Introduction: Regulating global supply chains through soft and hard law
Following a decade and a half of intensifying regulatory activity around workers鈥 and human rights in global value chains on domestic and international levels, the German federal government in 2021 introduced the Supply Chain Due Diligence Act 鈥 the Lieferkettensorgfaltspflichtengesetz (LkSG) 鈥 which came into force 1 January 2023. In December 2023, the European Council and Parliament reached agreement on an arguably more muscular piece of global supply chain regulation, the Corporate Sustainability Due Diligence Directive (CSDDD). A year after the LkSG came into force and in light of the EU鈥檚 newest initiative, it is warranted to assess the German Act鈥檚 impact so far and to do so in relation to concurring developments on the European level.
听
The Promise and bind of the UN Guiding Principles (UNGP) on Business and Human Rights
The German legislator prefaced the of its Lieferkettensorgfaltspflichtengesetz (LkSG) with explicit reference to the United Nations Guiding Principles (UNGP), which the UN Human Rights Council had unanimously endorsed in 2011 and which since became a globally recognized benchmark for the regulation of transnational corporations and globally integrated supply chains. The UNGP鈥檚 three 鈥榩illars鈥 of 鈥榩rotect, respect and remedy鈥 arose from a developed in 2008 by Professor John Ruggie, the then-representative of the UN Secretary General and principal drafter of the UNGP. The Principles notably promulgated a respectively assumed responsibility of states to assume a duty to protect and of transnational corporations to respect, that is to prevent, mitigate and, where appropriate, remedy business-related human rights.
Ensuing corporate responsibility regulation through national supply chain and modern slavery laws over the past decade, and Germany鈥檚 LkSG most recently, has been shaped by the UNGP鈥檚 three-pronged pillar-structure. This includes the company鈥檚 obligation to institute a respective policy commitment related to respect human rights, to undertake ongoing human rights due diligence to identify, prevent, mitigate and account for their human rights impacts and to develop and implement processes to enable remediation for any adverse human rights impacts. Under the third pillar, the UNGP spell out the state鈥 duty to provide for an effective system of remedies for business-related human rights abuses.
听
Evolving supply chain regulation on the domestic level
The Berlin lawmaker, in the context of intensifying transnational pressure to enact , followed on the footsteps of related legislation since California鈥檚 largely ineffective Transparency in Global Supply Chains Act in 2010, the much discussed UK鈥檚 2015 Modern Slavery Act (and the British government鈥檚 newly pursued updating of said bill since 2022), France鈥檚 2017 , which was the for corporations whose non-compliance with their vigilance plan caused damage, The Netherlands鈥 2019 and its from November 2022 as well as which came into force 1 July 2022 which obliges companies to publish an annual due diligence report and notably extends corporate due diligence responsibilities down to their Tier N suppliers. Meanwhile, Canada鈥檚 federal Trudeau government, after previous efforts never had made it past initial discussion stages, in 2023 adopted its own Modern Slavery Law, , under which companies have a reporting duty as of 1 January 2024. Given Bill S-211 being the most recent domestic modern slavery law, have pointed to the by the Federal legislator to have over the actual prohibition and/or penalization of forced labour or child labour.
听
Germany鈥檚 Supply Chain Act
In drafting the LkSG, German lawmakers responded to from unions and transnational human and worker rights advocacy groups and was further conceptualized within the Government with reference to Germany鈥檚 own 鈥National Action Plan for Business and Human Rights鈥 (鈥樷) of 2016, which had formulated the responsibility of German business enterprises to comply with human rights due diligence (鈥楬RDD鈥) throughout their global supply chains. Acknowledging that only a fraction of 13-17% of German companies made efforts to scrutinize the human rights practices in their global networks, the lawmaker took the initiative to develop a more robust regulatory regime, specifically targeting management boards of companies of at least 3,000 employees (and, as of 1 January 2024, 1,000) and incorporated in Germany, to assume the responsibility for effective HRDD. Notably, 搂 2 not only expands this responsibility to a wide range of human rights-relevant labour rights, including child, forced and slave labor, as well as the prevention of collective labour rights and equality rights, of withholding adequate remuneration, causing harm to the environment or using private and unsupervised security forces to inflict harm, but also endorses a broad understanding of a corporation鈥檚 supply chain, including its direct and indirect suppliers and the rights compliance on those levels. Yet, 搂 2 does not include violations of indigenous rights provisions under ILO convention 169 despite their now wide-spread recognition in the context of evolving supply chain regulation, nor does it follow up on its preface鈥檚 invocation of gender rights by addressing these within 搂 2 of the Act itself.
