Download one of our guides on the LkSG, EUDR, CSRD & sustainability now Learn more →
lawcode Logo
DEDE
Test now Personal demo
Test now Personal demo
Supply Chain 17. March 2026 · 23 Min read

The Supply Chain Due Diligence Act (LkSG) at a glance

The Supply Chain Due Diligence Act (LkSG) for companies came into force in Germany on January 1, 2023. Since January 1, 2024, it has already applied to companies with at least 1,000 employees. The law on corporate due diligence obligations in supply chains obliges companies to take human rights and environmental standards within their value chain into account. The due diligence obligations defined in the law apply to both the business activities of companies and their suppliers.

Larissa Ragg

Larissa Ragg

Marketing Managerin · lawcode GmbH
Share:
The Supply Chain Due Diligence Act (LkSG) at a glance
Table of Contents

Important facts

What is the LkSG?
The Supply Chain Due Diligence Act obliges companies with their registered office or branch office in Germany to identify, assess and prevent human rights and environmental risks in their supply chains.
When did the law come into force?
Since January 1, 2023 for companies with more than 3,000 employees, since January 1, 2024 also for companies with more than 1,000 employees.
Who is affected by the LkSG?
In addition to German companies, foreign companies are also affected if they have a German branch with a corresponding number of employees.
What obligations do companies have?
You must introduce a risk management system, appoint a responsible person, carry out regular risk analyses, take preventive and corrective measures, set up a complaints procedure and report annually.
How is the LkSG enforced?
The Federal Office of Economics and Export Control (BAFA) monitors compliance. Violations can result in fines, exclusion from public contracts and loss of reputation.
What are the objectives of the law?
It aims to strengthen respect for fundamental human rights and environmental standards along global supply chains, e.g. prohibition of child and forced labor, protection against health hazards, fair working conditions and environmental protection.

Abstract

The Supply Chain Due Diligence Act (LkSG) was passed in June 2021 and has been in force since January 1, 2023. It obliges companies to protect human rights and certain environmental standards along their entire supply chain and thus implements the UN Guiding Principles on Business and Human Rights in a binding manner. Companies must set up an effective risk management system, carry out regular risk analyses and establish preventive and remedial measures, a complaints procedure and document implementation. The statutory reporting obligation is currently suspended and an amendment to the law is in the process of being made.

Companies with at least 3,000 employees have been directly affected since 2023 and companies with at least 1,000 employees in Germany since 2024, provided they have their registered office or a branch office in Germany. In practice, many suppliers are also indirectly involved, as obligated companies contractually pass on requirements along the supply chain. Violations can result in fines of up to 8 million euros or up to 2 percent of annual global turnover, exclusion from public contracts and the reclaiming of subsidies; planned amendments to the law provide for a stronger focus on serious violations.

LkSG-Infos-Überblick
LkSG: Everything important summarized at a glance

Updates to the LkSG (as of January 30, 2026)

With the planned amendment to the LkSG, the federal government wants to simplify key points without abolishing the law as such. The focus is primarily on two changes:

  • Abolition of reporting obligations (planned): The draft bill (BT-Drs. 21/2474) provides for the reporting obligation currently enshrined in the law to be abolished without replacement and with retroactive effect. In practice, the issue has already been significantly mitigated: BAFA has no longer been reviewing reports since 01.10.2025. It has no longer been possible to submit reports via BAFA access since 07.11.2025.
  • Restriction of sanctions (planned): In future, only serious basic violations are to be sanctioned (e.g. lack of risk management, no effective risk analysis, no functioning complaints procedure)

It remains important: Due diligence obligations continue to apply. Companies should continue to properly set up risk management, risk analysis and preventive and remedial measures. If external reporting obligations no longer apply, internal documentation becomes all the more important, for example for customer requirements and critical questions from stakeholders.

Procedural status: The Bundestag debated the bill for the first time on 16.01.2026. The procedure continues in the committees.

What is the LkSG? Definition, background, legal framework

Goal & basic logic of the LkSG

The German Supply Chain Due Diligence Act (LkSG ) obliges companies to take risks to human rights and certain environmental aspects in their supply chain seriously. This is not a guarantee of "zero risk". It is crucial that companies identify risks at an early stage, prioritize them correctly and take appropriate measures to reduce them effectively.

Companies do not have to check every part of the supply chain with equal intensity. Instead, they should concentrate on the areas where risks are particularly likely or particularly serious. In practice, the focus is therefore more on countries, sectors or product groups with a high risk situation than areas with lower risks.

Two key benchmarks for implementation are appropriateness and effectiveness.

  • Appropriateness means that measures must be appropriate to the respective risk situation, i.e. plausible, proportionate and well-founded. The more serious a potential breach is and the closer it is to the company's own business area or important suppliers, the more specific and comprehensive the preventive and remedial measures must be.
  • Effectiveness means that not only guidelines or declarations of intent exist, but that they actually work in everyday life. A code of conduct or a questionnaire alone is therefore not enough if there is no follow-up, no escalation and no measurable improvements.

It is crucial that the company can demonstrate how measures are implemented, how results are monitored and how corrective action is taken in the event of deviations.

Origin and legal framework

The German Supply Chain Act was introduced because voluntary commitments were often not enough to effectively prevent human rights violations and environmental damage in complex global supply chains. It therefore obliges companies to systematically identify and assess risks and take appropriate measures.

Fixed, permanently functioning processes are required: risk management with regular risk analysis, preventive and corrective measures, a complaints procedure and comprehensible documentation. The initial focus is on the company's own business area and direct suppliers. Indirect suppliers must be checked in particular if there are concrete indications of risks. A risk-based approach applies here: not everything has to be checked at all times, but in greater depth where actual risks exist.

