the situation: Countries across Europe have passed due diligence laws to regulate ESG risks along the supply chain. In addition, the European Union is currently working on a human rights due diligence law that may affect a large number of companies operating in Europe and around the world.
Development: On June 11 and 25, 2021, the German legislator passed the Supply Chain Due Diligence Act (SDDA), which obligates large companies to reduce human rights and environmental risks along their supply chains. The German law is similar to the French law passed in 2017, the Corporate Vigilance Law (“DoV”), which is increasingly becoming the subject of litigation.
I am looking forward to: New German law and current lawsuits in France are only a prelude to realigning ESG risks along supply chains. These laws will affect suppliers around the world. In order to better assess the effects of EU legislation on human rights due diligence, it is necessary to take a closer look at French and German developments.
With the recently passed United Nations Sustainability Act, Germany and France are committed to enforcing human rights and environmental due diligence obligations along the international supply chains of major corporations. SDDA includes companies based in Germany with 3,000 employees, which will be reduced to 1,000 by 2024. By comparison, the French DoV applies to French companies with at least 5,000 employees nationally or 10,000 employees worldwide. In both countries, due diligence may affect foreign companies, including subsidiaries, suppliers and subcontractors worldwide. This comment discusses some key aspects of the German SDDA and how it compares to the French DOV.
German data protection law requires regulated companies to conduct due diligence in relation to their companies (including group companies) and their direct suppliers. With regard to indirect suppliers, regulated firms may need to take action if there is sufficient evidence of human rights or environmental risks, regardless of the length of the supply chain. In contrast, the French DoV assigns responsibilities along the supply chain to subcontractors and suppliers to regulated companies when there is a “well-established business relationship”.
Human rights and environmental protection
The Federal Data Protection Act defines protected legal positions, human rights risks, and environmental risks based on 14 international agreements found in the Annex to the Special and Sustainable Development Act. A thorough understanding of the physical scope of human rights and applicable environmental standards requires a case-specific analysis of international, German/French and national laws applicable to the respective supply chain.
Risk-based approach and need for action
Businesses need to take “reasonable steps” to prevent or mitigate human rights and environmental risks. The Federal Data Protection Act, which expressly takes a risk-based approach, contains more specific regulations for establishing a risk management system, for conducting regular risk analyzes, for taking preventive measures, for reporting obligations or for creating a complaints mechanism. While such risk-based approaches leave regulated entities a degree of discretion, this flexibility is a double-edged sword as courts or regulators can subsequently decide that these actions were not sufficient. Additional information is expected from the German supervisory authority; However, these guidelines can only be general and not company specific. Therefore, companies must carefully analyze all legal requirements and implement an appropriate compliance infrastructure tailored to their individual needs.
German SDDA law provides for administrative fines of up to 2% of annual global sales volume in Germany, which given the ambiguity of SDDA obligations presents a high potential for penalties. For comparison: the French Constitutional Court overturned the provision on fines in the DoV because the terms characterizing the violation could not be clearly defined, in particular the terms “reasonable due diligence” and “appropriate measures to reduce risks” and references to “human rights violations” “fundamental freedoms” were general and broad Scope German courts may have similar concerns about the ambiguity of some specific violations of personal data protection law.
In France, any “interested party” can apply to the relevant French court for an injunction to instruct a regulated company to comply with the DoV requirements after formally notifying that company. This mechanism has already been used by French and international NGOs against large French companies, including on behalf of local communities from third countries. The person concerned can also file a civil action for damages if non-compliance with the DoV control obligations by the regulated company directly caused harm that would otherwise have been prevented.
The Personal Data Protection Act contains a provision that specifically states that its breach will not lead to civil liability. Rather than civil litigation, the SDDA relies on regulatory oversight and pressure that NGOs and the media have to build. According to the Anti-Corruption and Economic Crimes Act, the affected persons have the right to submit a request for official investigations to the relevant federal authority. Civil law liability independently established under the general tort law remained the same. German SDDA law also states that companies can be excluded from public tenders in the event of serious violations of SDDA law.
Given the French and German due diligence laws, work on due diligence laws is underway at the EU level after the European Parliament adopted a resolution on March 10, 2021 calling on the Commission to come up with a legislative proposal on mandatory supply chain due diligence.
Four main meals
- Similar to previous French legislation, German law on personal data protection defines human rights and environmental due diligence along the international supply chains of large companies based in Germany.
- The risk-based approach to these regulations requires careful analysis of the manner in which companies intend to implement their due diligence obligations.
- Implementing due diligence regulations creates new litigation and regulatory risks, including opportunities for NGOs to combat human rights or environmental abuses.
- The European Union is currently working on drafting guidance on corporate due diligence and accountability after the European Parliament adopted a resolution on March 10, 2021.