• Blog
  • IntegrityNext - Lessons learned from the German Supply Chain Act Part 5
The illuminated glass dome of the Bundestag in Berlin at night, showcasing its architectural design and interior walkways.
December 19, 2024
Magnus Petz
Connect on

Navigating the German Supply Chain Act with IntegrityNext: Outlook on the CSDDD

The fifth and final chapter of our blog series connects the German Supply Chain Act to the upcoming CSDDD, offering key lessons for achieving effective compliance with the European directive.

You can find the first four parts of our blog series here.

The German Supply Chain Act and the CSDDD at a Glance

The German Supply Chain Act came into effect on January 1, 2023. It requires companies with at least 1,000 employees to carry out human rights and environmental due diligence on their upstream suppliers. Its overall goal is to prevent human rights violations and environmental harm along global supply chains. Companies must meet nine key requirements, including conducting regular risk analyses, implementing preventive and corrective measures, and reporting on their actions.

At the EU level, on July 25, 2024, the Corporate Sustainability Due Diligence Directive (CSDDD) officially came into force. The directive sets strict requirements for large companies to identify, prevent, and address adverse impacts on human rights and the environment across their value chains. To comply, companies must implement robust due diligence processes, develop climate transition plans, and provide effective remedies for violations. EU member states are required to transpose the directive into national law by 2026, with a phased implementation schedule extending through 2029.

Comparing the German Supply Chain Act and the CSDDD

While the German Supply Chain Act and the CSDDD share the common goal of protecting human rights and the environment, there are notable differences in their scope, requirements, and implementation. In the following, we outline the main similarities and differences.

Due Diligence Obligations and Risk Management

The German Supply Chain Act and the CSDDD both aim to embed responsible business conduct in global supply chains. Similar to the German Supply Chain Act, the CSDDD outlines key steps for due diligence in accordance with the OECD Due Diligence Guidance for Responsible Business Conduct. These steps provide a structured framework for companies to identify, prevent, and address risks:
 
    1. Integrating due diligence into corporate policies and management systems.
    2. Identifying and assessing adverse human rights and environmental impacts.
    3. Preventing, mitigating, or ceasing actual and potential adverse human rights and environmental impacts.
    4. Evaluating the effectiveness of measures taken.
    5. Communicating findings and actions in an annual report. CSDDD disclosure requirements can be met by reporting in line with the Corporate Sustainability Reporting Directive (CSRD).
    6. Providing remedies for affected individuals.

Grievance Mechanism and the Role of the Human Rights Representative

Like the German Supply Chain Act, the CSDDD requires companies to establish a complaints procedure. However, the CSDDD extends its scope to the entire value chain, ensuring access for anyone who may be affected by adverse impacts - not just those linked to direct suppliers.

Companies must also appoint an authorized representative for handling communications with supervisory authorities, a role similar to the Human Rights Officer under the German Supply Chain Act.

Collectively, these measures underscore the CSDDD’s broader goal of ensuring accountability and transparency across corporate operations and value chains.

Stakeholder Engagement – A Distinctive Feature of the CSDDD

The CSDDD places a stronger emphasis on stakeholder engagement than the German Supply Chain Act and other European due diligence laws. It requires companies to actively engage a wide range of interest groups - such as human rights activists, environmental defenders, and worker representatives - at critical stages of the due diligence process, including:
 
  • Risk assessments
  • Preventive and/or corrective measures
  • Remediation efforts
  • Due diligence monitoring
Companies are expected to remain responsive to the concerns of affected communities and groups throughout their supply chains. Recognizing that direct engagement with every stakeholder may not always be feasible, the directive allows companies to consult credible experts or participate in industry and multi-stakeholder initiatives instead. The European Commission will issue guidelines to clarify stakeholder engagement requirements, ensuring companies fully understand their obligations.

Overview of Technical Requirements

While the two regulations share several similarities, they differ significantly in key areas, as summarized below:

 

German Supply Chain Act

CSDDD

Affected companies

Company headquarters: Germany

Employees: 1,000+

Company headquarters or significant operations in the European Union.

  • 2027: Employees: 5,000+ | Total Revenue: at least €1.5 billion
  • 2028: Employees: 3,000+ | Total Revenue: at least €900 million
  • 2029: Employees: 1,000+ | Total Revenue: at least €450 million

Non-EU companies are also affected if their total revenue in the EU exceeds €450 million.

