Editor’s
Note: Mercedes is a recent graduate of the LL.B.
dual-degree programme English and German Law, which is taught jointly by
University College London (UCL) and the University of Cologne. She will sit the
German state exam in early 2022. In September 2020, she joined the Asser
Institute as a research intern for the Doing Business Right project.
I. What
happened so far
It
took Ministers Heil (Labour, SPD), Müller (Development, CSU) and Altmaier
(Economy, CDU) 18 months to agree on a draft for the Lieferkettengesetz (Supply
Chain Law) to be presented soon to the German Bundestag for legislative debates.
For an overview of the different proposals put forward by the Ministries and
NGOs, and political discussion surrounding them, please check my previous
blogs, which you can find here
and here.
You can also watch the panel
discussion on the Lieferkettengesetz that we organized in
November 2020 with Cornelia Heydenreich (Germanwatch), Miriam
Saage-Maaß (European Centre for Constitutional and Human Rights), and Christopher
Patz (European Coalition for Corporate Justice).
On
15 February 2021 the government’s “final”
draft was published – the so-called “Referentenentwurf”. This
initial agreement was met
with relief from all parties involved, as it was preceded by a long-lasting
deadlock. At first, Minister for Economic Affairs, Peter Altmaier, blocked
Cabinet meetings so that the government position paper (“Eckpunkteplan”)
published by Ministers Heil and Müller could
not be discussed. Afterwards, Altmaier again blocked
a compromise proposal brought forward by Müller and Heil in
Cabinet. The matter went
up to the “Koalitionsausschuss”, the
committee that negotiates if members of the coalition parties cannot reach an
agreement. This committee failed to come to an agreement. The issue of civil
liability and the scope of application were the most
controversial points. Thereafter, the matter reached the “Chefetage”, Angela
Merkel. She sat down with the three ministers involved and Olaf Scholz,
Vice-Chancellor and Minister for Finance (SPD), and tried
to mediate between the different positions. The group met twice
before, eventually, an agreement was reached resulting in the Referentenentwurf
of 15 February 2021. The agreement did not last for long. Peter Altmaier withdrew
(again) his support for the draft just after it had been circulated.
On
28 March 2021, another
“final” draft was published. Those two drafts differ in subtle but
impactful aspects. This blog post was originally based on the first
draft; its text has been amended to integrate the changes introduced in the second
draft. The second Referentenentwurf is the one signed
off by Cabinet on 3 March 2021. In this
blog, I will first summarize the main points of the draft(s), and afterwards review
the various critical points raised against it.
II.
Key elements of the final draft of the Lieferkettengesetz
In
twenty-four paragraphs the draft Lieferkettengesetz codifies a “gradual
due diligence obligation”[1] applying to risks to human
rights and the environment occurring in supply chains. Cornerstone of the draft
is the ‘principle of proportionality’: Companies must have regard for human
rights in an ‘appropriate’ manner – ‘appropriateness’ depends on size and
nature of the business, the degree of influence the company exerts over the
entity that directly causes the human rights risks, the expected level of harm
and the nature of the company’s contribution to the harm (cf. §3(2)). ‘Gradual’
effectively means that the most rigorous due diligence obligation applies to
the company’s own economic activity, while a lower standard of due diligence
obligation applies regarding the company’s direct suppliers, with whom it has a
contractual relationship. Finally, a much less
stringent due diligence obligation is imposed
with regard to ‘indirect suppliers’, suppliers that supply the company’s direct
suppliers, but with no direct contractual relationship to the company.
1.
Personal scope of application
The
question of the personal scope of application of a due diligence obligation is
always a controversial one. For example, should it cover SMEs or should they be
excluded?
The
German Supply Chain Law, if enacted as it currently stands, would be applicable
as from January 2023 to companies that fulfil two conditions: First, have their
headquarters in Germany, and second, usually employ more than 3,000
people (§1(1)[2]).
From 1 January 2024, this second threshold would be lowered to 1,000 or more
employees. At the moment, there are 2,891 companies with 1,000 or more
employees in Germany.[3] For an element of
comparison, the French duty of vigilance law applies to between 200 and 300
companies.