听
Risk management at the centre
The LkSG鈥檚 key provisions (搂搂 3-8) spell out the concrete due diligence mechanisms to be developed and implemented by the corporation, namely regularly executed risk management and analysis, company-internal competence, preventive measures and complain procedures. Echoing comparable approaches, particularly within the UK鈥檚 and France鈥檚 modern slavery laws, the LkSG stipulates an annual reporting obligation and establishes penalty fees for non-compliance of up to 2% of the company鈥檚 annual revenue, but regrettably falls short of creating a novel legislative basis of civil liability. While the legislation does not impact possible remedial action out of tort, the disappointing jurisprudential experience of such claims continues to be driven in large part by the obstacles of establishing parental or supply chain leaders鈥 responsibility in light of corporate separateness. Meanwhile, under the LkSG, individuals may not themselves initiate remedial action but can only empower a domestic union or NGO to pursue rights in their name related to a violation of the business鈥 obligations under 搂搂 3-10 (搂 11 LkSG). A number of notable complaint cases have been brought over the course of 2023, against companies such as , by transnational labour and human rights advocacy groups with the support of the Berlin-based (ECCHR). Similar proceedings against grocery retailers such as have been brought on the way since the LkSG was passed. These proceedings, if successful, could result in hefty fines, and heftier still under the emerging EU regime.
听
鈥淕lobal Supply Chain Law鈥 and the overlap of public and private actors
An important aspect of these complaints is their interlinkage of quasi-public, 鈥榮oft law鈥 instruments such as the Bangladesh Accord, which was elaborated in , and domestic 鈥榟ard law鈥 legislation such as the LkSG 鈥 which further highlights the continuing transnationalization of market regulation. It instantiates the necessity to engage with law, as recently reiterated by , from a perspective that grasps the overlaps of public and private norm generation and implementation as it evolves through the interplay of old and new 鈥榓ctors, norms and processes.鈥 The development of much more robust, empirically informed and validated approaches to the actual practices of transnational contract, tort and corporate responsibility law has a potential of going beyond the confines of litigating 鈥榗ases.鈥 The acknowledgment of the need for, as Rotterdam law and business professor Cees van Dam calls them legal conceptions, which can capture the grey zones of hybrid governance, informality and organizational complexity beyond the doctrine of separate legal personhood is a prerequisite for law鈥檚 effectiveness in addressing r, which themselves have long become the .
Merely a year into the LkSG鈥檚 entering into force and only a few weeks in relation to its expanded scope of applications to businesses with 1,000 employees, its success or failure is not self-evident. Its current form reflects, at least in part, some of the push-back from within business lobbies who as in the case of the French vigilance law emphasized the and other 鈥榓nti-competitive鈥 consequences. That the LkSG came into being, at the same time, is in no small part the result of intensive advocacy and campaigning work, particularly by the 鈥Initiative Lieferkettengesetz鈥, which was early on supported by legal advocacy organizations such as the ECCHR and has by now grown into a coalition with over 130 partner organizations. Together with the campaign 鈥Justice is Everybody鈥檚 Business鈥, efforts have continued to ensure that an emerging regulation on EU level would draw on the experiences and lessons from the LkSG.
听
No sleep still Brussels: The political compromise at the heart of the EU鈥檚 CSDDD
According to the global sustainability rating organization EvoVadis in , 鈥淸t]hese developments make clear that, in Europe, the era of voluntary, self-regulation in respect of social and environmental due diligence has come to a decisive end.鈥 Indeed, the political economy of 鈥榖usiness & human rights鈥 and sustainability regulation has distinctly evolved over the past decades. In essence, it has been showcasing a transition from the undead legacies of CSR (corporate social responsibility) which, despite its , never resulted in a structural transformation of the investor-driven prioritization of shareholder value, towards multilayered arrangements which are both more substantive in content due to the acknowledgement of climate change and more robust in terms of states having taken decisive steps in reclaiming regulatory prerogatives.
