Skip to content

Supply Chain Act: the first three steps to better assurance

The German Supply Chain Act places high demands on the transparency and sustainability of supply chains. A pragmatic three-step plan aids with implementation and risk management
The German Supply Chain Act places high demands on the transparency and sustainability of supply chains. A pragmatic three-step plan aids with implementation and risk management

The Supply Chain Due Diligence Act, commonly referred to as the Supply Chain Act for short, puts companies under pressure to act: from January 1, 2023, all companies in Germany with more than 3,000 employees will be co-responsible for ensuring that human rights are respected in their supply chain. Worldwide, 100 million people are affected by modern slavery, almost 80 percent of whom are children. The law aims to give these people a better future and contains a catalog of eleven internationally recognized human rights conventions.

From 2024, the law will also apply to companies with 1,000 or more employees. In parallel, the EU is working on a proposal that goes far beyond the German law and places even greater obligations on companies. For example, it will include not only direct suppliers, but also their sub-suppliers — which will further increase complexity.

Time is running out

Many companies do not yet know how they will implement the new legal requirements. In the long term, companies should implement a systematic risk management system that also covers human rights aspects in the supply chain, including preventive and remedial measures. However, such comprehensive systems cannot usually be implemented within a few months.

To approach this complex issue pragmatically, SupplyOn proposes a 3-step plan to create a solid basis for implementing comprehensive risk management in the long term.

Step 1: Create transparency in the supplier base

The starting point for all Supply Chain Act mapping activities is transparency about which suppliers a company works with. This may sound trivial, but in practice it is usually not. Due on the one hand to the multitude of internal systems, and on the other hand to “workaround” processes in procurement (usually prohibited, but nevertheless tolerated), many companies lack a consolidated view of their supplier base. Duplicates aggravate the situation and further complicate the clear identification of suppliers.

The remedy is to consolidate all supplier data, including cleansing of duplicates, in a central supplier information system, with unique identification (for example, via the DUNS number). This cleansed data can then be enriched with further digital data on the respective suppliers — for example, with the purchasing volume from the finance system or the supplier strategy from the SRM system — in order to carry out meaningful risk segmentation.

Step 2: Identify risks

The Supply Chain Act focuses on labor and social standards, for example:

  • What are the working conditions like in general?
  • Are workers’ rights and social standards violated?
  • Are adequate wages being paid?
  • What about child labor?

Here’s the good news: You don’t have to do such risk assessments all by yourself. Similar to ISO certification, there are service providers that analyze companies, countries and regions and provide risk scores. SupplyOn works with these providers (for example, Munich Re and Swiss Re) and can access their data.

Once your suppliers are digitally recorded and clearly identified (see step 1), this information can be mapped automatically to your entire supplier base. This provides a good and quick overview of potential weak points and risk suppliers. You can track changes via alerts and immediately view them.

Once the issues for the Supply Chain Act are taken care of, the supplier records can even be enriched with data that goes beyond human rights and covers, for example, environmental, social and governance (ESG) aspects.

This includes, for instance, the following questions:

  • What is the business partner’s approach to resources?
  • How is industrial waste disposed of?
  • What is the risk of corruption?
  • Does the business partner comply with legal requirements?
The SupplyOn Risk Cockpit
The SupplyOn Risk Cockpit

Step 3: Act

Responsible conduct is at the core of the Supply Chain Act. But what can this look like in practice? In addition to internal measures, such as establishing organizational guidelines and standard processes, collaboration with suppliers must be cooperative, comprehensible and digital.

To this end, we recommend the following immediate measures, which — once established — can be repeated on a regular basis without much effort:

  • Review of suppliers with increased risk via self-disclosure (standardized questionnaires) and audits
  • Agreement on and implementation of improvement measures and their regular review
  • Separate contractual agreements, such as the introduction of a binding code of conduct
  • Obtaining certificates

In the long term, these measures can already be incorporated into the purchasing process. This ensures that potential risks are already identified and addressed in the sourcing process — and that these findings have an influence on the award decision. If the risk potential is high, should you enter into a particular supplier relationship at all? Should conditions be imposed on the supplier that he has to fulfill until serial delivery? Is regular auditing required and are the costs for this included in the TCO (total cost of ownership)? This way, you can successively minimize the risk in your entire supplier base.

What’s next: from obligation to mastery

The Supply Chain Act today focuses primarily on direct suppliers. There are many other issues, including legal ones, in order to check the supply chain over several tiers, all the way up to the raw material supplier. As a rule, companies have no transparency about the sub-suppliers their business partners have under contract. Since there is no contractual relationship with sub-suppliers, there is no obligation to provide information — which significantly limits the scope for action.

However, there are a growing number of options for this: big data and market intelligence, for example, can help to make probable supply chains visible. Cooperative approaches may even be used to assess risk across multiple tier levels. It depends on the individual risk assessment which of these steps should be taken and where a more in-depth look at the supply chain is required.

With its worldwide corporate network of over 140,000 manufacturing companies, SupplyOn offers the best prerequisites for bringing the necessary transparency to global supply chains in order to collaboratively meet social responsibility with suppliers.

read more from

Interested in enjoying these benefits as well?

Contact us here for more information: