The German Supply Chain Act: History, Obligations, and What Comes Next

Germany's Supply Chain Due Diligence Act (LkSG) entered into force on January 1, 2023 – making Germany one of the first countries in the world to impose binding human rights and environmental due diligence obligations on companies by law. In this article, originally authored by Dr. Chris Bayer of Development International in March 2021, we trace the law's legislative journey, explain its core obligations, and provide an updated outlook on how the LkSG relates to the EU's Corporate Sustainability Due Diligence Directive (CSDDD).

The Road to Mandatory Due Diligence

This section reflects the original guest article by Dr. Chris Bayer, Principal Investigator at Development International, written in March 2021 ahead of the law's passage.

After eight months of negotiations, on February 12, 2021, three German ministers – representing the Ministry for Labour and Social Affairs, the Ministry for Economic Cooperation and Development, and the Ministry for Economics – announced their agreement on mandatory supply chain due diligence legislation (Lieferkettensorgfaltspflichtengesetz, LkSG).

The impetus came from Germany's 2016 National Action Plan on Business and Human Rights (NAP), which outlined voluntary corporate human rights due diligence expectations. It foresaw mandatory action if fewer than 50% of German companies with more than 500 employees implemented adequate due diligence systems by 2020.

A government 2020 survey – in which only 455 of the 2,250 companies contacted submitted valid responses – found that just 13–17% of respondents had adequately implemented the core elements of the UN Guiding Principles on Business and Human Rights. Only 10–12% were deemed on track.

The ministers concluded that most large German companies had not voluntarily fulfilled the expectations set out in the NAP and announced they would make those expectations mandatory. These findings triggered the drafting of binding due diligence legislation.

The government draft (Regierungsentwurf) was submitted to the Bundestag in March 2021. Parliament passed the law on June 25, 2021, and it was published in the Federal Law Gazette on July 22, 2021. The LkSG entered into force on January 1, 2023.

Purpose and Scope of the German Supply Chain Act

The primary purpose of the LkSG is to introduce a corporate duty of care mandate, protecting human rights and upholding environmental standards throughout global supply chains. The law is closely aligned with the due diligence framework outlined in the UN Guiding Principles on Business and Human Rights.

The LkSG defines "supply chain" broadly: it covers all steps in Germany and abroad required to produce a company's products and provide its services – from the extraction of raw materials through to delivery to the end customer.

The law introduced a phased scope by company size. From January 1, 2023, the LkSG applied to approximately 600 German companies with at least 3,000 employees. From January 1, 2024, it expanded to cover companies with at least 1,000 employees in Germany, bringing roughly 2,900 additional companies into scope.

The law applies to companies that have their central administration, principal place of business, administrative headquarters, statutory seat, or branch office in Germany. Foreign companies with a qualifying branch in Germany fall within scope in the same way as domestic companies.

The LkSG covers an exhaustive list of eleven internationally recognized human rights conventions. These include prohibitions on child labor, slavery and forced labor, disregard for occupational health and safety, denial of fair wages, and restrictions on forming trade unions or employee representation bodies.

Key Obligations under the LkSG

The LkSG imposes a comprehensive set of due diligence obligations on covered companies. These apply to a company's own business area, to the conduct of its direct suppliers, and – where triggered by circumstances – to indirect suppliers further down the chain.

Risk management system: Companies must establish a risk management system to identify, prevent, and minimize human rights and environmental risks. This includes conducting an annual risk analysis and an ad hoc analysis whenever circumstances warrant it.

Policy statement: Companies must issue a policy statement describing their human rights strategy, the specific risks identified, and their expectations for employees and suppliers.

Preventive and remedial measures: Based on the risk analysis, companies must take appropriate preventive measures – such as supplier selection criteria, contractual clauses, and training – and implement remedial measures if violations are found or imminent.

Complaint mechanism: Companies must establish and publish a complaint procedure through which affected persons or those with knowledge of potential violations can report human rights risks. The effectiveness of the mechanism must be reviewed annually.

Documentation: All due diligence activities must be continuously documented and records retained for at least seven years from the date of their creation.

Reporting (in transition): The LkSG originally required covered companies to submit an annual report to BAFA and publish it on their website. A 2025 amendment abolishes this obligation retroactively to January 1, 2023. Companies must still document their due diligence activities internally.

Accountability and Enforcement

A central question during the legislative process was how far into the supply chain due diligence obligations should reach. One camp insisted that diligence should end at Tier 1; the other feared that companies could easily evade responsibility by altering contractual designations. The compromise established two tiers of accountability.

Companies are fully accountable for their own business activity and that of their direct suppliers – those with whom they have a direct contractual relationship. For indirect suppliers, obligations are triggered "by circumstance" (anlassbezogen): for example, following the findings of a risk assessment or a well-substantiated complaint.

