Update “Supply Chain Act”– the government draft is available. What is in store for the economy?


The draft bill for the “Act on Corporate Due Diligence to Prevent Human Rights Violations in Supply Chains” (Due Diligence Act), better known as the Supply Chain Act, which was recently reported on here, has now become a government draft, which was approved by the cabinet on March 3. The dispute that had existed between the ministries involved following the uncoordinated publication was settled, and the draft and also the explanatory memorandum to the law, which is significant for the interpretation of the text of the law, were amended in several places in a very short time.

Due Diligence Act = “Supply Chain Act”.

The Due Diligence Act intends to strengthen the human rights of people working in the various links of the supply chain. German companies are to be encouraged to act with due diligence in terms of human rights not only with regard to themselves, but also with regard to their direct suppliers and even companies further down the supply chain (indirect suppliers). The protected legal positions are defined in § 2 (2). Explicitly addressed are, among others, child protection, freedom from slavery and forced labor, freedom of association, equal treatment in employment, adequate remuneration). However, the circle of protected legal positions in § 2 (2) No. 12 in conjunction with. § 2 (1) is considerably expanded by the reference to 13 conventions protecting human rights, if a particularly serious violation of the human rights protected therein is imminent. As a result, this circle of legal interests protected by the draft law is thus extraordinarily broad.

 Certain environmental obligations and risks, in particular those relating to health protection, are also included (§ 2 (3) and (4)).

The Act is scheduled to come into force on January 1, 2023.

The Duty of Care Act is divided into six sections and 24 paragraphs.

At its core are due diligence obligations imposed on certain companies in Section 2 (§§ 3-11).

Norm addressees: Large companies

The addressees of the standard are companies that have their head office, principal place of business or registered office in Germany and employ at least 3,000 employees. If the parent company is based in Germany, its foreign affiliated companies must also be included in the count. From Jan. 1, 2024, the law already applies to companies with at least 1,000 employees. Temporary workers are to be included in the calculation if the period of employment exceeds six months.  Compared to the draft bill, linguistically misleading passages have been deleted that raised the question of whether foreign companies may also have to comply with the Due Diligence Act. According to the updated version, this is not the case unless the corporate headquarters is located in Germany.

But: Relevance also for small and medium-sized companies

However, smaller companies are also indirectly affected. It can be assumed that large companies will impose obligations on their suppliers as a consequence of the law.

This follows, among other things, from the fact that the direct addressees of the Due Diligence Act (i.e. the large companies) are required to carry out a risk analysis. This risk analysis relates to risks within the company itself and at its direct suppliers, but not also at indirect suppliers (the explanatory memorandum to the first draft suggested otherwise).

If the analysis reveals risks - and here, however, risks at indirect suppliers are also included - the large companies are obliged to take preventive measures. This also applies if the large company obtains knowledge of a possible infringement of a protected legal position by other means - but then: substantiated.   These preventive measures include, for example, the "consideration of human rights-related expectations in the selection of the direct supplier" and "the contractual assurance of a direct supplier that it complies with the (...) required human rights-related and environmental requirements and adequately addresses them along the supply chain". It can probably be assumed that large companies, which are subject to the obligations of the Due Diligence Act, will in future also expect their smaller suppliers and subcontractors to a greater extent to take preventive measures themselves, which the large companies are required to do. Of course, this is already happening. But there is no doubt that this will become more important and that the requirements for such preventive measures or programs will also increase. Those who cannot or do not want to fulfill these requirements must expect to be replaced by another supplier.

The fact that small and medium-sized enterprises will not be burdened by the project, as stated in the introduction to the draft law, is therefore only half the truth.

Duty of human rights due diligence

§ Section 3 of the Due Diligence Act requires the companies addressed to behave with appropriate care in terms of human rights and sets out a catalog of obligations in this regard. This is specified in more detail in §§ 4-10.

Risk Management

Pursuant to Section 4, companies must introduce appropriate risk management in order to identify risks, prevent the realization of any risks and put an end to and minimize violations of protected legal positions. A responsible person must be appointed within the company, such as a human rights officer. The management must regularly inform itself about the work of the human rights representative.

As part of risk management, an appropriate risk analysis must be carried out at least once a year (and, if necessary, additionally on an occasion-related basis) in order to identify, appropriately weight and prioritize the risks in the company's own business area and at its direct suppliers. The results of the risk analysis must be communicated to the relevant decision-makers. These must take appropriate account of the results (§ 5).

