What has happened so far?
โIn addition, we will abolish the national Supply Chain Due Diligence Act (SCDDA). It will be replaced by a law on international corporate responsibility that implements the European Supply Chain Directive (CSDDD) with minimal bureaucracy and practical enforcementโ, according to the current coalition agreement between Germanyโs governing parties CDU, CSU and SPD.
This political agenda raises fundamental questions for many companies, especially in the financial sector. Not too long ago, at the start ofย 2024, did companies in Germany with over 1,000ย employees establish comprehensive processes, responsibilities and control mechanisms to comply with the SCDDA.
Now, not only is the national regulation under review but a new regulatory framework is also taking shape at the European level through the CSDDD, whose specific design and detailed formulation was recently revised and delayed by the EU Omnibus initiative.
This creates a strategic imperative for affected financial institutions: rather than reacting to isolated measures, they must adopt a forward-looking, scenario-based approach.
The enactment of the SCDDA marked the first time that binding human rights and environmental due diligence obligations were imposed on large companies in Germany. Since Januaryย 2023, the law has applied to companies with more than 3,000ย employees, and in Januaryย 2024, that threshold was reduced to include companies with overย 1,000 employees.
The SCDDA requires both preventive and responsive measures to identify, avert and mitigate risks within a companyโs operations and throughout its supply chain. Key obligations include:
- regular risk assessments,
- the implementation of preventive and remedial measures,
- a grievance mechanism and
- annual reporting to the Federal Office for Economic Affairs and Export Control (Bundesamt fรผr Wirtschaft und Ausfuhrkontrolle, BAFA).
To create a level playing field across Europe, the European Commission proposed uniform rules through the Corporate Sustainability Due Diligence Directive (CSDDD). The directive aims to harmonize and significantly expand requirements across the EU: in addition to a comprehensive focus on the entire value chain, the draft included extended liability provisions, climate-related obligations and greater stakeholder involvement.
Financial services providers, especially banks, are affected by the supply chain regulation in two key ways. First, they are directly impacted by the obligation to exercise due diligence in their upstream supply chains. For financial institutions, this upstream supply chain includes procurement of software and IT services, facility management and office supplies. In contrast, lending and investment activities in the downstream supply chain fall outside the scope of the supply chain regulation.
Second, banks are indirectly affected, as they must address reputational risks within their ESG risk management frameworks. If they finance companies that violate supply chain due diligence, banks face additional ESG risks, including higher default risks in their loan portfolios and increased reputational exposure.
BankingHub-Newsletter
Analyses, articles and interviews about trends & innovation in banking delivered right to your inbox every 2-3 weeks
What are the main criticisms of the SCDDA?
Since its introduction, Germanyโs Supply Chain Act has faced ongoing criticism. Critics argue that the requirements are too far-reaching, especially when German companies are expected to vet suppliers on the other side of the globe. It is seen as unfair that due diligence obligations are shifted onto companies, particularly when they cascade down to small and medium-sized enterprises. The implementation burden and bureaucracy created by reporting obligations are considered excessive. Legal liability remains highly uncertain. Moreover, overlapping ESG disclosure requirementsย โ such as those under the Corporate Sustainability Reporting Directive (CSRD)ย โ have led to duplicate reporting, further increasing the administrative burden.
Several aspects of the German SCDDA have since changedย โ driven by multiple factors: First, BAFA, the authority responsible for reporting, has suspended the reporting obligation. Second, BAFA has issued extensive guidance and clarifications to improve usability and reduce regulatory uncertainty. Third, a range of tools that facilitate implementation have now become established on the market. Fourth, the availability of data for risk analysis has improved significantly, as more companies now publish sustainability reports. And yet, the SCDDA continues to pose a burden and a cost factorย โ especially for German firms.
The European CSDDD was intended to address these criticisms and create a level playing field across Europe. However, this directive has also drawn heavy criticism, even after EU institutions struggled to reach a compromise. Objections focus primarily on the extensive effort required to assess all upstream suppliers in the supply chain. Expanded liability provisions and the associated risk of damage claims have also come under fire.
Whatโs next at the national and European levels?
The EU Commission has responded to criticism of the CSDDD with the Omnibus initiative. According to the Commissionโs draft, implementation will be postponed. The obligations will not apply to companies with more than 3,000ย employees and revenue exceeding EURย 900ย million until 2028, including large companies that were originally required to comply starting in 2027. Fromย 2029, companies with more than 1,000ย employees and EURย 450ย million in revenue will follow, as initially planned.
The proposal also introduces substantial simplifications, including the broad limitation of due diligence obligations to direct suppliers, a five-year review cycle to assess the effectiveness of the measures and reduced obligations to intervene in the event of adverse impacts. The originally proposed EU-wide civil liability has been dropped. Sanction mechanisms will remain under national jurisdiction. The directive also aims to align with CSRD reporting to avoid redundant disclosure requirements.
Given these developments, the national legislature faces the question of how to implement the directive appropriately. The current coalition agreement proposes replacing the SCDDA with a law on international corporate responsibility that implements the CSDDD with โminimal bureaucracy and practical enforcementโ. While Chancellor Merz calls for scrapping the EU directive, the SPD and the European Commission advocate simplification rather than repeal. As a result, both the shape of national implementation and future coordination between Berlin and Brussels remain uncertain.
Nevertheless, one thing is clear: companies with more than 1,000ย employees must address their supply chainsย โ not least because the CSRD also requires it. Rather than rushing into action, companies should understand potential scenarios and their implications earlyย โ and prepare accordingly.
What is Germanyโs current plan for the Supply Chain Act?
At present, companies in Germany with more than 1,000ย employees must comply with the SCDDA requirements, but they are no longer required to submit a report to BAFA. Despite ongoing uncertainties, there is strong evidence that this modified application of the SCDDA (Scenarioย (c) in the chart below) will remain in place for the foreseeable future. Affected companies should therefore continue to meet SCDDA requirements while also preparing early for the upcoming CSDDD obligations. Given the required trilogue process and national implementation timelines, the CSDDD is not expected to take effect before 2028.
It is unlikely that full application of the SCDDAย โ including the preparation of a BAFA report (Scenarioย (b))ย โ will resume before the CSDDD is implemented.
One possible scenario is an early alignment of the SCDDA with CSDDD requirements to ensure a smooth transition and avoid regulatory overlap (Scenarioย (a)).
Less likelyย โ but not entirely off the tableย โ is a scenario in which the SCDDA is repealed altogether before the CSDDD comes into force (Scenarioย (d)).
Figure 1: Scenario overview โ SCDDA and CSDDDHow can companies best respond to the evolving requirements?
Our recommendation: plan using scenarios! Affected companies should continuously monitor regulatory developments, adopt a scenario-based mindset and prepare appropriate response strategies. Given the pace of change at both the European and national levels, it is essential to engage early with potential regulatory outcomes to respond flexibly and strategicallyย โ regardless of which requirements ultimately take effect.