The law in Germany has led to the introduction of a similar law in Europe called the Corporate Sustainability Due Diligence Directive (CSDDD).

Reference to UN Guiding Principles & OECD Guidelines: The German Supply Chain Act is based on international standards, in particular the UN Guiding Principles on Business and Human Rights. These require companies to respect human rights, identify risks at an early stage and take remedial action in the event of problems. This is precisely what the LkSG addresses, for example through a declaration of principles, risk analysis, preventive and remedial measures and a complaints procedure.

In addition, the OECD Guidelines and OECD Due Diligence Guidance provide practical orientation for implementation, for example on prioritizing risks, anchoring expectations in supplier relationships and effectiveness testing. The LkSG is therefore essentially the binding national formulation of what is considered good international due diligence practice.

The legislative process at a glance

  1. January 16, 2026: First consultation/1st reading on the draft bill to amend the LkSG (BT-Drs. 21/2474), referral to the committees.
  2. November 07, 2025: Submission of LkSG reports via BAFA access no longer possible.
  3. October 17, 2025: Statement on the draft bill (including on the suspension/abolition of the reporting obligation).
  4. October 01, 2025: Implementation notice simplifications (including discontinued report review, more restrictive enforcement/fine practice; reference to cabinet decision).
  5. September 03, 2025: Decision on the amendment (expressly mentioned in the BAFA notice).
  6. January 2024: The law is extended to companies that employ at least 1,000 people in Germany.
  7. January 2023: The German Supply Chain Due Diligence Act comes into force.
  8. July 2021: The law was signed by the Federal President and published in the Federal Law Gazette. The legislative process has been formally completed and will enter into force on January 1, 2023.
  9. June 2021: The Committee on Labor and Social Affairs made amendments to the draft law on corporate due diligence in supply chains. The Federal Government's draft was subsequently adopted by the Bundestag. In the vote, 412 MPs voted in favor of the bill, 159 voted against and 59 abstained.
  10. March 2021: The European Parliament adopted the "Legislative report on corporate human rights and environmental due diligence" with a broad majority of 504 out of 695 votes. A legislative report is a recommendation to the EU Commission to introduce a law.
  11. April 2021: The Bundestag discussed the draft law on corporate due diligence obligations in supply chains in the first reading.

The Corporate Sustainability Due Diligence Directive (CSDDD) exists in parallel at EU level. As part of the latest EU simplifications, the obligations will primarily affect very large companies (including >5,000 employees and >€1.5 billion turnover) in future; application is planned from July 2029. The exact structure remains dependent on the final legislative process in the European Union.

LkSG-Zeitplan-Umsetzung
Supply Chain Act: implementation schedule in Germany

LkSG in context: EU and international regulations - why are supply chain laws necessary?

Many German companies have been directly or indirectly involved in disasters in other countries in the past. For example, in 2019 when a dam burst in Brazil, killing more than 250 people, or in 2012 when a fire broke out in a textile factory in Pakistan.

According to the law, German companies will also have to take responsibility for incidents of this kind in future. This primarily affects companies in the textile, electronics and automotive industries. The same applies to the pharmaceutical and food industries, as Germany imports many foodstuffs, chemicals and medicines from abroad.

These examples show why supply chain laws and compliance with the law are necessary and why responsibility does not end with mere knowledge, but begins with implementation. You can read about how to translate due diligence obligations into concrete purchasing processes and anchor sustainability in supplier management in the article Sustainable procurement: how to implement requirements in practice.

Differences between German supply chain law and EU supply chain law

The LkSG obliges affected companies to systematically assess risks to human rights and certain environmental aspects in their own operations and those of their direct suppliers and to manage them with preventive and remedial measures.

The EU Directive on Corporate Sustainability Due Diligence (CSDDD, Directive (EU) 2024/1760) pursues the same goal, but sets a uniform framework for the entire EU. It came into force on July 25, 2024.

Differences that count in practice

  • LkSG is based on the reference to Germany and employee thresholds.
  • CSDDD defines the scope EU-wide and combines criteria such as employees and turnover (incl. third-country companies with relevant EU turnover).

Both require risk analysis, prevention, remediation and grievance mechanisms. The CSDDD goes beyond this and also requires large companies to adopt a climate transition plan and implement it to the best of their ability.

In practice, CSDDD is often discussed as "broader" because it focuses more on the entire chain and business relationships. It is crucial for companies to build processes in such a way that they are scalable: risk-based, traceable, connectable.

Under the LkSG, supervision in Germany is the responsibility of BAFA. Under the CSDDD, national supervisory authorities in the member states are to enforce the law - with an EU-wide harmonized framework.

The CSDDD must first be transposed into national law; this deadline was postponed as part of the "stop-the-clock" package. It is currently planned:

  • Implementation by July 26, 2027
  • Staggered application from July 26, 2028
  • complete from July 26, 2029 (final target scope)

At the same time, the EU is working on simplifications ("omnibus"). Although the framework is in place, individual details may still change. Companies should therefore not wait until everything has been finalized. It makes more sense to establish stable basic processes now - for example for risk analysis, supplier management, remediation, complaints procedures and documentation.

LkSG-CSDDD-Unterschiede
Differences between LkSG and CSDDD

Supply chain laws in other countries

Germany is not alone with the LkSG. Other countries have also had regulations in place for years that make companies more responsible for human rights and the environment in their supply chains. Although the approaches differ in detail, they follow the same basic idea: companies should not only be aware of risks, but also actively manage them and effectively address violations.

