Content updated on May 7, 2026
In the wake of globalized efforts to protect vulnerable communities and the environment, many European countries are adopting new due diligence rules to limit environmental and labor risks in corporate supply chains. The German Act on Corporate Due Diligence Obligations in Supply Chains or SCDDA — Lieferkettensorgfaltspflichtengesetz (LkSG) in German — came into force on 1 January 2023. Applicable to all sectors, it now requires German companies with more than 1,000 employees in Germany to prevent or at least minimize human rights and environmental rights infringements in their supply chains.
A key element of this Act includes establishing a company-internal complaints procedure to enable reporting of human rights and environmental law infringements (Section 8 SCDDA).
In this article, we will give a brief overview of the due diligence requirements companies must meet and how we can support you in doing so.
Overview of the German Supply Chain Due Diligence Act
Who is affected
The legislation came into effect on January 1, 2023, and it initially applied to companies with a registered office or branch in Germany and 3,000 or more employees.
Since January 2024, the law applies to companies with more than 1,000 employees in Germany.
However, even if your own company does not reach the thresholds mentioned, you can expect small and medium-sized enterprises (SMEs) to be affected as well since the large companies addressed will likely pass on the due diligence obligations imposed on them by law to their suppliers. In the future, smaller companies will also be covered by the "sphere of influence" of the German Supply Chain Act without themselves being in-scope companies.
Direct and indirect suppliers
The Act covers any activity, whether it be the production of products or services. Corporations must align with their suppliers and third-/fourth-/fifth-party companies across their multi-tier supply chain to ensure that the appropriate steps are taken to monitor, aggregate, and report the relevant documentation to verify compliance.
This means that companies must monitor and act upon violations in their own operations, as well as operations of their direct suppliers worldwide starting from the extraction of the raw materials to the delivery to the end customer.
In addition, if companies obtain substantiated knowledge of a possible violation of human rights or environmental standards by one of their indirect suppliers, they must immediately conduct a risk analysis for these violations.
Consequences of non-compliance
For the LkSG act, the competent authority is the Federal Office for Economic Affairs and Export Control (BAFA), which has the mandate to actively conduct audits (including information requests and on-site audits). Regulatory offenses are punishable with fines of up to EUR 8 million depending on the nature and gravity of the violation. Companies with an average annual turnover of more than EUR 400 million may be fined up to 2% of their average turnover. In addition to harsh monetary fines, non-compliant companies can be excluded from winning public contracts in Germany for up to three years.
In September 2025, the German government proposed a draft amendment to the LkSG aiming to abolish the annual reporting obligation and limit fines to serious violations only. In line with this, BAFA adjusted its enforcement practice on October 1, 2025, discontinuing report reviews and applying fines only in cases of serious, grave human rights violations. The core due diligence obligations — risk analysis, preventive measures, remedial actions, and complaints procedures — remain fully in force.
What are the SCDDA obligations?
.png)
Implement a risk management system (section 4)
An organisation’s risk management system must make it possible to identify human rights and environment-related risks in order to prevent, end, or minimize harm to the most possible extent. The risks include:
- Unsafe working conditions
- Discrimination
- Child labor
- Forced labor
- Unethical employment * Environmental degradation
- Violations of freedom of association
In addition, organisations are recommended to appoint a Human Rights Officer to monitor risk management, assess and prioritise the risks uncovered, and conduct further investigation when facts are unclear or information is missing. Additionally, senior management must also be informed about the work of the responsible person at least once a year. This will serve as a basis for the definition of the measures that can be taken in order to identify, prevent, end, or at least minimize the violations of human rights along the supply chain.
Conduct a risk analysis (section 5)
Practically speaking, an assessment of the current situation and analysis of the risks must be carried out. In this process, the company must determine the human rights and environmental risks in its own business area and at its direct suppliers. Organisations should leverage internal knowledge as well as conduct supplier interviews, stakeholder interviews, on-site inspections, and discussions with stakeholders such as workers, trade unions, and local residents. Organisations should also incorporate information from section 8 (complaints procedure).
Adopt a policy statement (section 6)
Organisations must establish a policy statement that clearly defines their procedures for addressing human rights and environmental due diligence obligations, their strategy, and communication with their employees, the Works Council, direct suppliers, and the public. The German Supply Chain Act emphasises the “tone at the top” when establishing and communicating the new measures taken by organisations. The policy statement must include:
