Detail of a high rise in Montreal. By Phil Deforges at

Germany’s Supply Chain Act and the EU’s Corporate Sustainability Due Diligence Directive (CSDDD) in Global and European Context

With Germany’s Supply Chain Act, Canada’s Bill S-211, and the EU’s emerging Corporate Sustainability Due Diligence Directive (CSDDD), the intensification of national and international supply chain regulation and the continuing reflections on the principle of separate corporate personhood and corporate risk management have entered a new phase.

Introduction: Regulating global supply chains through soft and hard law

Following a decade and a half of intensifying regulatory activity around workers’ and human rights in global value chains on domestic and international levels, the German federal government in 2021 introduced the Supply Chain Due Diligence Act – the Lieferkettensorgfaltspflichtengesetz (LkSG) – which came into force 1 January 2023. In December 2023, the European Council and Parliament reached agreement on an arguably more muscular piece of global supply chain regulation, the Corporate Sustainability Due Diligence Directive (CSDDD). A year after the LkSG came into force and in light of the EU’s newest initiative, it is warranted to assess the German Act’s impact so far and to do so in relation to concurring developments on the European level.


The Promise and bind of the UN Guiding Principles (UNGP) on Business and Human Rights

The German legislator prefaced the draft of its Lieferkettensorgfaltspflichtengesetz (LkSG) with explicit reference to the United Nations Guiding Principles (UNGP), which the UN Human Rights Council had unanimously endorsed in 2011 and which since became a globally recognized benchmark for the regulation of transnational corporations and globally integrated supply chains. The UNGP’s three ‘pillars’ of ‘protect, respect and remedy’ arose from a framework developed in 2008 by Professor John Ruggie, the then-representative of the UN Secretary General and principal drafter of the UNGP. The Principles notably promulgated a respectively assumed responsibility of states to assume a duty to protect and of transnational corporations to respect, that is to prevent, mitigate and, where appropriate, remedy business-related human rights.

Ensuing corporate responsibility regulation through national supply chain and modern slavery laws over the past decade, and Germany’s LkSG most recently, has been shaped by the UNGP’s three-pronged pillar-structure. This includes the company’s obligation to institute a respective policy commitment related to respect human rights, to undertake ongoing human rights due diligence to identify, prevent, mitigate and account for their human rights impacts and to develop and implement processes to enable remediation for any adverse human rights impacts. Under the third pillar, the UNGP spell out the state’ duty to provide for an effective system of remedies for business-related human rights abuses.


Evolving supply chain regulation on the domestic level

The Berlin lawmaker, in the context of intensifying transnational pressure to enact effective human rights due diligence norms, followed on the footsteps of related legislation since California’s largely ineffective Transparency in Global Supply Chains Act in 2010, the much discussed UK’s 2015 Modern Slavery Act (and the British government’s newly pursued updating of said bill since 2022), France’s 2017 loi de vigilance, which was the first to introduce a civil liability for corporations whose non-compliance with their vigilance plan caused damage, The Netherlands’ 2019 Child Labor Due Diligence Law and its emerging updates from November 2022 as well as Norway’s Transparency Act which came into force 1 July 2022 which obliges companies to publish an annual due diligence report and notably extends corporate due diligence responsibilities down to their Tier N suppliers. Meanwhile, Canada’s federal Trudeau government, after previous efforts never had made it past initial discussion stages, in 2023 adopted its own Modern Slavery Law, Bill S-211, under which companies have a reporting duty as of 1 January 2024. Given Bill S-211 being the most recent domestic modern slavery law, critics have pointed to the missed opportunity by the Federal legislator to have prioritized transparency over the actual prohibition and/or penalization of forced labour or child labour.