France is a frequently cited example. For some years now, France has had regulations in place that oblige large companies to draw up and implement a structured due diligence plan. Similar to the LkSG, the focus is on topics such as risk analysis, prevention, remediation and the question of whether measures actually work. The practical effect is similar: due diligence obligations are being transformed from a "voluntary CSR issue" into a fixed component of governance and supplier management.

Other countries have also introduced or further developed supply chain or due diligence obligations - sometimes with a stronger focus on transparency and reporting obligations, sometimes with special priorities or enforcement mechanisms. The decisive consequence for companies with international procurement is that individual national regulations can quickly become a patchwork quilt. This is precisely why the EU is focusing on a harmonized framework with the CSDDD.

One conclusion in particular is worth drawing from this in practice: If you set up your due diligence system in such a way that it is risk-based, comprehensibly documented and effective, it is usually much easier to bundle requirements from different countries instead of repeatedly rebuilding processes for each market.

Which companies are affected?

The LkSG does not apply "to everyone", but is aimed at companies that have a clear connection to Germany and meet certain threshold values. It is important to note that even if a company does not formally fall under the law, it can still be very specifically affected as a supplier because larger customers pass on the requirements in purchasing conditions, contracts and audit processes.

Thresholds & registered office in Germany

Whether a company falls directly under the LkSG depends on two questions: Does it have a relevant connection to Germany and does it meet the employee threshold?

Employee thresholds (direct impact):

→ Since 01.01.2023: Companies with at least 3,000 employees (as a rule: employees in Germany)
→ Since 01.01.2024: Companies with at least 1,000 employees (as a rule: employees in Germany)

This means that "large" in the context of the LkSG is not defined by turnover or balance sheet total, but quite practically by the number of employees. Companies with fewer than 1,000 employees typically do not fall directly within the scope of the law, but can still be heavily affected indirectly (see SME section below).

Reference to Germany (when the LkSG applies):

The law covers companies if they are anchored in Germany, e.g. through:

  • Head office
  • Head office
  • Administrative headquarters
  • statutory seat
  • in Germany.

In addition, companies that have a branch office in Germany (e.g. in accordance with Section 13d of the German Commercial Code (HGB)) and conduct business through it, even if their head office is abroad, may also be affected.

In practice, this means

  • Anyone who falls within the direct scope of application must systematically implement the due diligence obligations in their own business area and in the relevant parts of the supply chain.
  • If you are just below the thresholds, you should check how quickly this can change - for example due to growth, reorganization or intra-group staff transfers. As soon as the threshold is reached, the supervisory authority does not expect a "start from scratch", but comprehensible processes.
LkSG-Betroffene-Unternehmen
These companies are affected by the LkSG.

Group, subsidiary, branch: typical borderline cases

In corporate groups, it is often not immediately clear who is responsible: the parent company, individual subsidiaries or several units at the same time. The decisive factor is which company reaches the threshold and has a connection to Germany. In practice, central standards such as policy statements, methodologies or complaints procedures are often defined on a group-wide basis. Day-to-day implementation, such as supplier management and tracking of measures, must then function in the respective units.

Central purchasing or central compliance does not automatically mean that implementation is "also done". Clear responsibilities are needed for risk analysis and remediation in particular:

    • Who assesses risks?
    • Who decides escalations?
    • Who follows up on measures?
    • Who documents effectiveness?

Companies with headquarters abroad often underestimate the fact that a branch office in Germany can be a relevant point of contact. In this case, reporting lines, data flows and decision-making paths between the head office and the German unit must be clearly defined, otherwise implementation will get stuck in practice.

Suppliers: Who is directly affected and who indirectly?

It is important to distinguish between legal obligation and de facto involvement:

  • Direct suppliers are therefore not automatically legally obliged themselves. In practice, however, they are often included via contracts because companies that fall under the LkSG pass on their requirements along the supply chain.
  • Indirect suppliers become particularly relevant when there are concrete indications of risks or violations. For example, through complaints, media reports, audits or information from the authorities. In such cases, companies must react and check more closely.

In practice, this often leads to a cascade effect

→ Companies subject to the LkSG establish expectations with direct suppliers (e.g. Code of Conduct, questionnaires, audit rights, action plans).
→ These direct suppliers in turn pass on requirements to their suppliers.
→ This makes the LkSG relevant for many smaller and medium-sized companies, even without direct legal obligations.

Why should smaller companies also deal with the LkSG?

Small and medium-sized enterprises are often part of larger supply chains. Even if they do not export directly, they can act as suppliers for large corporations. Dealing with the law not only protects against legal consequences, but also strengthens the company's image and enables more sustainable and ethical business practices.

Small and medium-sized companies with fewer than 3,000 or 1,000 employees should also get to grips with the law in good time. Companies that act early have the opportunity to set standards and gain a head start.

  1. Major customers expect compliance with supply chain requirements.
  2. Contractual general terms and conditions of major customers oblige smaller suppliers and vendors to adhere to compliance requirements.
  3. Without compliance and, in particular, proof of compliance with the law, new suppliers will no longer be able to access the panel of customers. As a result, they will no longer receive new orders.
  4. Adherence to compliance requirements creates trust and transparency and strengthens your company.

