Many US-based multinationals are subject to the German Supply Chain Due Diligence Act, which is commonly known by its German acronym, the LkSG.
Over the last couple of weeks, Germany has dashed any hopes for a quiet end to the summer. The Federal Ministry of Labor and Social Affairs has published a draft bill that proposes to eliminate annual LkSG reporting and scale back enforcement. In addition, the Federal Office for Economic Affairs and Export Control, or BAFA, sent companies – including many US-based multinationals – an information request concerning selected elements of LkSG compliance. These developments are further discussed in this post.
The LkSG requires larger German companies – including German subsidiaries and branches of US-based and other foreign multinationals – to assess and address human rights and environmental impacts in their business and supply chains. The LkSG took effect on January 1, 2023, although a large number of additional companies were scoped in for 2024 as the employee threshold stepped down from 3,000 to 1,000 employees in Germany.
LkSG Amendments Proposed
In April, Germany’s new coalition government announced plans to scale back the LkSG pending the effectiveness and transposition of the EU-wide Corporate Sustainability Due Diligence Directive. The coalition agreement committed to abolishing the LkSG’s annual reporting obligation. The agreement also contemplated that sanctions will not be imposed for failing to meet the LkSG’s due diligence obligations, except in the case of severe human rights violations. The coalition agreement is further discussed in this Ropes & Gray post.
The proposed amendments published last week are intended to give effect to the coalition agreement. The draft bill is available here (in German).
Annual Reporting
The LkSG currently requires that subject companies annually report on the fulfillment of their due diligence obligations in the previous fiscal year. Under the statute, companies are required to report within four months after their fiscal year end. However, BAFA effectively suspended this requirement in 2024. BAFA’s FAQs indicate that it only will begin checking from January 1, 2026 whether annual LkSG reports have been submitted and published, even if due prior to that date, and that BAFA will not impose a sanction on enterprises that fail to meet an earlier deadline if the report is submitted by December 31, 2025.
The amendments propose to eliminate the annual reporting requirement in its entirety. This change would apply retroactively to January 1, 2023, the commencement date of the LkSG. This would mean that companies that have not yet prepared an annual report for 2023 or 2024 (most companies) would not be required to do so.
However, since the CSDDD contemplates reporting, the respite from reporting will be temporary, albeit long.
Enforcement
As also contemplated by the coalition agreement, the amendments would scale back the LkSG’s administrative fine provisions. Fines would be focused on failures to take required measures to address human rights violations.
The Amendments in Context
The amendments are narrow and targeted, to address the coalition agreement.
Accordingly, subject companies still will be required to, among other things, have a risk management system, have a responsible person for compliance, perform regular risk analyses, issue a policy statement, take required preventive measures and remedial actions and have a complaints procedure. In addition, companies still will be required to document the fulfillment of their due diligence obligations and retain that documentation.
The more comprehensive overhaul of the LkSG will occur in connection with Germany’s transposition of the CSDDD. However, the details of the CSDDD and the timing of transposition are still up in the air. The CSDDD will be amended as part of the EU’s Omnibus simplification process. Negotiations over the CSDDD amendments are ongoing. See our post here for a discussion of the European Commission’s Omnibus proposal and here for a discussion of the Omnibus negotiating position adopted by the Council.
BAFA Sends a New Round of Information Requests
Underscoring that most of the LkSG will remain in effect for some time to come, BAFA has in the last couple of weeks sent out form letters requesting information on company due diligence practices. The requests are focused on company risk analyses and the policy statement required by the LkSG. The letter requests answers to more that 20 discrete questions, organized into six main questions (five of which pertain to risk analyses).
This is not the first compliance sweep conducted by BAFA. Shortly after the LkSG took effect in 2023, BAFA requested from many companies information on their designation of a person responsible for risk management and on their complaints procedure. These are both LkSG requirements. In some cases, BAFA sent follow-up information requests and expected companies to strengthen their compliance procedures.
Responses to the current BAFA request are due on September 19. Because of late August vacations, at many companies, the letters are just starting to make their way to the relevant compliance personnel. There are likely many companies at which this still has not yet occurred.
Among other things, BAFA is seeking information on the following:
Risk Analyses
- The periods for which regular risk analyses have been carried out.
- The steps and methods of the most recent regular risk analysis, including specifically:
- The steps taken to prepare the risk analysis and the methods used (e.g., risk mapping);
- The internal and external sources used as part of the abstract risk assessment;
- How risks were identified, weighted and prioritized as part of the concrete risk assessment, including the process and sources used and the extent to which direct suppliers were involved in the process; and
- How the interests of potentially affected persons were taken into account, including how findings from the complaints procedure were integrated.
- Separately for the subject company’s own business and its direct suppliers, the results of the last completed regular risk analysis, by country and industry, including:
- The risks identified;
- How the identified risks were weighted; and
- Which risks have been prioritized.
- Whether event-related risk analyses were carried out and, if so, what prompted the analysis, the process and the results.
- To whom risk analysis results were communicated and when and how.
Policy Statement
- Whether a policy statement has been prepared and, if so, when it was first prepared and last updated. BAFA has requested that the current version of the policy statement and where it is available be provided to BAFA.