Obligation to take preventive measures when risks are identified

If the company identifies a risk as part of the risk analysis, it must immediately take appropriate preventive measures (§ 6):

If it does not have a policy statement, one must be adopted (§ 6 (2). This must contain various elements of a human rights strategy, including a description of the process by which the company fulfills its due diligence obligations, the relevant risks identified for the company on the basis of the risk analysis, and the human rights-related expectations set out by the company for its own employees and suppliers in the supply chain.

Other appropriate prevention measures in the company's own business area (§ 6 (3)) include in particular

  • Implement the human rights strategy outlined in the Policy Statement,
  • the development and implementation of risk-minimizing procurement strategies,
  • the implementation of training courses,
  • Control measures.

Appropriate preventive measures shall also be taken with regard to the company's own suppliers (§ 6 (4)), in particular

  • the consideration of human rights and environmental expectations in the selection of contractual partners,the contractual assurance of a direct supplier that it complies with the required human rights and environmental specifications and addresses them appropriately along the supply chain,
  • the establishment of appropriate contractual control mechanisms and training,
  • the implementation of risk-based control measures.

The effectiveness of prevention must be reviewed once a year (and additionally on an ad hoc basis if necessary).

Duty to remedy human rights violations

If the company discovers that a violation has already occurred or is imminent in its own business area or at a direct supplier, it is obligated to take appropriate remedial action without delay (§ 7 (1)). If the violation relates to a direct supplier, a concept for minimization and avoidance must be implemented if the violation cannot be remedied in the foreseeable future (§ 7 (2)). A temporary suspension of business relations shall also be considered as a measure (Section 7 (2) No. 3).

Establishment of an anonymous complaints procedure

Furthermore, the company is obliged to set up an internal complaints procedure (§ 8). It is also possible to participate in an external complaints procedure instead. Here, existing whistleblowing systems can be used as a basis. The confidentiality of the user's identity must be maintained. Employees of indirect suppliers (i.e. companies with which there is no direct business relationship and which are further down the supply chain) must also be enabled to use this complaint procedure (§ 9 (1)).

Obligations with regard to indirect suppliers

If the company obtains substantiated knowledge of a possible human rights violation at such an indirect supplier, the company is obligated to, among other things,

  • to carry out a risk analysis,
  • anchor appropriate preventive measures vis-à-vis the polluter
  • and to create and implement a concept to minimize and prevent the violation.

Documentation and reporting requirements

The company is subject to documentation obligations (§ 10). In addition, a report must be submitted annually to the Federal Office of Economics and Export Control (§§ 10, 12, 19).

Legal standing for trade unions and NGOs

Section 11 provides that a person who claims to have been injured in a legal position of overriding importance as a result of a breach of a corporate duty of care is entitled to authorize trade unions and non-governmental organizations to take legal action (special authority to take legal action). This is intended to facilitate enforcement or make it possible in the first place.

Regulatory control and enforcement

Sections 14-21 regulate official control and enforcement and assign the Federal Office of Economics and Export Control the right to issue appropriate and necessary orders and measures to eliminate and prevent violations of the obligations under the Due Diligence Act. In addition, rights of entry, duties to provide information, toleration and cooperation duties are provided for, among other things.

Exclusion from the award of public contracts

Section 22 provides that an enterprise that has been fined for an infringement established by a final court decision shall be excluded from participating in a competition for a supply, works or service contract for a reasonable period of time.

Penalties and fines

§ Section 23 permits the imposition of periodic penalty payments of up to EUR 50,000, while Section 24 permits the imposition of fines for violations of the Due Diligence Act. The fines can be calculated as a percentage of the company's total worldwide turnover for companies with an annual turnover of more than EUR 400 million, up to an amount of 2%.


The Due Diligence Act poses major challenges for business - and indirectly also for small and medium-sized enterprises. Large companies should start planning early. However, SMEs that supply large companies should not wait until they are required to do so before tackling the issue. The first sensible steps for them are to clarify internal responsibilities and budgets and to form a project group. Risk analysis, which large companies can be expected to demand, can also be started now. In addition, what comes from the direction of the EU should be followed in any case. The EU Commission has announced the presentation of its own draft supply chain law for June 2021, which, according to Justice Commissioner Didier Reynders, should include companies of all sizes. The EU Parliament will present recommendations in the second week of March. However, it is still unclear how member states intend to position themselves on the project. If the plan is implemented, its relationship to German law will have to be examined.