The duties of care under the LkSG

9 Due diligence obligations in accordance with Section 3 of the Supply Chain Due Diligence Act

The following 9 due diligence obligations are defined therein and must be observed by companies both in their own business area and by their suppliers:

  1. Establishment of risk management: Effective risk management must be introduced to identify, minimize and prevent violations of human rights.
  2. Definition of internal responsibilities: Clear and transparent division of work can optimize processes, increase efficiency and avoid misunderstandings.
  3. Carry out regular risk analyses: These analyses help to identify risks to human rights and the environment. The analyses should be carried out both within the company and at suppliers. This ensures that companies act proactively and identify human rights risks at the lower levels of their supply chains.
  4. Issue a policy statement: A policy statement on the internal human rights strategy should be issued.
  5. Establishment of preventive measures: Preventive measures should be introduced both in the company's own business area and in relation to direct and indirect suppliers.
  6. Taking remedial action: It makes sense to take active measures to improve the situation.
  7. Establishment of a complaints procedure: A functioning complaints procedure should also be set up within the company.
  8. Implementation of due diligence obligations: Due diligence obligations in relation to risks should be implemented for both direct and indirect suppliers.
  9. Documentation and reporting: The measures taken should be regularly documented and reports published.

The protected legal positions or violations of human and environmental rights arising from § 2 may include, among other things

→ Unfair or unequal treatment based on health status, disability, beliefs or sexual orientation. This is particularly evident in differences in pay for equal work.
→ All forms and types of child labor and slavery.
→ Withholding a fair wage (at least the minimum wage set by applicable law).
→ Water pollution, air pollution, harmful noise emissions.
→ The improper handling, collection, storage and disposal of waste.

The human rights due diligence obligations require companies to introduce a complaints procedure and risk management. If they identify violations in their business or supply chain, remedial action must be taken. With this law, companies must now themselves ensure that international human rights are respected both in their own business operations and throughout their supply chain.

The German Supply Chain Act is not a completely new idea. It builds on international standards and existing guidelines, for example the UN Guiding Principles on Business and Human Rights, the OECD Guidelines for Multinational Enterprises and BAFA handouts and guidelines.

The debate was primarily triggered by scandals and serious incidents in which companies were linked to human rights violations or environmental damage. In addition, pressure from civil society and NGOs as well as global developments contributed to the introduction of the law.

LkSG-Sorgfaltspflichten
The 9 duties of care of the LkSG

Implementation in practice

Risk analysis is a central component of the LkSG. It obliges companies to identify risks to human rights and the environment in the supply chain on a regular and structured basis, particularly in the case of direct suppliers and, if there are specific indications, also in the case of indirect suppliers. Companies should take a particularly close look at areas where the risks are typically higher, such as possible cases of forced labor, child labor or environmental violations.

The risk analysis forms the basis for effective preventive and corrective measures as well as for comprehensible documentation. Companies should check which areas are affected and whether existing processes are sufficient. Risk management, purchasing, personnel, complaints procedures, procurement processes, IT systems and internal guidelines are particularly relevant. On this basis, targeted measures can be derived in order to reliably fulfill due diligence obligations.

If risks are identified, companies must take appropriate remedial action, particularly in the event of human rights violations that have already occurred. This includes clear contractual requirements for direct suppliers, adapted purchasing strategies, training and controls. Indirect suppliers must also be included if there are concrete indications of risks, such as reports from authorities, industry risks or reports of problematic working conditions.

Based on the risk analysis, a structured risk management system must be implemented that systematically controls prevention and remediation. The extent to which measures are taken depends on the risk profile and the company's own standards. Clear responsibilities, internal processes, a documented human rights strategy and careful record keeping are important. Companies with more than 3,000 employees must also appoint a responsible person internally, such as a human rights officer, to monitor risk management.

The law requires companies to set up a complaints procedure. This allows people to report indications of violations in the supply chain. The aim of the complaints procedure is to uncover, rectify or directly prevent problems in the supply chain. This enables the company to avoid fines and damage to its image. Anonymous reporting channels in particular are an effective means of preventing these risks and damage.

With our Hintbox and the form we have developed, you can implement these requirements quickly, securely and easily. The Hintbox is ISO 27001 certified and GDPR-compliant. It is also permanently accessible to all suppliers worldwide via a link.

The management must issue a declaration known as the Code of Conduct. This sets out how the company fulfills its obligations. This joint declaration of principles must fulfill all requirements in accordance with Section 6 (2) sentence 3 LkSG and identify the most important risks in the area of human rights and the environment for all affected groups.

It also documents the company's expectations of its employees and suppliers in the supply chain. This plays a major role in managing negative impacts on human rights.

If the risk analysis reveals a risk that would result in a violation of the law, the company must take preventive measures in its own business area. These are defined as implementation tactics and control measures resulting from the Code of Conduct. They can take the form of training or the development of strategies to minimize risk, for example.

This also includes preventive measures vis-à-vis a direct supplier in order to cover the entire scope of business activities. It also includes taking human rights and environmental expectations into account when selecting such suppliers. Further measures are described in Section 6 of the Act.

It is important that companies constantly document their internal due diligence obligations. Every year, they must submit a report to the Federal Office of Economics and Export Control (BAFA). This report should provide clear information on the following points:

  • Identified human rights and environmental risks of the company
  • Measures taken by the company to fulfill its human rights and environmental obligations
  • Evaluation of the impact and effectiveness of these measures
  • Conclusions for future measures

The report must be submitted to BAFA no later than four months after the end of the financial year. Companies are also obliged to prepare a report on the fulfillment of their legal obligations in the previous financial year and publish it on their website. It should be available there for seven years.

An electronic reporting format is being developed to minimize the effort for companies. The information provided there can also be used to fulfill the CSR reporting obligation.

The German Supply Chain Act already presents major obstacles for many companies. However, the EU Supply Chain Directive (CSDDD) sets even stricter requirements. This directive tightens the existing law by making more companies responsible and extending monitoring obligations. It is already clear that significantly more companies will have to comply with the due diligence obligations in future and that monitoring will be extended to the entire supply chain.

