The Supply Chain Sourcing Obligations Act - A Critical Appraisal
Since this year at the latest, the Supply Chain Compliance Act has been occupying many companies and especially their risk management functions. What at first sounds long and unwieldy has been analyzed by Christian Grabner to see whether it will achieve its goal.
Before talking about the law, it is necessary to clarify what it is called in the first place. So far, I have already encountered many terminologies:
1. Delivery law
2. Supply Chain Act
3. Delivery Obligations Act
Generally, the law is called the Supply Chain Sourcing Obligations Act (Lieferkettensorgfaltspflichtengesetz) - a word with 36 letters after all. The word, which is sure to make it into the German Duden dictionary, is thus in a tie for second place among the longest words. Together with the German term for "motor vehicle liability insurance" (Kraftfahrzeug-Haftpflichtversicherung), it is only behind "attention deficit hyperactivity disorder" (Aufmerksamkeitsdefizit-Hyperaktivitätsstörung), which has 44 letters. Incidentally, the law is correctly called the “Act on Corporate Due Diligence in Supply Chains” (Gesetz über die unternehmerischen Sorgfaltspflichten in Lieferketten) - so much time must be allowed.
But what is this law really for?
The intention of the legislator is to be supported in principle. It intends to establish the assumption of responsibility for the supply chain in the areas of human rights and environmental protection from 2024 onwards for a company size of 1,000 employees or more. This is fundamentally correct and understandable.
Will it bring the hoped-for improvement in human rights, working conditions and environmental protection?
To do this, it would first be important to know the central elements of the LkSG (I'll abbreviate that at this point 😊) and to understand their mechanisms:
1. Policy Statement
This document must be approved by the management. It contains the prioritized requirements or expectations for the own company as well as the partners in the direct and indirect supply chain with regard to the protection of human rights and the environmental.
2. Measures and reporting
The following must be reported to BAFA (Federal Office of Economics and Export Control) in an annual report:
a. Identified risks with regard to human rights and environmental protection
b. Measures to prevent, reduce or minimize risks
c. Evaluation with regard to impact and effectiveness of initiated measures
d. Conclusions with reference to the policy statement
First of all, provider and risk management functions in companies will groan about the additional regulation. This is a new legal-regulatory requirement with content that specifically involves the complexity of also assuming responsibility for companies with which one does not have a direct contractual relationship.
A useful - but unfortunately probably not functional - test is that of the effectiveness of the measures implemented. Companies must demonstrate whether what they have done to counter the identified risk is having the desired effect.
But the crux of the matter, as is so often the case, is in the details: an audit only needs to be undertaken if a risk has been identified. What does that mean?
In practice, it could then go as follows:
A declaration of principles is adopted (1), measures on human rights and environmental protection are derived (2) and checked for effectiveness (3). Companies grant each other a mutual right to audit (4), the implementation of which is waived by reference to the proportionality principle (scarcity of resources). In addition, it is contractually agreed that the contractor will submit a risk report to the supplier once a year. However, the risk report is permanently without risks because there is no "suspicion" - after all, no one is looking.
The only way out of risk abstinence? The reporting or complaints body to be created AND whistleblowing, although the challenges with the latter are a completely different issue.
What will happen is what always happens in such cases: new mechanisms are "pulled in" in provider and risk management, measures are defined, reporting systems are set up and many pages of "digital paper" are published on what one is doing in the two dimensions of environmental protection and human rights. The more one produces, the more profoundly one has supposedly checked against the LkSG and fulfilled one's "due diligence obligations".
The intention is good but in my opinion it is just another regulatory "stick" that companies have to jump over - for the sake of the people who suffer from the conditions this law addresses, let's hope I'm wrong.
Author: Christian Grabner