Blog series: Supply chain due diligence in practice
At IntegrityNext, we have developed a comprehensive five-step process that allows companies to meet all the critical due diligence requirements of the German Supply Chain Act with minimal effort. This blog series sheds light on insights gained from customer projects throughout the process and concludes with an outlook on what can be learned for the upcoming EU Corporate Sustainability Due Diligence Directive (CSDDD).
You can find the first three parts of our blog series here.
The German Supply Chain Act at a glance
The German Supply Chain Act came into effect on January 1, 2023. It requires companies with at least 1,000 employees to carry out human rights and environmental due diligence on their upstream suppliers. Its overall goal is to prevent human rights violations and environmental harm along global supply chains. Companies must meet nine key requirements, including conducting regular risk analyses, implementing preventive and corrective measures, and reporting on their actions.
The IntegrityNext due diligence approach
The IntegrityNext five-step due diligence process (see Figure 1) provides an end-to-end solution for regulatory compliance and is based on internationally recognized frameworks such as the OECD Due Diligence Guidance for Responsible Business Conduct.
- Step 1 helps companies perform a baseline assessment to pinpoint relevant adverse impacts that may exist along the supply chain.
- Step 2 identifies high-risk areas and critical suppliers, enabling companies to prioritize resource allocation and required actions.
- Step 3 focuses on action and improvements. When negative impacts are detected, companies should develop and implement targeted preventive or corrective measures to address these issues.
- Step 4 involves the monitoring of progress and documentation of results to determine whether the due diligence strategy needs refinement.
- Step 5 ensures comprehensive reporting on the due diligence process, including actions taken, in accordance with legal requirements.
Figure 1: The IntegrityNext supply chain due diligence process
Step five: Report & Communicate
In the final step of the due diligence process, companies must report on the human rights and environmental impacts they have identified, along with the preventive and remedial measures implemented in response. These measures should be evaluated based on criteria such as appropriateness and effectiveness, enabling companies to derive insights for their policy statements and inform future actions.
Companies subject to the German Supply Chain Act are required to prepare an annual report detailing compliance with the law’s due diligence obligations and submit it to the Federal Office for Economics and Export Control (BAFA) within four months of the end of the financial year. Once submitted, this report must be made publicly available on the company’s website for a period of seven years. Companies must also retain all related documentation for seven years, although public disclosure of supporting materials is not required.
In light of the forthcoming Corporate Sustainability Reporting Directive (CSRD), BAFA has announced that it will begin verifying whether companies have prepared and published reports under the German Supply Chain Act starting on January 1, 2026. Companies that miss previous submission deadlines will not face sanctions if reports are provided by December 31, 2025. This decision, however, does not affect the requirement to meet other due diligence obligations outlined in the law.
Companies subject to the CSRD may choose to delay submitting their BAFA report until after completing their CSRD report, as the latter covers overlapping reporting obligations. Still, companies not subject to the CSRD should aim to submit their BAFA reports as soon as possible.
Reporting challenges
Reporting in accordance with the German Supply Chain Act presents significant challenges for companies. A key issue is the extensive amount of granular data points required, many of which are specific to the German law and cannot be addressed by complying with other reporting frameworks. These data requirements often necessitate input from multiple departments, including those not traditionally involved in sustainability reporting.
This process is further complicated by the lack of detailed guidance from BAFA, for example in areas such as risk identification and supplier prioritization. Without clear definitions and instructions, companies must establish their own rules and standards while ensuring compliance with the Act’s documentation requirements. As a result, organizations often need to dedicate significant resources to cross-departmental collaboration and the improvement of internal workflows.
Key lessons from our customer projects
Based on numerous successful customer projects related to the German Supply Chain Act, we have identified key insights for addressing the challenges of reporting:
- Explore industry best practices: Completing the BAFA questionnaire for the first time can be difficult. To simplify the process, review best practice examples from similarly sized companies in your industry and learn from their approaches.
- Analyze reporting requirements early: Proactively reviewing BAFA’s reporting requirements at the outset is crucial. This enables the development of a strong internal compliance strategy and helps streamline data collection.
- Strengthen cross-departmental collaboration: The data collection process requires clear ownership and collaboration across departments. Identify which teams – such as procurement, sustainability, IT, HR, marketing and communications – are responsible for delivering specific data points and ensuring proper documentation.
- Complement BAFA data with relevant KPIs: Enrich BAFA-required data points with additional quantitative KPIs to support internal performance measurement and track progress over time. For instance, you could monitor trends in the number of high-risk suppliers, implemented measures, or improvements made.
- Maximize the value of BAFA data: Beyond compliance, recognize the strategic value of key data points to assess and optimize risk management procedures. Repurpose the collected data for corporate sustainability reporting, case studies, or other marketing materials.
The IntegrityNext due diligence solution helps companies navigate the complexities of the BAFA questionnaire and reporting requirements by providing relevant analyses, KPIs, and methodological descriptions directly through our platform.
To learn more, schedule a demo with one of our experts and explore how IntegrityNext can support your compliance efforts.
Request demo