Stricter liability rules are also being introduced. Companies should therefore act quickly now. It is advisable to keep an eye on the development of the EU directive now when designing processes. Find out more about the EU Supply Chain Act and the legislative process.

To ensure that these requirements do not become individual decisions on a day-to-day basis, you need clean supply chain management: clear responsibilities, reliable data flows, defined escalation channels and supplier management that tracks measures. Read our article on supply chain management to find out how to set up these structures and which processes have proven themselves in practice.

Supplier management & purchasing processes

Contracts, code of conduct, onboarding, questionnaires - what is enough, what is not?

To ensure that due diligence obligations are not only imposed on suppliers "retrospectively", the topic should be incorporated into the supplier relationship as early as possible, ideally during onboarding. A code of conduct or self-disclosure can be a good start. However, this alone is often not enough, especially if the risk situation is elevated or if customers or inspection bodies expect verifiable evidence.

A staged approach has proven itself in practice: For suppliers with a low risk situation, basic requirements and a plausibility check can be sufficient. For higher risks, additional information and clear rules on how to deal with deviations are required. It is important to note that a signed code of conduct is only reliable if it is linked to specific expectations, responsibilities and control mechanisms.

Typical building blocks that companies anchor in purchasing are

  • Minimum requirements in onboarding (e.g. self-disclosure, contact person, acceptance of standards)
  • contractual safeguards (e.g. information obligations, obligations to provide evidence and information, audit/inspection rights, remedial obligations)
  • Risk-based differentiation (basic requirements vs. extended requirements for risk suppliers)
  • Clear escalation logic if suppliers are unable to deliver or do not cooperate

Monitoring: audits, evidence, KPIs, effectiveness monitoring

The LkSG not only looks at whether rules are written down, but whether they work in practice. Monitoring is therefore an important part of implementation. Companies must be able to show how they check supplier requirements and what they do if there are indications of risks or violations. This does not mean "audits everywhere", but a risk-based approach, with appropriate evidence, spot checks, assessments and consistent follow-up.

In practice, monitoring can look like this, for example, depending on the risk

  • Verification and document checks (e.g. relevant policies, certificates, training certificates, occupational health and safety documents)
  • Risk-based audits or assessments (remote or on-site)
  • Key performance indicators for control and effectiveness (e.g. proportion of critical suppliers with an action plan, completion rate of findings, time to remedy)
  • Clear escalation levels (e.g. reminder → action plan → management escalation → last resort)

It is crucial that responses and evidence are not only collected but also evaluated and that deviations lead to concrete measures. This is precisely where "paper compliance" separates itself from implementation that also stands up to critical scrutiny.

Supplier development & long-term risk minimization

Not every risk can be resolved by replacing suppliers immediately. In many cases, breaking off the business relationship only makes sense as a last resort. Supplier development is therefore a key lever in the LkSG: risks are reduced in the long term by companies demanding, supporting and following up on improvements.

Above all, supplier development means agreeing specific measures with suppliers, including clear responsibilities, fixed deadlines and clear follow-up. Depending on the situation, this may also include training, joint standards or improvement programs. It is important that the measures are measurable and that they are regularly checked to see if they are really working.

Typical elements in practice are

  • Action plans with clear responsibilities and deadlines
  • Training and support (e.g. occupational health and safety, complaints procedures, recruitment practices)
  • Regular reviews and reassessments to document progress
  • Incentive and control mechanisms in purchasing (e.g. preferred status for good performance)

This transforms supplier management from "querying standards" to a system that actually minimizes risks and at the same time strengthens the supply capability and stability of the supply chain.

LkSG-Lieferantenprozess
Supplier management and purchasing processes at LkSG

Human rights and environmental aspects: What is specifically protected?

Child labor, forced labor, discrimination

The LkSG protects fundamental human rights. This is particularly important in countries or sectors where controls are weak or there is strong price pressure. Child labor and forced labor are among the most serious risks and are therefore monitored particularly closely. This does not only apply to clearly visible cases. There are also risks if workers are recruited through dubious intermediaries, have to pay high fees or hand in their ID cards. Discrimination also plays a role, for example when certain groups are systematically paid less or disadvantaged.

This means for companies: They should pay attention to typical warning signals in the risk analysis. These include, for example, high-risk sectors, country profiles, indications from audits or complaints and anomalies in the recruitment or employment of workers. Companies can take preventative measures by having clear rules for recruitment, proper documentation of employment relationships, training and an easily accessible complaints channel. If there are indications of violations, they must investigate them and initiate concrete measures, not just take note of them.

Occupational health and safety, wages, freedom of association

In many supply chains, it is not only the major "scandalous issues" that are a problem, but above all the day-to-day working conditions. This is why the LkSG also covers occupational health and safety, health protection, fair wages and basic employee rights. This is particularly important in sectors with a high risk of accidents, very long working hours or many subcontractors. Typical weak points are a lack of protective measures, poor accommodation, too much overtime or wage deductions that can make employees dependent.

It is important to note that these topics are not just "nice to have", but are part of what companies must check for plausibility as part of their due diligence obligations. In practice, this means that verification and controls should not only focus on paper documents, but also on the question of whether minimum standards are actually being implemented. This is particularly effective if requirements are anchored in purchasing and supplier management - e.g. through clear minimum requirements, risk-based verification checks, action plans and consistent follow-up.

Environmental risks

The LkSG applies not only to human rights, but also to certain environmental issues. This primarily refers to cases in which environmental problems directly harm people. For example, when pollution makes people ill, there is a lack of clean water or people lose their livelihoods. Typical risks include polluted air or water, incorrectly disposed waste and the use of hazardous chemicals, especially in countries where environmental regulations are hardly monitored.

