The Supply Chain Act

Information and assistance




What does the law regulate?

The law regulates requirements for responsible management of global supply chains for certain companies. Companies are provided with a legal framework for fulfilling human rights due diligence requirements. For monitoring and enforcing compliance with the due diligence obligations and is given powers to intervene. The law establishes a duty of effort. It establishes neither a duty to succeed nor a guarantee liability for the companies.

Who is affected?

What are the requirements?

What does the inspection authority do?

Disclaimer: This is a summary of the law. We do not guarantee its completeness or accuracy. For details, see the text of the law.

Team Playbbook

Free Checklist

Free Checklist

Prepare your organization optimally for the new law. Learn what you can and should start doing today. Request the checklist!


In detail: risk analysis




The risks mentioned in the law are summarized in the following table. Further details are provided in the text of the law.

# human right
1 Child labor or employment
2 Forced labor
3 Slavery
4 Disregard for the freedom of coalition
5 Unequal treatment
6 Withholding a reasonable wage
7 Harmful soil degradation, water or air pollution, harmful noise emission, excessive water consumption.
8 Illegal eviction
9 Assignment of security forces for the protection of the entrepreneurial project, from which risks (torture, life and limb, freedom of association) emanate
10 Serious impairment of protected legal positions
11 Production of products containing mercury
12 Use of mercury during production
13 Behandlung von Quecksilberabfällen entgegen den Bestimmungen des Artikels 11 Absatz 3 des Minamata-Übereinkommens
14 Production and use of chemicals pursuant to Article 3(1)(a) and Annex A of the Stockholm Convention of May 23, 2001 on Persistent Organic Pollutants (BGBl. 2002 II p. 803, 804) (POPs Convention).en)
15 Non-environmentally sound handling, collection, storage and disposal of waste in accordance with the regulations in force in the applicable jurisdiction under the terms of Article 6(1)(d)(i) and (ii) of the POPs Convention
16 Non-environmentally sound handling, collection, storage and disposal of waste in accordance with the regulations in force in the applicable jurisdiction under the terms of Article 6(1)(d)(i) and (ii) of the POPs Convention
16 Export of hazardous waste as defined in Article 1(1) and other waste as defined in of Article 1, paragraph 2, of the Basel Convention on the Control of Transboundary Movements of Hazardous Wastes and their Disposal of 22 March 1989 (Federal Law Gazette 1994 II pp. 2703, 2704) (Basel Convention)
17 Export of hazardous waste from countries listed in Annex VII to the Basel Convention. States to States not listed in Annex VII (Article 4A of the Basel Convention, Article 36 of Regulation (EC) No 1013/2006)
18 Import of hazardous waste and other waste from a non-Party to the Basel Convention (Article 4(5) of the Basel Convention)

For the risk analysis, the risks are to be recorded, weighted and prioritized. There are no further explanations in the law.

Recording the risks

To capture the risks, you need a systematic approach. This should be based on the MECE principle ( mutually exclusive and collectively exhaustive). Which approach you choose is up to you. Three possibilities:

To capture the risks, use different sources. Interested parties (internal and external employees, Customers, employees of suppliers and subcontractors, and people from the communities at their sites), NGOs, representatives of the public administration are a good point of for direct contact. In addition, you can use publicly available databases, media reports or reports from the Internet. Even if not all reports and information have to be correct, you could be shaping public opinion and damaging your supply chains as a result.

You can use the list of risks as a basis for discussion and research. Also look for data to help you evaluate and prioritize (see next section).

Weighing and prioritizing risks

Three aspects play a role in weighting and prioritizing risks: the severity of impact, your ability to influence it, and the likelihood.

Severity of impact To evaluate the severity of impact use three dimensions related to your economic activity.

If your identified risks in one of the three dimensions falls into the higher class, the violation is classified as serious. The initiation of measures is independent of the classification. It is only used for prioritization purposes.

Influence name possibility. The law recognizes different constellations in the supplier relationship. You do not always have the economic power to enforce something with the supplier. Therefore, it is necessary to categorize the possibility of influence. Here it is helpful to make a gradation. One possibility is in:

own group company - dependent company (§§ 16, 17 AktG) / controlled company (§ 17 AktG) / dependent group company (§ 18 para. 1 AktG) - independent company

The ability to influence determines whether to what extent you can agree measures (such as contracts, training, controls) with the company. If you cannot do this, you still need to monitor and assess risks. In extreme cases, changing suppliers or making your own will help.

Probability of occurrence. The probability of occurrence has an impact on prioritization. You can try to derive it from historical data. However, you should also consider regional conditions

Prioritization In a classical risk analysis, probability and impact are plotted. You can do this in the case of supply chain law in terms of probability and severity of impact. A graph might look like this, depending on your choice of gradations.

With the help of this representation, you visualize the risks and can derive an appropriate order and the scope of the measures.

However, take the opportunity to log information that led to the assessment. This will help you determine if changes have occurred over time. The next time you go through for risk analysis, ask for new information and changes to existing information.

Privacy Policy Imprint

© 2022 Holger Laabs GmbH