Enforcement rests with the German Federal Office for Economic Affairs and Export Control (BAFA). BAFA can access company documentation, conduct on-site inspections, request information, and initiate administrative fine proceedings. In 2024, BAFA carried out over 800 ex officio audits and reported that most audited companies demonstrated good to very good compliance with their LkSG obligations.

Penalties for intentional or negligent violations can reach up to EUR 8 million. For companies with an average annual turnover of more than EUR 400 million, fines may amount to up to 2% of global annual turnover. A fined company may additionally be excluded from public procurement for up to three years.

The LkSG also enables trade unions and NGOs to serve as legal representatives of adversely affected plaintiffs, giving victims a formal route to assert claims before German courts through power-of-attorney arrangements.

Duty of Care and Liability

The LkSG establishes a duty of care (Bemühenspflicht) closely patterned after the French duty of care law (Loi sur le devoir de vigilance). This is an obligation of means, not of result: companies are not required to guarantee that no human rights violations occur anywhere in their supply chain, but they must make genuine, documented efforts to prevent them.

A company may only be held liable by BAFA if damages could have been foreseen and avoided with proper due diligence. Where a company did everything legally possible to prevent a violation, it will not be held liable for that violation.

When issuing fines, BAFA takes into account any remediation the company already provided in response to an identified impact. Fine revenues are invested by the German government in causes related to business and human rights matters.

Accountability is further enhanced by the requirement for covered companies to publish an annual report – though, as noted above, this reporting obligation is in the process of being abolished under the 2025 LkSG amendment.

How Companies Can Prepare

Companies have a range of options to effectively address actual or potential negative impacts, whether or not a specific risk has materialized. Some use the legislative requirements as an opportunity to rethink particular business models or the very design of their products.

Compliance departments can add sustainability and human rights metrics to their purview based on their risk analysis (Risikoanalyse). Such analysis yields relevant risks and vulnerabilities according to the company's particular sector and sourcing profile. The UN Guiding Principles and the 2016 NAP serve as relevant frameworks to guide this process.

Companies should also consider revamping their supplier code of conduct and the way it is communicated. Embedding due diligence clauses in supplier contracts effectively cascades obligations down the supply chain. Active supplier monitoring – through audits, spot checks, and self-assessments – is then essential.

A useful guiding principle is engagement before disengagement (Befähigung vor Rückzug): companies should seek to support and improve supplier performance before resorting to contract termination, which should remain the very last option (ultima ratio). Future suppliers can also be assessed against relevant criteria before onboarding.

Digital tools play an important role in managing this complexity. Human rights risk management software enables companies to collect, analyze, and monitor supplier data at scale – supporting the structured, documented due diligence the LkSG requires.

The LkSG and the EU CSDDD: What Comes Next?

Development Minister Gerd Müller argued at the time of the law's passage that Germany's approach could serve as a blueprint for global supply chain governance. That prediction proved accurate: the LkSG – alongside the French Vigilance Law – became a key reference point for EU-level legislation.

The EU Corporate Sustainability Due Diligence Directive (CSDDD) entered into force on July 25, 2024, with the goal of harmonizing due diligence standards across all EU member states. Its implementation timeline has since been revised twice. A "Stop-the-Clock" initiative postponed the national transposition deadline to July 2027. A December 2025 trilogue agreement between the European Parliament, the Council, and the Commission adjusted the framework further: uniform application is now expected from July 26, 2029, and the scope will narrow to EU companies with more than 5,000 employees and more than EUR 1.5 billion in annual turnover.

At the national level, Germany's coalition government (CDU/CSU and SPD, under Chancellor Friedrich Merz) announced plans to abolish the LkSG and replace it with a new "Law on International Corporate Responsibility" as part of the CSDDD transposition. As a first step, the Federal Cabinet approved an amendment to the LkSG on September 3, 2025, which would abolish the annual reporting obligation (retroactively from January 1, 2023) and significantly reduce sanctions – limiting fines primarily to cases of severe human rights violations.

Until a replacement law is in force, the LkSG remains applicable. BAFA continues to conduct risk-based ex officio controls and will enforce the remaining due diligence obligations. Companies should maintain their core due diligence systems – risk analysis, preventive and remedial measures, grievance channels, and documentation – and monitor legislative developments at both national and EU level closely.

IPOINT's software enhances your supply chain management and gives you greater visibility and control throughout your supply chain. It helps you identify and mitigate the risks of negative impacts like human rights violations, thus protecting your brand reputation. With the IPOINT Supply Chain Survey, you can identify, track, and prevent human rights violations in your supply chain and adapt your human rights programs accordingly.