Publication
Proposed changes to Alberta’s Freedom of Information and Protection of Privacy Act
Alberta is set to significantly change the privacy landscape for the public sector for the first time in 20 years.
Germany | Publication | March 2024
On 1 January 2023, the Act on Corporate Due Diligence Obligations in Supply Chains (the “Supply Chain Act” or the “Act”) entered into force in Germany. For the first time, many German companies, as well as foreign companies with German branches, will be obliged to address human rights-related and environment-related due diligence obligations in their supply chains in an appropriate manner. These requirements will pose compliance challenges on an unprecedented scale, in particular for multinational German companies with business activities in high risk countries.
In this article we have summarized the main requirements of the law and describe some of the practical problems which may arise as a result of its implementation.
Companies which have their central administration, principal place of business, administrative headquarters or statutory seat in Germany must now comply with the due diligence obligations set out in the Supply Chain Act, provided that they have at least 3,000 employees in Germany. These obligations must also be complied with by foreign companies which have a branch in Germany with the same number of employees. From 1 January 2024, the law will also apply to companies which have at least 1,000 employees in Germany.
The Supply Chain Act imposes on companies due diligence obligations which must be complied with, with the aim of preventing or ending certain human rights or environmental violations. “Supply chain” under the Act includes all steps in Germany and abroad which are required to produce the products and provide the services of a company – starting from the extraction of raw materials up to the delivery to the end customer. The due diligence obligations along the supply chain extend to the company’s own business area and direct suppliers as well as – in less strict form – indirect suppliers.
The Supply Chain Act provides for a comprehensive catalogue of protected human rights-related and environment-related legal positions, based on eleven relevant conventions on the protection of human rights.
The human rights-related provisions include ones related to: various forms of child labor, forced labor, slavery, occupational health and safety obligations, freedom of association, unequal treatment in employment, the withholding of an adequate living wage, negative impacts on the environment affecting persons, unlawful eviction as well as the hiring of security forces for the protection of a company’s project where this leads to certain human rights violations due to a failure by the company to supervise or control the security forces.
The environmental protections under the Act include a prohibition on the use of mercury and persistent organic pollutants (PoPs) as well as the handling and export and import of hazardous waste.
The Supply Chain Act lists nine specific due diligence obligations that a company must comply with:
The competent authority for monitoring compliance with the due diligence obligations under the Act is BAFA which takes a risk-based approach in the performance of this task. BAFA may subpoena persons, enter the company’s premises and/or require the company to take specific action to fulfil its obligations. BAFA may also impose a fine up to EUR 50,000 if the company does not take the required action.
Intentional or negligent violations of the due diligence obligations can be punished with a fine of up to EUR 8 million. If the company has an average annual turnover of more than EUR 400 million, the fine can be up to 2 percent of the company’s average annual turnover.
To detect violations of the Supply Chain Act BAFA has set up an online complaints form in four languages (German, English, French and Spanish), where pending or already occurred violations of the Supply Chain Act can be reported, anonymously if needed.
To assist companies to understand and follow their due diligence obligations, BAFA has already published general FAQs, a reporting questionnaire and guidance on risk analysis, the complaints procedure and the principle of appropriateness.
On 23 February 2022, the European Commission proposed a new Directive on Corporate Sustainability Due Diligence (the “CS3D”), which in certain parts significantly exceeds the requirements of the Supply Chain Act. For example, companies would be obliged to comply with the due diligence obligations if they employ more than 250 employees The scope of protected human rights-related and environment-related legal positions under the CS3D is also substantially broader than under the Act. Further, the CS3D provides for civil liability of companies for damages caused by their failure to comply with due diligence obligations.
Should the CS3D be adopted, the German legislator could therefore be obliged from 2025/26 to tighten further the requirements of the Supply Chain Act in the course of the transposition of the directive into national law.
Implementing the due diligence obligations under the Act will pose considerable practical challenges for companies. It has already been seen that problems may arise, in particular, in areas where the company must cooperate with suppliers and other third parties in order to fulfil its due diligence obligations. Below we briefly describe some of the problems which companies may face when conducting a risk analysis or taking preventive measures or remedial action to meet their requirements under the Act.
a) Weighing and prioritizing risks
From BAFA’s detailed guidance it is clear that the risk analysis required by the Supply Chain Act is much more extensive than a typical compliance due diligence. In particular, in addition to identifying risks typical for the relevant industry and country, the company must weigh and prioritize identified risks according to the following criteria: the nature and extent of the company’s business activities, the probability of violation occurring, the severity of the violation, the number of affected persons, the ability of the company to influence the party responsible for the violation as well as the contribution by the company itself to the specific risks or risk areas. In many cases, it will not be possible to evaluate the risks without instructing a specialized service provider to conduct an additional ESG due diligence or Human Rights Impact Assessment.
b) Preventive measures or remedial action
If the company has identified within the course of the risk analysis a human rights-related or environment-related risk, it must take preventive measures without undue delay. If the violation has already occurred or is imminent, the company must take, without undue delay, appropriate remedial action. The statutory requirements which apply to remedial action are significantly stricter than those applicable to preventive measures – for example, in the case of an identified violation by a direct supplier the company may be obliged to jointly develop and implement, at high cost, a plan to end the violation. Therefore it is crucial in practice to distinguish the mere risk of a violation from an already occurred or imminent violation. Often, however, it will not be possible to make a distinction between a risk and a violation with sufficient certainty. In these cases, it may be preferable for the company to go to the greater lengths of taking remedial action.
c) Agreement of industry standard
In order to simplify fulfilling its due diligence obligations under the Supply Chain Act a company may agree with a direct supplier that the supplier will implement an internally recognized industry standard and go through a third party certification process. However, the company should be aware that the use of recognized certification systems to verify compliance by direct suppliers with the company’s own human-rights standards does not exempt the company from its own responsibility under the Supply Chain Act. Therefore, the company would also have to conduct a gap analysis between the legal positions protected by the Supply Chain Act and those of the industry standard to ensure that all the legal positions under the Supply Chain Act will be covered by the certification. Further, the company would have to check to what extent identified risks will actually be weighted and prioritized according to the requirements of the Supply Chain Act and that the required preventive measures and remedial action will be taken.
The Supply Chain Act imposes strict due diligence obligations on companies with the aim of improving the minimum standards in international supply chains. The actual implementation of the due diligence obligations under the Act, however, will involve significant difficulties, in particular due to uncertainty regarding the interpretation of the statutory requirements. To date, the guidance which has been published by BAFA has answered only some of the open questions. At the same time, a company’s non-compliance with the due diligence obligations could be punished with substantial fines. A further tightening of the statutory requirements as a result of the upcoming EU CS3D is also on the horizon. Against this background, it is crucial for multinational companies to carefully check to what extent the due diligence obligations apply to them, and how – starting with their business activities in countries with a high risk for violations – these obligations can be practically addressed.
Publication
Alberta is set to significantly change the privacy landscape for the public sector for the first time in 20 years.
Publication
On December 15, amendments to the Competition Act (Canada) (the Act) that were intended at least in part to target competitor property controls that restrict the use of commercial real estate – specifically exclusivity clauses and restrictive covenants – came into effect.
Subscribe and stay up to date with the latest legal news, information and events . . .
© Norton Rose Fulbright LLP 2023