How Automated ESG Due Diligence Makes the German Supply Chain Act More Manageable

5 minute read

November 2022

Over the past few years, Environmental, Social, and Governance (ESG) regulations have become increasingly rigorous and commonplace. Between the Modern Slavery Acts passed in the UK and Australia, France’s Corporate Duty of Vigilance Law, and Germany’s recent Supply Chain Due Diligence Act, it’s clear that international businesses must take an active role in managing ESG risk if they want to keep up with regulators.

This blog will walk readers through key details of the recently-passed German Due Diligence Act, including the organizations that fall under its jurisdiction, the practices it covers, and five steps that your organization can take to ensure ESG compliance.

Who does the act apply to?
As of January 1, 2023, the Supply Chain Due Diligence Act will apply to all German companies with 3,000 employees or more. On January 1, 2024, the act will be extended to organizations with 1,000 or more employees. Still, this law is relevant to more than just German companies: any supplier for an organization that falls under this act must be ready to assess their own due diligence practices. Otherwise, their customers can be found non-compliant, leading to a loss of business and reputational damage. If your organization does business with a German company, you need to stay on top of your ESG practices.

What is covered by the German Supply Chain Due Diligence Act?
The German Supply Chain Due Diligence Act, effective January 1, 2023, requires that companies operating in Germany take responsibility for the practices of all the third parties on their supply chain. Ignorance isn’t innocence in ESG: Rather than sitting back and waiting to remediate malpractice until it is unearthed in your supply chain, this law encourages organizations to take an active role in vetting third parties for unacceptable ESG practices.

Banned Practices include:

  • Child labor, forced labor, slavery
  • Hazardous workplace environment
  • Indecently low wages
  • Contamination of soil, water, and air
  • Noise pollution
  • Manufacture of mercury-added products
  • Use of pollutants

The Supply Chain Due Diligence Act also specifies penalties for non-compliance, including fines of €50,000 in administrative enforcement costs and up to €8 million for organizations whose revenue is below €400 million. Organizations with more than €4 million in earnings will be fined 2% of their average annual revenue. If such steep fines were not incentive enough to encourage good ESG practices, organizations found in violation of the act can be taken to court by their victims, who may be represented by trade unions, NGOs, and competitors of the non-compliant organization. By granting affected individuals recourse to civil action, this law both addresses the concerns of victims and stiffens the potential penalties for non-compliance. Finally, non-compliant organizations can be banned from public contracts in German for up to three years.

How do I ensure my organization is compliant?

1. Specify the ESG risk areas that you need to evaluate for
The German Supply Chain Act is focused on environmental and social practices, meaning those are the two key domains for organizations aiming to reach compliance. Environmental risk covers issues like the effects of material sourcing, pollution, and the use of harmful materials. If your organization extracts resources from the environment, it’s important to understand the quantity of resources being removed, the materials used in the extraction process, and the effect that your operations have on the surrounding environment. Organizations involved in manufacturing must consider the waste produced by their operations and any hazardous materials that may be involved in its operations. Social risk, by contrast, covers the organizational and labor practices in place in your organization and on your supply chain. To ensure compliance in this area, it is imperative that you keep track of practices like modern slavery, child labor, and the operation of hazardous workplace environments when choosing potential vendors. These issues cannot be left up to trust: before working with a supplier, you must determine where they stand on these issues.

2. Capture ESG concerns in assessment questionnaires
Due diligence questionnaires should be scoped to the specific ESG risks your organization seeks to manage. You don’t want to fatigue your vendors by sending them irrelevant questions, but you also want to ensure compliance in any area that may result in regulatory penalties. When scoping your questionnaires, it is important to consider which suppliers are at risk for which violations: while it may be most important to inspect the environmental policies of an American energy corporation, a manufacturer in Malaysia is more likely to introduce social risk by way of its labor policies. Similarly, timing may play a role in scoping your questionnaires: if you work with a German company with more than 3,000 employees, it is imperative that you achieve compliance by the end of the year. If the company has 1,000 employees, then it is more important that you achieve visibility in the short term to enable compliance by 2024.

3. Assign risk ratings to third parties
By rating your third parties according to ESG risk, you can focus your efforts on remediating the vendors who are most likely to violate the Supply Chain Act. Once you’ve gotten assessments back from your vendors, you can start to prioritize according to key ESG concerns: Do any of your suppliers use child labor or modern slavery? Do any of them use hazardous materials as part of the production process? Organizations found in violation of these basic principles should be the focus of your remediation efforts. While it may be daunting to face all of the ESG risk that exists on your supply chain, prioritizing high-risk vendors enables your organization to take the actions that are most likely to produce significant ESG impact.

4. Conduct ongoing monitoring of third parties
Due diligence isn’t a one-and-done operation. Check-box compliance might prevent violations in the short term, but strong ESG means continuing to demand evidence that your third parties have kept up with regulatory changes and have prevented backsliding in their environmental and social practices. For this reason, it’s helpful to think of ESG as an ongoing conversation between your organization and your suppliers. Regular questionnaire cadences and organizational touchpoints can build your ESG program from a periodical pass/fail evaluation to an ongoing inter-organizational project.

5. Use an automated TPRM platform with integrated ESG ratings
Regular questionnaires and ongoing monitoring can be labor-intensive processes. Between scoping assessments, routing questionnaires, and chasing down responses, Excel-and-email based ESG programs can quickly evolve into rigorous operations. Luckily, with an automated Third-Party Risk Management platform that integrates ESG ratings into your vendor profiles, these challenges are entirely manageable. ProcessUnity Vendor Risk Management with Vendor ESG Intelligence (VEI) incorporates Ecovadis’ business sustainability ratings into the ProcessUnity VRM platform. This platform automates key TPRM practices, including questionnaires scoping, assessment scheduling, and alerts for due diligence deadlines—by offloading these functions to automated processes, your organization can quickly reduce the labor hours involved in ESG management. Additionally, with Ecovadis sustainability ratings at your fingertips, you can quickly evaluate the practices of potential vendors using externally validated metrics.

In the coming years, it will only become more important for your organization to maintain strong ESG practices. While this can be a daunting task, the right solution can result in an efficient and cost-effective program that keeps ahead of the regulatory curve.

Related Articles

About Us

ProcessUnity is a leading provider of cloud-based applications for risk and compliance management. The company’s software as a service (SaaS) platform gives organizations the control to assess, measure, and mitigate risk and to ensure the optimal performance of key business processes. ProcessUnity’s flagship solution, ProcessUnity Vendor Risk Management, protects companies and their brands by reducing risks from third-party vendors and suppliers. ProcessUnity helps customers effectively and efficiently assess and monitor both new and existing vendors – from initial due diligence and onboarding through termination. Headquartered outside of Boston, Massachusetts, ProcessUnity is used by the world’s leading financial service firms and commercial enterprises. For more information, visit