The
key concept used to determine whether a company falls under the scope of the future
German law is whether it usually has more than 3,000 (and then
1,000) employees. The word ‘usually’ accounts for the fact that the number of
people employed in a company can fluctuate immensely depending on the period of
the year. These temporary fluctuations should not impact whether or not a
company falls under the Supply Chain Law. In practice, the number of employees
usually employed by a company will have to be determined on a case-by-case
basis. Also, the current draft of the law foresees that employees on temporary
working contracts will be considered if the company employs them for a duration
of more than six months – irrespective of whether they are the same people or
employed in the same position (§1(2)).
Finally,
where a company is part of a group, the employees of each individual corporate
entity will count towards the mother companies’ total number of employees (§1(3)).
Two
aspects are particularly noteworthy: The final draft deviates from what NGOs
proposed in that it fails to cover businesses which are smaller
in size but operate in high-risk sectors such as surveillance or the arms trade.
Furthermore, mere
“business activity” in Germany does not suffice for a company to fall
within the scope of application.
2.
Scope of the due diligence obligation
The
second fundamental question raised by mandatory due diligence legislation
concerns the scope of the obligation. What are companies expected to do under
the legislation? What type of processes do they have to put in place? And what
type of risks do they have to monitor and prevent?
§4(1)
and (2) of the draft law provides that companies must implement an appropriate
risk management process, which allows them to identify, prevent, or minimize
human rights risks and risks of environmental damage in their supply chains.
The
object of the due diligence process
‘Risk’
is defined as imminent harm to one of the protected rights and the environment
(§2(2)). The draft lists a number of specific situations in which the risk
materializes, for example the risk that private security officers, hired to
protect corporate entities, commit torture and other degrading treatment.
The
due diligence obligation extends to human rights as well as the environment.
The draft explicitly lists the following rights: Right to life, health, fair
labor standards, appropriate living standards, child protection, freedom from
slavery or forced labor, freedom of collective bargaining, protection from
torture; and codifies certain obligations pertaining to the preservation of the
environment (§2(1), (2), (3) and (4)). In this regard, a list of all relevant
conventions and treaties is annexed to the draft.[4]
In
the following, I will elaborate on the different compounds of the risk
management process. As will be seen below, ‘risk management process’ is very
similar to the due diligence process enshrined in the UNGPs.
The
nature of the due diligence process
The
company must first appoint a specialized human rights officer responsible for
the company’s compliance with the due diligence obligation enshrined in the law
(§4(3)). This obligation comports a number of steps: Risk analysis,
preventative measures, corrective measures, communication. Additionally, the
law foresees that the company will have to put in place a grievance mechanism.
Risk
Analysis
The
company must conduct a risk analysis in its supply chain (§5). This risk
analysis is to be conducted regularly, at least once a year and as soon as
there are changes to the company’s business activity or other factors indicate
that a new risk analysis is necessary (§5(4)). Even though the notion of “supply
chain” is defined quite extensively,[5] a risk analysis is only to
be conducted in the company’s “own field of business activity”[6] and with regard to its direct
suppliers (§5(1)). Thus, while indirect suppliers are included in the
definition of “supply chain”, on the basis of which the draft operates, the
actual obligation to conduct a risk analysis does not extend to them.
However,
§5(1) also explicitly states that where a supply chain was designed to
circumvent the obligation to conduct due diligence obligation enshrined in the
Supply Chain Law – e.g. by creating unnecessary subsidiaries or fictitious
intermediaries – indirect suppliers count as direct suppliers. This means that
as soon as companies can be shown to have structured their supply chains in
order to evade the law, they will have to conduct a risk analysis with regard
to what are formally ‘indirect suppliers’.
The
risks discovered pursuant to the risk analysis must be weighted and prioritized
(§5(2)) according to:
- Nature
and size of the business (§3(2) no. 1);
-
Degree
of influence the company exercises over the company that directly causes a
human rights violation or damage to the environment (§3(2) no. 2);
- Typical
intensity of the harm that can be expected, reversibility of the damage,
probability of damage occurring (§ 3(2) no. 3);
- Nature
of the contribution to the risk (§ 3(2) no. 4).
In
conducting the risk management, the company must pay due regard not only to the
employees of the company and employees of contractual partners, but also to
everyone affected by the business activity of either the company itself
or its suppliers (§4(4)).
