Implementing the
Due Diligence Act –
with otris software
5. July 2022

Supply chain law: prepare now

For large companies, the coming year will start with an important legal innovation: On 01.01.2023, the so-called Supply Chain Act will come into force. The scope of responsibility of companies with more than 3,000 employees will be extended: The purchasing company can also be prosecuted for human rights violations by suppliers. The law formulates requirements in the areas of risk management, prevention, measures and complaints. otris software simplifies documentation and control of activities. You can choose between individual components or the entire otris compliance suite.

Affected companies have just under six months to prepare for the new Due Diligence Act (known as the Supply Chain Act). The companies concerned (3,000 employees or more in Germany) must implement systems to ensure that they meet the legal requirements.

What is the aim of the law?

The Act aims to improve the protection of human rights. The law holds companies responsible if their suppliers violate basic human rights standards. This should lead to accepting companies checking and enforcing compliance with standards by their suppliers. Violations are, for example, child labour, forced labour or lack of labour protection.

What are affected companies obliged to do?

Companies must implement measures:

  • Adopt a policy statement on respect for human rights
  • Define responsibilities
  • Risk analysis to identify “potential for violation” (threat of violation of human rights)
  • Risk management to avert potential negative impacts on human rights
  • Complaints office
  • Publicly accessible reporting

If a breach occurs despite the measures, the company must take remedial action.

How broad is the duty of care?

The due diligence obligation of companies extends to the entire supply chain – from the raw material to the finished product. However, there is a gradation between direct and indirect suppliers. The requirements for companies depend on the gradation. Additionally relevant: Type and scope of the business relationship, possibility to influence the violator, expected severity of the violation.

First steps

As a basis for all further steps (risk analysis, measures), a survey and categorisation of all existing supplier relationships is useful. The categorisation (indirect/immediate, type of cooperation, possibility of influence, etc.) can be implemented well with special software via a corresponding supplier identification. The structured data provides an initial overview of the risk potential. Example: A raw material supplier from South America has a different risk potential than a component supplier from Europe. Filter and sorting functions can be used to identify suppliers that should be prioritised in the risk analysis based on certain characteristics.

Without an overview, no success

The risk analysis is the actual identification of the “violation potential” based on predefined criteria and expert assessment. From an organisational point of view, transparency, overview and documentation are also prerequisites for successful work in risk analysis. The same applies to risk and complaint management and the associated measures – without structured organisation of tasks and tracking of measures, the high requirements cannot be met.

otris compliance suite

Companies use the otris compliance Suite to manage various compliance activities. In the area of supply chain law, the solution supports the management and implementation of due diligence obligations. The structured mapping of existing supplier relationships provides a good basis for further consideration of individual suppliers. Easy-to-use search and filter functions show categories and characteristics of the suppliers. The three main modules policy management, risk management, whistleblower system support the operational work:

otris policy management
With otris policy management, companies create and distribute targeted information – for example, the policy statement on respect for human rights. The module also helps with training on prevention, distribution of guidelines and automated documentation of deliveries.

otris risk management
A question-based assessment simplifies systematic risk identification. The content of the questionnaires can be customised. They are made available to the specialist departments or suppliers via the system and are automatically evaluated after they have been answered. Identified weak points and risks as well as measures derived from the risk analysis are also organised and monitored by the user with the system.

otris whistleblowing system
The whistleblowing system is another due diligence requirement stipulated by the Supply Chain Act. With the otris whistleblower system, companies use an established solution that covers both the requirements of the EU Whistleblower Directive and the requirements of the Supply Chain Act. Secure, anonymous complaint submission and communication with the whistleblower as well as workflow-supported processing of incoming cases characterise the system.

We would be happy to provide you with detailed information on implementing the requirements of the Supply Chain Act with the otris compliance Suite in a non-binding consultation. Contact us, we look forward to an exchange – by e-mail, telephone or web form!