Since January 2023, the German Supply Chain Due Diligence Act — or LkSG, as it is now generally abbreviated — has reshaped the landscape of corporate accountability for firms selling into the German market. For many small and medium-sized enterprises, the new obligations introduced by this law have added a layer of complexity that, to be candid, not everyone feels fully equipped to manage. There is, after all, a gap between recognising that a regulation applies and knowing how to operationalise its requirements in a way that is both proportionate and credible. And SMEs, despite their agility in other respects, often find themselves at a disadvantage when confronted with frameworks designed, some might argue, with larger multinationals in mind.

 

The LkSG, at its core, mandates that companies take reasonable measures to identify and address human rights and environmental risks across their supply chains. This applies not just to direct suppliers, which many SMEs already monitor to some extent, but also to indirect suppliers — those Tier 2 and Tier 3 actors who can be much harder to map. And here’s where the practical difficulty arises: smaller firms don’t necessarily have the same access to resources, the same leverage over suppliers, or, frankly, the same internal expertise that their larger counterparts might command. The question, then, is not just about compliance in the abstract, but about how SMEs can approach compliance in a way that aligns with their capacity and commercial reality.

 

One of the first steps — and it sounds simple, though it rarely is — involves identifying high-risk materials in the supply chain. Certain commodities have long been associated with heightened risk of human rights abuses: conflict minerals, cotton from particular regions, certain agricultural products where labor standards are uneven at best. But identifying risk isn’t merely a matter of knowing which materials to watch. It requires understanding where those materials originate, how they move through the supply chain, and what indicators might suggest an elevated risk of harm. And for SMEs, this can feel like a tall order. The data isn’t always easy to come by. Supplier transparency is uneven. And, in some cases, businesses are relying on declarations or assurances that, while well-meaning, don’t necessarily meet the bar set by regulators.

 

To navigate this, companies are increasingly turning to publicly available tools. Import/export registries, maintained by customs authorities or international organisations, can provide valuable clues about where goods are coming from and where they’ve been. NGO risk maps — often developed by organisations that have spent years, even decades, documenting labor abuses or environmental harms — offer another source of intelligence. But these tools, useful as they are, aren’t infallible. They provide a starting point rather than a definitive answer. And firms still need to exercise judgment about what the data is telling them, where the gaps are, and how to fill them. It’s a process that can feel iterative, at times frustratingly so.

 

SMEs may find themselves hesitating, not because they are unwilling to comply, but because the path forward isn’t always obvious. How much evidence is enough? How deep does the due diligence need to go before it can reasonably be described as “adequate” under the law? There are, to be fair, official guidelines that offer some direction. But applying those guidelines in specific contexts — say, a small textile importer sourcing fabrics that may have originated in multiple countries, via multiple intermediaries — can leave room for uncertainty. And it’s in that uncertainty that many SMEs are now operating, doing their best to reconcile legal obligations with commercial practicalities.

 

The LkSG does allow for a risk-based approach, which should, in theory, give smaller firms some flexibility. In practice, though, that flexibility can feel elusive. Risk-based doesn’t mean risk-free. Companies must be able to demonstrate that they have taken steps to identify and mitigate risks that are material to their operations. And this, inevitably, means putting in place processes that document decisions, that show how risks were assessed, that provide some record of the measures taken. Again, easier said than done, particularly for firms without dedicated compliance teams or extensive in-house legal support.

 

Another point that perhaps hasn’t received as much attention as it might is the evolving expectation that firms engage more deeply with their suppliers, not just in contractual terms but in terms of capacity-building. SMEs often lack the leverage to demand major changes from suppliers, especially those further down the chain. But the act anticipates, at least in spirit, a level of engagement that goes beyond paperwork. There’s a tension here — between the desire to meet regulatory expectations and the practical limits of what a small firm can achieve on its own. And while collaborative industry initiatives can help, participation in those initiatives isn’t always feasible for smaller players.

 

All of this leaves SMEs navigating a compliance environment that is, in many respects, still taking shape. The law is clear in its objectives, but its application in the diverse and sometimes messy realities of global supply chains continues to evolve. SMEs are learning as they go, adjusting policies, refining processes, seeking out tools and partnerships that can help them meet their obligations without overextending their resources. It’s a balancing act, and one that will likely continue to challenge firms as they strive to align their operations with both legal requirements and broader expectations around corporate responsibility.