved.


Integration in Compliance Management Systems

The core of the SSDA new requirements is to have a high level of transparency along your supply chain in order to be able to detect and prevent risks of human rights and environmental violations as early as possible. One pathway for implementing SCDDA is to integrate its requirements into your Compliance Management System (CMS) since the risk analyses required, as well as the whistleblower system are essential components of any effective Compliance Program.

With the obligation to expand your complaints procedure to your supply chain, leveraging a third-party solution using technology such as Whispli can save you a lot of time and increase your efficiency in the process.


Identify Supply Chain risks 

In order to prepare for all the requirements of the new regulation, companies should conduct a continuous and comprehensible risk assessment. With the help of a flexible business partner audit as an integral part of the Compliance Management System (CMS), companies can simultaneously fulfill and document their due diligence obligations. At Whispli, we have partnered with Compliance experts who can walk you through this in-depth risk assessment of your Supply Chain.


Expand the scope of your complaint procedure

Another proven component of the CMS is a digital whistleblower system which fulfills the requirements of the new regulation for implementing a complaint system. Companies have a responsibility to ensure that any stakeholder can report:

  • Forced labour
  • Child labour
  • Inadequate health and safety at work
  • Worker exploitation
  • Environmental violations such as greenhouse gas emissions, pollution, or the destruction of biodiversity or ecosystems

A software solution such as Whispli will allow you to automate the triage of reports and automatically assign reports in relation to your Supply Chain to a designated Human Rights Officer as prescribed by the SCDDA.


Perspective for a European Union Supply Chain law

The SCDDA is only an intermediate step toward a future stricter supply chain law harmonized at the European Union level.
On February 23, 2022, the European Commission adopted a proposal for a European Supply Chain Due Diligence Directive. If the Directive enters into force, Germany will be obliged like all other member states to adapt its existing supply chain law to comply with the new EU law within two years. The SCDDA and a future European harmonizing Directive could be effective instruments to enforce human rights globally. An EU-Directive will have to be transferred into the law of all member states of the European Union which makes the possible impact of this legislation on international trade significant.


Want to see Whispli in action? Schedule a live demo

This article (and any information accessed through links within it) is provided for information purposes only and does not constitute legal advice. For advice on whistleblowing systems, please see or email