The German Supply Chain Act (LkSG): How to get started on risk analysis

The German Supply Chain Due Diligence Act, known in German as the Lieferkettensorgfaltspflichtengesetz (LkSG), comes into force on the 1^st of January 2023. The new law requires larger companies registered in Germany to meet the human rights and environmental standards laid out in the UN Guiding Principles on Business and Human Rights (UNGPs) and the OECD Guidelines for Multinational Enterprises.

Companies within scope of the law are required to carry out regular (at least annual) human rights and environmental risk analysis covering both their own operations and those of their direct, and sometimes indirect, suppliers. Ad hoc risk analyses are also required for indirect suppliers where there is new ‘substantiated knowledge’ of human rights or environmental violations, or if there is a material change in the business activities of the company.

In this article, our team of leading human rights and environmental experts breaks down the latest LkSG risk analysis guidance to outline what your company needs to do to get started.

Step 1: Conduct an initial ‘abstract’ risk analysis

The LkSG requires companies to conduct an initial ‘abstract’ risk analysis. This assessment seeks to identify the inherent human rights and environmental risks that exist within the countries, business areas or sites where a company operates, and/or the countries, regions or individual suppliers it sources from, as well as the particular industries concerned in both cases. This analysis should prioritise vulnerable individuals or groups.

We are ideally placed to supply this risk data. Our portfolio of over 80 national and subnational human/labour rights and environmental risk indices cover 198 countries. These datasets are built using proprietary methods and draw on more than 900 underlying indicators from structured, unstructured and geospatial sources.

Our Industry Risk Analytics dataset maps these issues against 80 industries, revealing the specific risk exposures of any supplier, facility or location.

Combined, this data provides a robust, scalable foundation for ‘abstract’ ESG risk analysis across sector, country and vulnerable people/groups for the full range of entities in scope. See Figure 1 for an illustrative example of outputs from a regular abstract risk analysis.

Step 2: Develop a ‘concrete’ risk analysis framework

For the regular (at least annual) risk analysis, business areas and direct suppliers (and certain indirect suppliers) deemed to be plausibly high-risk by the abstract risk analysis move through to the concrete risk analysis step.

In the ‘concrete’ analysis, companies are required to assess risk saliency against the contribution of the company to a risk, the severity of that risk, the likelihood of harm and the influence of the company over the situation (see the callouts in Figure 1). The LkSG risk analysis guidance makes clear that this process should be detailed and documented, to identify priority salient risks which they can then mitigate, terminate and remedy.

With more than 10 years’ experience in conducting saliency risk assessments as part of human rights due diligence, our team of leading human rights and environmental advisors are uniquely placed to help design and undertake concrete risk analyses.

Analysing ad hoc, event-related risks

In addition to regular abstract and concrete risk analyses of a company’s own operations and direct suppliers, companies are required to undertake ad hoc or event-related risk analysis in two scenarios:

1. The first involves situations in which the company becomes aware of violations in their indirect supply chain (including, but not limited to, raw materials). This new ‘substantiated knowledge’ triggers a requirement for further human rights and environmental risk analysis of the particular violation(s) and may bring the indirect supplier in question within the scope of regular risk analyses
2. The second involves a ‘material change in business activities’. This might be because of internal decisions (e.g. a merger or acquisition, or developing/sourcing a new product), which require a prior risk analysis, or external events (e.g. a war or natural disaster), which require a retrospective risk analysis. Assessments triggered by material changes should include the entire supply chain, covering own operations, direct and indirect suppliers (including, but not limited to, raw materials), and capture risks that are ‘obvious to the company’ in light of the change in activity.

For both scenarios, the risk analysis process employs the same abstract and concrete steps as outlined above, though respecting the particular scope of each scenario.

Thanks to our unique data and risk advisory expertise, we are well placed to support companies with ad hoc, event-related risk analyses. We are experienced in conducting qualitative and quantitative research on a variety of commodities and markets, which can help companies to assess, understand and track human rights and environmental risks across multiple tiers of their supply chains, thus creating a basis for determining and/or verifying substantiated knowledge as defined by the LkSG.

LkSG puts a proactive stance and rightsholders at the heart of risk analysis and due diligence

In any event, companies are expected to take a proactive approach to understanding, preventing or mitigating the human rights and environmental risks in their operations and supply chains. From the perspective of the LkSG, the rightsholder is paramount throughout the risk analysis process, and companies are expected to adopt this posture irrespective of any adverse impact on business performance (financial or reputational).

The German government has published helpful guidance on the application of the LkSG, which companies should consult when considering their compliance strategy.

Get in touch

To learn more about how our sustainable supply chain and human rights practice can support your organisation with LkSG-aligned risk analysis and compliance, please get in touch to arrange an initial discussion.