- The procedures by which the company fulfills its German Supply Chain Act obligations.
- The company’s priorities related to human rights and environmental risks.
- Expectations from the company towards its employees and suppliers.
Take remedial actions (section 7)
When a violation of any legal position from the Act has occurred or is imminent, an appropriate remedial action must be taken immediately. Whether the violation is occurring within the organisation or through an indirect supplier, the risk has to be addressed in order to prevent, stop or minimize the violation.
If the violation cannot be stopped in the foreseeable future, the organisation must outline and carry out concrete actions to end or minimize the violation without delay. Termination of business relationships is only required as a last resort in the event of serious human rights violations by suppliers that cannot be remedied in any other way. The effectiveness of the preventive and corrective measures must be reviewed annually.
Establish a complaints procedure (section 8)
One of the key requirements of the SCDDA is the obligation to establish a reporting system easily accessible by anyone along the supply chain. The system must include third parties and allow any person impacted or made aware of a violation to speak up.
All data and personal information going through the reporting system is subject to the duty of confidentiality and data protection requirements. A person submitting the complaint should be informed of its reception. To ensure the effectiveness of the complaints procedure, it must be reviewed annually and on an ad hoc basis when necessary.
Continuous documentation and reporting requirements (section 10)
The German government's September 2025 draft amendment proposes to remove the annual reporting obligation entirely. BAFA has already discontinued its review of company reports with immediate effect from October 2025. Until the amendment is formally enacted by parliament, the obligation technically remains on the books — but companies should monitor the legislative process closely, as the removal of the reporting requirement is expected to be confirmed in the coming months.
Integration in Compliance Management Systems
The core of the SSDA new requirements is to have a high level of transparency along your supply chain. One pathway for implementing SCDDA is to integrate its requirements into your Compliance Management System (CMS) since the risk analyses required, as well as the whistleblower system are essential components of any effective Compliance Program.
With the obligation to expand your complaints procedure to your supply chain, leveraging a third-party solution using technology such as Whispli can save you a lot of time and increase your efficiency in the process.
Identify Supply Chain risks
In order to prepare for all the requirements of the new regulation, companies should conduct a continuous and comprehensible risk assessment. With the help of a flexible business partner audit as an integral part of the Compliance Management System (CMS), companies can simultaneously fulfill and document their due diligence obligations. At Whispli, we have partnered with Compliance experts who can walk you through this in-depth risk assessment of your Supply Chain.
Expand the scope of your complaint procedure
Another proven component of the CMS is a digital whistleblower system which fulfills the requirements of the new regulation for implementing a complaint system. Companies have a responsibility to ensure that any stakeholder can report:
- Forced labour
- Child labour
- Inadequate health and safety at work
- Worker exploitation
- Environmental violations
A software solution such as Whispli will allow you to automate the triage of reports and automatically assign reports in relation to your Supply Chain to a designated Human Rights Officer as prescribed by the SCDDA.
Perspective for a European Union Supply Chain law
The SCDDA is only an intermediate step toward a future stricter supply chain law harmonized at the European Union level.The EU Corporate Sustainability Due Diligence Directive (CSDDD) was adopted in May 2024 and entered into force in July 2024. However, the Omnibus I package finalised in early 2026 significantly reduced its scope: the CSDDD now applies only to companies with more than 5,000 employees and net turnover above €1.5 billion, with the first compliance deadline pushed back to July 2028.
Germany's coalition agreement confirms the LkSG will be replaced in the course of transposing the CSDDD. Until that transposition is complete, the LkSG remains in force for companies with 1,000 or more employees in Germany. Organisations should build their due diligence and complaints infrastructure in a way that is scalable — meeting LkSG requirements today while being ready to adapt to the broader CSDDD framework when it arrives.
Conclusion
Whispli provides the secure digital infrastructure and specialized complaints procedure required to meet LkSG standards while preparing for the future CSDDD framework.
By automating risk identification and ensuring confidentiality across your global supply chain, Whispli helps you turn complex regulatory requirements into a clear and documented strategy for corporate integrity.
Explore more resources
Take case management to the next level
Move from fragmented reporting tools to a single, secure system of record designed for complex, global compliance environments.
Talk to our experts to see how Whispli supports whistleblowing, disclosures, and enterprise governance at scale.










.webp)

.webp)
.webp)










%201.avif)
%201%20(2).avif)
%201%20(1).avif)
