Introduction: Regulating global supply chains through soft and hard law
Following a decade and a half of intensifying regulatory activity around workersâ and human rights in global value chains on domestic and international levels, the German federal government in 2021 introduced the Supply Chain Due Diligence Act â the Lieferkettensorgfaltspflichtengesetz (LkSG) â which came into force 1 January 2023. In December 2023, the European Council and Parliament reached agreement on an arguably more muscular piece of global supply chain regulation, the Corporate Sustainability Due Diligence Directive (CSDDD). A year after the LkSG came into force and in light of the EUâs newest initiative, it is warranted to assess the German Actâs impact so far and to do so in relation to concurring developments on the European level.
Ìę
The Promise and bind of the UN Guiding Principles (UNGP) on Business and Human Rights
The German legislator prefaced the of its Lieferkettensorgfaltspflichtengesetz (LkSG) with explicit reference to the United Nations Guiding Principles (UNGP), which the UN Human Rights Council had unanimously endorsed in 2011 and which since became a globally recognized benchmark for the regulation of transnational corporations and globally integrated supply chains. The UNGPâs three âpillarsâ of âprotect, respect and remedyâ arose from a developed in 2008 by Professor John Ruggie, the then-representative of the UN Secretary General and principal drafter of the UNGP. The Principles notably promulgated a respectively assumed responsibility of states to assume a duty to protect and of transnational corporations to respect, that is to prevent, mitigate and, where appropriate, remedy business-related human rights.
Ensuing corporate responsibility regulation through national supply chain and modern slavery laws over the past decade, and Germanyâs LkSG most recently, has been shaped by the UNGPâs three-pronged pillar-structure. This includes the companyâs obligation to institute a respective policy commitment related to respect human rights, to undertake ongoing human rights due diligence to identify, prevent, mitigate and account for their human rights impacts and to develop and implement processes to enable remediation for any adverse human rights impacts. Under the third pillar, the UNGP spell out the stateâ duty to provide for an effective system of remedies for business-related human rights abuses.
Ìę
Evolving supply chain regulation on the domestic level
The Berlin lawmaker, in the context of intensifying transnational pressure to enact , followed on the footsteps of related legislation since Californiaâs largely ineffective Transparency in Global Supply Chains Act in 2010, the much discussed UKâs 2015 Modern Slavery Act (and the British governmentâs newly pursued updating of said bill since 2022), Franceâs 2017 , which was the for corporations whose non-compliance with their vigilance plan caused damage, The Netherlandsâ 2019 and its from November 2022 as well as which came into force 1 July 2022 which obliges companies to publish an annual due diligence report and notably extends corporate due diligence responsibilities down to their Tier N suppliers. Meanwhile, Canadaâs federal Trudeau government, after previous efforts never had made it past initial discussion stages, in 2023 adopted its own Modern Slavery Law, , under which companies have a reporting duty as of 1 January 2024. Given Bill S-211 being the most recent domestic modern slavery law, have pointed to the by the Federal legislator to have over the actual prohibition and/or penalization of forced labour or child labour.
Ìę
Germanyâs Supply Chain Act
In drafting the LkSG, German lawmakers responded to from unions and transnational human and worker rights advocacy groups and was further conceptualized within the Government with reference to Germanyâs own âNational Action Plan for Business and Human Rightsâ (ââ) of 2016, which had formulated the responsibility of German business enterprises to comply with human rights due diligence (âHRDDâ) throughout their global supply chains. Acknowledging that only a fraction of 13-17% of German companies made efforts to scrutinize the human rights practices in their global networks, the lawmaker took the initiative to develop a more robust regulatory regime, specifically targeting management boards of companies of at least 3,000 employees (and, as of 1 January 2024, 1,000) and incorporated in Germany, to assume the responsibility for effective HRDD. Notably, § 2 not only expands this responsibility to a wide range of human rights-relevant labour rights, including child, forced and slave labor, as well as the prevention of collective labour rights and equality rights, of withholding adequate remuneration, causing harm to the environment or using private and unsupervised security forces to inflict harm, but also endorses a broad understanding of a corporationâs supply chain, including its direct and indirect suppliers and the rights compliance on those levels. Yet, § 2 does not include violations of indigenous rights provisions under ILO convention 169 despite their now wide-spread recognition in the context of evolving supply chain regulation, nor does it follow up on its prefaceâs invocation of gender rights by addressing these within § 2 of the Act itself.
