3 Due Diligence Obligations for the German Supply Chain Act (LkSG)

3 minute read

March 2023

The German Supply Chain Act (LkSG), effective as of January 1, 2023, imposes new due diligence obligations on many Germany companies and companies with German branches: as of 2023, this includes organizations with over 3,000 members, but it will expand to include organizations with over 1,000 members in 2024. These new obligations will push these companies to inspect the human rights and environmental policies of the organizations on their supply chains, imposing new challenges across the board and necessitating thoughtful improvements in their due diligence policies. This blog will cover three of the most important due diligence obligations imposed by this regulation and how to meet them. 

1. Risk management

LkSG requires organizations to establish a risk management system that identifies areas of their supply chain where human rights and environmental issues may be at risk. 

This system should enable collaboration between internal and external stakeholders, manage due diligence through the complete supplier lifecycle, track remediation efforts and enable reporting to both executive leadership and regulatory auditors. To manage the increased demands placed on risk managers by these new regulations, an effective risk management system should automate key processes and workflows. This could include using software to automatically screen and monitor suppliers for compliance and risk factors, tracking supplier performance and incident reports and providing real-time analytics and reporting on supplier risks.  

2. Risk analysis and assessment 

Organizations must conduct a regular risk analysis on at least an annual basis to identify where human rights and environmental risk exist in their supplier ecosystem. Additionally, they should be ready to conduct supplemental analysis when they have reason to suspect a change in their risk environment.  

Once risks have been identified, the organization must evaluate the severity of each and organize them by priority. This involves asking questions such as how likely the event is to occur and how large of an impact it would have if it did. From there, they can sort their risks into a heat map and plan remediation efforts according to priority. This may involve working with suppliers to address specific risk factors, such as improving working conditions, reducing emissions, or addressing supply chain transparency issues. 

3. Documentation and reporting 

Organizations must document their fulfillment of each obligation under the German Supply Chain Act and compile the relevant data into an annual report. Documentation and reporting are how clients, regulators and the public know that an organization is doing its part to protect the environment and human rights. Thus, failing to document successful actions means failing to get credit and achieve compliance. Effective documentation and reporting can involve tracking supplier compliance and risk data, monitoring supplier performance and incident reports and generating regular reports that highlight progress made towards compliance goals.  

The key to meeting each of these requirements is implementing a risk management solution that allows you to analyze and assess risk, track your remediation efforts, then report your actions to the German Federal Office for Economic Affairs and Export Control. One solution that provides excellent risk management functionality is ProcessUnity for the German Supply Chain Act (LkSG), which enables organizations to maintain compliance with LkSG regulations and ensure accurate reporting and visibility.  

Related posts: 

New Artificial Intelligence Regulations Will Require New Enterprise Controls, Deeper Software Screening 

Your TPRM Program Must Account for Geopolitical Risk 

Vendor Risk Management & ESG Related Risk 

Related Articles

About Us

ProcessUnity is a leading provider of cloud-based applications for risk and compliance management. The company’s software as a service (SaaS) platform gives organizations the control to assess, measure, and mitigate risk and to ensure the optimal performance of key business processes. ProcessUnity’s flagship solution, ProcessUnity Vendor Risk Management, protects companies and their brands by reducing risks from third-party vendors and suppliers. ProcessUnity helps customers effectively and efficiently assess and monitor both new and existing vendors – from initial due diligence and onboarding through termination. Headquartered outside of Boston, Massachusetts, ProcessUnity is used by the world’s leading financial service firms and commercial enterprises. For more information, visit www.processunity.com.