Coming soon: The German Supply Chain Due Diligence Act

Are you affected? Are you ready?

On the 1st of January 2023, Germany’s new Supply Chain Due Diligence Act (GSCA) will come into effect. Governments see the implementation of new regulatory requirements as a catalyst for positive change in global supply chains. The GSCA will affect all of a company’s products and services, from procurement to final delivery of the product or service to the customer. It will therefore have a big impact on the company itself and on its direct and indirect suppliers.

From 2023 companies based in Germany with more than 3,000 employees, or foreign companies with German-registered subsidiaries, will need to comply with laws that ensure social and environmental standards are observed in their supply chains. This law will expand to companies with more than 1,000 employees in 2024. Even small and medium-sized enterprises (SMEs) that are not directly affected by the new GSCA regulation are likely to work with larger companies who are, and they will therefore be faced with the need to meet the necessary requirements for suppliers, irrespective of their size.

Companies based in Switzerland need to be aware that they can be indirectly affected by these new regulations if they have a direct relationship with German companies or have parent companies based in Germany.

What GSCA will require you to do

The GSCA will be one of several upcoming regulatory changes in the European economic area. The aim of European governments and the EU is to speed up the introduction of sustainable practices and hold companies accountable for human rights violations and breaches of environmental standards. The GSCA requires companies to:

  • establish a risk management system (internal and for direct suppliers) to identify, assess, prevent, and remedy human rights and environmental risks in their supply chain
  • define compliance responsibilities by appointing a human rights officer and ensuring that senior management is updated on this issue at least once a year
  • perform regular risk assessments (at least once a year, and on the introduction of new products)
  • issue a policy statement in which the necessary GSCA procedures are described
  •  establish preventive measures in your own business area and for direct suppliers (e.g. trainings, internal policies, control measures to verify compliance with the human rights strategy outlined in policy statement)
  • take remedial action if a violation has occurred or is imminent. The action must prevent, stop, or minimise the violation
  • establish a complaints procedure for the company and direct suppliers
    implement due diligence obligations regarding risks at indirect suppliers
  • document and report on due diligence activities.

The penalties for non-compliance

A failure to meet GSCA obligations may result in fines (of up to 8 million euros, or 2% of annual global turnover for companies with turnover exceeding 400 million euros), exclusion from public tenders if the fine exceeds a minimum threshold, and civil liability action by harmed parties, NGOs, or even competitors. For now, the above obligations apply solely to the company and their direct suppliers. The only exception is if a company obtains knowledge of human rights or environmental violations by their indirect suppliers – then a risk analysis must be conducted. Moreover, it is likely that the regulatory scope will expand in the future to include indirect suppliers in a multi-tier supply chain, making it far more challenging.

What you need to do

With just weeks left before the implementation of the GSCA, it is essential to prepare rapidly and well. Companies need to respond appropriately, depending on their size and role.

For brand owners or original equipment manufacturers (OEMs) with 3,000+ employees, based in – or with a registered branch – in Germany?
Has the relevant data been gathered from direct suppliers? To do so, all global direct suppliers must be mapped. Typically, this can be done with procurement teams and with the help of any tool used to map and consolidate data on suppliers. Once there is a complete overview, a risk assessment must be conducted (at least once per year) on all direct suppliers and on the company in question.

Are you a supplier of a regulated company?

If any of your clients are companies subject to the GSCA, timely action to prepare the relevant data will prevent unnecessary pressure and avoid the risk of losing customers. One of the biggest challenges will be to set up the policies and processes that enable the requested information to be gathered, and to create awareness within your company. If you are unsure whether you are affected by the GSCA, and therefore unsure of the data you need to supply to your customers, now is the time to address these questions.

GSCA is just the start

Irrespective of your degree of readiness, the GSCA and other future regulations will require a strong dialogue and commitment with direct suppliers. A long-term commitment to share data and insights is needed, and key contacts must be established in case of emergencies.
When conducting risk assessments and gaining data and insights into direct suppliers, it may be tempting to stop there, as this is enough to meet the current regulations. But moving beyond direct suppliers to mapping your entire supply chain (including indirect suppliers), from raw material extraction to the last mile, will generate a wide array of benefits:

  • the foundation to tackle future regulations head-on, with lower investment and risks
  • the opportunity to be a leader for other companies, which is of excellent value to stakeholders
  • more informed decision-making
  • risk resilience

We urge companies to go beyond what is expected of them, to be innovators and lead by example, for the benefit not only of the company but also of all stakeholders.

How Deloitte Switzerland can help

If you are unsure about your readiness for the new GSCA, do not hesitate to ask for a Deloitte readiness assessment. We can help you to complete your journey with the help of our experts in sustainability, supply chain and risk advisory. Deloitte can also support you with an exposure assessment and help determine your next steps, including solutions for sharing large amounts of data.

Rather than applying short-term solutions, we recommend thinking long-term, together with Deloitte Switzerland, to build a better future, now. Contact us today to access our wide network of expertise.

Did you find this useful?