Ìę
Risk management at the centre
The LkSGâs key provisions (§§ 3-8) spell out the concrete due diligence mechanisms to be developed and implemented by the corporation, namely regularly executed risk management and analysis, company-internal competence, preventive measures and complain procedures. Echoing comparable approaches, particularly within the UKâs and Franceâs modern slavery laws, the LkSG stipulates an annual reporting obligation and establishes penalty fees for non-compliance of up to 2% of the companyâs annual revenue, but regrettably falls short of creating a novel legislative basis of civil liability. While the legislation does not impact possible remedial action out of tort, the disappointing jurisprudential experience of such claims continues to be driven in large part by the obstacles of establishing parental or supply chain leadersâ responsibility in light of corporate separateness. Meanwhile, under the LkSG, individuals may not themselves initiate remedial action but can only empower a domestic union or NGO to pursue rights in their name related to a violation of the businessâ obligations under §§ 3-10 (§ 11 LkSG). A number of notable complaint cases have been brought over the course of 2023, against companies such as , by transnational labour and human rights advocacy groups with the support of the Berlin-based (ECCHR). Similar proceedings against grocery retailers such as have been brought on the way since the LkSG was passed. These proceedings, if successful, could result in hefty fines, and heftier still under the emerging EU regime.
Ìę
âGlobal Supply Chain Lawâ and the overlap of public and private actors
An important aspect of these complaints is their interlinkage of quasi-public, âsoft lawâ instruments such as the Bangladesh Accord, which was elaborated in , and domestic âhard lawâ legislation such as the LkSG â which further highlights the continuing transnationalization of market regulation. It instantiates the necessity to engage with law, as recently reiterated by , from a perspective that grasps the overlaps of public and private norm generation and implementation as it evolves through the interplay of old and new âactors, norms and processes.â The development of much more robust, empirically informed and validated approaches to the actual practices of transnational contract, tort and corporate responsibility law has a potential of going beyond the confines of litigating âcases.â The acknowledgment of the need for, as Rotterdam law and business professor Cees van Dam calls them legal conceptions, which can capture the grey zones of hybrid governance, informality and organizational complexity beyond the doctrine of separate legal personhood is a prerequisite for lawâs effectiveness in addressing r, which themselves have long become the .
Merely a year into the LkSGâs entering into force and only a few weeks in relation to its expanded scope of applications to businesses with 1,000 employees, its success or failure is not self-evident. Its current form reflects, at least in part, some of the push-back from within business lobbies who as in the case of the French vigilance law emphasized the and other âanti-competitiveâ consequences. That the LkSG came into being, at the same time, is in no small part the result of intensive advocacy and campaigning work, particularly by the âInitiative Lieferkettengesetzâ, which was early on supported by legal advocacy organizations such as the ECCHR and has by now grown into a coalition with over 130 partner organizations. Together with the campaign âJustice is Everybodyâs Businessâ, efforts have continued to ensure that an emerging regulation on EU level would draw on the experiences and lessons from the LkSG.
Ìę
No sleep still Brussels: The political compromise at the heart of the EUâs CSDDD
According to the global sustainability rating organization EvoVadis in , â[t]hese developments make clear that, in Europe, the era of voluntary, self-regulation in respect of social and environmental due diligence has come to a decisive end.â Indeed, the political economy of âbusiness & human rightsâ and sustainability regulation has distinctly evolved over the past decades. In essence, it has been showcasing a transition from the undead legacies of CSR (corporate social responsibility) which, despite its , never resulted in a structural transformation of the investor-driven prioritization of shareholder value, towards multilayered arrangements which are both more substantive in content due to the acknowledgement of climate change and more robust in terms of states having taken decisive steps in reclaiming regulatory prerogatives.