It is crucial for companies to take a risk-based approach to environmental aspects: Not every supply relationship is automatically an environmental risk, but depending on the raw material, production process or location, environmental factors can very quickly become a key compliance issue. Clear expectations of suppliers, evidence of relevant procedures and approvals as well as monitoring that identifies anomalies and investigates them in depth if necessary can help with implementation. Here, too, it is not the existence of a policy that counts, but the ability to identify risks, derive measures and provide verifiable evidence of their effectiveness.

LkSG-Menschenrechte
Human rights and environmental aspects in the implementation of the LkSG

The fight against poverty, child labor and climate change

The collapse of the Rana Plaza building in Bangladesh in 2013 was a terrible tragedy. Clothing for many well-known brands was manufactured there. Over 1,100 people died in the collapse and thousands were injured. This showed that working conditions in the garment industry are often very poor and that workers did not have secure jobs.

A supply chain law would have put pressure on garment manufacturers to provide better conditions in the factories where they produce. The law would have provided clear rules for companies to abide by and introduced penalties for those who do not. This would have made manufacturers scrutinize their supply chains more closely and ensure that everything is fair.

Such a law would not only have helped the workers in Bangladesh, but also in other countries where similar problems exist. It would have been an important step towards better working conditions and a more sustainable textile industry.

Child labor in the cocoa industry, especially in West Africa, has been a major problem for many years. It is estimated that millions of children work in hazardous conditions on cocoa plantations to meet the growing global demand for cocoa. The Supply Chain Act would have required chocolate manufacturers to ensure that their cocoa is not sourced through child labor.

They should have closely monitored their supply chains to ensure that no child labor is involved. Manufacturers would be responsible for only sourcing cocoa from ethical sources and regularly checking that no child labor is taking place. The law would also have provided penalties for companies that break the rules, such as fines or exclusion from the market. 

Oil palm plantations in Southeast Asia have a terrible impact on the environment. Due to the high demand for palm oil, large areas of rainforest are being cut down to make room for the plantations. This not only leads to the loss of valuable habitats and endangers many animal and plant species, but also to large amounts of CO₂ emissions, which exacerbate climate change. 

In addition, cultivation damages the soil through the use of pesticides and fertilizers, which has a long-term negative impact on agriculture. A supply chain law could help to reduce environmental damage here. Companies that use palm oil would have to comply with strict environmental regulations and ensure that their palm oil comes from sustainable sources. 

This would force them to look for more sustainable cultivation methods. Such laws should also ensure the protection of the indigenous population, who are often displaced from the plantations. It is important that governments and consumers become more aware of the issue of palm oil and support sustainable alternatives. By buying products without palm oil or with certified sustainable palm oil, we can all help to protect the environment and the rainforest.

There is a major problem with conflict minerals in the Congo. People work under dangerous conditions in the mines. The money earned from the sale of these minerals is often used to finance armed conflicts. To change this, a law was proposed that would have obliged companies to monitor the origin of their minerals.

This was to ensure that they did not originate from conflict areas. This measure would have been an important step towards reducing the demand for conflict minerals.

However, despite global efforts, such laws have so far only been implemented in isolated cases. Many companies are reluctant to disclose their supply chains transparently or find it difficult to trace the actual origin of their minerals. This makes it difficult for consumers to make ethically responsible decisions when purchasing electronic devices, as coltan is used in many electronic products such as cell phones.

It is important that governments and companies show more initiative and take action to stop the trade in minerals. This could mean, for example, that companies have to comply with stricter rules or that alternative jobs are created in the areas where the minerals are mined.

The electronics industry in China is known for repeated violations of labor laws and poor working conditions in factories. Workers are often confronted with unfair wages, excessive working hours and a lack of protective measures. These abuses have led to public outrage and increased calls for a supply chain law.

Such a law would oblige companies to ensure that their suppliers respect workers' rights. It would hold them accountable and give them clear guidelines on how to ensure that their products are manufactured under humane conditions.

A supply chain law would force companies to scrutinize their supply chains more closely and ensure that these social standards are met. This could be done through regular on-site inspections or cooperation with independent organizations. Otherwise, such a law would also increase the pressure on companies to be more transparent and disclose information about their supply chains. This would enable consumers to make informed purchasing decisions and opt for more ethical products.

Monitoring, enforcement & sanctions

Responsibilities: Who has to ensure what?

Clear responsibilities are needed to ensure that due diligence obligations do not become individual decisions. The LkSG is therefore not just a "purchasing issue", but a question of management within the company.

Duties and responsibilities within the company

  • Management level: The management must ensure that the company systematically implements its obligations. This includes clear rules, defined responsibilities and a functioning risk management system.
  • specialist departments (e.g. Purchasing, Compliance, Sustainability, HR): In practice, the requirements are implemented via processes - in particular via supplier management, risk analysis, escalation, remediation and documentation.
  • Relationship with suppliers: Companies need to manage their supply chain on a risk-based basis, i.e. sharpen up especially where risks are higher. This applies to requirements, evidence, action plans and the tracking of improvements. You should bear this in mind when selecting and evaluating suppliers.

This makes it clear that accountability is not just about policy, but also about process discipline - who decides, who documents, who escalates, who follows up on measures.

Control instruments: How companies ensure compliance internally

The first and most important mechanism is self-regulation. Companies must be able to demonstrate that they are not only aware of risks in theory, but also manage them in practice.

Typical instruments of self-control are

  • Guidelines and standards (e.g. Code of Conduct, declaration of principles, supplier requirements)
  • Clear responsibilities and defined escalation channels
  • Training and sensitization of relevant teams
  • Internal controls (e.g. spot checks, reviews, internal audits)
  • Follow-up of measures (action plans, deadlines, effectiveness check)

Important: These instruments are only resilient if they are linked together. A code of conduct without monitoring or escalation remains "paper compliance". BAFA handouts on a risk-based approach also provide guidance here.