Preventative
measures
The
next step in the risk management process is the adoption of preventative
measures to tackle the risks identified at the risk analysis phase. The draft
describes (in great detail) what measures the company could take in its own
field of business activity (§6(3)) or towards direct suppliers (§6(4)). Again,
indirect suppliers are not per se covered by the obligation to implement
preventative measures.
Concerning
direct suppliers, the draft requires corporations to adopt the following measures:
- The
company has to take into account human rights and environmental expectations
when selecting a direct supplier (§6(4) no. 1).
-
A
contractual commitment of the supplier to abide throughout its supply chain by
human rights and environmental standards required by the company’s management
(§ 6(4) no. 2).
With
regards to the second point, the explanatory notes add that the company should
contractually enshrine which specific conditions the supplier has to fulfil in
order to prevent or minimize the risks to human rights and the environment
identified in the risk analysis. [7]
In
order to ensure that the direct supplier complies with these obligations, the
company should also take the following contractual measures (§6(4) no. 3):
- Enshrine
control mechanisms (§6(4) no. 3), i.e. the company’s right to review whether
the supplier complies with its obligation.
- Implement
training and workshops to be conducted by the supplier.
Even
though ‘appropriate preventative’ measures only target direct suppliers, the
explanatory note goes even further and proposes contractual clauses that could
help ensure that human rights and the environment are respected further down
the supply chain.[8]
Supplier codes could become binding on indirect suppliers via so-called
‘transfer clauses’. Such transfer clauses oblige the direct supplier to impose the
company’s supplier code to its suppliers through their contract. Moreover, companies
could oblige their suppliers to obtain their raw materials from specified
suppliers or buy certain products from certified regions (‘Chain of Custody
Certificates’).
The
explanatory notes also provide more detail on how the company can exercise
control over its direct suppliers. The company could:
- visit
the supplier’s premises and review the situation there.
- instruct
third parties to conduct audits.
- make
use of recognized certification or audit systems.[9]
When
opting to instruct a third party or utilize a certification or audit system,
the company must ensure that the assessments obtained are comprehensive and
impartial.[10]
Neither exempts the company from its obligation to conduct due diligence under
the Supply Chain Law.
Corrective
measures
If
the company detects a risk linked to its ‘own business activity’ or to one of
its direct suppliers that materialized or is about to materialize, then it must
react immediately. The company will need to take appropriate ‘corrective
measures’ to prevent, mitigate or terminate the harm to human rights or the
environment (§ 7). The draft explicitly states that if a harm is caused by the
company’s ‘own business activity’, the measures taken must lead
to termination of the harm (§7(1)).
If
the business activity of a direct supplier caused the harm, the law assumes
that the company will not be able to immediately address it. In such cases, the
company will have to draw up an ‘action plan’ in order to at least minimize the
harm. This ‘action plan’ must include a clear time frame for implementation. In
this context, ending the contractual relationship with its supplier is the last
resort for the company. Even if the human rights violation is particularly
grave, the company is urged (not obliged!) to end the contractual
relationship only if the time frame set for the successful
implementation of the ‘action plan’ has unsuccessfully passed, there are no
less severe measures left, and it does not seem possible for the company to
increase its leverage over the supplier (§ 7(3)).
The
corrective measures taken must be reviewed at least once a year, and with every
occasion or change in circumstances that warrant a review (§7(4)).
Public
communication
Companies
are expected to publish a policy statement (§6(2)), which should outline the
due diligence process introduced by the company, the relevant risks identified
in the risk analysis, and, on the basis of these relevant risks, the company’s
expectations for its employees and suppliers regarding human rights and the
environment. The company is also expected to publish a yearly report on its
compliance with its due diligence obligation and to make it freely available on
its website for at least seven years (§10).
Grievance
mechanism
Finally,
the companies subjected to the law will have to set up a grievance mechanism.
The grievance mechanism must fulfil certain conditions:
- There
must be a proper written procedure (§8(2)).
- The
persons responsible to oversee the grievance mechanism must be impartial and
independent; they must treat information confidentially (§8(3) – added by second
draft).
- The
company must provide accessible information on how to make use of the grievance
mechanism (§8(4)).
- The
identity of those who make use of the grievance mechanism must be protected.
They must also be protected from any disadvantages that might follow from using
the grievance mechanism (§8 (4)).
