The Supply Chain Due Diligence Act (LkSG) does not only affect large corporations. SMEs acting as suppliers must also fulfil due diligence obligations. An overview of duties, risks and practical steps for implementation.
Supply Chain Due Diligence Act (LkSG): What SMEs Need to Know Now
Since 1 January 2023, the Supply Chain Due Diligence Act (LkSG) has been in force -- initially for companies with at least 3,000 employees, and since 1 January 2024 for those with 1,000 or more employees. However, the effects extend far beyond the direct scope of application: medium-sized suppliers and business partners are indirectly affected and must adapt to new requirements.
In this article, we outline the key obligations under the LkSG, highlight the most common pitfalls and provide practical guidance for establishing an effective compliance management system.
Scope of Application and Thresholds
Directly Obligated Companies
The LkSG applies to companies with their head office, principal place of business, administrative seat or registered office in Germany. The relevant thresholds are:
- From 1 January 2023: Companies with at least 3,000 employees in Germany
- From 1 January 2024: Companies with at least 1,000 employees in Germany
When calculating the number of employees, workers posted abroad and temporary agency workers are included, provided the assignment period exceeds six months.
Indirect Impact on SMEs
Even if your company does not meet the thresholds, you may be indirectly affected as a supplier or service provider. Obligated companies pass on their due diligence obligations to their supply chain through contractual clauses, codes of conduct and audit requirements. In practice, this means:
- Contractual assurances regarding human rights and environmental standards
- Questionnaires and self-assessments on compliance structures
- Audit rights and on-site inspections by customers or commissioned third parties
- Supplier evaluations that take compliance criteria into account
The Five Core Obligations Under the LkSG
1. Risk Analysis (§ 5 LkSG)
The risk analysis forms the foundation of all further due diligence obligations. It must be conducted at least annually and on an ad hoc basis and comprises:
- Identification of human rights and environmental risks within the company's own operations and at direct suppliers
- Weighting and prioritisation of identified risks according to severity, probability of occurrence and the company's degree of influence
- Documentation of results and communication to the relevant decision-makers
Practical tip: Use sector-specific risk indices and country-specific human rights reports as a starting point. The BAFA guidelines provide helpful orientation on methodology.
2. Preventive Measures (§ 6 LkSG)
Based on the risk analysis, appropriate preventive measures must be implemented:
- Policy statement by the management on human rights and environmental strategy
- Integration into internal processes, particularly in procurement and supplier selection
- Training of relevant employees
- Contractual assurances from direct suppliers
- Risk-based control mechanisms to verify compliance
3. Remedial Measures (§ 7 LkSG)
If a violation of human rights or environmental obligations is identified, the company must take immediate remedial action:
- Within its own operations: The violation must be terminated without delay.
- At direct suppliers: Development and implementation of a specific remedial plan with a timeline and milestones.
- Last resort: Termination of the business relationship if serious violations exist and no less severe measures are effective.
4. Complaints Procedure (§ 8 LkSG)
Every obligated company must establish a complaints procedure that enables affected persons to report human rights or environmental risks and violations. The specific requirements are:
- Accessibility for potentially affected persons throughout the entire supply chain
- Confidentiality and protection of whistleblowers against retaliation
- Transparent procedural rules with clear deadlines and responsibilities
- Impartiality of the persons handling complaints
- Regular effectiveness review at least once a year
5. Reporting Obligation (§ 10 LkSG)
Obligated companies must prepare an annual report on the fulfilment of their due diligence obligations and publish it on their website no later than four months after the end of the financial year. The report must remain freely accessible for at least seven years and is also submitted to the BAFA.
Protected Rights and Standards
The LkSG protects a wide range of human rights and environmental standards derived from international conventions:
Human rights protections:
- Prohibition of child labour and forced labour
- Prohibition of discrimination and unequal treatment
- Right to fair wages and reasonable working hours
- Occupational health and safety
- Freedom of association and right to collective bargaining
- Protection against unlawful land seizure
Environmental obligations:
- Prohibition of the manufacture, use and disposal of mercury (Minamata Convention)
- Prohibition of the production and use of persistent organic pollutants (Stockholm Convention)
- Prohibition of the import and export of hazardous waste (Basel Convention)
The BAFA as Enforcement Authority
The Federal Office for Economic Affairs and Export Control (BAFA) is responsible for the official monitoring and enforcement of the LkSG. Its powers include:
- Review of annual reports and ad hoc inspections
- Orders to enforce statutory obligations
- Imposition of fines for violations
- Exclusion from public procurement for up to three years
Fines and Sanctions
The fines under the LkSG are substantial and, for companies with more than 400 million euros in annual turnover, are based on global group turnover:
- Up to 8 million euros or up to 2% of global annual turnover for serious violations
- Exclusion from public contracts pursuant to § 22 LkSG for up to three years where a fine exceeds a specified minimum level
Civil Liability
The LkSG expressly does not establish an independent civil liability under § 3 Abs. 3 LkSG. However, liability under general provisions (§§ 823 ff. BGB, § 831 BGB) remains unaffected. The political discussion on extended civil liability continues within the framework of the European CSDDD.
Practical Implementation of a Compliance Management System
Step 1: Establish a Governance Structure
- Appointment of a human rights officer (§ 4 Abs. 3 LkSG)
- Anchoring of responsibilities in the organisational structure
- Regular reporting to the management
Step 2: Systematise Risk Analysis
- Creation of a supplier database with risk-relevant information
- Development of a scoring model based on country, sector and product risks
- Regular updates and ad hoc reviews
Step 3: Operationalise Prevention
- Integration of sustainability criteria into procurement guidelines and supplier contracts
- Conducting supplier audits and self-assessments
- Establishing training programmes for procurement, compliance and management
Step 4: Ensure Documentation
- Comprehensive documentation of all measures, decisions and assessments
- Retention of all records for at least seven years
- Use of digital tools for supply chain monitoring
Outlook: From LkSG to the EU CSDDD
The European Corporate Sustainability Due Diligence Directive (CSDDD) is expected to tighten and expand the requirements of the LkSG. Key differences:
- Extended scope covering the entire value chain (not only direct suppliers)
- Civil liability for companies in the event of breaches of duty
- Climate-related due diligence obligations including a transition plan
- Lower thresholds than the German LkSG
Companies that already build a robust LkSG compliance system now are creating a solid foundation for meeting the forthcoming European requirements.
Conclusion
The Supply Chain Due Diligence Act poses significant organisational and documentation challenges for companies. SMEs in particular, being integrated into value chains as suppliers, should establish their own compliance structures early on to remain competitive and meet the contractual requirements of their customers.
At compleneo, we support you in analysing your individual exposure, building tailored compliance management systems and ensuring legally compliant documentation of your due diligence obligations. Get in touch -- we will develop a solution together that fits your company.