Germany’s Supply Chain Act

In drafting the LkSG, German lawmakers responded to mounting public pressure from unions and transnational human and worker rights advocacy groups and was further conceptualized within the Government with reference to Germany’s own ‘National Action Plan for Business and Human Rights’ (‘Action Plan’) of 2016, which had formulated the responsibility of German business enterprises to comply with human rights due diligence (‘HRDD’) throughout their global supply chains. Acknowledging that only a fraction of 13-17% of German companies made efforts to scrutinize the human rights practices in their global networks, the lawmaker took the initiative to develop a more robust regulatory regime, specifically targeting management boards of companies of at least 3,000 employees (and, as of 1 January 2024, 1,000) and incorporated in Germany, to assume the responsibility for effective HRDD. Notably, § 2 not only expands this responsibility to a wide range of human rights-relevant labour rights, including child, forced and slave labor, as well as the prevention of collective labour rights and equality rights, of withholding adequate remuneration, causing harm to the environment or using private and unsupervised security forces to inflict harm, but also endorses a broad understanding of a corporation’s supply chain, including its direct and indirect suppliers and the rights compliance on those levels. Yet, § 2 does not include violations of indigenous rights provisions under ILO convention 169 despite their now wide-spread recognition in the context of evolving supply chain regulation, nor does it follow up on its preface’s invocation of gender rights by addressing these within § 2 of the Act itself.


Risk management at the centre

The LkSG’s key provisions (§§ 3-8) spell out the concrete due diligence mechanisms to be developed and implemented by the corporation, namely regularly executed risk management and analysis, company-internal competence, preventive measures and complain procedures. Echoing comparable approaches, particularly within the UK’s and France’s modern slavery laws, the LkSG stipulates an annual reporting obligation and establishes penalty fees for non-compliance of up to 2% of the company’s annual revenue, but regrettably falls short of creating a novel legislative basis of civil liability. While the legislation does not impact possible remedial action out of tort, the disappointing jurisprudential experience of such claims continues to be driven in large part by the obstacles of establishing parental or supply chain leaders’ responsibility in light of corporate separateness. Meanwhile, under the LkSG, individuals may not themselves initiate remedial action but can only empower a domestic union or NGO to pursue rights in their name related to a violation of the business’ obligations under §§ 3-10 (§ 11 LkSG). A number of notable complaint cases have been brought over the course of 2023, against companies such as Amazon or IKEA, by transnational labour and human rights advocacy groups with the support of the Berlin-based European Centre for Constitutional and Human Rights (ECCHR). Similar proceedings against grocery retailers such as Rewe or Edeka have been brought on the way since the LkSG was passed. These proceedings, if successful, could result in hefty fines, and heftier still under the emerging EU regime.


“Global Supply Chain Law” and the overlap of public and private actors

An important aspect of these complaints is their interlinkage of quasi-public, ‘soft law’ instruments such as the Bangladesh Accord, which was elaborated in a transnational norm-creating effort following the Rana Plaza tragedy, and domestic ‘hard law’ legislation such as the LkSG – which further highlights the continuing transnationalization of market regulation. It instantiates the necessity to engage with law, as recently reiterated by Lea Schneider in her compelling PhD study, from a perspective that grasps the overlaps of public and private norm generation and implementation as it evolves through the interplay of old and new ‘actors, norms and processes.’ The development of much more robust, empirically informed and validated approaches to the actual practices of transnational contract, tort and corporate responsibility law has a potential of going beyond the confines of litigating ‘cases.’ The acknowledgment of the need for, as Rotterdam law and business professor Cees van Dam calls them “polycentric” and “polymodal” legal conceptions, which can capture the grey zones of hybrid governance, informality and organizational complexity beyond the doctrine of separate legal personhood is a prerequisite for law’s effectiveness in addressing root causes of human and labour rights violations across supply chains, which themselves have long become the normal/un-normal representation of unsustainably destructive market structures.

Merely a year into the LkSG’s entering into force and only a few weeks in relation to its expanded scope of applications to businesses with 1,000 employees, its success or failure is not self-evident. Its current form reflects, at least in part, some of the push-back from within business lobbies who as in the case of the French vigilance law emphasized the ‘monstrous’ bureaucratic burdens and costs for medium-size companies and other ‘anti-competitive’ consequences. That the LkSG came into being, at the same time, is in no small part the result of intensive advocacy and campaigning work, particularly by the “Initiative Lieferkettengesetz”, which was early on supported by legal advocacy organizations such as the ECCHR and has by now grown into a coalition with over 130 partner organizations. Together with the campaign “Justice is Everybody’s Business”, efforts have continued to ensure that an emerging regulation on EU level would draw on the experiences and lessons from the LkSG.


