by Alice Homuth
A little over two months before the German Supply Chain Due Diligence Act – Supply Chain Act for short – is due to enter into force for the first group of companies (those with at least 3,000 employees) in 2023, the implementing agency BAFA (Federal Office for Economic Affairs and Export Control) has published its first implementation guidelines (“Handreichung”) on a crucial part of any risk management system: risk analysis.
Risk analysis lies at the heart of any management system that aims to prevent, end or minimise potential adverse impacts on rightsholders or the environment. Further steps, such as defining appropriate and effective preventative and remedial action, greatly depend on a solid understanding of any potential impact the business activities of a company might have on rightsholders. The better a company’s understanding of a risk, the more effective the countermeasures it can implement. Risk analysis is relevant when it comes to any potential impact a company’s own operations may have, any risks associated with direct business partners’ activities as well as the activities of indirect business partners further upstream along the supply chain.
Companies that fall within the scope of the new German Supply Chain Act are only legally required to act on risks in the deeper upstream supply chain if they have “substantiated knowledge” of concrete risks or violations occurring at indirect suppliers. However, due to the current vagueness of the term “substantiated knowledge,” we strongly advise our clients to proactively include upstream supply chain risks in their risk analyses even without “substantiated knowledge” of risks.