• EQS Cockpit
  • Whistleblowing
  • Insider Management
  • Policy manager
  • Investor Targeting
  • Disclosure
  • Webcast
  • Career

Requirements in brief

Many European companies have passed regulations to anchor human rights and environmental standards in supply chains. In Germany, the Supply Chain Due Diligence Law (Lieferkettensorgfaltspflichtengesetz) came into force in 2023, the UK Modern Slavery Act has been in place since 2017, and other European countries such as France, Norway and Switzerland have since followed suit with similar regulations. All these laws are to varying degrees based on the United Nation’s Guiding Principles for Business & Human Rights, as first published in 2011.In 2024, the European Corporate Sustainability Due Diligence Directive is expected to be passed, this will further raise requirements from companies.

Who does the German law apply to?

The German Supply Chain Due Diligence Act (LkSG) applies to companies headquartered in Germany with more than 3,000 employees from January 2023. From 2024, the law will apply to companies with more than 1,000 employees. Foreign companies’ subsidiaries in Germany, who exceed these employee numbers, are also covered by the law. Foreign companies that sell to affected German businesses, along with small German businesses, also feel the impact. This is because the larger German firms under this law are asking their suppliers to follow the same rules.


How EQS Risk Manager supports your company: EQS Risk Manager helps you to safely implement your due diligence obligations and manage associated compliance risks – simply and efficiently.

Upload or transfer, and then manage relevant company/supplier data in the data center

  • Central collection of company-specific data, also for subsidiaries and (in)direct suppliers

a) Analysis and prioritization in the company overview

  • See which companies require closer examination or specific measures
  • Clear prioritization of further risk management efforts



b) Efficient management of multiple companies/suppliers with groups of companies​

  • Bundle companies with similar potential legal violations, for more effective action and management


a) Supplier evaluation and certificate requirements

  • Via the Risk Manager, suppliers are invited to join and self-evaluate on the EQS Partner Integrity Hub
  • Result: Assessment of LKSG conformity / Validation by certificates​



b) Complementary manual risk assessment for specific high-risk suppliers​​

  • Implementation and documentation of a focused risk analysis in accordance with the LKSG



c) Assignment of potential legal violations to individual suppliers​

  • Supplementing the focused risk analysis by documenting the feared violations of the law with the help of the 
    violations register


a) Organization of measures with integrated task management​

  • Planning of selected preventive measures for the respective company or group of companies​
    Basis: register of measures
  • Pre-filled register of measures serves as a starting point for the assignment of measures​


Grievances and ad-hoc remedial measures can be organized, documented and connected to ongoing risk management​

  • Automatic transfer of relevant grievances from the EQS Integrity Line​
  • Linking incoming grievances with risk groups, companies and measures


Effectiveness control based on the evolution of risk assessments over time​

  • Regular and event-related risk analyses are documented and, if necessary, archived
  • The traceability of risk development over time makes it possible to monitor the effectiveness of measures


The traceability of risk development over time makes it possible to monitor the effectiveness of measures.​

  • Simple reporting based on continuous documentation in a dedicated reporting function​


Your benefits


Run your risk analysis without additional manual effort and without prior risk assessment knowledge.


Get a smart overview of potential measures to mitigate the most prevalent human and environmental risks.


Simplify the implementation of risk prevention measures through integrated procedural recommendations.


Speed up your reporting with pre-filled report forms.


Fulfil your documentation obligation through activity logging and continuous archiving of the measures taken.


Control the effectiveness of risk management measures by comparing before and after with the help of archived risk analyses.

Partner Integrity Hub

Partner Integrity Hub is a powerful new addition to the Compliance Cockpit, designed to simplify and expedite the supplier evaluation process. This product empowers you to request evaluations from multiple suppliers with just one click and analize their degree of compliance with common supply chain due diligence standards and laws.


Your benefits:

  • You understand the maturity of your business partners‘ management of key social, environmental and governance (ESG) topics.
  • Business partners improve their trust and reputation, by informing customers and other stakeholders of compliance and ESG practices.
  • You obtain benchmarks for good practices, supporting the continuous improvement of social, environmental and governance practices across the value chain.

How does Partner Integrity Hub work?

You send suppliers an invitation to the Partner Integrity Hub directly via the Risk Manager. They receive an invitation email and then register via a 2-step registration process.

Suppliers self-evalatue via questions on key ESG topics to receive a maturity score across multiple areas, as well as an overall maturity score. Afterwards, they can upload their certificates.

