Risk analysis update from the Federal Office of Economic Affairs and Export Control


The German Act on Corporate Due Diligence in Supply Chains (Lieferkettensorgfaltspflichtengesetz – “Supply Chain Act), which comes into force on 1 January 2023, defines from section 3 onwards the requirements that obligated companies must carefully work through. One element is conducting a risk analysis. In this brief article, we outline the essential elements of the risk analysis and consider the current publications by the Federal Office of Economics and Export Control (Bundesamt für Wirtschaft und Ausfuhrkontrolle – theFederal Office)

Legal situation: Risk analysis

According to section 3(1)(3) and section (5) of the above Act, companies must regularly conduct a risk analysis in order to identify human rights and environmental risks in their own business and at their direct suppliers. The Act does not specify exactly how to perform the risk analysis. Section 5(2) simply states that the risks identified are to be weighted and prioritised appropriately. According to the explanatory memorandum, the risk analysis is to be done in two steps:

  • First, the company should gain an overview of the procurement processes as well as the structure and key players at its direct supplier and the key groups of people who may be affected by the business activity.
  • Second, the risks must be assessed and prioritised. On this basis, the company should decide which risks to address first.

The legislation is not any more specific. However, in section 20 of the Act, the Federal Office of Economic Affairs and Export Control was assigned the task of publishing cross-sector or sector-specific information, handouts and recommendations on compliance with the Act.

Current publications on risk analysis from the Federal Office

Last week, the Federal Office of Economic Affairs and Export Control published a summary about conducting a risk analysis. The Federal Office says it will publish a handout on conducting a risk analysis by mid-August. Until then, it remains to be seen how the Federal Office will fine-tune the requirements for risk analysis and whether this will also include instructions on the directly related risk management. We will also see whether the guidance on conducting risk analysis in Part VIII of the Questions and Answers on the Supply Chain Act is adapted. This guidance still reflects the status of 28 April 2022.

Conclusion and outlook

The recent activities show that structures at the Federal Office have been created with regard to supply chains and that the authority is taking action.

The Federal Office is currently putting together a risk analysis handout and also preparing a structured questionnaire to help obligated companies meet their reporting obligations. The Federal Office’s perspective will of course increasingly influence the implementation and execution of the due diligence obligations of the Act. Companies will incorporate the Federal Office’s current work into their plans for implementing the Act. They will also consider the published requirements and in particular the Federal Office’s handouts.

We are following the current developments and will keep you posted.

Commerce & Trade
Digital Business
Data Privacy
Compliance & Investigations
Data Protection Litigation