The last few years have seen European legislators give greater importance to social and environmental concerns when defining corporate governance standards. In the EU, the Corporate Sustainability Reporting Directive (Directive (EU) 2022/2464) entered into effect on 5 January 2023. This required affected companies to report on their sustainability goals and the impact of sustainability initiatives on their business.
As for substantive due diligence requirements, the European Commission published the “Proposal for a Directive of the European Parliament and of the Council on Corporate Sustainability Due Diligence and amending Directive (EU) 2019/1937” in February last year.
In Germany, requirements related to human rights and environmental infringements are already laid down in the Act on Corporate Due Diligence in Supply Chains (Gesetz über die unternehmerischen Sorgfaltspflichten zur Vermeidung von Menschenrechtsverletzungen in Lieferketten (the ‘Supply Chain Act’) which entered into effect on 1 January 2023. This article gives a short overview of its contents and implications.
Companies affected by the Act
Any company that has its head office, headquarters, administrative office or statutory seat in Germany has to comply with the Supply Chain Act if they employ 3000 or more employees. From 1 January 2024, the Supply Chain Act will apply to companies with over 1000 employees.
“Many of the directly affected companies will, to some extent, contractually ‘pass on’ their obligations under the Supply Chain Act to their (smaller) suppliers.”
However, even if a (foreign) company does not fall under this scope, it might be affected by the Supply Chain Act. For example, the act requires an affected company to agree with its suppliers on control mechanisms to verify the supplier’s compliance with the company’s supply chain policy statement (see below).
Beyond that, it is expected that many of the directly affected companies will, to some extent, contractually ‘pass on’ their obligations under the Supply Chain Act to their (smaller) suppliers.
Specific requirements
Under the Supply Chain Act, companies are not required to successfully prevent human or environmental rights infringements. However, they do have to implement organisational and procedural measures to reduce the risks of these happening. Those measures mainly concern the company’s operations and those of its direct suppliers and include:
• Establishing “appropriate and effective” risk management
• Appointing an individual responsible for supervising the company’s risk management
• Establishing a complaint system to enable stakeholder reports on infringements
• Conduct a risk analysis regarding the company’s operations and its direct suppliers at least once a year
• Issuing – based on the yearly risk analysis – a policy statement describing the risk management processes, the identified risk(s) and the company’s expectations towards its employees and suppliers
• Setting up control mechanisms regarding its direct suppliers based on the policy statement (see above)
All of the company’s due diligence measures have to be documented and the company has to issue a yearly report covering the relevant risks the company has identified and the company’s due diligence measures. The report is to be made available to the public and submitted to the Federal Office for Economic Affairs and Export Control, no later than four months after the end of the business year.
“This lack of civil liability is one of the reasons that many NPOs have criticised the Supply Chain Act as a paper tiger .”
Failure to comply
Failure to comply can lead to fines of up to €800.000 for the company’s management and, additionally, fines of up to €8.000.000 or 2% of the annual turnover for the company (whichever is higher).
A company might try to hold its management liable for these fines, based on them breaching their duty to properly organise the company. It might also claim damages from its suppliers based on contractual due diligence provisions. That being said, the cases in which fines can be claimed as damages haven’t been comprehensively clarified by German case law yet, and management liability is a particularly controversial topic.
While introducing standing for German trade unions and NGOs in specific cases, the Supply Chain Act does not include a new statutory civil course of action for due diligence infringements that could be invoked by victims of human rights violations occurring in a company’s supply chain. The Federal Ministry of Labour and Social Affairs also clarified that violating the Supply Chain Act does, by itself, not give rise to (general) tort claims, as the Supply Chain Act does not constitute safeguard legislation (Schutzgesetz).
Outlook – Directive Proposal
This lack of civil liability is one of the reasons that many NPOs have criticised the Supply Chain Act as a paper tiger – and welcomed the European Commission’s Directive Proposal, which aims to be stricter.
The proposal would apply to more companies, including non-member state companies, provided they have generated a certain yearly net turnover in the EU. It would also require companies to implement due diligence measures regarding their whole supply chain, including indirect suppliers as well as customers, provided there is an ‘established business relationship’. In order to ensure effective compensation of victims, it also would require member states to implement civil liability for cases of due diligence infringements.
As was the case in the legislative process leading to the Supply Chain Act, the idea of civil liability for infringements has been met with criticism by industry and legal professionals. Critics are pointing out the many unknowns regarding the specific requirements companies have to fulfil to be considered as having taken ‘appropriate’ risk management measures.
If, as European Commission proposes, due diligence requirements were to be extended to a company’s customers and indirect suppliers, this would only cause more uncertainty. Therefore, it remains to be seen how much of the proposal will survive the legislative process this time around.