• EQS Cockpit
  • Whistleblowing
  • Insider Management
  • Policy manager
  • Investor Targeting
  • Disclosure
  • Webcast
  • Career
Back to overview

EU Supply Chain Law Obliges Companies to Operate in a Fair and Sustainable Manner

The EU Supply Chain Law will require companies to respect human rights in their supply chains. Here is everything you need to know about the upcoming draft law.

by Kai Leisering 7 min

    On February 23, 2022, the European Commission presented its proposal for a law on corporate sustainability obligations – the Corporate Sustainability Due Diligence Directive (CSDD). European countries agreed on an EU-wide supply chain law in December 2022 and the next steps will occur in May 2023 at the European Parliament. The proposal aims to oblige companies to carefully manage social and environmental impacts throughout their supply chain, including their own business operations, and it goes far beyond existing legislation at national level. In many cases, national law has a focus on specific human rights violations such as in the UK where it is aimed at modern slavery.


    The new measures would also go beyond cross-sectoral legislation such as France’s law on the duty of vigilance and Germany’s forthcoming supply chain law with companies obliged to carefully manage social and environmental impacts throughout the supply chain, including their own operations. Given the far-reaching impact of the planned law, this is what it means for companies.

    What is the EU Supply Chain Law?

    The draft European Supply Chain Act requires EU companies to carefully manage social and environmental impacts along their entire value chain, including direct and indirect suppliers, their own operations, as well as products and services.

    The aim is to ensure compliance with applicable human rights standards and environmental protection in order to promote a fairer and more sustainable global economy as well as responsible corporate governance. Introducing the draft, EU Justice Commissioner Didier Reynders remarked that “only companies that do not harm the environment and fully respect human rights should operate in the EU”.

    The draft was adopted by the European Council in Decenver 2022 and the next step is for the European Parliament to agree on a position, something which is expected to occur in May 2023. EU member states will then have two years to transpose the Directive into their own national laws. Countries with their own laws, such as Germany where the new LkSG is set to come into force in January 2023, will have to revise and tighten up legislation.

    Who does the EU Supply Chain Law apply to?

    • European companies as well as organisations from other countries operating in the EU with 500 employees or more with a turnover of at least 150 million euros are covered by the law. This affects approximately 9,400 companies.
    • For high-risk sectors where the risk potential for both humans and the environment is especially high, the requirements of the directive must already be met by organisations with at least 250 employees and a turnover of 40 million euros. These include the textile and leather industries, agriculture and forestry, fisheries and mining. A transitional period of two years applies to these industries. That affects around 3,500 companies.
    • Small and medium-sized enterprises are not directly affected by the law, but indirectly, e.g. as suppliers of larger affected companies.
    • The following legal entities are to be covered by this regulation: stock corporations, partnerships limited by shares, limited liability companies, regulated financial companies and insurance companies.

    According to the law, what do companies have to observe?

    Affected companies must fulfill their corporate due diligence obligations along the supply chain with regard to human rights and the environment. In order to do so, the following steps must be implemented:

    • Identify actual or potential negative impacts on human rights and the environment. Then take appropriate measures to prevent, mitigate and remedy them. (For high-risk industries, this should only apply to serious human rights and environmental violations within the respective industry).
    • Due diligence must be integrated into company policies and management systems.
    • Companies must establish a procedure for complaints and ensure everyone along the supply chain can access it.
    • Transparent and public information on the fulfilment of a company’s due diligence obligations must be provided, including an annual report.
    • Companies with an annual turnover of more than €150 million must set out how they intend to contribute to the emission reduction targets of the Paris Climate Agreement through a transformation plan.
    • Supervisory and administrative boards are also required to pay attention to compliance and due diligence obligations and to obtain appropriate information from management.

     

    The due diligence obligation applies not only to an organisation’s own business activities or those of its subsidiaries, but equally to direct and indirect suppliers (provided it is an established or permanent business relationship) as well as the use and disposal of the goods produced.

    What violations are covered by the law?

    European companies have a responsibility to ensure that they themselves, users of their products and their suppliers do not violate human rights, biodiversity and the environment, for example by respecting:

    • Fundamental workers’ rights, as also set out in the core labour standards of the International Labour Organisation (ILO), such as freedom of association, prohibition of child and forced labour, equal pay, discrimination in employment and occupation, etc.
    • Human rights such as freedom and security of the person, physical integrity, legal capacity and equality before the law, privacy, spatial freedom, food and basic services, along with recreation and leisure 
    • Protection of biodiversity and ecosystems.
    • Protection of water and the air we breathe.
    • Combatting climate change.

    Using Germany’s Supply Chain Act or “Lieferkettengesetz” as an example, how does the new EU legislation differ?

