For many companies operating in Germany, the Supply Chain Due Diligence Act (Lieferkettensorgfaltspflichtengesetz – LkSG) has now moved beyond the early implementation phase. Initial compliance efforts focused on understanding the law, mapping supply chains, and conducting high-level risk assessments.
Two years in, the regulatory conversation has changed.
Authorities and auditors are no longer primarily asking whether companies have identified risks. The focus is increasingly on what companies have actually done to address them. In other words, the LkSG has entered its operational phase—where remediation, documentation, and demonstrable effectiveness are central to compliance.
For organizations subject to oversight by Germany’s Federal Office for Economic Affairs and Export Control (BAFA), this shift represents a critical milestone. Compliance programs must now demonstrate not only that risks have been identified, but that appropriate and effective corrective actions have been implemented and documented.
From Mapping to Managing Risk
When the LkSG first came into force, many organizations concentrated on establishing foundational compliance structures. Typical early-stage activities included:
- Mapping Tier-1 suppliers
- Conducting initial risk analyses
- Establishing internal reporting channels
- Developing supplier codes of conduct
- Implementing grievance mechanisms
These steps were necessary to build a compliance framework. However, they represent only the starting point of due diligence obligations under the law.
The LkSG requires companies to actively prevent, mitigate, and remediate human rights and environmental riskswithin their supply chains. As enforcement matures, regulators are increasingly interested in how organizations operationalize these responsibilities.
The Emerging Audit Focus
Companies subject to LkSG oversight should expect BAFA reviews to concentrate on several key questions:
- How were risks identified and prioritized?
- What actions were taken once risks were identified?
- How were suppliers engaged to address the issue?
- What evidence demonstrates that remediation was effective?
- How are outcomes monitored and improved over time?
In practice, this means that documentation of actions and outcomes is becoming just as important as the original risk analysis.
Organizations that conducted extensive gap analyses in the early stages of compliance must now demonstrate how those findings translated into concrete remediation measures.
What “Effective Remediation” Means in Practice
One of the more challenging aspects of the LkSG is interpreting what constitutes an effective remedial action.
The law does not prescribe a single corrective measure for every situation. Instead, companies are expected to implement responses that are appropriate to the nature and severity of the risk.
Examples of remediation measures may include:
- requiring suppliers to implement corrective action plans
- providing training or capacity-building support
- revising sourcing practices that contribute to risk
- strengthening contractual due diligence requirements
- conducting targeted supplier audits or follow-up assessments
Importantly, remediation under the LkSG is not limited to simply identifying issues. Companies must also show that they have taken reasonable steps to address the underlying causes of the risk.
The Documentation Challenge
As companies move into the audit phase of LkSG compliance, documentation is becoming a central operational challenge.
Remediation activities often involve multiple departments, including procurement, compliance, sustainability, and legal teams. Without structured documentation processes, it can be difficult to demonstrate a clear audit trail.
Effective documentation should capture several elements:
- Risk identification
Evidence of how the risk was identified and assessed. - Decision-making process
Internal evaluation of remediation options and rationale for selected actions. - Supplier engagement
Communication records, corrective action plans, and follow-up activities. - Implementation monitoring
Evidence that remediation steps were carried out. - Outcome assessment
Indicators showing whether the risk has been reduced or mitigated.
This structured approach helps demonstrate to regulators that remediation efforts were systematic and proportionate.
Building a Practical Remediation Framework
To support ongoing LkSG compliance, many organizations are now developing more structured remediation frameworks.
Such frameworks typically include:
Clear escalation pathways
Defined procedures for handling identified risks and determining appropriate responses.
Cross-functional coordination
Integration of procurement, compliance, and sustainability teams to ensure remediation measures are operationally feasible.
Supplier engagement strategies
Collaborative approaches that encourage suppliers to improve practices rather than simply terminating relationships.
Monitoring mechanisms
Ongoing evaluation of remediation progress and effectiveness.
By embedding these processes into existing supply chain management systems, companies can move beyond reactive compliance toward more proactive risk mitigation.
The Importance of Continuous Improvement
Another key expectation under the LkSG is that due diligence processes evolve over time. Compliance is not a one-time exercise but an ongoing cycle of risk identification, mitigation, and review.
This means organizations should regularly reassess:
- risk assessment methodologies
- supplier engagement strategies
- internal reporting procedures
- remediation effectiveness
Lessons learned from past cases should inform future risk management practices.
Looking Ahead
As the LkSG continues to mature, companies are entering a new phase of supply chain due diligence. The early emphasis on mapping and gap analysis is giving way to a stronger focus on demonstrable outcomes and documented remediation efforts.
Organizations that have already established risk identification frameworks now face the more complex task of translating those insights into practical, measurable corrective actions.
For many companies, the key compliance question is no longer “Do we understand our supply chain risks?” but rather “Can we demonstrate how we are addressing them?”
Building robust remediation processes—and documenting their effectiveness—will be central to meeting that expectation as regulatory oversight continues to evolve.