In that vein, the EU鈥檚 recently which originated in the Commission and was subsequently amended by the European Council and the European Parliament before a provisional deal was achieved in December 2023, seeks to impose actionable civil liability obligations for corporations that fail to comply with the Directive鈥檚 requirements. These particularly extend to the development and implementation of effective due diligence, risk management and monitoring systems for a significantly expanded range of businesses across four 鈥済roups鈥 of companies. The Directive envisages the application of the new requirements for all businesses with as few as 500 employees and an annual turn-over of 150M Euros down to 鈥渉igh impact鈥 companies with 250 employees and 40M Euros global turn out with at least 20M generated in sensitive industries such as textiles, garments, shoes, agriculture, fishing, food or resource extraction. Furthermore, again going beyond the LkSG, the CSDDD obliges larger companies to develop a plan outlining their compliance with the 2015 Paris Agreement as well as the evolving European regulations on Climate Change mitigation.
The bargaining result of December 2023 constitutes an important compromise between three key EU actors, Commission, Council and Parliament. While the Commission had opted to cautiously refer to the (parent鈥檚) control of the (subsidiary鈥檚) board or on the majority of voting rights while furthermore drawing on the notion of 鈥榙ominant influence鈥 in Art. 2 f (iv) of the 2004 鈥, the Parliament has insisted on the and of parents 鈥 wherever established 鈥 whose turnover exceeds 150M of which 40M must be in the EU, including turnover generated by third parties with whom the parent is in a vertical relationship. A crucial component of the CSDDD is the obligations for scoped companies to develop and implement due diligence plans that put particular emphasis identifying, addressing and eradicating 鈥榓dverse impacts鈥 of the company鈥檚 own operations and of those with which the company is engaging within its supply chains.
In terms of establishing parental liability for indirect partners, while the Commission argued for the need there to be an 鈥established business relationship鈥 and the Council used the term 鈥榖usiness partners鈥, the Parliament mobilized the concept of 鈥渂usiness relationships鈥, meaning a direct or indirect relationship of the company in their value chain with which the company has a commercial agreement or to which it provides financial services and that performs business operations related to the products or services of the company. The European Parliament hereby made to the understanding of effective due diligence in supply chain structures as promulgated under the auspices of international norm texts such as the UNGP of 2011 and the OECD Due Diligence Guidance for Responsible Business Conduct of 2018. The Parliament鈥檚 amendments to the Commission鈥檚 Proposal echoed the critique, for example, from the in April 2022, pointing to the Commission鈥檚 proposal resulting in 鈥榗laimants 鈥 still find(ing) it extremely hard to prove in court the company鈥檚 breach of its duties, and the causal link between this and their harm. The ECCJ further argued for the ultimate Directive to 鈥渆nsure that the limitation periods for bringing liability claims is reasonable, that claimants have recourse to collective redress mechanisms, that civil society organisations and trade unions are entitled to bring representative actions on behalf of victims, and that Member States set up accompanying measures to provide support to claimants.鈥 Finally, with regard to the supply chain-related scope of the corporation鈥檚 responsibility to engage in effective due diligence, the ECCJ pushed back against the Commission鈥檚 use of 鈥渆stablished business relationships鈥 in that 鈥淸t]his approach risks leaving out short, unstable or informal relationships where severe impacts are actually more likely.鈥
Particularly with regard to the high degree of that forms part of global value chain assemblages and, in an ever further accentuated way across the , the ECCJ argued that the Commission鈥檚 proposal risked 鈥渃reating perverse incentives: as short-term relationships would not be covered, companies could be tempted to switch suppliers regularly in order to avoid due diligence obligations and their associated liability.鈥
Similarly, the authors of a in the 鈥淔orced Labour Evidence Briefs鈥 series for the Re:Structure Lab highlighted the and argued that 鈥淭ransparency laws are often drafted in a way that gives wide discretion to corporations about how they act and do not contain strong sanctions for noncompliance.鈥 The Re:StructureLab report further called for the introduction of a mandatory human rights due diligence system (mHRDD) which would, inter alia and echoing the demands made by the ECCJ, expand the scope of those being able to bring claims to unions and civil society organizations which could act on behalf of those unable to for a host of reasons.