Role of BAFA: tasks of the authority and audit logic

In addition to internal control, there is also external supervision. BAFA monitors compliance with the LkSG, can carry out checks and respond to information or complaints. The focus here is on whether a company has established a plausible, risk-based and effective system.

What BAFA essentially wants to ensure

  • Companies do not tolerate any unlawful practices within their sphere of influence.
  • Risks are systematically identified and prioritized.
  • Measures are implemented and fine-tuned where necessary.
  • Decisions and procedures are documented in a comprehensible manner.

Note on current practice: The review of company reports has been discontinued by BAFA and submission via BAFA access is currently not possible. At the same time, supervision and inspections of due diligence obligations continue. Many companies also voluntarily use independent third parties (e.g. audits, certifications) to ensure the effectiveness of their measures.

Sanctions & enforcement practice: What does this currently mean?

For the purposes of classification, it is helpful to briefly combine enforcement and legislative development: It may feel like "less is happening", but the core expectation of functioning processes remains.

Since October 1, 2025, the BAFA has been pursuing a more restrictive practice: Proceedings on offenses that are to be deleted in the draft are discontinued or not reopened; fines are only considered for serious violations and under high conditions.

The legislative process for the amendment is running in parallel; among other things, the draft provides for the deletion of the reporting obligation and focused sanctions, while inspections are to continue.

In practical terms, this means that even if reporting issues are toned down, internal documentation, clean processes and audit readiness become even more important, especially when dealing with customers, stakeholders and in individual case audits.

LkSG-Prüfungsfragen-Praxis
Exam questions for the LkSG exam

What is requested and checked in practice?

When inspections take place, it is rarely about "perfect supply chains", but rather about reliable traceability: Can the company show that it systematically fulfills its obligations and acts in the event of risks?

Typical topics that are asked in practice:

  • Governance & responsibilities: Who is responsible? What roles are there? How is escalation handled?
  • Risk management & risk analysis: methodology, results, priorities (annual + event-driven)
  • Preventive measures: What standards apply? How are they anchored in purchasing/supplier management?
  • Remedial measures & cases: How was specific advice responded to? What action plans were implemented?
  • Complaints procedure: Access, protection, processing, lessons learned
  • Effectiveness monitoring: What evidence/KPIs are there? How is the focus sharpened?
  • Documentation: Are decisions, assessments and measures filed in a comprehensible manner?

Sanctions and consequences of violations

If companies do not comply with the requirements of the LkSG, the BAFA can impose fines. Fines of up to 50,000 euros are possible for minor infringements.

In the case of more serious breaches of duty, for example if no risk analysis is carried out, no complaints procedure exists or known human rights violations are not effectively ended - fines of between 100,000 and 800,000 euros can be imposed.

For companies with an annual turnover of over 400 million euros, the penalty can be up to 2% of the average annual turnover. For serious violations, the penalty is at least 175,000 euros.

Current enforcement notice (since 01.10.2025): The BAFA currently only applies fines very restrictively and essentially in the case of serious, grave allegations; in addition, the report review has been discontinued.

In the event of serious breaches of the rules, companies can be excluded from public procurement. As this has financial implications, it increases the pressure on companies to act in accordance with the rules. Some companies may prefer to pay fines rather than change their supply chain. However, this can lead to them being excluded from public procurement.

Fines under the Supply Chain Act are entered in the competition register and can be queried by awarding authorities. Even if an award process is almost complete, a company can be excluded due to a breach of the law. Competitors could use this to disadvantage other bidders.

Further problems are looming in the context of funding law. Companies that apply for or receive funding must expect severe consequences if they violate due diligence obligations. Even if the law does not address this directly, it is to be expected that funding bodies will stipulate compliance as a prerequisite for granting funding. This applies to tenders, contracts and funding decisions.

If companies violate the rules, subsidies could either not be granted or reclaimed. It is not yet clear whether this will only happen in the event of legally binding fines or if there is already suspicion while an application for funding is on hold or approved funds are not paid out.

In addition to legal obligations, reputational risk also plays a major role. You can find out how greenwashing arises and how you can avoid it in your communication in the article on greenwashing.

What to do if an infringement occurs?

If a violation occurs in the company, whether at home or abroad, immediate action must be taken to end the violation. If a direct supplier or service provider commits a violation that cannot be stopped immediately, a plan must be drawn up immediately to stop or minimize the violation.

If legal violations are disclosed, business relationships do not have to be terminated immediately. In addition, solutions should be sought together with those affected in the supply chain. A corresponding action plan can help here.

The termination of a business relationship is the last resort. This would have to be a serious breach where no remedial measures have brought about a termination or where no more lenient means are available.

Section 3 (3) sentence 1 clarifies that there is no civil liability in the event of a breach of the duty of care. The applicability of the law depends on the registered office of the company. The LkSG does not establish any new liability under civil law, but does not affect existing liability rules and also introduces a special procedural status.

Pros and cons of the Supply Chain Act

Critics believe that the law does not go far enough. One point is that companies with fewer than 1,000 employees are currently not directly covered. In addition, environmental and human rights organizations criticize the fact that companies cannot automatically be held legally liable for problems in their supply chain.

Industry associations see it differently: a stricter law causes high costs for the economy. After the entire economy has already suffered enormously during the coronavirus pandemic, the strict implementation of the Supply Chain Due Diligence Act will only further damage Germany as a business location. In particular, it is hardly feasible for small and medium-sized companies to check the entire supply chain accordingly.

