Due Diligence Law: what has changed and where are we?

On 22 July 2021, the act was published in the Federal Law Gazette. This represents the first time that the responsibility of German companies to respect human rights in global supply chains has been given a legal foundation.

The Bundestag (the German parliament) introduced the Federal Act on Corporate Due Diligence for the Prevention of Human Rights Violations in Supply Chains (Lieferkettengesetz) in June 2021.

What is the state of the art? And what will happen as soon as the law comes into force?

Due Diligence Law: who it concerns

The law will impose a set of due diligence responsibilities on German companies, their subsidiaries and suppliers worldwide. 

The German government argues that the current supply chain frameworks are complex, fragmented, and ambiguous. 

Companies will need to adhere to social, legal, safety and environmental standards by becoming more transparent about their supply chains.

The law will enter into force on 1 January 2023 for companies with at least 3,000 employees, and starting from 1 January 2024, the obligations will also extend to companies with at least 1,000 employees.

What obligations does the law impose?

1. The company must establish an adequate risk management system through the appointment of a human rights officer and the implementation of clear rules for setting up reports.

2. The company must implement a corporate procedure for receiving reports of potential or real risks and violations.

3. The company must identify its supply chain and conduct a risk analysis: first of all, the company must identify those business areas that create significant risks for human rights and the environment. This analysis will have to be extended to direct suppliers.

As for indirect suppliers, on the other hand, the risk analysis must be carried out if a company has actual indications of possible violations of human rights or environmental protection.

4. The analysis must be conducted annually and in any case whenever the company must consider a substantially modified or increased risk situation, for example by the implementation of new products or a new business area.

5. Finally, the company must submit an annual report to the competent authority on compliance with due diligence obligations and this report must also be published on the company website.

If you still have doubts and want a guide to always have at hand, check out our free checklist.

What happens in case of violations?

In case of violations, the law provides for financial penalties:

• for companies with a revenue < 400 million euros, fines are between € 100,000 and € 800,000 up to ten times more, therefore up to € 8 million;
• for companies with average annual revenue of more than 400 million euros, the maximum penalty is 2% of revenue.

In addition, regardless of revenue, there is also an exclusion from public business for up to three years.

A bonus for you

You may be wondering: “How do I know if my company is compliant or at risk?”

If you want to know your risk level, you can take our free test.

Related reading

Other questions?
We’re ready
to support you.