What Is the German Supply Chain Act (LkSG)?
The German Supply Chain Act, known in German as the Lieferkettensorgfaltspflichtengesetz (LkSG), is the first legislative step that legally obliges companies established in Germany to protect people and the environment connected to their global supply chain operations. Passed by the German parliament on June 11, 2021, the law came into force on January 1, 2023. It is part of a growing global body of legislation aimed at ensuring that companies take responsibility for their supply chains, joining similar laws such as the French Corporate Duty of Vigilance Law and the UK Modern Slavery Act. The LkSG is the latest act in a series of rolling regulations companies must follow in order to demonstrate corporate social responsibility and the protection of human rights. Unlike predecessor laws in other countries, Germany's approach is particularly rigorous: the Federal Office for Economic Affairs and Export Control (BAFA) has been clear in its authority and intent to audit companies in relation to the LkSG — a significant difference from regulations such as the Dutch Child Labour Due Diligence Law or the French Corporate Duty of Vigilance Law, which provide governing bodies with little to no independent auditing authority. The law broadly defines "supply chain" to encompass all steps required in producing a company's products and providing its services — from the extraction of raw materials through to delivery to end customers. It covers companies operating in all sectors, including manufacturing, agriculture, mining, and construction. The protected human rights areas include child labor, forced labor, slavery, torture, discrimination, wage withholding, and occupational health and safety violations, while environmental protections cover issues such as the use of mercury and the handling of certain types of hazardous waste.
The law's scope is broad and continues to expand, reaching companies headquartered or operating in Germany across all industries.
The LkSG initially applies to companies with more than 3,000 employees that have their central administration, principal place of business, administrative headquarters, or statutory seat in Germany — employees posted abroad are included in this number. The law also applies if a company has a branch office in Germany with more than 3,000 workers physically located there. Beginning in 2024, the scope expanded to include companies with 1,000 or more employees. Importantly, the law does not only affect German-headquartered companies. Any business that supplies goods or services to Germany should be aware of its requirements, as businesses that supply to a large German company will likely need to send and track large amounts of detailed ESG data to their German customers in order to continue doing business with them. Having a centralized repository of human rights and ESG information, as well as evidence of efforts taken to remedy risks or violations, will be necessary for continued business in Germany. The reach of the LkSG is also multi-tiered. Due diligence obligations apply to a company's own business area, to the actions of direct contractual partners, and to indirect suppliers as well. A company must carry out risk analysis and preventive measures on an indirect supplier if it has substantiated knowledge of a human rights or environmental-related violation there.
The law demands active, documented, and ongoing due diligence — passive policies and questionnaires are not enough.
The core of the LkSG is its set of due diligence obligations. Companies must establish an appropriate and effective risk management system to identify, prevent, mitigate, and eliminate human rights or environment-related risks and violations. Zero tolerance policies, vendor agreements, and supplier questionnaires alone will not suffice — the law requires active monitoring and mitigation at every tier of the supply chain. Companies must also conduct a formal risk analysis at least once a year, as well as on an ad hoc basis whenever there is a significant change in the supply chain, such as the introduction of new products or a new business field. Section 6 of the LkSG requires companies to issue a policy statement on their human rights strategy, defining expectations placed upon both employees and suppliers and outlining appropriate preventive procurement strategies and purchasing practices. Additionally, companies must establish a formal complaints procedure that allows for the reporting of violations related to both direct and indirect suppliers. Annual reports on the fulfillment of due diligence obligations must be submitted to BAFA no later than four months after the end of the fiscal year and published on the company's website for a period of seven years. Companies should be prepared to show proof of action and the criteria according to which they assessed risks and implemented measures.
Substantial fines, public naming, and exclusion from public tenders make LkSG compliance a business-critical priority.
Companies that fail to comply with the standards outlined in the German Supply Chain Act face serious consequences. Financial penalties and fines can reach up to 2% of annual global revenues for large companies, and non-compliant companies may be excluded from public tenders for up to three years. The law also provides that companies violating due diligence obligations may be publicly named, which can cause significant reputational and brand damage in an era when customers and investors increasingly scrutinize ethical sourcing practices. The LkSG is an important step forward in the fight against forced labor and other abuses in global supply chains. It serves as a reminder that businesses have not only moral but also legal obligations when it comes to human rights and environmental protection. The German government's willingness to back these obligations with real enforcement authority signals a new era of corporate accountability. For companies seeking compliance, the path forward requires a demonstrably proactive approach: measuring and mapping supply chain risks before a risk event occurs, designating a responsible internal officer for oversight, engaging meaningfully with suppliers, and maintaining thorough documentation of all risk mitigation activities. Technology-driven solutions that use spend data and AI-based risk modeling to trace and assess suppliers up to the deepest tiers are increasingly essential, as most global supply chains are far too large for manual data collection to be viable.
*not sales material disguised as 'resources.'