Evaluation results are summarized in a ready-to-share company profile and also shown in the Risk Manager. Afterwards, you can analyze the supplier evaluation results for further risk management efforts.

EQS Risk Manager is part of Compliance COCKPIT – the digital compliance platform for all your workflows.

Find out how this platform can simplify your daily compliance work!

Customers who trust our Compliance COCKPIT solutions:
Reference Puma | EQS Group

You have questions? We have answers!

1. What role can the risk manager play in my wider company risk management?

The risk manager plays a crucial role in the overall non-financial risk management of your company, particularly addressing Supply Chain Due Diligence, requirements . As such, it helps you comply with specific regulations such as the German Supply Chain Due Diligence Law (Lieferkettensorgfaltspflichtengesetz or LkSG), or other nationally relevant supply chain due diligence regulations.

2. How much can we customize the risk manager to fit our existing risk management processes?

The risk manager is primarily designed to help users comply with common supply chain due diligence requirements, e.g. those of the German Supply Chain Due Diligence Act, of similar supply chain due due diligence laws in other countries, or of the UN’s and OECD’s related requirements. The user can also customize the types of potential legal violations managed in the system, as well as the measures to manage risks of violations. This opens a broad range of further application possibilities in regards to the management of other compliance risks. However, the tool is not intended for the management of commercial risks.

3. Which industries or sectors can benefit from using the risk manager?

The risk manager can benefit companies across all industries, sectors, and countries. It offers users the flexibility to incorporate industry or sector-specific violations and measures, ensuring wide-ranging applicability. It also contains abstract risk ratings for all major sectors.

4. Does the risk manager provide comprehensive risk management solutions, including financial risk management?

The risk manager is a comprehensive non-financial risk management solution, particularly focused on addressing human rights and environmental risks. It is specifically tailored to prioritizes risks based on criteria such as the potential number of affected individuals, the severity of effects, the probability of occurrence, and the potential for remediation.

5. How can the risk manager help me prioritize my efforts to manage risks?

The risk manager offers several features to assist you in prioritizing your efforts to manage risks effectively:

  • a. Abstract Risk Calculation: The system automatically calculates an abstract risk score for suppliers based on country and sector as soon as they are uploaded to the risk manager.
  • b. Filtering Capabilities: The risk manager allows you to filter suppliers based on various criteria for e.g., abstract risk, spend, number of employees, country, sector, and user tags. This enables you to focus on suppliers that may pose higher risks or are of greater significance to your organization.
  • c. Supplier Evaluation: For additional information on your suppliers, our supplier evaluation feature enables you to efficiently obtain further first-hand information from your suppliers, helping you to assess supplier-specific risks.



6. How does the risk manager help me report according to the German Supply Chain Due Diligence Act?

The risk manager continuously documents your due diligence efforts, including the risk analysis, its results, and the measures you take in order to manage risks. Based on this, the risk manager can automatically compile most of the answers to the questions which the BAFA (Bundesamt für Wirtschaft und Ausfuhrkontrolle) asks in it’s digital reporting platform.

7. Are there training or support resources available to assist users in maximizing the benefits of the risk manager?

Yes. The risk manager provides a range of training and support resources to assist users in their risk management efforts. This includes a comprehensive library of violations that encompass the protected positions defined by the LksG and a library of measures to effectively manage and prevent these violations. Furthermore, the risk manager includes a selection of templates such as the Declaration of Principles, training materials, and audit checklists.

8. Which languages are supported by the risk manager?

The risk manager is currently available for use in German and English. However, new languages will be added soon.

9. How does the risk manager ensure data security and confidentiality of sensitive information?

EQS Group supports compliance with the European Data Protection Regulation (GDPR) and other data protection regulations worldwide through various measures at the organizational, technical and functional level.

At the organizational level, through measures taken for information security and data protection in the form of a proper and certified ISMS according to ISO 27001 standards. This is subject to regular internal and independent audits.

Customers have the option to use both private or public clouds, with private clouds being offered in France, Germany and Switzerland.


10. How quickly can you get me started with the Risk Manager?!

The estimated timeline for implementing the risk manager, including supplier data upload and integration, typically ranges from 2 to 6 weeks.

Contact us

Thomas Krick
Thomas Krick

Managing Director ESG Solutions
+49 89 444430-207

Always stay up to date

Our EQS Compliance Compass newsletter brings you informative and thought-provoking articles from the world of compliance (noteworthy articles, white papers & more).

Subscribe to our free newsletter