The agreement of December 2023 on the forthcoming CSDDD notably includes the extension of due diligence obligations towards 鈥渂usiness partners鈥 with whom the scoped parent or company engages with or without a commercial agreement related to its operations, products or services. Mirroring this standard, the Directive also mandates EU Member States, in transposing the Directive into national law, to ensure that violations of CSDDD obligations be remediable under national law.
An extremely sensitive point of the Directive鈥檚 stipulation of civil liability arises from its distinction between damages caused only by a business partner or jointly by the company and its business partner. Only in the latter case, according to the now-reached compromise, will there be joint and several responsibility between both. While this seems to outright suggest a straight-forward application of the 鈥溾 separate legal personhood and limited liability principles which have been at the heart of transnational tort cases against multinational corporations (and their subsidiaries and partners) all along, the Directive鈥檚 reference to jointly caused damage does offer some interpretation room. This is particularly so where case law has in recent years engaged in growing detail with the actual forms of cooperation, guidance, management and operation between different company entities, including parents and their subsidiaries.
As Robert McCorquodale pointed out in an of the UK Supreme Court鈥檚 widely-noted decision of 2019, the assessment of a company鈥檚 tort liability for an intentional or negligent act with regard to the occurrence of a human rights violation on the level of one of its subsidiaries must, per Vedanta, also applies 鈥渨here the parent company should have done something and did not.鈥 While, as Professor Corquodale notes, 鈥渋n each case there will still need to be evidence brought by claimants as to what actions a parent company has undertaken or omitted to undertake to indicate a duty of care of a parent company exists in the particular circumstances鈥, Vedanta has put a bright light on the actions taken by corporate (parents鈥) boards to navigate the incentives not to expose itself to liability risk by developing organization- and network-wide policies regarding worker and environmental protection and hereby coming into direct conflict with the regarding the adoption of these very policies. And, when it comes to a legal assessment of managerial and operational practices and decision-making processes within the firm, the application of one-size-fits-all formal categories will be insufficient. As Lord Briggs observed himself in Vedanta, 鈥淭here is no limit to the models of management and control which may be put in place within a multinational group of companies.鈥
As Professor van Dam convincingly , the here implicated questions go 鈥渢o the heart of company law鈥 鈥 but they go further still. 鈥淩isk externalisation through legal entities is easier to justify towards voluntary (commercial and contractual) creditors than towards involuntary third parties who are not able to manage or pass on the risk.鈥 In the context of that will only continue to alienate consumers from makers, users from providers, the need to make the managerial incentives of supply chain operations relatable to and compatible with effective human, labour and environmental regulation will grow significantly. Both the incremental evolution of tort law standards over the past few years, particularly in the cases of Vedanta, Okpabi, Oguru and Milieudefensie, and the obvious substantiation of regulatory frameworks with regard to actual and actionable corporate responsibilities for harm caused at different levels of the supply chain point to a continuing concentration of the normative-regulatory fabric.
The LkSG as well as the CSDDD are thus neither the last word or pinnacle in the continuing struggle for sustainable market governance, human and labour rights protection. Instead, they reflect the ongoing efforts by transnational stakeholder advocacy groups to militate against the resurgence of political self-centered nationalism, xenophobia and destructive extractivism.
Peer Zumbansen holds the inaugural professorship for Business Law at 平特五不中, Faculty of Law. He directs 平特五不中鈥檚 Business Law Platform and is the Academic Lead of the SGI CIBC Office of Sustainable Finance with the Sustainable Growth Initiative at 平特五不中. With Miriam Saage-Maa脽, Michael Bader and Palvasha Shahab, he published the ECCHR-supported volume, 鈥Transnational Legal Activism in Global Supply Chains鈥 (Springer 2021 鈥 open access: ). His most recent publications include 鈥淩unaway train? Decentralised finance and the myth of the private platform economy鈥, (2023) 14:4 Transnational Legal Theory ; 鈥淭he Corporation in an Age of Divisiveness鈥, (2023) 25:4 University of Pennsylvania Journal of Business Law, 1019-1090,