After several months of intra-governmental discussions, a first official legislative proposal on a Human Rights Supply Chain Duty of Care Act drafted by the German Federal Ministry of Labour and Social Affairs became public. The statutory proposal might be still subject to some (minor) amendments but is expected to be passed by the German Parliament before its summer break. It shall become applicable as of 1 January 2023.
Scope of application
The Act will apply to companies that are incorporated in Germany or have their (administrative) headquarters in Germany. Decisive is whether the company’s strategic business decisions are taken in Germany. The scope of application of the envisaged law shall initially cover companies with more than 3,000 employees. As of 2024, the threshold will be lowered and the Act will then apply to companies with at least 1,000 employees. For this count, the total number of employees in all affiliated companies belonging to a group of companies is taken into account, even if – different to the German co-determination laws – they are employed abroad.
Human rights due diligence and reporting obligations
The Act obliges corporations to conduct adequate due diligence in relation to human rights – such as just and favourable working conditions, freedom from forced and child labour – and certain environmental risks. Covered undertakings shall establish and implement an adequate risk management system. This includes (but is not limited to) conducting an adequate risk analysis which should be carried out at least once a year and on an ad hoc basis if needed. The results of the risk analysis shall be communicated to relevant corporate decision makers, such as the board of directors or the procurement department. In case companies detect a potential risk, they must undertake adequate preventive measures, such as considering human rights aspects in contracts with business partners, conducting audits and trainings. If a violation has already occurred or is about to occur, companies have to take appropriate remedial action to prevent, end or mitigate the infringement.
Companies must also determine persons that are responsible for compliance with the Act’s duties of care, e.g. appointing a human rights officer. Covered undertakings are also obliged to create operational-level grievance mechanisms to allow (affected) persons to raise human rights concerns and report potential violations.
In principle, such obligations are imposed with regard to a company’s own business operations and its first tier of suppliers. Subordinated lower supply tiers should be taken into account on an ad-hoc basis. This is the case if there is substantial knowledge on potential human rights violations by a supplier – which can be assumed in case that specific complaints were launched against any such supplier. Essentially, this trigger mechanism of due diligence duties with regard to x-tiers-suppliers will result in a form of “compliance-system light” for indirect suppliers. It is obvious that corporations must establish certain compliance safeguards anyways, such as whistleblowing systems, since otherwise they would not be capable of detecting any such triggering event, i.e. potential human rights violation in their supply chain.
In addition, the Act imposes obligations to keep records for at least seven years and annual reporting duties regarding the implementation of its human rights due diligence.
No special civil liability regime
The Act itself does not include a special civil liability regime in case of a breach of the duty of care. However, it remains unclear how this ties in with the general liability rules of German law which may nevertheless apply in case of any such infringement of the Act. A general civil liability risk is therefore not fully off the table.
The draft text contains additional provisions on procedural representation by NGOs and trade unions, which would enable them to assert legal violations on behalf of those affected. In the light of the above, this might be interpreted as if the legislator also assumes applicability of general liability regimes.
The Federal Office of Economics and Export Control (BAFA) shall be responsible for monitoring compliance with the law. In the event of non-compliance with (inter alia) the imposed due diligence obligations, companies shall face administrative fines. The current draft sets out that the amount of such fines will be determined by reference to the company’s annual turnover. It remains to be seen whether the turnover to be considered will encompass the entire group’s turnover – as stipulated in other statutes – or whether only the affected corporate entity’s turnover will be taken into account.
Moreover, severe non-compliance can result in an exclusion from public tenders for up to three years.
What does a German Supply Chain Duty of Care Act mean for companies?
While the first laws that imposed corporate human rights obligations, such as the California Transparency in Supply Chains Act (2015) and the UK Modern Slavery Act (2015) “only” stipulated reporting obligations with respect to specific areas (e.g. modern slavery, child labour), the proposed German Supply Chain Duty of Care Act is more in line with the French Duty of Vigilance Law (2017) and imposes duties to act , i.e. wide-ranging compliance obligations for all industry sectors. A similar – comprehensive – approach is projected at the EU level and it will be interesting to see in what details it differs from the national route taken by Germany.
It is evident that the planned German Act will have significant impact on the groupwide risk management and compliance systems as well as business models, supply chain partners and future investment decisions. It will strongly shape Germany’s compliance landscape since many of the stipulated obligations form for the first time in Germany explicitly legally binding compliance duties without being limited to specific industries. This development might reflect a general trend and is in line with the proposed Corporate Sanctions Act in Germany, which also highlights the importance of compliance systems.
Although, the German Supply Chain Duty of Care Act will only become effective in 2023 companies should already ask themselves whether their compliance management systems are sufficiently equipped to deal with human rights risks and whether the compliance system may be (further) expanded in this respect. In addition, the structure and transparency of a company’s contract management will become key in order to being able to fulfil the requirements for due diligence vis-à-vis suppliers.
A lack of awareness in this respect can – especially due to the interconnectedness of many compliance issues – result in considerable liability risks, let alone reputational risks.