Introduction
From LkSG to CSDDD: Navigating German & EU Supply Chain Due Diligence
Modern supply chains are vast, global networks. This complexity creates business opportunities, but it also hides serious human rights and environmental risks. In response, governments are setting new rules. These laws legally require companies to make their operations ethical and sustainable. For businesses in Germany, two regulations are now critical: the German Supply Chain Act (LkSG) and the EU’s Corporate Sustainability Due Diligence Directive (CSDDD).
Understanding these rules is the first step toward compliance. The German law is already in effect. The EU-wide directive will soon expand these duties across the bloc. This guide explains both laws, breaking down what each requires, who it applies to, and how they compare. Navigating this landscape is vital for managing risk and protecting your company’s reputation.
Part 1 · Germany
The German Supply Chain Act (Lieferkettensorgfaltspflichtengesetz – LkSG)
The LkSG is Germany’s foundational law for supply chain accountability. It came into force on January 1, 2023. The law’s main goal is to make German companies responsible for protecting human rights and environmental standards within their global supply chains.
Who Does the LkSG Apply To?
The LkSG applies to companies based on their number of employees in Germany. The rollout happened in two stages:
From January 1, 2023
Companies with 3,000 or more employees in Germany.
From January 1, 2024
The threshold dropped to include companies with 1,000 or more employees in Germany.
This scope covers companies with their head office in Germany as well as German branches of foreign companies. The law directly impacts thousands of businesses and a large part of Germany’s economy.
What Are the Key Obligations Under the LkSG?
The LkSG requires a specific set of due diligence tasks. These are not one-time checks but ongoing processes that must be part of a company’s core operations. The main requirements include:
-
01
Risk Analysis
Companies must perform a regular risk analysis to find potential human rights and environmental issues in their operations and at direct suppliers.
-
02
Policy Statement
A formal policy on the company’s human rights strategy must be established. It should set clear expectations for employees and suppliers.
-
03
Preventive & Remedial Measures
Based on the risk analysis, companies must take action to prevent violations. If a violation is found, the company must act immediately to stop it or reduce its impact.
-
04
Grievance Mechanism
Companies must create an effective complaints system. This allows people affected by the company’s actions—or its suppliers’—to report issues safely.
-
05
Reporting
Companies must document their compliance activities. While the law originally mandated a public annual report to the Federal Office for Economic Affairs and Export Control (BAFA), this specific requirement is expected to be removed to reduce bureaucracy, and BAFA has already adjusted its enforcement practices.
A key part of the LkSG is how it treats direct versus indirect suppliers. Due diligence for a company’s own operations and direct suppliers must be proactive. For indirect suppliers, the duties are reactive. Action is required only when the company gets “substantiated knowledge” of a potential violation. This knowledge then triggers a risk analysis and preventive measures.
What Specific Risks Does the LkSG Cover?
The LkSG targets specific, internationally recognized risks. Companies must monitor for violations related to:
Human Rights Risks
This includes child labor, forced labor, slavery, discrimination, unsafe working conditions, and withholding a living wage. It also covers violations of freedom of association and land rights.
Environmental Risks
The law targets environmental damage linked to specific international agreements. These include the Minamata Convention (on mercury), the Stockholm Convention (on persistent organic pollutants), and the Basel Convention (on hazardous waste).
Enforcement and Penalties
The German government takes LkSG compliance seriously. BAFA is the official enforcement agency. It can conduct audits, request information, and issue large penalties. Fines can reach up to €8 million. For large companies with over €400 million in annual turnover, fines can be as high as 2% of their average global turnover. Furthermore, companies with serious violations can be banned from public contracts in Germany for up to three years.
Part 2 · European Union
The EU Corporate Sustainability Due Diligence Directive (CSDDD)
While the LkSG set a national standard, the European Union has developed a wider framework. The Corporate Sustainability Due Diligence Directive (CSDDD) aims to create a level playing field across the EU. It ensures all large companies meet the same high standards for supply chain responsibility.
EU member states must adopt the directive into their national laws. For Germany, this means the CSDDD will merge with the existing LkSG, likely making the national rules even stricter.
Who Will the CSDDD Apply To?
The CSDDD has a broader reach than the LkSG. The rules will apply in phases, starting in 2027 for the largest companies. The final thresholds are:
Employees & €1.5B Turnover
Over 5,000 employees and more than €1.5 billion in net worldwide turnover.
EU-Generated Turnover
More than €1.5 billion in net turnover generated within the EU.
The scope will expand in subsequent years to include smaller companies, demonstrating the directive’s significant global impact.
What Are the Key Obligations Under the CSDDD?
