News from Brussels:The EU Supply Chain Directive

A large proportion of human rights violations and environmental damage is caused by the economic sector.. The European answer to this is the Corporate Sustainability Due Diligence Directive, short but no less unwieldy: EU Supply Chain Directive or CSDDD / CS3D.. If companies in the EU have more than 1,000 employees and a turnover of more than 450 million euros, they are now subject to a significantly stricter obligation to actively protect human rights and theenvironment. They will be obliged to monitor the social and ecological impact of their extended supply chain and their own business operations. The directive adopted by a majority of EU countries thus tightens the legal situation that has applied in Germany to date.

The EU Supply Chain Directive in brief

What are the social and environmental impacts of our supply chain? In the future, companies will have to face this question in addition to the other challenges of economic life. The EU Supply Chain Directive (often referred to as the Supply Chain Act) standardises a comprehensive self-analysis of the entire value chain. Own products and services as well as direct and indirect suppliers must be analysed and the results and measures taken must be documented. In addition, companies must also publish their implementation of the Supply Chain Directive annually.

In view of the far-reaching implications for EU companies, the legislative process was more than swift: After the EU Commission presented its proposal for a directive on corporate due diligence in the area of sustainability in February 2022, agreement on a draft text between the Parliament and the Council was announced in December 2023. This significantly extends the duty of care of companies beyond environmental protection to the area of human rights. Strengthening responsibility and minimising the impact of entrepreneurial activity are the declared objectives of the draft.

However, this was criticised by numerous EU member states due to the far-reaching obligations for companies and the bureaucratic burden. When Germany announced an abstention for the planned final vote in February 2024 under pressure from the coalition party FDP, this was suspended by the Belgian Council Presidency. However, the unanimous opinion is that there is no doubt that the ‘EU Supply Chain Directive’ or ‘Corporate Sustainability Due Diligence Directive’ (CSDDD or CS3D for short) will be adopted. There is also no doubt about the necessary approval by the EU Parliament in April / May 2024.

For companies, this means that the following timetable for the application of the new regulations can be assumed. Once the directive comes into force in May / June 2024, it will be transposed into national law in stages: European countries must have transposed the EU Supply Chain Directive into their national law by 2026. For Germany, this will mean adapting the existing Supply Chain Due Diligence Act (Lieferkettensorgfaltspflichtengesetz – LkSG). In 2027, the directive will become mandatory for companies with more than 5,000 employees (and more than EUR 1.5 billion turnover). This is followed by 2028 companies with more than 3,000 employees (and more than 900 million turnover) and 2029 companies with more than 1,000 employees.

Tightening of the German Supply Chain Act

For Germany, the EU Supply Chain Directive entails a significant tightening of the legal situation. Despite its high standards, the current Supply Chain Act falls short of the provisions of the EU Supply Chain Directive. The extension of the corporate duty of care to the entire value chain and the introduction of civil liability for breaches of the law are central to this.

Legal forms of the obligated companies

The only area in which the EU Supply Chain Directive falls short of the LkSG is the group of companies affected. This is defined much more clearly than in the Supply Chain Actwhich uses a company definition that is neutral in terms of legal form. In contrast, the EU Supply Chain Directive defines a scope of application according to legal form and company size. In future, the Supply Chain Act will therefore apply to limited liability companies, public limited companies and partnerships limited by shares.. Irrespective of the legal form, the effect will also extend to insurance companies and regulated financial companies.

Now ‘activity chain’ instead of ‘supply chain’

The EU Supply Chain Directive introduces the new legal concept of the so-called ‘activity chain’ and thus goes well beyond the scope of the Supply Chain Act. This only imposes responsibility on companies for ‘direct’ suppliers in the ‘supply chain’. Only in exceptional cases does it extend to responsibility towards indirect suppliers, namely in the case of justified knowledge of breaches of duty by the Supply Chain Act.

The responsibility based on the activity chain is completely different and much more far-reaching, which is why it should also be referred to as the ‘EU Activity Chain Directive’. This is divided into two central areas of entrepreneurial activity: the actions of upstream and downstream business partners and service providers. Responsibility for upstream service providers encompasses the highly complex structure of suppliers’ actions at all levels of economic activity. Be it the extraction and processing of raw materials, the manufacture and development of product components or the provision of other services. This is necessarily so far-reaching and comprehensive that companies are now generally also responsible for the actions of indirect suppliers.

The responsibility for downstream business partners, i.e. the product marketing chain, introduced by the EU Supply Chain Directive is less complex but new in its approach. If services are provided directly or indirectly for a company, this company will also be responsible for this under the future Supply Chain Act. These are typically distribution and transport activities or disposal and product take-back.

The EU Supply Chain Directive therefore extends from the area of direct/indirect suppliers through the company’s own business activities (including those of subsidiaries) to the marketing and disposal of the product.

Human rights and environmental protection

Together with the introduction of the far-reaching chain of activities, the EU Supply Chain Directive also extends the existing scope of protection of human rights and environmental goods under the LCA. A specific list is provided in the annex to the guideline. For companies, however, even after the EU Supply Chain Directive, the central question that companies can ask themselves remains: ‘If we had to give a press conference today: Can we justify the actions of our company and our suppliers with a clear conscience with regard to the people and environmental goods involved?’

