Supply Chain Act: SMEs under observation

With the Supply Chain Act (LkSG), the legislator is focussing on companies with 1,000 or more employees. Nevertheless, the legal regulation also indirectly affects small and medium-sized enterprises (SMEs).. There is a considerable need for action here.

Decisions in the EU Parliament do not usually attract much public attention. One exception was the rejection of the EU Supply Chain Directive. It should already apply to companies with 500 employees and a global turnover of more than 150 million euros. The EU directive initially failed due to the veto of the FDP. However, after another attempt in mid-March 2024, the law found a majority in the EU Parliament – with Germany also abstaining from voting. The original version was also watered down. The EU act only applies after a transitional period of five years for companies with 1,000 employees or more and a turnover of 450 million euros. After three years, the requirements will initially apply to companies with more than 5,000 employees and a global turnover of 1.5 billion euros or more. In four years, companies with 4,000 employees and a turnover of 900 million will be affected. (more on this in the article ‘News from Brussels: The EU Supply Chain Directive’)

Since the beginning of 2023, German companies have had to comply with the Supply Chain Act. A new addition in Germany from 2024 is that companies with 1,000 or more employees worldwide must take a closer look at their suppliers. Above all, companies in Germany are responsible for violations of environmental standards, forced or child labour, from the raw material to the finished product.

No reprimands for violations of the Supply Chain Act

So far, the companies concerned have probably done everything right. For example, the responsible Federal Office of Economics and Export Control (Bafa) was unable to impose any sanctions in 2023, according to its own information. This is the result of 486 inspections carried out by the Bafa at companies. These sectors were particularly affected: Automotive, chemicals, pharmaceuticals, mechanical engineering, energy, furniture, textiles and the food and beverage industry. In addition, 78 checks were carried out on an ad hoc basis and independently of the sector.

Although the Supply Chain Act only applies to companies with 1,000 or more employees, small and medium-sized companies can come into contact with the requirements of the law more quickly than they would like. This is the case if it provides services or supplies products to another company that is itself subject to the obligations of the Supply Chain Act. This is because the SME is then considered a ‘direct supplier’ of the obligated company within the meaning of the Supply Chain Act.

Complicated demand from suppliers

Obligated companies obtain information from their suppliers for their risk analysis – this concerns, for example, information on identified risks or violations; whether the supplier carries out its own risk analysis and according to which method; on raw materials, semi-finished products and services used for the product or service; on operating sites of upstream suppliers.

Depending on the results of the risk analysis, the obligated companies may have to implement preventive measures at their suppliers. This could be training on an agreed supplier code of conduct or contractual control mechanisms. If the obligated companies identify violations of the provisions of the Supply Chain Act, such as child labour in the supply chain, they must endeavour to remedy the situation.

What SMEs can do in the event of an entanglement with the Supply Chain Act

If an obligated company requests data from an SME on the origin of products or on possible risks during production with reference to the obligations of the Supply Chain Act, suppliers should first pay attention to the justification. This should show that the obligated company is carrying out a risk analysis in accordance with theLkSG, what risks have been identified so far and what questions arise from this with regard to the risks for the specific supplier. should show that the obligated company is carrying out a risk analysis in accordance with the Supply Chain Act, what risks have been identified so far and what questions arise from this with regard to the risks for the specific supplier.

When transferring data to the obligated company, the supplier should check which information it must protect, for example because it concerns business secrets.

The obligations for the appropriate implementation of measures in SMEs must be concretised.

When requested to participate in preventive and remedial measures or when structuring a complaints procedure, SMEs should have it explained to them which risks have been specifically identified in their business area or supply chain, how the required cooperation can be fulfilled and whether and how the obligated company supports this with its own resources.

This applies above all to their own legal obligations.SMEs should not give a committed company a blanket contractual assurance that they will fulfil all obligations under the Supply Chain Act or guarantee compliance with all Supply Chain Act standards in their supply chains (for example, the assurance of ‘compliance with all human rights in the supply chain’). If an obligated party requests this, this may constitute a violation of the Supply Chain Act and, if the BAFA is notified accordingly, may lead to an inspection by the BAFA.

A solution approach

With our Business Partner Monitoring LkSG, you implement the EU Supply Chain Directive and the Supply Chain Due Diligence Act (LkSG) in a technically and legally secure manner.

Using intelligent questionnaires and automated data analysis, the software creates a risk index for each individual supplier. The 24/7 monitoring of human rights and environmental violations can be AI-supported based on your individual needs. Our lawyers are at your side with legal expertise and experience in all relevant compliance issues.