In that vein, the EUâs recently which originated in the Commission and was subsequently amended by the European Council and the European Parliament before a provisional deal was achieved in December 2023, seeks to impose actionable civil liability obligations for corporations that fail to comply with the Directiveâs requirements. These particularly extend to the development and implementation of effective due diligence, risk management and monitoring systems for a significantly expanded range of businesses across four âgroupsâ of companies. The Directive envisages the application of the new requirements for all businesses with as few as 500 employees and an annual turn-over of 150M Euros down to âhigh impactâ companies with 250 employees and 40M Euros global turn out with at least 20M generated in sensitive industries such as textiles, garments, shoes, agriculture, fishing, food or resource extraction. Furthermore, again going beyond the LkSG, the CSDDD obliges larger companies to develop a plan outlining their compliance with the 2015 Paris Agreement as well as the evolving European regulations on Climate Change mitigation.
The bargaining result of December 2023 constitutes an important compromise between three key EU actors, Commission, Council and Parliament. While the Commission had opted to cautiously refer to the (parentâs) control of the (subsidiaryâs) board or on the majority of voting rights while furthermore drawing on the notion of âdominant influenceâ in Art. 2 f (iv) of the 2004 â, the Parliament has insisted on the and of parents â wherever established â whose turnover exceeds 150M of which 40M must be in the EU, including turnover generated by third parties with whom the parent is in a vertical relationship. A crucial component of the CSDDD is the obligations for scoped companies to develop and implement due diligence plans that put particular emphasis identifying, addressing and eradicating âadverse impactsâ of the companyâs own operations and of those with which the company is engaging within its supply chains.
In terms of establishing parental liability for indirect partners, while the Commission argued for the need there to be an âestablished business relationshipâ and the Council used the term âbusiness partnersâ, the Parliament mobilized the concept of âbusiness relationshipsâ, meaning a direct or indirect relationship of the company in their value chain with which the company has a commercial agreement or to which it provides financial services and that performs business operations related to the products or services of the company. The European Parliament hereby made to the understanding of effective due diligence in supply chain structures as promulgated under the auspices of international norm texts such as the UNGP of 2011 and the OECD Due Diligence Guidance for Responsible Business Conduct of 2018. The Parliamentâs amendments to the Commissionâs Proposal echoed the critique, for example, from the in April 2022, pointing to the Commissionâs proposal resulting in âclaimants ⊠still find(ing) it extremely hard to prove in court the companyâs breach of its duties, and the causal link between this and their harm. The ECCJ further argued for the ultimate Directive to âensure that the limitation periods for bringing liability claims is reasonable, that claimants have recourse to collective redress mechanisms, that civil society organisations and trade unions are entitled to bring representative actions on behalf of victims, and that Member States set up accompanying measures to provide support to claimants.â Finally, with regard to the supply chain-related scope of the corporationâs responsibility to engage in effective due diligence, the ECCJ pushed back against the Commissionâs use of âestablished business relationshipsâ in that â[t]his approach risks leaving out short, unstable or informal relationships where severe impacts are actually more likely.â
Particularly with regard to the high degree of that forms part of global value chain assemblages and, in an ever further accentuated way across the , the ECCJ argued that the Commissionâs proposal risked âcreating perverse incentives: as short-term relationships would not be covered, companies could be tempted to switch suppliers regularly in order to avoid due diligence obligations and their associated liability.â
Similarly, the authors of a in the âForced Labour Evidence Briefsâ series for the Re:Structure Lab highlighted the and argued that âTransparency laws are often drafted in a way that gives wide discretion to corporations about how they act and do not contain strong sanctions for noncompliance.â The Re:StructureLab report further called for the introduction of a mandatory human rights due diligence system (mHRDD) which would, inter alia and echoing the demands made by the ECCJ, expand the scope of those being able to bring claims to unions and civil society organizations which could act on behalf of those unable to for a host of reasons.