The CSDDD’s requirements build on the principles of the LkSG but expand them in key areas. It includes similar rules for risk management and prevention but also introduces major new duties.
Broader Value Chain Coverage
One key difference is its broader value chain coverage. The CSDDD covers the entire “chain of activities.” This includes the upstream supply chain and some downstream activities like distribution and recycling. This is a much wider scope than the LkSG’s primary focus on direct suppliers.
Civil Liability
Another significant change is the introduction of civil liability. The CSDDD creates a system allowing victims of corporate harm, such as communities or trade unions, to sue companies for damages in EU courts. This is possible if a company fails to meet its due diligence obligations. It creates a direct legal and financial risk beyond government fines.
Part 3 · Comparison
LkSG vs. CSDDD: A Practical Comparison
For German companies already working on LkSG compliance, the CSDDD is an evolution, not a revolution. The work done for the German law provides a strong foundation. However, key differences will require major adjustments.
Here’s a simple table highlighting the main distinctions:
| Feature | German Supply Chain Act (LkSG) | EU CSDDD |
|---|---|---|
| Scope | Companies with >1,000 employees in Germany. | EU companies with >5,000 employees & >€1.5b turnover (phasing in). Includes non-EU companies meeting the EU turnover threshold. |
| Value Chain | Own operations & direct suppliers. Indirect suppliers require “substantiated knowledge” of a violation. | Full “chain of activities,” including upstream supply and some downstream partners (distribution, recycling). |
| Subject Matter | Specific human rights and environmental conventions. | A broader range of human rights and environmental impacts, based on an extensive list of international conventions. |
| Liability | Administrative penalties and fines enforced by BAFA. | Includes administrative penalties AND a new civil liability regime, allowing victims to sue for damages. |
The main takeaway is clear: the CSDDD raises the bar. This expansion of scope and liability highlights why navigating global legislative jargon is so critical. Companies must understand the nuanced differences between a national ‘Act’ and an EU ‘Directive’ to build a solid compliance strategy.
Framework
A 5-Step Framework for Future-Proof Compliance
Getting ready for these laws requires a structured approach. Here is a five-step framework to guide your efforts:
-
01
Conduct a Gap Analysis
Start by comparing your current policies against the LkSG and CSDDD requirements. Find the biggest gaps in your risk management, supplier engagement, and reporting.
-
02
Map Your Value Chain
Move beyond your Tier 1 suppliers. Identify all actors in your upstream “chain of activities,” from raw material extractors to logistics partners. You cannot manage risks you cannot see.
-
03
Implement Dynamic Risk Monitoring
Annual supplier audits are not enough. You need an ongoing system to monitor risks in real-time. This system should track news, NGO statements, social media, and political shifts in your sourcing regions.
-
04
Strengthen Governance
Ensure that responsibility for due diligence is clearly assigned at the board level. Review your grievance mechanisms to make sure they are accessible, effective, and safe for all stakeholders.
-
05
Integrate Reporting
Prepare to report publicly on your due diligence efforts. As a best practice, integrate this information into your annual financial reporting. This shows that sustainability is a core part of your business strategy.
The Challenge
Moving Beyond Manual Checklists
Complying with the LkSG and CSDDD is a complex task. It requires a dynamic system for monitoring a vast landscape of external signals. You must track supplier activities, local narratives, geopolitical shifts, and regulatory updates across your entire value chain. Are there media reports of labor issues at a tier-two supplier’s factory? How are local communities discussing a key mining operation in your supply chain?
Tracking these signals manually is impossible. Simple keyword alerts create too much noise and not enough insight. This is where technology becomes essential. Businesses need to find the best public policy monitoring software for their needs. The right platform, including specialized LkSG compliance software, can turn this challenge into a strategic advantage. It works by analyzing unstructured data—from news reports to social media—and delivering clear, decision-ready intelligence.
Conclusion
Proactive Intelligence is the Key to Compliance
The era of voluntary corporate social responsibility is over. With the German Supply Chain Act in force and the EU’s CSDDD on the horizon, mandatory due diligence is the new standard. For German businesses, this means building on existing LkSG frameworks to meet the broader, stricter requirements of the CSDDD.
Success depends on a company’s ability to see what’s coming. Proactive, AI-driven monitoring of your external environment is no longer a nice-to-have; it is essential for finding risks before they become crises. By turning public information into structured intelligence, you can protect your company, follow the law, and build more resilient, ethical supply chains.
Ready to monitor supply chain policy?
See how our intelligence system transforms your approach to supply chain due diligence.
Start a free pilot →No credit card required · Set up in minutes