Due diligence obligations under the EU Supply Chain Directive

The due diligence obligations for companies arising from the EU Supply Chain Directive are most easily accessed via the OECD Guidelines for Responsible Business Conduct. This was adopted by the Directive and can be broken down into the following six steps: In the first phase, due diligence is integrated into the company’s actions by identifying problematic human rights and environmental situations, followed by the provision of remedial measures with the aim of preventing or mitigating the adverse effects. Finally, this action is communicated internally and externally.

Complaints procedure

One of the biggest challenges posed by the EU Supply Chain Directive is the newly designed complaints procedure. Although this already exists under the current Supply Chain Act, in future it must relate to the entire value chain. This brings with it a new, very large number of potentially authorised persons and bodies. All private individuals involved in the entire value chain as well as trade unions and other employee representatives are now entitled to access. Even organisations that are active in areas affected by the value chain are entitled to lodge a complaint.

This means that the companies concerned are obliged to set up a well-staffed complaints office. This is because the remedial measures demanded by the complainants will have to be assessed and implemented. However, the company management will not be able to completely outsource responsibility to them. This is because the directive also provides for the right of data subjects to meet with company representatives regarding their concerns. The complaints office will therefore have a key position in the company, which, in addition to monitoring the LkSG, must also organise the correct handling of complaints with the press office and management.

Effectiveness checks, monitoring, reporting obligation

The complaints procedure is only one part of the far-reaching package of obligations that companies will have to fulfil in future with regard to their chain of activity. The directive also stipulates a regular, annual and ad hoc audit obligation for companies. To this end, indicators must be defined that are used to track the measures taken and the general effectiveness of a company’s defined standards. The audits in turn entail processing and analysing the results and defining follow-up measures. For companies, this also means that in addition to evaluating specific incidents at suppliers, the general global political situation must be continuously monitored and analysed.

This annual review of the company’s supply chain situation is accompanied by a reporting obligation. Companies must now draw up and publish an annual report. In practice, this task can only be carried out in close co-operation with the Corporate Communications department in order to present a uniform image of the company’s actions to the outside world.

Authorised representative

The ‘Human Rights Officer’ of the Supply Chain Act is now replaced by an ‘authorised person’ to receive communications from the supervisory authorities. This is now mandatory and must be given the necessary powers, similar to a data protection officer. In addition, however, the duty to implement and monitor the obligations of the directive remains with the management. This introduces personal responsibility, which can only be delegated to a limited extent, even at the highest management level. This is intended to increase the effectiveness of the directiveby at least paving the way for personal liability of the management. The personal risk for the top management level in companies will be significantly increased by this regulation, and future legal developments will have to be closely monitored.

Sanctions and new civil liability

Like the Supply Chain Act, the EU Supply Chain Directive also provides for turnover-based fines. However, as these will have to be regulated by the respective member states, the German legislator is likely to orientate itself on the existing, equally far-reaching sanction options of the Supply Chain Act. However, the behaviour of companies in dealing with infringements is now explicitly taken into account when assessing the level of sanctions.

The Directive breaks new ground with the introduction of civil liability for breaches of the standardised duties of care. Although this must also be implemented in the respective national law, the resulting legal developments will be interesting to observe in the future. This is because the Directive itself now provides for liability for the failure to prevent or terminate potential or actual adverse effects of the company’s actions. This will find its way into the national laws of numerous EU countries. Liability under the Directive also extends to the actions of suppliers and subsidiaries; even indirect business partners are subject to a standard of liability, albeit a weaker one.

The central criterion for liability is the occurrence or failure to prevent adverse environmental and human rights impacts and the resulting damage. These in turn must result from non-compliance with the due diligence obligations under the Directive. It is already foreseeable that new types of constellations for civil proceedings will arise from the liability portfolio, which will offer plenty of scope for complex proceedings with numerous international parties in the future.

Recommendation

With the adoption of the final version of the EU Supply Chain Directive and the clear timetable for its entry into force, there is an urgent need for action on the part of potentially affected companies. This is because the new requirements go far beyond the existing legal situation under the Supply Chain Act in many respects. In particular, the new concept of the activity chain leads to the need for a far-reaching reassessment of the current supply chain situation of companies. This, together with the new liability elements and the large number of potential claimants and new players, leads to a complex liability situation that requires a great deal of time to deal with.

A solution approach

With our Business Partner Monitoring LkSG, you implement the EU Supply Chain Directive and the Supply Chain Due Diligence Act (LkSG) in a technically and legally secure manner.

Using intelligent questionnaires and automated data analysis, the software creates a risk index for each individual supplier. The 24/7 monitoring of human rights and environmental violations can be AI-supported based on your individual needs. Our lawyers are at your side with legal expertise and experience in all relevant compliance issues.

Your personal contact

Matthias SchulzSenior Sales Manager

You might also be interested in these articles

Lieferkettengesetz für den Mittelstand
Supply Chain Act: SMEs under observation
Learn more
USB-Sticks
Attack through mobile storage media
Learn more