No sleep still Brussels: The political compromise at the heart of the EU’s CSDDD

According to the global sustainability rating organization EvoVadis in September 2023, “[t]hese developments make clear that, in Europe, the era of voluntary, self-regulation in respect of social and environmental due diligence has come to a decisive end.” Indeed, the political economy of ‘business & human rights’ and sustainability regulation has distinctly evolved over the past decades. In essence, it has been showcasing a transition from the undead legacies of CSR (corporate social responsibility) which, despite its far-flung resonance in private as well as international self-regulatory instruments, never resulted in a structural transformation of the investor-driven prioritization of shareholder value, towards multilayered arrangements which are both more substantive in content due to the acknowledgement of climate change and more robust in terms of states having taken decisive steps in reclaiming regulatory prerogatives.

In that vein, the EU’s recently agreed-upon Corporate Sustainability Due Diligence Directive (‘CSDDD’) which originated in the Commission and was subsequently amended by the European Council and the European Parliament before a provisional deal was achieved in December 2023, seeks to impose actionable civil liability obligations for corporations that fail to comply with the Directive’s requirements. These particularly extend to the development and implementation of effective due diligence, risk management and monitoring systems for a significantly expanded range of businesses across four “groups” of companies. The Directive envisages the application of the new requirements for all businesses with as few as 500 employees and an annual turn-over of 150M Euros down to “high impact” companies with 250 employees and 40M Euros global turn out with at least 20M generated in sensitive industries such as textiles, garments, shoes, agriculture, fishing, food or resource extraction. Furthermore, again going beyond the LkSG, the CSDDD obliges larger companies to develop a plan outlining their compliance with the 2015 Paris Agreement as well as the evolving European regulations on Climate Change mitigation.

The bargaining result of December 2023 constitutes an important compromise between three key EU actors, Commission, Council and Parliament. While the Commission had opted to cautiously refer to the (parent’s) control of the (subsidiary’s) board or on the majority of voting rights while furthermore drawing on the notion of ‘dominant influence’ in Art. 2 f (iv) of the 2004 ‘Transparency Directive’, the Parliament has insisted on the inclusion of indirectly controlled subsidiaries and of parents – wherever established – whose turnover exceeds 150M of which 40M must be in the EU, including turnover generated by third parties with whom the parent is in a vertical relationship. A crucial component of the CSDDD is the obligations for scoped companies to develop and implement due diligence plans that put particular emphasis identifying, addressing and eradicating ‘adverse impacts’ of the company’s own operations and of those with which the company is engaging within its supply chains.

In terms of establishing parental liability for indirect partners, while the Commission argued for the need there to be an ‘established business relationship’ and the Council used the term ‘business partners’, the Parliament mobilized the concept of “business relationships”, meaning a direct or indirect relationship of the company in their value chain with which the company has a commercial agreement or to which it provides financial services and that performs business operations related to the products or services of the company. The European Parliament hereby made direct reference to the understanding of effective due diligence in supply chain structures as promulgated under the auspices of international norm texts such as the UNGP of 2011 and the OECD Due Diligence Guidance for Responsible Business Conduct of 2018. The Parliament’s amendments to the Commission’s Proposal echoed the critique, for example, from the European Coalition for Corporate Justice in April 2022, pointing to the Commission’s proposal resulting in ‘claimants … still find(ing) it extremely hard to prove in court the company’s breach of its duties, and the causal link between this and their harm. The ECCJ further argued for the ultimate Directive to “ensure that the limitation periods for bringing liability claims is reasonable, that claimants have recourse to collective redress mechanisms, that civil society organisations and trade unions are entitled to bring representative actions on behalf of victims, and that Member States set up accompanying measures to provide support to claimants.” Finally, with regard to the supply chain-related scope of the corporation’s responsibility to engage in effective due diligence, the ECCJ pushed back against the Commission’s use of “established business relationships” in arguing that “[t]his approach risks leaving out short, unstable or informal relationships where severe impacts are actually more likely.”

Particularly with regard to the high degree of informal and precarious work that forms part of global value chain assemblages and, in an ever further accentuated way across the platform organization of the global economy, the ECCJ argued that the Commission’s proposal risked “creating perverse incentives: as short-term relationships would not be covered, companies could be tempted to switch suppliers regularly in order to avoid due diligence obligations and their associated liability.”

