Germany’s Supply Chain Due Diligence Act (Lieferkettensorgfaltspflichtengesetz, or LkSG), effective since January 2023, marked a significant shift in corporate responsibility, requiring large firms to monitor and address human rights and environmental risks across their global supply chains. Now, two years into enforcement, clear lessons have emerged for the automotive and textile sectors—the industries most directly impacted during the law’s initial phase. Early enforcement actions have highlighted both the challenges and successes of applying the law in practice, providing valuable insights for companies refining their compliance strategies.
For automotive manufacturers, LkSG enforcement revealed gaps in Tier 2 supplier oversight, particularly in regions where transparency has historically been limited. One illustrative case involves a major German automaker that leveraged open trade data from customs and export authorities to trace shipments of leather components sourced indirectly from Asian suppliers. By analyzing trade flows and cross-referencing supplier declarations with publicly available customs data, the company identified inconsistencies suggesting that certain subcontractors were not adhering to required labor standards. This data-driven approach enabled the automaker to take corrective actions before authorities imposed formal penalties, demonstrating the value of proactive supply chain mapping.
Similarly, in the textile sector, a prominent German apparel brand faced scrutiny after audits uncovered labor violations at spinning mills in South Asia. The company responded by integrating open trade and shipping data into its risk assessment processes. This allowed the firm to detect indirect sourcing relationships that had previously gone unnoticed, including mills supplying Tier 1 garment manufacturers via intermediary traders. By triangulating purchase order records, shipping manifests, and trade registry data, the company strengthened its ability to pinpoint potential human rights risks deeper in the supply chain. The experience underscored the importance of moving beyond direct supplier monitoring to gain visibility into the full network of suppliers contributing to finished products.
Both examples reflect a growing recognition among German firms that compliance with LkSG requires robust, data-enabled risk assessment frameworks. Simply relying on supplier self-declarations or traditional audits is no longer sufficient in a regulatory environment where enforcement agencies expect demonstrable due diligence across all tiers. Companies have increasingly turned to open data sources—including international customs records, shipping databases, and national supplier registries—to enhance their risk mapping efforts. These datasets provide independent verification of supply chain relationships and help identify potential red flags, such as unusual routing patterns, frequent use of intermediary traders, or sourcing from regions associated with elevated human rights risks.
Building on these lessons, best practices have begun to emerge for refining LkSG risk-assessment matrices. The first priority is to ensure that risk assessments are dynamic, updated regularly as new data becomes available. Firms should establish a cadence—quarterly or semi-annually—for revisiting and recalibrating risk scores based on updated trade flows, supplier performance data, and geopolitical developments. Static, one-time risk assessments fail to capture the evolving nature of supply chains and the shifting risk landscape.
Another best practice is the integration of open trade data directly into the risk matrix itself. Leading companies have developed scoring models that factor in not only supplier self-assessments and audit results but also indicators derived from customs records, shipping patterns, and export data. For example, suppliers whose trade data reveals opaque or unusually complex routing may be assigned higher inherent risk scores, triggering enhanced due diligence measures. By embedding these external data points into their matrices, firms can better align their assessments with real-world supply chain behavior.
A further recommendation is to incorporate stakeholder input and local intelligence into the risk matrix. Many companies are partnering with civil society organizations, labor rights groups, and local experts to validate findings from data analysis and provide contextual insights. This multi-source approach helps mitigate blind spots that purely quantitative assessments might miss, such as region-specific labor practices or emerging environmental risks.
Finally, transparency and documentation are critical. Firms should maintain detailed records of how risk assessments were conducted, including data sources consulted, scoring criteria applied, and rationale for risk ratings. This not only facilitates internal accountability but also provides a clear evidentiary trail in the event of regulatory inquiries or challenges. Many firms are investing in digital platforms to centralize risk assessment documentation, making it easier to generate compliance reports and respond to requests from Germany’s Federal Office for Economic Affairs and Export Control (BAFA).
The early enforcement of the LkSG has made clear that successful compliance hinges on data-driven, adaptive risk management strategies that go beyond the first tier of suppliers. Companies that proactively integrate open trade data, recalibrate risk matrices regularly, and engage with local stakeholders are better positioned to meet the law’s stringent due diligence requirements. As enforcement expands to smaller firms and additional industries in the coming years, these lessons will serve as a valuable blueprint for supply chain transparency and accountability.