German Supply Chain Act: what companies will disclose

6 min readApr 22, 2024
Photo by Maheshkumar Painam on Unsplash

For the first time, about 600 companies with operations in Germany will disclose the details of their human rights due diligence processes. Under the German Supply Chain Due Diligence Act (Lieferkettensorgfaltspflichtengesetz, or LksG), companies with at least 3000 employees must publish reports outlining the human rights risks present in their supply chains and their efforts to mitigate them.

But what exactly are companies required to disclose?

While we are still waiting for the first reports to be published, a review of the LksG reporting framework suggests that disclosures will contain extensive information about companies’ human rights due diligence. Depending on the risks and violations companies identify, they will be asked to answer between eight and 36 questions (not counting sub-questions) designed to elicit detailed answers.

The information disclosed under the Act will create many opportunities for civil society: from holding companies accountable and supporting them in improving their due diligence efforts to enabling investors to make better decisions. Our goal at Wikirate is to ensure the accessibility of the data by making it available for free in a standardised format, allowing for comparison across companies and sectors.

To help you understand how this new data could serve your organisation or campaign, this blog offers practical insights into the reporting requirements of the German Supply Chain Act.

The German Supply Chain Act

The German Supply Chain Act, or Act on Corporate Due Diligence Obligations in Supply Chains (Lieferkettensorgfaltspflichtengesetz) entered into force in January 2023. In its first year of implementation, it only applies to companies with more than 3000 employees in Germany. In 2024, companies with at least 1000 employees will fall under the scope of the law, increasing the number of companies with reporting obligations to approximately 2800.

The first reports published under the Act will be available by the 1st of June 2024. In 2025, all reports will be submitted and published no later than four months after the end of the financial year. Reports must be published in German on companies’ websites.

The Federal Office for Economic Affairs and Export Control (Bundesamt für Wirtschaft und Ausfuhrkontrolle, BAFA) will monitor and enforce the application of the law. More information in English can be found on the government website.

Rights protected by the Act

The Act aims to protect a set of internationally recognized human rights that are at risk in global supply chains. Companies’ reporting will focus on the protection and potential violations of those rights in global supply chains:

  • protection against child labour, slavery, and forced labour
  • freedom from discrimination/equality in employment
  • protection against unlawful taking of land
  • occupational health and safety and related health hazards
  • prohibition of withholding an adequate living wage (the guidance specifies that the local statutory minimum wage is not always adequate; the Act does not prescribe any specific methodology for calculation, although it does recommend the Ankler Methodology and requires companies to be transparent about their calculations)
  • the right to form trade unions and workers’ representations
  • the prohibition of causing any harmful soil change or water pollution
  • protection against torture
  • ​​the prohibition of hiring or use of private/public security forces without an adequate command structure or proper oversight to prevent harm

Whose rights: communities and supply chain coverage

The Act seeks to protect any rightsholder affected by a company’s supply chain and operations. For example, communities or people impacted by unlawful taking of land, soil poisoning, or forced labour fall within the scope of the law.

The scope of the Act covers every tier of the supply chain, from raw materials extraction or production to the company’s operations. But while the Act applies to all workers in the supply chain, due diligence obligations vary for different tiers. Companies are required to conduct exhaustive due diligence for sections over which they have the greatest control, while occasional risk assessments are sufficient for tiers further down the supply chain.

The reporting framework breaks down the value chain into three sections, with different obligations associated with each tier:

  • Own operations: companies must conduct regular and comprehensive risk assessments along with in-depth risk evaluations when designing new products or expanding to new production countries.
  • Direct suppliers: similar obligations as for the company’s operations.
  • Indirect suppliers: companies are required to carry out “ad-hoc” or “occasional” risk assessments only if they have “substantial knowledge” of specific risks or violations. It is worth noting that, if risks in indirect suppliers are known to the company, the Act recommends including those areas in the regular risk analysis.

The reporting process

Companies will report to BAFA, the agency in charge of implementing and monitoring the law, by answering a series of questions in an online survey. To be compliant, they must publish the report automatically generated based on their answers to an online questionnaire. One of the consequences of this process is that the reports will all follow the same structure, which will considerably facilitate any systematic assessment and comparison between companies.

BAFA designed two surveys: a “short” and a “long” version. Which survey a given company has to complete depends on the answers provided to the first two questions:

  • If the company acknowledges finding risks or violations in its supply chain, it will be directed to the long survey.
  • If it reports identifying neither risks nor violations, it will be asked to answer six questions, mostly focused on the risk assessment process and grievance mechanism.

We expect companies operating in sectors presenting widespread and well-documented human rights risks (e.g. electronics, automotive, food production) to complete the longer survey.

Some questions in the long survey are only submitted to companies if specific answers were provided to previous questions. As a result, the total number of questions companies have to answer will vary. However, most of the elements of due diligence will be covered in the reports; in most cases, additional questions are skipped if the company indicates that it has not identified risks or violations in specific tiers or reports it has not produced a Human Rights Policy.

Disclosure areas

To understand the kind of information that companies are likely to disclose, we looked at the questionnaire they will have to complete. The long survey is divided into five parts, covering the core elements of due diligence as outlined in the UN Guiding Principles on Business and Human Rights.

If you want more details about the questions asked, you can check the translation of the survey here. We summarised the questionnaire and its main components below, with some examples of questions that companies will have to answer:

The strategy and how it is embedded within the organisation:

  • Who is responsible for supervising the risk management process within the organisation?
  • Is the policy statement on the Human Rights Strategy available? How was it disseminated?
  • How is the Human Rights strategy embedded in departments or business processes?

Risk assessment and preventive measures:

  • Which risk assessment processes were used for regular risk analysis (in own operations and direct suppliers) and ad-hoc risk / occasional analysis (based on substantial knowledge of risks in indirect suppliers)?
  • Which risks were identified in own operations, direct and indirect suppliers?
  • Which preventive measures were taken in operations, direct and indirect suppliers?

Identification of violations and remediation measures:

  • Which violations were identified in the company’s operations, direct and indirect suppliers?
  • Which remediation measures were taken?
  • Did the violations lead to the end of the business relationship with the affected suppliers?
  • Have the violations been stopped or are they still ongoing?

Complaint mechanism

  • Which form does the complaint mechanism take?
  • Which whistleblower protections are in place?
  • How many complaints were received?
  • What type of grievances were lodged through the complaint mechanism?

Assessment of the risk management process:

  • How does the company assess the overall suitability and effectiveness of the approach to risk management?
  • What were the results of the assessment?
  • How are the interests of affected parties taken into account (e.g. employees, workers, communities) in the due diligence process?

Interested in using this type of data in your work? Get in touch with our team through




WikiRate is an open data platform powered by a community that collects, analyzes, & shares data on company sustainability. Let’s make companies better, together