German Supply Chain Law: Five Steps for Meeting the Legal Requirements

What can you do now to make sure you comply?

It’s the law: On January 1, 2023, Germany’s Act on Corporate Due Diligence Obligations in Supply Chains will come into force. Companies based in Germany will have to monitor for compliance to human rights mandates in their supply chains. Violations will be punished, resulting in fines and penalties, along with damage your company’s brand or reputation.

Our advice: Begin without delay. Make sure you can implement the requirements of the act successfully with riskmethods German Supply Chain Law BundleTM. Below, we’ve outlined five steps where riskmethods can support you. But first:

What You Need to Know: The German Supply Chain Act at a Glance

Graphic Supply Chain Act



Worldwide, 160 million children are in child labor, with 79 million in hazardous work. 10 percent of all child labor in Africa and 25 percent in Southeast Asia and Latin America takes place in export production. 25 million people are in forced labor. (Source: ILO; UNICEF, 2020)


The aim of the law is to improve protection of human rights. Companies in Germany must ensure that human rights are respected in their supply chains, for example, that no child labor or forced labor takes place.


As of January 1, 2023 for companies with more than 3,000 employees. As of 2024, for companies with more than 1,000 employees.

Icon Branchen im Fokus


Textiles, electronics, chemicals, food, automotive, metals, and mining

Icon Problemregionen

Geographic Zones

In particular: Sub-Saharan Africa, Asia, Pacific regions

Icon Pflichten


Complaint and risk management system, risk analysis & control, remedial & preventive actions, transparent supply chain, reporting obligations

Icon Sanktionen


Fines from €100,000 to €800,000, or up to 2% of annual turnover; penalty payment up to €50,000.

With The riskmethods Solution, we are well prepared for the requirements of the German supply chain due diligence law.
Gero Stüve, Head of Procurement, Rottendorf Pharma


Five Steps for Meeting the Legal Requirements of the German Supply Chain Act

1. §4 Establish a risk management system. Classic supplier assessment is good, but not enough here. Enterprises are responsible for continuously monitoring their supply chains and for reacting quickly to any violations. This applies to:

  • Business practices (such as exploitation, unfair trade, environmental damage)
  • Product quality (including conflict minerals)
  • Third parties (violations at logistics service providers, distributors)


The question is: Can you ensure end-to-end monitoring? Are your processes sufficiently focused on identifying, assessing, and mitigating (compliance) risks?


2. §5 Conduct regular risk analysis Regular risk analysis is the prerequisite for identifying any weak points at the company's own sites, at indirect suppliers, and also at sub-tier suppliers.This requires a clear view of supplier compliance: "Know your suppliers." Many purchasing managers tend to focus on their top suppliers, but the risk may arise at the sub-tier level. If the upstream supplier has a problem, your supplier will have a problem. And that becomes your problem.

  • Customize scorecards to include all relevant data for your compliance process
  • Ask your suppliers for an assurance of compliance with the standards mentioned in the German Supply Chain Law
  • Monitor your supply base


The question is: Do you know where risk is hiding in your supply chain? Do you know what impact violations by one supplier can have on the entire supply network?


3. §6 Anchor preventative measures within the company's own business area and with direct suppliers and §7 Take remedial action If violations are identified, measures must be taken to minimize and avoid them. At least once a year, enterprises must check whether measures are being implemented. The law prescribes preventive measures for direct suppliers. The rule here is: The sooner a problem is identified, the faster you can react.

  • Proactively develop action plans to prevent and respond to violations
  • Use predefined action plans to respond quickly and efficiently to violations
  • Collaborate on remedial measures and document your activities as part of you reporting requirements


The question is: Do you have standardized processes so you can efficiently to coordinate preventive measures for minimizing or avoiding compliance risks? Do your plans extend throughout the company as well as to business partners?

4. §9 Perform due diligence regarding risks at indirect suppliers The law stipulates that preventive measures also address risks “at suppliers in the supply chain” of which one has substantiated knowledge.

