Author: Kateřina Nešpůrková
Co-author: Martin Peckl
Fires in factories, collapsed mines, substandard working conditions, child labour, poisoned rivers, oceans overwhelmed with garbage.[1] This and many other undesirable phenomena are brought about by globalisation. Big companies are looking for the cheapest supplier around the world. The consequences are dramatic: we live in a world where the biggest shoe manufacturers do not actually make shoes, they just design and sell them. Similarly, the largest PC manufacturers do not manufacture their products themselves, but merely assemble them from components made elsewhere. Production has moved to countries with cheap labour and raw materials, with inadequate legal protection for workers or the environment, and with high levels of crime and corruption.
There is growing social pressure for companies in the developed parts of the world to take responsibility for what happens in their supply chains. These are networks of individuals and companies that start with the acquisition of raw materials and end with the creation of the final product and its delivery to the consumer. Initially, it was international organisations such as the United Nations (UN), the Organisation for Economic Co-operation and Development (OECD), and the International Labour Organisation (ILO), and later some countries, that formulated recommendations and standards on how companies should manage risks related to human rights and environmental protection within their own groups and supply chains. However, only some corporations have adopted these recommendations and standards into their practice. Those that have acted responsibly and invested in their corporate social responsibility (CSR) are calling for the introduction of equal conditions for all market players (levelling the playing field).
These calls have been answered. At the level of some countries (the United Kingdom, France, the Netherlands …), binding legislation has been gradually adopted establishing the legal responsibility of corporations to manage human rights and/or environmental risks in their supply chains. With effect from 1 January this year, Germany, which is the most important trading partner for Czech companies, adopted binding regulations in this area. The Lieferkettengesetz (LkSG), as the German law is called for short, is considered a pilot project in the EU to test the new rules.
The draft EU Corporate Sustainability Due Diligence Directive (CSDDD) is based on similar principles to the LkSG at EU level. It is currently in the EU legislative process. The Directive is expected to take effect from 2026 at the earliest.
This (forthcoming) new piece of legislation builds on requirements already formulated by international institutions. When defining protected human rights (e.g. prohibition of child labour, all forms of forced labour, prohibition of violations of occupational health and safety, etc.) and protected environmental parameters (e.g. prohibition of the production of products with added mercury, prohibition of import and export of hazardous waste, etc.), reference is often made directly to established international conventions.
Large corporations will have to monitor the fulfilment of key values – protection of human rights and of the environment – throughout their supply chains according to established due diligence benchmarks and by implementing prescribed measures. The LkSG calls for both a preventive approach and the correction of identified negative impacts. German companies face heavy fines if they fail to comply – up to EUR 800,000 or 2% of their average annual worldwide turnover. In addition, they also risk being banned from participating in German public procurement for up to three years.
The CSDDD, too, foresees that Member States will be obliged to introduce sanctions when transposing the Directive, fines will have to be based on the corporation’s turnover, decisions will always be made public. Beyond the framework of the German LkSG, however, the CSDDD is also working with introducing civil liability for damage to protected values caused by a breach of the due diligence within the group or by a direct partner. In effect, this would mean that large corporations could be held liable for damage they did not directly cause, but to which they may have contributed by their inaction.
As it stands, the obligations under the German Lieferkettengesetz directly affect German companies with more than 3,000 employees in a group. From 1 January 2024, this threshold will be reduced to 1,000 employees. The contemplated European CSDDD is even more ambitious (in some high-risk sectors – typically mining of minerals or garment and footwear manufacturing – companies with at least 250 employees will be directly affected) and it should affect around 13,000 European companies in total and a further 4,000 non-European companies with a defined turnover generated in the EU.
Indirectly, however, this regulation will also affect a much wider range of other, often much smaller companies, including Czech ones, if they are part of the supplier-customer network of large corporations regulated by the German LkSG or, in the future, the CSDDD. The introduction of the legal due diligence in value chains will therefore be felt indirectly by many of you due to its cascading effect.
The new legislation compels large corporations to implement a risk management system designed to identify, prevent and eliminate risks related to human rights and the environment both on their own part and within their global supply chains. They will be obliged to carry out risk analysis of all their business processes and take preventive measures, which will also be reflected in the management of relationships with contractors. The requirement for effective human rights and environmental risk management will become more important when selecting contractors. Selected suppliers will have to contractually commit to the rules defined by the regulated entities (Code of Conduct) and reflect those rules further in their own supply chain.