Scope of value chain

Upstream supply chains and own business operations.

The main focus is on direct suppliers . Indirect suppliers must be considered in case of substantiated knowledge of risks or adverse impacts.

 

Large parts of the entire value chain:

  • All upstream suppliers
  • Own business units
  • Downstream activities, if carried out on behalf of the company, covering product distribution, transport, and storage

Underlying human rights and environmental frameworks

Various conventions and instruments designed to protect human rights.

Environmental frameworks focusing on mercury, persistent organic pollutants (POPs), and hazardous waste.  

Expanded scope covering human rights and multiple environmental frameworks, see Annex I and II of the CSDDD for a comprehensive overview.

Requirement to develop and update climate transition plan annually, in accordance with the goals of the Paris Agreement.

Liability

No civil liability

  • Fines: Up to €8 million or 2% of the average annual revenue

Civil liability within 5 years if harm occurs as a result of non-compliance with due diligence obligations

  • Fines: Up to 5% of the global annual revenue

Key Lessons for Companies

To meet the requirements of the CSDDD, companies should take proactive steps in the following key areas:
 
  • Adopt a risk-based approach: Unlike many national due diligence laws, the CSDDD prioritizes a risk-based approach aligned with international standards, enabling companies to focus their efforts on the most severe and likely risks. However, this requires a deeper understanding of their value chains, particularly in areas such as raw material procurement and manufacturing. To address this challenge, companies can collaborate closely with stakeholders, leverage advanced technologies like AI for enhanced risk analysis, or join industry initiatives to tackle identified supply chain risks effectively.
  • Ensure targeted supplier selection: Enforcing rigorous sustainability standards, for example via capacity-building measures, and prioritizing high-performing suppliers during onboarding allows companies to mitigate risks early on. By holding tier 1 suppliers accountable, companies can also amplify sustainability efforts, influencing lower-tier partners further upstream. This targeted approach enhances accountability and strengthens sustainability efforts throughout the supply chain.
  • Use the German Supply Chain Act as a foundation: Compared to the German Supply Chain Act, the CSDDD significantly broadens the scope of the value chain and tightens legal responsibilities. However, companies already implementing the German law, or parts of it on a voluntary basis, are well-positioned to meet the CSDDD requirements. This alignment offers a strong starting point as companies prepare to comply with the European directive.
  • Streamline data management: The expanded value chain scope under the CSDDD increases the need for high-quality, comprehensive data. To ensure reliability, companies should conduct annual risk assessments across countries, industries, and raw materials while continuously integrating critical supplier alerts. Leveraging specialized software can simplify data processing, improve risk analysis, and free up resources for more strategic tasks.
  • Ensure an end-to-end risk analysis: Under the CSDDD, companies must include upstream supply chains, their own business units, and relevant downstream activities in their risk analyses. Key stakeholders - such as supplier employees, NGOs, and local communities - should be involved from the outset. Their perspectives can provide valuable insights on potential risks and opportunities, shaping the entire risk management process.
  • Future-proof internal processes: Assign clear responsibilities early, allocate sufficient resources, and strengthen internal collaboration. To address the CSDDD’s expanded scope, adopt a cross-functional approach that involves sales, distribution, and human resources, alongside key departments such as sustainability and procurement. This alignment across teams facilitates data collection, streamlines risk analysis, and ensures the effective implementation of CSDDD requirements.

How IntegrityNext Can Help

The IntegrityNext platform provides a suite of solutions designed to ensure compliance with laws like the German Supply Chain Act and the CSDDD. Our Multi-Tier-Visibility solution enhances transparency across the entire supply chain – from raw materials to finished products - and delivers the insights you need to navigate complex due diligence requirements. The benefits of our solutions include:
 
  • Automation of the due diligence process
  • Extensive support for data collection
  • Establishment of a robust complaints procedure
  • Full transparency across the entire upstream supply chain to identify and mitigate risks
  • Comprehensive risk analysis and management of diverse ESG topics
  • Implementation of preventive and corrective actions with minimal effort
  • Documentation and reporting in line with legal requirements
  • Regulatory support from a dedicated ESG expert team
To learn more, schedule a personal demo and explore how IntegrityNext can support your compliance efforts.
 

Go back