    Europe’s largest economy passed its Supply Chain Duty Act or Lieferkettensorgfaltspflichtengesetz on 11 June 2021 but the EU Commission’s draft law goes far beyond it:

    • More companies, with 500 and 250 employees, respectively, fall under the European regulation. By comparison, Germany’s law only applies to companies with more than 3,000 employees (and more than 1,000 employees from 2024).
    • The EU directive requires companies to consider the entire supply chain as users and disposers of products and not only the direct suppliers as is the case with Germany’s law.
    • The new EU regulation contains a possible civil liability for managing directors of companies so those affected can sue for damages in European courts.

    What is the liability clause in the EU Supply Chain Law?

    EU companies are also held civilly liable under the Supply Chain Act if the violation of human rights or environmental protection was committed by a supplier with whom they work on a permanent or regular basis. Companies can be exempt from liability if they have concluded codes of conduct with trading partners and their compliance has been verified.

    How do companies best prepare for the Supply Chain Act?

    Companies must ensure compliance with the legal requirements not only for themselves and their subsidiaries, but also for their suppliers along the entire value chain, i.e., all activities related to the production of goods or the provision of services, including all upstream and downstream business relationships.

    Affected companies must therefore check exactly where the supplied goods come from, how they were produced and what consequences this had for the environment and climate. In the case of imports from third-world countries, checking the entire supply chain may well prove a greater challenge.

    In order to prepare for all the requirements of the new regulation in a legally secure manner, companies should conduct a continuous and comprehensible risk assessment. With the help of a flexible business partner audit as an integral part of the Compliance Management System (CMS), companies can simultaneously fulfil and document their due diligence obligations.

    Another proven component of the CMS is a digital whistleblower system which fulfils the requirements of the new regulation for implementing a complaint system. With both tools, the responsible departments are adequately and legally prepared for the requirements of the EU Supply Chain Act.

    What does the law mean for SMEs?

    Small and medium-sized enterprises are indirectly affected by the EU Supply Chain Act, because in the medium term, large companies will also oblige their suppliers to comply with due diligence obligations.

    However, this may well represent an opportunity for SMEs because the organisations clearly positioning and preparing themselves at an early stage will benefit from competitive advantages over their rivals. Nevertheless, this requires not only resources but also extensive know-how. Therefore, it makes sense, especially for SMEs, to rely on holistic solutions that digitally map these process and support them in complying with all requirements.

    In order to relieve the burden on SMEs, the law includes various support measures. For example, if necessary, the costs of complying with the requirements can be subsidised with state aid.

    The road to a European supply chain law

    The signs were green from the beginning. In December 2020, all 27 EU member states spoke out in favour of a European supply chain law. In March 2021, MEPs adopted a legislative proposal on corporate accountability and due diligence. The EU Commission then prepared a draft and presented it in February 2022.

    The next steps will see the proposal go to the European Parliament next May. Experts expect that it will still be debated intensively in the Parliament before the supply chain law is passed with possible new standards at some point in 2023.

    Criticism and demands for improvement

    There has been some criticism of the draft law, notably that it does not go far enough and still contains gaps.

    One point of criticism, for example, is that many companies fall far below the threshold value and will not be affected by the regulation as a result. Another fear being voiced by non-governmental organisations is that lobbyists will have a great deal of influence at EU level and that the adoption of the law will either take too long in the end or be severely weakened.

    Others fear an increasing burden for affected companies who have also suffered as a result of the Covid-19 pandemic, as well as an enormous amount of control and bureaucracy. Industry and business circles have also voiced concerns about competitive disadvantages due to too much regulation.

    Why do we need a European supply chain law?

    With millions of people working under inhumane conditions across the world where forced and child labour are the order of the day, this legislation is vital for protecting human rights and the environment. Wages below subsistence level are not uncommon while many people continue to work under life-threatening safety standards, suffering lifelong health consequences. The environment suffers as well, and this will have a devastating impact on the future and the livelihood of millions. Exploitation and environmental degradation remain an element of the supply chains of European companies.

    The trend towards inhumane working conditions is growing according to the European Centre of Human Rights, particularly in China, where the problem is becoming increasingly widespread, according to Amnesty International.

    • “25 million people are victims of forced labour” (Global Estimates of Modern Slavery)
    • “79 million girls and boys are affected by exploitative child labour” (BMZ)
    • “The wage share of a seamstress of a branded t-shirt is 0.6%”. (FairWear)
    The ultimate guide: optimising compliance risk assessment

    Utilising an integrated compliance solution offers a fundamental advantage in obtaining in-depth insights.

    Download now
    Kai Leisering
    Kai Leisering

    As Managing Director for Corporate Compliance at EQS Group, Kai Leisering is responsible for the EQS Compliance COCKPIT. As a proven expert, he has many years of experience in the compliance field. Kai regularly appears as a speaker at conferences and as a guest author in various industry media.

    Contact