  • Aim for visibility in your supply chains beyond your Tier 1.
  • Start with supply chains that are particularly critical in the sense of the German Supply Chain Law (such as for certain product groups)
  • Include sub-suppliers in continuous risk monitoring to be aware of violations
  • Work with your Tier-1 suppliers to ensure that the principles of the German Supply Chain Law are taken into account in supplier contracts with sub-suppliers.


The question is: Do you know the potential risks in your supply chain from indirect suppliers? Do you know what impact the breach of an indirect supplier can have on the entire supply network?


5. §10 Document and report remedial efforts The German Supply Chain Law requires accurate documentation of due diligence compliance. The riskmethods Solution serves as a data repository for regulations, standards, contracts, and internal policies. All supplier-related compliance data is thus available centrally. With dashboards and pre-configured reports, you can:

  • Easily export reports to prove that your procurement is meeting compliance standards
  • Document all activities performed to prevent and eliminate compliance violations
  • Save time and money by accelerating audits


The question is: Can you demonstrate compliance with the due diligence requirements for your stakeholders in the company and for German authorities (BAFA) with the help of a report?


How to Implement Supply Chain Risk Management with riskmethods

riskmethods German Supply Chain Law (LkSG) TM

riskmethods German Supply Chain Law Bundle includes all components to implement risk management, perform regular risk analyses in real time, and document alerts as well as preventive and remedial actions taken. The German Supply Chain Law Bundle consists of Compliance Incident Management, riskmethods Risk Radar and Action Planner modules, and is supported by a workshop about the German Supply Chain Act. You also have the option of an automated risk assessment of suppliers and third parties with a questionnaire tailored to the law’s requirements.

riskmethods German Supply Chain Law Starter PackageTM

riskmethods German Supply Chain Law Starter Package has been developed for smaller and medium-sized companies, enabling them to fulfill the legal requirements with a complete solution. This Starter Package contains products specially designed for Germany’s Supply Chain Due Diligence Act, including German Supply Chain Law Risk Radar. With this module, you can map your entire supply network on a digital world map. You have an overview of all supplier information required for regular risk analyses. German Supply Chain Law Risk Radar consists of a specialized indicator scorecard that monitors the risk areas relevant to the Supply Chain Act: labor practices, human rights compliance, environmental protection, regulatory and legal risks.

riskmethods Compliance Incident ManagementTM

riskmethods Compliance Incident Management offers three functions: Compliance Incident Tracking provides an automated list of ESG-related violations and enables remedial measures to be initiated and documented. Compliance Incident Reports are generated from the tracking data and are suitable for submission to the relevant regulatory authority, German Federal Office of Economics and Export Control (Bundesamt für Wirtschaft und Ausfuhrkontrolle - BAFA). Within the module, Compliance Incident Dashboard documents any ESG risk mitigation actions initiated and enables regular reporting.



Is your enterprise ready for the strict legal requirements of the German Supply Chain Law? What can companies do now to make sure they comply?

Free checklists:

Evaluate your existing supply chain risk management:

  • Checklist for Compliance with legal requirements
  • Checklist for due diligence compliance using riskmethods German Supply Chain Law BundleTM
  • Along with the checklists, you receive practical guidelines on how to effectively introduce supply chain risk management in six steps.

What You Need to Do: Establish a Supply Chain Risk Management Solution

Icon Risikodaten beschaffen


For regular risk analyses, you need to continually evaluate expert databases, government sanctions lists, social media channels, news portals, etc. Collecting and managing data requires a high degree of automation.

Icon Transparenz Liefernetzwerk


To understand risk at the sub-tiers, gain visibility across all levels of the supply network, not only Tier 1, your direct suppliers. Continuous, real-time monitoring is the key here.

Icon Risiken analysieren


Be aware of the potential impact of risks so you can take the right actions to mitigate damage. Proactively uncover vulnerabilities in your supply network.

Icon Analyse risks proactively


Prepare a catalog of action plans for various types of risk, including human and labor rights violations, but also natural hazards, political unrest, sanctions, strikes. You can react faster to violations or incidents.

German Supply Chain Law Checklists