The BDI warns that the law could slow down German investment in Africa. The concern is that this could ultimately make Germany even more dependent on Asia. Others are therefore calling for a uniform EU regulation in order to avoid competitive disadvantages for individual countries. They are also calling for more support from politicians in auditing global supply chains - for example via the German Chambers of Commerce Abroad (AHK).

Advantages

More and more consumers are making sure that products are manufactured under good and fair conditions. The younger population group in particular is becoming increasingly interested in environmental and social issues. Companies are therefore called upon to find innovative business models and safe production methods and to establish clean value chains in order to win them over.

The LkSG strengthens the idea of corporate social responsibility (CSR). It obliges companies to actively assume responsibility in their supply chain and implement due diligence obligations. This can visibly increase corporate responsibility and have a positive impact on the company's image.

The law motivates companies to develop more sustainable and responsible business models in the long term. Those who do this consistently can not only strengthen their own image, but also better protect the supply chain against risks.

Disadvantages

Implementation can result in additional costs, for example for compliance, data and controls. It can also restrict the choice of possible locations - and thus affect competitiveness. More bureaucracy can also slow down processes and cause uncertainty among investors or customers.

Large companies may try to pass on the cost of compliance to their suppliers. As a result, the costs may ultimately lie with smaller companies that were previously exempt from the Supply Chain Act for competitive reasons.

How easy or difficult it is to implement depends heavily on the complexity of the supply chain. With simple supply chains, many things can be controlled more quickly. With very complex supply chains, it becomes much more complex. A fashion brand, for example, can often influence working conditions in a few production facilities more directly than a chemical company that works with many preliminary products and numerous suppliers.

The law could lead to companies no longer relocating their production sites to countries with lower labor costs. This could be the case if it is too costly to check suppliers or the political conditions preclude compliance with the Supply Chain Act. These production sites are often located in poorer countries. The supply chain directive could prevent investment and therefore economic growth in these countries.

LkSG-Vorteile-Nachteile
Advantages and disadvantages of the LkSG

Conclusion

The LkSG requires companies to systematically identify, prioritize and effectively reduce human rights and certain environmental risks in their supply chain. This requires clear processes for risk analysis, prevention and remediation, a functioning complaints procedure and proper documentation. Responsibility lies not only with purchasing, but also with management and the relevant specialist departments, which must translate the requirements into day-to-day operations. Even if the effort involved increases, a robust due diligence system strengthens trust in the long term, reduces risks and makes supply chains more stable.

Frequently asked questions

Start by taking stock: which supply chains, countries and product groups are particularly risky? Define clear responsibilities and start with an initial risk-based analysis. What is important is not perfection, but a comprehensible, structured start.

There are typically four steps: risk identification (e.g. country, industry and supplier profiles), assessment according to probability of occurrence and severity, prioritization and derivation of measures. Data sources can be external indices, audit reports, complaints or internal experience. The results should be documented and regularly reviewed.

Appropriate means: suitable for the risk situation, proportionate and effective. The higher the risk and the closer it is to your own business area, the more specific the measures need to be. A questionnaire is usually not enough for high-risks, where more intensive checks or action plans are required.

Indirect suppliers come into focus when there are concrete indications of risks, for example through complaints, media reports or audit results. The company must then examine the facts and initiate appropriate measures. Without cause, a permanent full audit is not required.

Above all, comprehensible processes are required: documented risk analyses, clear supplier requirements, action plans, escalation logics and effectiveness checks. It is crucial that decisions and prioritization are plausibly justified.

Ideally at an early stage: minimum requirements and a code of conduct should be included in onboarding, supplemented by risk-based checks. Contracts should include information and audit rights. In this way, LkSG becomes part of normal supplier management and not a separate "special topic".

First of all, a discussion should be sought and a concrete action plan agreed. If cooperation is not forthcoming, escalation steps are taken, up to and including termination of the business relationship as a last resort. Immediate termination is only advisable in the event of serious breaches that cannot be resolved in any other way.

It must be accessible, confidential and protected from reprisals, including for external whistleblowers. Clear handling processes, deadlines and documented follow-up are important. An effective complaints system is often an important source of information about risks.

The management bears overall responsibility and must ensure structures are in place. Purchasing, Compliance, Sustainability and HR implement the requirements operationally, particularly in terms of risk analysis, supplier management, training and documentation. LkSG is a cross-sectional task.

Simplifications are planned, particularly with regard to reporting and sanctions. However, the basic due diligence obligations remain in place. Companies should therefore rely on stable, risk-based processes, regardless of how individual reporting obligations develop.

Larissa Ragg

Larissa Ragg

LinkedIn

Marketing Managerin · lawcode GmbH

Larissa Ragg verantwortet die Content-Strategie bei lawcode und erstellt Fachbeiträge zu den Themen EUDR, ESG-Compliance, HinSchG, Supply Chain und CSRD. Ihre Beiträge auf dem lawcode Blog machen komplexe regulatorische Anforderungen verständlich und liefern Unternehmen praxisnahe Orientierung.

Previous Post

CSDDD for companies: The EU law at a glance
Next Post

Code of Conduct for companies

More articles on Supply Chain

CSDDD for companies: The EU law at a glance
Supply Chain 17.03.2026 · 16 min

CSDDD for companies: The EU law at a glance
Code of Conduct for companies
Supply Chain 17.03.2026 · 9 min

Code of Conduct for companies
From obligation to opportunity: Corporate Social Responsibility (CSR) in Germany
Supply Chain 17.03.2026 · 17 min

From obligation to opportunity: Corporate Social Responsibility (CSR) in Germany