Large companies are motivated to work with their chain. The LkSG specifically mentions the training of responsible persons. The contractual partners must contractually agree to allow an audit of compliance with the relevant rules to be performed either by the corporation or by an independent third party. The CSDDD allows for the cost of compliance verification at small and medium-sized enterprises (SMEs) to be passed on to the obligated companies. The whole system should be updated regularly, at least once a year.
All measures implemented in respect of due care under the LkSG and/or CSDDD will need to be reported and published. The CSDDD explicitly stipulates that this report will be part of the sustainability report; the details for this report are set out in the EU Corporate Sustainability Reporting Directive (CSRD) approved at EU level at the end of November last year.
It is clear that those responsible for risk management in companies affected – whether directly or indirectly – by the new legislation will have to revise their contractual relationships with partners, related codes of conduct and, in particular, the clauses addressing partner liability in the event of a breach of the rules.
In the transaction market, ESG audit is already becoming established as a separate category, which is performed in parallel with due diligence in other areas such as legal, tax and economic. We have seen extensive third-party group audits in the areas of occupational safety, labour and environmental compliance. Within their framework, contractual documentation (not only) in customer-supplier relationships will be newly examined in terms of ESG clauses, which change the current practice of generally formulated supplier codes. ESG clauses move from appendices (or sometimes just a web link) into the body of the contract. They tend to be much more specifically worded as they should be based on a previous individualised audit and assessment of specific risks. They require identification of persons responsible at the level of the contractors for compliance with the rules. We have also encountered the approach that ESG clauses have been identified as an essential element of the contract, with all the consequences that this entails, including the possibility of immediate termination of the contractual relationship with the supplier in the event of a breach of those clauses. In general, it is therefore advisable to pay attention to the formality of individual acts within the supplier-customer relationship, the quality of related documentation and its proper recording – the German legislator, for example, requires the retention of relevant documentation for 7 years.
Both the German and the European regulations further require that obligated companies establish an internal reporting system that allows affected persons to report human rights risks and/or environmental risks that are related to the economic activities of the obligated company itself or its direct and indirect suppliers. The rules for receiving and addressing these concerns are the same as those for whistleblowing as defined in the EU Directive on the protection of persons who report breaches of Union law. It is clear that obligated persons will need to implement more comprehensive reporting systems that will allow them to receive reports from the entire chain and/or to use the notification systems of their partners.
In June this year, the Whistleblower Protection Act was passed in the Czech Republic, requiring all companies with more than 50 employees to introduce whistleblowing arrangements. When implementing or revising their internal whistleblowing systems, companies that are suppliers to large German corporations had to consider how to properly combine the requirements of German legislation for receiving and investigating reports of suspected violations of regulations governing human rights and environmental protection with the requirements of Czech legislation for internal whistleblowing. A number of the companies ended up with an ethics helpline with a broader personal and substantive scope than that required by local laws.
Nothing in the new legislation regulating supply chains will be an easy task. Even for companies that have a team with experience in sustainability and human rights, supply chain due diligence risk management will be a brand new field. Companies that are already preparing for sustainability reporting under the CSRD will have an advantage. The CSRD, too, requires the provision of aggregated sustainability data across the value chain. It is obvious that in performing risk analysis across the entire value chain, implementing preventive and corrective measures, updating them, managing complaints across the chain, etc. it will be appropriate to involve not only a competent team, but also software that enables efficient data processing.
At HAVEL & PARTNERS, we monitor ESG and sustainability trends across the relevant legal practice areas and are here to help you apply them in practice.
[1] 2012 – Fire at Ali Enterprises textile factory in Karachi, Pakistan, killing 258 people
2012 – Fire at the Tazreen garment factory in Dhaka, Bangladesh, with 117 people dead and more than 200 injured
2013 – Rana Plaza building collapses in Dhaka, Bangladesh, leaving at least 1,132 people dead and more than 2,500 injured
2019 – Collapse of a copper and cobalt mine in Kolwezi, Democratic Republic of Congo, killing at least 36 people