← Sourcing Intelligence

The German Supply Chain Act: what mid-market brands must document

The Lieferkettensorgfaltspflichtengesetz — the German Supply Chain Due Diligence Act — came into force in January 2023 for companies with 3,000 or more employees in Germany, and extended to companies with 1,000 or more employees from January 2024. If your brand sells into Germany, supplies a German retailer, or operates a German entity, this law applies to your Bangladesh sourcing chain. It is not a future obligation. It is a current one.

This article explains what the law requires, where mid-market brands most commonly have documentation gaps, and what your Bangladesh buying house should be providing.

What the law actually requires, plainly stated

The LkSG imposes three core obligations on companies within scope.

Risk analysis. You must identify and assess human rights and environmental risks in your supply chain. This is not a one-time exercise conducted at the start of a supplier relationship. It is an ongoing obligation requiring a systematic process — risk assessments must be updated at least annually and whenever there is a substantial change in your supply chain or business activities. The assessment must cover both your direct suppliers and, where you have substantiated knowledge of risks, their sub-suppliers.

Preventive measures. Where risks are identified, you must take appropriate preventive action. This means developing and implementing purchasing policies that address identified risks, contractual assurances from suppliers regarding compliance, and training and capacity-building measures. The law requires that these measures are proportionate and effective — not just that they exist on paper.

Remedial action. If a violation of human rights or environmental standards occurs or is imminent, you must take immediate remedial measures. For direct suppliers, this means working with the supplier to end or minimise the violation. For indirect suppliers, it means conducting a risk analysis, developing a prevention strategy, and potentially leveraging your commercial relationship to effect change.

Additionally, companies in scope must establish a complaints mechanism accessible to persons who may be affected by the company's supply chain activities, and must publish an annual report documenting their due diligence activities and findings.

Who is in scope — and where mid-market brands get confused

The direct threshold is clear: companies with 1,000 or more employees in Germany. But mid-market brands with fewer employees frequently discover they are in scope through two mechanisms that are less obvious.

Upstream obligation from German retailers. If you supply a large German retailer — a chain with 3,000 or more employees — that retailer's own LkSG compliance requires them to conduct due diligence on their supply chain. You are in their supply chain. Their compliance obligations flow upstream to you. When their compliance team asks for your Bangladesh sourcing documentation, they are not making a voluntary request. They are fulfilling a legal requirement, and your inability to provide documentation creates a compliance gap in their reporting.

The EU CSDDD trajectory. The EU Corporate Sustainability Due Diligence Directive extends a similar framework to the full European market, with lower revenue and employee thresholds that will capture many mid-market brands directly. The German act is the operational preview. Brands that build LkSG-compliant documentation now are building the foundation for CSDDD compliance simultaneously. Brands that wait will face the same documentation requirements under a tighter timeline.

What Bangladesh-specific documentation you need

For a brand sourcing garments from Bangladesh through a buying house, LkSG-compliant documentation includes:

• Written confirmation of the buying house's own due diligence process. How does your buying house select and vet factories? What criteria are assessed? What triggers a factory's removal from the network? This must be a documented protocol, not a verbal description.
• Factory audit reports with findings — not just scores. A BSCI score tells you a factory achieved a certain grade. LkSG requires you to understand what was assessed, what findings were identified, and what remedial actions were taken. The audit report, not the certificate, is the relevant document.
• Evidence that identified risks were followed up. If an audit identified a non-conformance, what happened next? Was a corrective action plan developed? Was it implemented? Was it verified? LkSG requires evidence of follow-through, not just identification.
• Subcontracting disclosure. Any subcontracting that occurs in your supply chain must be documented and disclosed. Undisclosed subcontracting is one of the highest-risk areas in Bangladesh garment sourcing. Under LkSG, if your production is subcontracted to a facility you have not assessed, you have a due diligence failure.
• Wage payment confirmation. Not just minimum wage compliance — which is an audit matter — but evidence that wages are being paid as agreed. Payment delays are both a human rights risk indicator and a factory financial health signal.
• A documented escalation process. When a risk is identified at a factory, what is the defined process for escalating it? Who is notified? What actions are taken? What is the timeline? This process must be documented and available for inspection.

The difference between audit compliance and LkSG compliance

A BSCI certificate satisfies a compliance audit requirement. It does not, on its own, satisfy LkSG. The distinction is important and frequently misunderstood.

A compliance audit is a point-in-time assessment. An auditor visits a factory on a specific day, assesses it against defined criteria, and issues a score or rating. The audit captures the factory's condition on that day. LkSG requires ongoing due diligence — continuous or periodic monitoring that reflects current conditions, not historical snapshots.

What does ongoing due diligence mean in practice? It means monitoring between audit dates — checking wage payment status, reviewing subcontracting activity, tracking management stability, and verifying that corrective actions from previous audits have been implemented. It means documented responses to identified risks — not just logging them, but acting on them and recording the actions taken. It means supplier engagement — working with factories to improve conditions, not just assessing them and walking away.

A buying house that presents a BSCI certificate and considers its due diligence obligation fulfilled is operating below the LkSG standard. The law requires a system, not a document.

What your buying house should be providing

If your Bangladesh buying house cannot provide the following, your current sourcing setup has a gap that a German retailer's compliance team — or a regulator — will find:

• A written factory vetting protocol with defined criteria and documented assessment outcomes.
• Ongoing monitoring records between audit dates — not just annual audit reports.
• A documented subcontracting policy with factory sign-off on every order — not a general policy document, but order-specific confirmation.
• A risk escalation procedure with documented outcomes — evidence that when problems were identified, they were acted upon.
• 48-hour documentation response capability. If your buying house needs weeks to assemble compliance documentation, the documentation does not exist in any meaningful operational sense. It is being created retrospectively, which is exactly what LkSG is designed to prevent.

The LkSG annual report — what goes in it

For companies required to publish an annual due diligence report, the supply chain section must include: a description of the due diligence process and how it is implemented across the organisation, the risks identified through the risk analysis and how they were prioritised, the preventive measures taken in response to identified risks and their effectiveness, how complaints received through the complaints mechanism were handled and resolved, and an outlook for the following year including planned improvements to the due diligence process.

This report is public. It is submitted to the Federal Office for Economic Affairs and Export Control (BAFA), and it can be scrutinised by civil society organisations, journalists, competitor brands, and regulators. A report that describes a robust due diligence process but cannot be supported by actual documentation if challenged is worse than no report at all — it demonstrates awareness of the obligation combined with failure to fulfill it.

---

The German Supply Chain Act is not the end of this regulatory trajectory. It is the beginning. The EU CSDDD extends and deepens these requirements across the full European market. Brands that build LkSG-compliant documentation now are not just meeting a German legal requirement — they are building the operational infrastructure that CSDDD will require of every European company sourcing from high-risk jurisdictions.