Instead
of setting up its own grievance mechanism, the company can alternatively join
an external grievance mechanism that fulfils these conditions (§8(1)).
The
second draft of the Supply Chain Law includes two changes with regard to the
grievance mechanism. First, it obliges the company to engage with any
substantiated matters raised with those who submitted their complaint to the
grievance mechanism. Second, it allows the company to offer a settlement
(§8(1)).
Indirect
suppliers
The
risk management process, with all its compounds, only apply to direct
suppliers, i.e. suppliers the company is in a direct contractual relationship
with. There are two exceptions: 1) Where the supply chain was intentionally
structured in such way as to evade the obligations of the law (§5(1); and 2)
where the company obtains substantiated knowledge about a potential human
rights violation or breach of environmental standards linked to an indirect
supplier (§9(3)). The company could obtain such knowledge for example through
its grievance mechanism or NGO reporting. Indeed, the grievance mechanism must
be set up in such a way that individuals affected by violations or individuals
who have knowledge of any violations can inform the company of such abuses
occurring in its indirect supply chain (§8(1) of the second draft).
3.
Access to remedy and legal representation
Interestingly,
the proposal also extends to the legal representation of potential claimants
before the German courts. Instead of enshrining new civil liability grounds, the
proposal allows individuals, who claim to have suffered a harm due to a
violation of human rights as set out in §2(1),[11] to authorize trade unions
and NGOs to litigate on their behalf (§11(1)). Violations of environmental
standards are excluded. This provision does not change or add to the material
law under which a company could be held liable. It is merely supposed to facilitate
access of foreign claimants to German courts. Thus, the
difficulties
linked to the burden of proof, lack of financial aid, language barriers, and regarding
the determination foreign law will remain.
4.
Enforcement and sanctions
The
law foresees that public authorities will be tasked with enforcing the due
diligence obligation set out in the draft. The draft law outlines a detailed
enforcement process potentially leading to considerable fines and exclusion
from access to public procurement.
Monitoring
The
Supply Chain Law empowers the competent authorities from the Ministry for
Economy and Export Control (§ 19(1)) to:
- assess
compliance with the obligations enshrined in the Supply Chain Law (§14(1) no.
1); and
- detect,
terminate or prevent a breach of the obligations enshrined in the Supply Chain
Law (§15).
In
order to do so, the competent authorities are empowered to, for example, enter
premises, review official documents and interrogate staff members (§16, §17).
The
authorities can also compel the company to take certain action, like for
example drawing up an action plan (§15 no. 1 and 2).
Sanctions:
Fines and Exclusion from public procurement
In
case of non-compliance, the draft foresees two types of sanctions, both of an
economic nature: Fines and exclusion from public procurement.
On
the one hand, the authorities can impose fines if companies breached their obligations
under the law intentionally or negligently. First, they can issue so-called
“Zwangsgeld” (§23) up to 50,000 €, which is an administrative penalty payment used
to force businesses to comply with a request of the administration (e.g. draw
up an ‘action plan’). Second, authorities can impose stiff fines (§24) in case
of noncompliance. The fines range from 100,000 to 800,000 euros depending on
the obligation breached (§24(2)). Fines can go up to 2% of the yearly average
turnover if: 1) The company’s yearly turnover on average exceeds 400,000,000
euros; and 2) If the company failed to implemented corrective measures in time
(§24(3)).
On
the other hand, the draft currently foresees that non-compliant companies may
also be in certain circumstances deprived from access to public procurement. The
exclusion from public procurement hinges on the amount to be paid in fines by
the company. The threshold is staggered – again, depending on the obligation breached.
It ranges from 175,000 euros to 0,35% of the yearly average turnover of a
company. (§22(2)). Exclusion from public
procurement ought to last for an ‘appropriate’ time, but must not exceed three
years (§22(2)).
The
following provisions were removed in the second draft: In the first draft, a
company was to be excluded from public procurement irrespective of the penalty
paid if the contract that was to be procured was worth more than 3 million
euros in case of transportation services, or 10 million euros in case of
building projects. Moreover, companies were able to recover their eligibility
by so-called “Selbstbereinigung” pursuant to §125 Restriction of Competition
Act. ‘Selbstbereinigung’ essentially would
have meant that the company promised to remedy the situation, worked with
authorities to resolve the situation, or took active steps to prevent
further misbehavior.