The agreement of December 2023 on the forthcoming CSDDD notably includes the extension of due diligence obligations towards âbusiness partnersâ with whom the scoped parent or company engages with or without a commercial agreement related to its operations, products or services. Mirroring this standard, the Directive also mandates EU Member States, in transposing the Directive into national law, to ensure that violations of CSDDD obligations be remediable under national law.
An extremely sensitive point of the Directiveâs stipulation of civil liability arises from its distinction between damages caused only by a business partner or jointly by the company and its business partner. Only in the latter case, according to the now-reached compromise, will there be joint and several responsibility between both. While this seems to outright suggest a straight-forward application of the ââ separate legal personhood and limited liability principles which have been at the heart of transnational tort cases against multinational corporations (and their subsidiaries and partners) all along, the Directiveâs reference to jointly caused damage does offer some interpretation room. This is particularly so where case law has in recent years engaged in growing detail with the actual forms of cooperation, guidance, management and operation between different company entities, including parents and their subsidiaries.
As Robert McCorquodale pointed out in an of the UK Supreme Courtâs widely-noted decision of 2019, the assessment of a companyâs tort liability for an intentional or negligent act with regard to the occurrence of a human rights violation on the level of one of its subsidiaries must, per Vedanta, also applies âwhere the parent company should have done something and did not.â While, as Professor Corquodale notes, âin each case there will still need to be evidence brought by claimants as to what actions a parent company has undertaken or omitted to undertake to indicate a duty of care of a parent company exists in the particular circumstancesâ, Vedanta has put a bright light on the actions taken by corporate (parentsâ) boards to navigate the incentives not to expose itself to liability risk by developing organization- and network-wide policies regarding worker and environmental protection and hereby coming into direct conflict with the regarding the adoption of these very policies. And, when it comes to a legal assessment of managerial and operational practices and decision-making processes within the firm, the application of one-size-fits-all formal categories will be insufficient. As Lord Briggs observed himself in Vedanta, âThere is no limit to the models of management and control which may be put in place within a multinational group of companies.â
As Professor van Dam convincingly , the here implicated questions go âto the heart of company lawâ â but they go further still. âRisk externalisation through legal entities is easier to justify towards voluntary (commercial and contractual) creditors than towards involuntary third parties who are not able to manage or pass on the risk.â In the context of that will only continue to alienate consumers from makers, users from providers, the need to make the managerial incentives of supply chain operations relatable to and compatible with effective human, labour and environmental regulation will grow significantly. Both the incremental evolution of tort law standards over the past few years, particularly in the cases of Vedanta, Okpabi, Oguru and Milieudefensie, and the obvious substantiation of regulatory frameworks with regard to actual and actionable corporate responsibilities for harm caused at different levels of the supply chain point to a continuing concentration of the normative-regulatory fabric.
The LkSG as well as the CSDDD are thus neither the last word or pinnacle in the continuing struggle for sustainable market governance, human and labour rights protection. Instead, they reflect the ongoing efforts by transnational stakeholder advocacy groups to militate against the resurgence of political self-centered nationalism, xenophobia and destructive extractivism.
Peer Zumbansen holds the inaugural professorship for Business Law at Âé¶čAV, Faculty of Law. He directs Âé¶čAVâs Business Law Platform and is the Academic Lead of the SGI CIBC Office of Sustainable Finance with the Sustainable Growth Initiative at Âé¶čAV. With Miriam Saage-MaaĂ, Michael Bader and Palvasha Shahab, he published the ECCHR-supported volume, âTransnational Legal Activism in Global Supply Chainsâ (Springer 2021 â open access: ). His most recent publications include âRunaway train? Decentralised finance and the myth of the private platform economyâ, (2023) 14:4 Transnational Legal Theory ; âThe Corporation in an Age of Divisivenessâ, (2023) 25:4 University of Pennsylvania Journal of Business Law, 1019-1090,