Supply Chain Due Diligence Is Becoming Law — The Time to Act Is Now!

Georg Roesch, VP Product Management, JAGGAER

European companies are being told they must take responsibility for any labor or environmental abuses in their global supply chains. In Germany, a new law ratified on June 25, the Lieferkettenschutzgesetz — the supply chain law — could impose heavy fines if suppliers within their supply chain are found to breach labor, human rights or environmental standards. The fines can go up to €800,000 or two percent of the company’s annual revenues if these exceed €400 million.

The law states that this duty of supply chain due diligence extends beyond Tier 1 suppliers all the way to the producers of raw materials — I will deal with the practicalities of enforcing this in a moment. Germany’s Finance Minister, Olaf Scholz, explained the reasoning behind the law: “In future, it will be clear that ‘Made in Germany’ also means respect for human rights.”

The law is of international significance. Companies based or operating in Germany (irrespective of where they are legally registered) with more than 3,000 employees, or German-registered branches of foreign companies with more than 3,000 employees, must comply with the law from January 1, 2023. Companies with more than 1,000 employees must comply from January 1, 2024.

The German law requires these companies to set up processes to identify, assess, prevent and remedy human rights and environmental risks and impacts in their supply chains, and in their own operations. They must also make sure they provide ways for employees of second-tier suppliers and above to file a complaint alerting the company to human rights or environmental violations.

The risks that companies must address include:

• Forced labor
• Child labor
• Discrimination
• Violations to freedom of association
• Unethical employment
• Unsafe working conditions
• Environmental degradation.

Companies must also publish an annual report outlining the steps they have taken to identify and address these risks.

France

France launched its own supply chain legislation in 2017 with the Loi de Vigilance (the Duty of Vigilance Act), which requires all large French companies — with over 5,000 employees in France or over 10,000 worldwide — to undertake due diligence with regard to the companies they control and all their contractors and suppliers. The Duty of Vigilance Act is structured around two mechanisms. First, a “civil duty of vigilance” aimed at preventing risks and serious abuses of fundamental rights, health, personal safety and the environment in connection with business activities. Second, a “redress and liability mechanism” for breaches of these obligations by companies.

The Netherlands

The Netherlands adopted the Wet Zorgplicht Kinderarbeid in 2019. It obliges companies to investigate whether goods or services in their supply chains were produced using child labor and to implement a plan of action to prevent it. This Dutch due diligence act imposes significant administrative fines, criminal sanctions for non-compliance, and also a reporting obligation to the regulator. The act comes into force in mid-2022 and it applies to all companies that sell or supply goods or services to Dutch consumers, regardless of where the company is based or registered, without exemptions for legal form or size.

The European Union

It is now likely that the European Union will seek to harmonize these and other national measures with a directive to all Member States. In fact, German law explicitly states that its intention is to form the basis for European law. Already, on March 10, the European Parliament adopted an outline proposal for the “EU Directive on Mandatory Human Rights, Environmental and Good Governance Due Diligence”. The European Commission has now been tasked with drafting a formal legislative proposal for this Directive, to be presented to the European Parliament later this year, and likely to come into force in 2023.

The same topic is being raised in other geographies around the globe, notably the USA. Companies, therefore, need to start preparing to ensure they’re ready to comply. Of course, quite apart from the legal obligations, environmental, social, and corporate governance (ESG) has moved up the agenda for many organizations, so they are already taking the initiative on supply chain due diligence.

Application of the laws in practice

Under German law, companies are required to demonstrate “best efforts” both in terms of their duty to analyze risks and to undertake corrective measures. There is a commonsense recognition that companies cannot prevent all human rights violations by their suppliers under all circumstances. Instead, the risk management required by the law is based on the principle of proportionality. The measures that are proportionate and reasonable for the individual company depend in particular on the actual influence that the company can exert within its supply chain, which in turn depends on factors such as the size of the undertaking, its position in the value chain and its sector of activity.

Let’s take a couple of examples to illustrate the point. Let’s say your company is a mid-sized insurance business and buys 200 laptops a year from a distributor. You cannot possibly have visibility into where the manufacturer sources the components in those laptops, and even if you did, you have no leverage over the manufacturer. However, if you learn about (for example) the exploitation of child labor in laptop components, you have a duty to alert the distributor, who could be held responsible.

On the other hand, if your company is a major automobile manufacturer and the Tier 1 supplier of a major component (let’s say, an airbag) is found to be a major polluter, you need to take immediate action in order to avoid punitive fines. Termination of the business relationship with a supplier is only required if the violation of human rights or the environment is deemed to be very serious, no remedy can be obtained, and no other mitigating measures are available to the enterprise.

What about Tier 2 and beyond? Again, the principle of proportionality kicks in. Let’s say you have 1,000 Tier 1 suppliers. Each of those suppliers may in turn have 1,000 suppliers. So that is already a million Tier 2 suppliers, beyond even the largest enterprise’s control. However, that does not absolve you of all responsibilities — I will discuss this in the next article.

What you should do now

To prepare for the legislation coming into force, I would recommend that you take the following steps:

1. Establish risk management practices to detect and mitigate human rights and environmental risks.
2. Define internal responsibilities by appointing a human rights officer and/or an ESG team.
3. Write a policy statement, signed and owned by the company leadership, setting out the organization’s strategy for meeting its obligations.
4. Establish a grievance mechanism enabling whistle-blowers to notify potential breaches either internally or within the supply chain.
5. Establish documentation and reporting processes. Records must be kept for seven years, and an annual report must be created.​
6. Perform regular risk analysis by prioritizing potential risks and establishing communication with leadership and/or procurement.​
7. Deploy case management: Work internally or with the relevant supplier to close the issue.​
8. Define prevention measures including contractual obligations with Tier 1 suppliers and regular monitoring.​
9. Monitor risk proactively: Do this regularly for Tier 1 suppliers and, in the case of a potential incident, for Tier 2 and beyond.

In the next article, I will look at how JAGGAER can already help you to take these initial steps, and how JAGGAER is working to enable full compliance with existing and planned legislation.