Similarly, the authors of a 2021 report in the “Forced Labour Evidence Briefs” series for the Re:Structure Lab highlighted the persisting deficiencies of transparency regulation and argued that “Transparency laws are often drafted in a way that gives wide discretion to corporations about how they act and do not contain strong sanctions for noncompliance.” The Re:StructureLab report further called for the introduction of a mandatory human rights due diligence system (mHRDD) which would, inter alia and echoing the demands made by the ECCJ, expand the scope of those being able to bring claims to unions and civil society organizations which could act on behalf of those unable to for a host of reasons.

The agreement of December 2023 on the forthcoming CSDDD notably includes the extension of due diligence obligations towards “business partners” with whom the scoped parent or company engages with or without a commercial agreement related to its operations, products or services. Mirroring this standard, the Directive also mandates EU Member States, in transposing the Directive into national law, to ensure that violations of CSDDD obligations be remediable under national law.

An extremely sensitive point of the Directive’s stipulation of civil liability arises from its distinction between damages caused only by a business partner or jointly by the company and its business partner. Only in the latter case, according to the now-reached compromise, will there be joint and several responsibility between both. While this seems to outright suggest a straight-forward application of the “cornerstone” separate legal personhood and limited liability principles which have been at the heart of transnational tort cases against multinational corporations (and their subsidiaries and partners) all along, the Directive’s reference to jointly caused damage does offer some interpretation room. This is particularly so where case law has in recent years engaged in growing detail with the actual forms of cooperation, guidance, management and operation between different company entities, including parents and their subsidiaries.

As Robert McCorquodale pointed out in an insightful analysis of the UK Supreme Court’s widely-noted Vedanta decision of 2019, the assessment of a company’s tort liability for an intentional or negligent act with regard to the occurrence of a human rights violation on the level of one of its subsidiaries must, per Vedanta, also applies “where the parent company should have done something and did not.” While, as Professor Corquodale notes, “in each case there will still need to be evidence brought by claimants as to what actions a parent company has undertaken or omitted to undertake to indicate a duty of care of a parent company exists in the particular circumstances”, Vedanta has put a bright light on the actions taken by corporate (parents’) boards to navigate the incentives not to expose itself to liability risk by developing organization- and network-wide policies regarding worker and environmental protection and hereby coming into direct conflict with the strengthening normative fabric under domestic hard and international soft law regarding the adoption of these very policies. And, when it comes to a legal assessment of managerial and operational practices and decision-making processes within the firm, the application of one-size-fits-all formal categories will be insufficient. As Lord Briggs observed himself in Vedanta, “There is no limit to the models of management and control which may be put in place within a multinational group of companies.”

As Professor van Dam convincingly notes, the here implicated questions go “to the heart of company law” – but they go further still. “Risk externalisation through legal entities is easier to justify towards voluntary (commercial and contractual) creditors than towards involuntary third parties who are not able to manage or pass on the risk.” In the context of decentralized forms of border-crossing economic and financial organization that will only continue to alienate consumers from makers, users from providers, the need to make the managerial incentives of supply chain operations relatable to and compatible with effective human, labour and environmental regulation will grow significantly. Both the incremental evolution of tort law standards over the past few years, particularly in the cases of Vedanta, Okpabi, Oguru and Milieudefensie, and the obvious substantiation of regulatory frameworks with regard to actual and actionable corporate responsibilities for harm caused at different levels of the supply chain point to a continuing concentration of the normative-regulatory fabric.

The LkSG as well as the CSDDD are thus neither the last word or pinnacle in the continuing struggle for sustainable market governance, human and labour rights protection. Instead, they reflect the ongoing efforts by transnational stakeholder advocacy groups to militate against the resurgence of political self-centered nationalism, xenophobia and destructive extractivism.

Peer Zumbansen holds the inaugural professorship for Business Law at McGill University, Faculty of Law. He directs McGill’s Business Law Platform and is the Academic Lead of the SGI CIBC Office of Sustainable Finance with the Sustainable Growth Initiative at McGill University. With Miriam Saage-Maaß, Michael Bader and Palvasha Shahab, he published the ECCHR-supported volume, “Transnational Legal Activism in Global Supply Chains” (Springer 2021 – open access: His most recent publications include “Runaway train? Decentralised finance and the myth of the private platform economy”, (2023) 14:4 Transnational Legal Theory; “The Corporation in an Age of Divisiveness”, (2023) 25:4 University of Pennsylvania Journal of Business Law, 1019-1090,

Back to top