There is increasing international momentum towards mandating ESG-related due diligence along a company’s entire supply chain. Germany has enacted a robust supply chain due diligence law that requires certain companies to investigate and remediate ESG concerns along the entire supply chain. With similar laws both contemplated and enacted in other EU nations, the EU’s governing bodies are in the process of crafting a uniform ESG supply chain due diligence law that is intended to harmonize existing (and contemplated) member-state laws.

It is important to be aware of these contemplated and already effective laws both from a compliance perspective and an M&A perspective, as supply chain due diligence laws could have far-reaching consequences. A US company can easily bump into European supply chain due diligence concerns through its regular business operations simply by doing business with any entity that is part of a supply chain for a company subject to mandatory supply chain due diligence. Similarly, when acquiring new businesses that depend on extensive supply chains, a company should not overlook the potential costs resulting from compliance with these due diligence laws.


On July 22, 2021, Germany adopted The Act on Corporate Due Diligence Obligations in Supply Chains, commonly referred to as the German Supply Chain Due Diligence Act (Act). Under the Act, companies within its scope have substantial responsibilities to ensure compliance with certain human rights, labor and environmental standards. These responsibilities extend well beyond the company’s own operations, to both direct contractual partners and indirect suppliers up the entirety of the supply chain. There is no geographical limit—a company is responsible for international suppliers to the same extent as domestic. The Act went into effect on January 1, 2023, for German companies with over 3,000 employees and will expand on January 1, 2024, to German companies with over 1,000 employees.

The obligations placed on companies under the Act include both preventative and remedial measures, going well beyond typical due diligence. Some of the key requirements under the Act are:

• companies must have an internal risk management process to identify and prevent the covered ESG violations;

• companies must conduct regular due diligence along the entire supply chain to monitor ESG risks;

• companies must implement certain preventative measures to minimize the risk of human rights violations within both the company’s operations and across the supply chain;

• companies must take remedial action when covered human rights, labor or environmental violations are discovered, including certain mandatory reporting to authorities;

• companies must establish a complaints procedure; and

• companies must specify who within the enterprise is responsible for monitoring risk management, for example, by appointing a human rights officer.

The German Supply Chain Due Diligence Act applies directly to companies with their principal place of business or headquarters in Germany, as well as to enterprises with a German branch office and at least 3,000 employees in Germany. However, this supply chain law has implications well beyond the companies directly within its scope. To comply with the Act, German companies necessarily pass along some of the preventative and remedial measures required by the Act to both their direct contractual partners and indirect suppliers. The entirety of the supply chain thus bears significant costs. US companies should be attentive to any operations that are in a supply chain of a German company subject to the Act—including any new operations proposed to be added through M&A activity—and evaluate on a case-by-case basis what compliance measures under the Act are likely to impact the US company.


On the heels of Germany’s adopting its ESG supply chain due diligence law, the EU’s governing institutions have been negotiating the Corporate Sustainability Due Diligence Directive (CSDDD), which would apply many of the features of the German Supply Chain Due Diligence Act to the entire EU. On June 1, 2023, the European Parliament adopted a final position on the CSDDD, a substantial step towards its adoption. The CSDDD will now be negotiated with the European Council and the European Commission.

The version presented by the European Parliament goes beyond the German Supply Chain Due Diligence Act in various respects:

• it incorporates more environmental factors into the supply chain due diligence requirements, whereas the German law focuses primarily on human rights;

• the CSDDD would apply directly to certain non-EU companies that have a certain level of EU contacts or operations, not just companies headquartered in the EU; and

• directors’ compensation would be directly tied to compliance with the CSDDD.

US companies should closely follow any developments regarding the CSDDD. If passed, its effects would be significant. Any company with EU operations or contacts could potentially come directly under the scope of the CSDDD, similarly to the EU’s recently-enacted Corporate Sustainability Reporting Directive, which is discussed elsewhere in this publication. Additionally, there would be indirect compliance considerations for any company in a supply chain with an EU company subject to the CSDDD, much as with the German Act, except that the cascading effect for an EU-wide law would cast a much wider net.