• Woman with clipboard checking stock between high racks in a warehouse
Insights

German Supply Chain Act: Contract Clauses for Procurement

Human rights, pass-through and audit clauses in supply contracts – and the limits imposed by German standard-terms law.

| Reading time 11 min. | Author: Martin Neupert

The German Supply Chain Due Diligence Act (Lieferkettensorgfaltspflichtengesetz, LkSG) requires procurement teams to secure human rights and environmental due diligence obligations contractually in their relationship with direct suppliers. Section 6(4) LkSG identifies four elements: expectations must inform supplier selection, be supported by a contractual assurance, be reinforced through training and remain verifiable through appropriate control mechanisms. A generic compliance statement is not enough. The contractual framework must reflect the specific risk and the parties' actual leverage while remaining sufficiently balanced and transparent to withstand review under section 307 of the German Civil Code (Bürgerliches Gesetzbuch, BGB).

This article therefore focuses deliberately on the drafting level: which provisions belong in supply and framework agreements, how should they work together and where are their legal limits? Our introductory article on the German Supply Chain Act explains scope, substantive duties and the relationship with the European CSDDD. Here, the focus is the legal detail that neither BAFA guidance nor compliance software can provide.

Which contract clauses does the German Supply Chain Act require in procurement?

The starting point is section 6 (4) LkSG. Under it, a company subject to the Act must anchor appropriate preventive measures (Präventionsmaßnahmen) towards its direct suppliers. In contractual terms, this requires a coordinated set of provisions rather than a single boilerplate sentence. The usual building blocks can be assigned directly to their statutory basis.

The first building block is the human rights and environmental warranty under section 6 (4) no. 2 LkSG, in which the supplier commits to the expected standards. The reference to the supplier code of conduct (section 6 (2) and (4)) incorporates the specific expectations into the contract as an adaptable annex. The cascade and best-efforts clause, likewise based on section 6 (4) no. 2, carries the expectations into the deeper supply chain on a risk basis. Audit and information rights under section 6 (4) no. 4 make the warranty verifiable, while the training and support commitment (section 6 (4) no. 3) aims at capability rather than mere obligation. The final element is the set of remedial and escalation stages under section 7 (2) and (3), governing response, suspension and, as a last resort, termination.

Each element has its own legal fault lines. The assurance needs verifiable content, the pass-through clause must not pretend to bind third parties and audit or termination rights must not place an unreasonable burden on the supplier. The drafting guidance below provides a framework, but it cannot replace a review of the specific agreement and risk profile.

Who actually has to include the clauses today?

The LkSG has applied since 2023 to companies with at least 3,000 employees in Germany, and since 2024 to those with at least 1,000 employees, in each case with their seat, head office or branch in Germany. This directly captures the larger Mittelstand and corporate groups. For smaller suppliers the Act takes effect indirectly, because their buyers who are subject to it pass the requirements on by contract. This is why LkSG clauses now appear in many contracts even though the parties themselves are not directly within the Act's scope.

The legal position is in flux in 2026, though that does not make the contract work dispensable. The reporting obligation under section 10 LkSG is suspended, the BAFA's digital reporting form has been deactivated since 7 November 2025, and the Federal Ministry for Economic Affairs (BMWE) instructed the authority on 26 September 2025 to pursue only serious breaches for the time being.

The government's draft amendment to the LkSG provides for the reporting obligation to be repealed retroactively and the fine provisions to be reduced. The substantive due diligence obligations and the internal documentation remain unaffected by this. For procurement this means that the duty to tie in suppliers by contract continues, even if regulatory supervision is currently more restrained.

In parallel, the European framework is changing. The EU supply chain directive CSDDD has been substantially slimmed down by the Omnibus package (Omnibus).

The difference shows in the key parameters. The LkSG is law in force, has applied since 2023 and 2024 respectively and captures companies with 1,000 or more employees in Germany. The CSDDD, by contrast, is a directive that has to be transposed into national law by 26 July 2028 and will apply uniformly from 26 July 2029; its threshold, at 5,000 employees and 1.5 billion euros of turnover, is considerably higher. Enforcement remains with the BAFA and its restrained practice for now; after transposition the national supervisory authority takes over.

Germany intends to replace the LkSG with an act transposing the CSDDD. The circle of directly obligated companies will become smaller as a result, but contractual protection along the supply chain remains the core of any due diligence system. Contracts drafted today on a proportionate and risk-based basis should therefore remain workable even as the statutory framework changes.

How do you draft an effective human rights clause?

The heart of it is the warranty under section 6 (4) no. 2 LkSG. In it, the direct supplier undertakes to comply with the human rights and environmental expectations. For this warranty to be more than an empty phrase, it has to attach to specific, verifiable standards. A blanket statement that the supplier will comply with all human rights is too vague. It identifies neither a concrete obligation nor a verifiable benchmark and is therefore of little use in a dispute.

In practice, the substantive content is therefore taken out of the contract and moved into a supplier code of conduct (Supplier Code of Conduct) that the contract incorporates as an annex. The code names the relevant prohibitions and standards, for example the prohibition of child and forced labour, requirements on occupational safety and freedom of association, and central environmental obligations.

This structure has two advantages. It makes the warranty tangible in content, and it can be adapted when the risk position or the legal position changes, without every contract having to be renegotiated. The code should be drafted on a risk basis, addressing the risks relevant to the specific sector and sourcing region rather than working through a generic catalogue.

An existing Supplier Code of Conduct can continue to be used, but it should be reconciled with the LkSG system. Many older codes set out only general expectations and contain neither a genuine contractual commitment nor control and remedial mechanisms. For LkSG purposes the code must be incorporated into the contract as a binding annex and must interlock with the audit and escalation clauses. A code that merely sits on a website does not meet the warranty requirement.

How far can the cascade clause reach into the supply chain?

The LkSG expects the expectations not to end at the direct supplier but to be carried appropriately into the deeper supply chain. This is exactly where the most common error in draft contracts lies. Clauses that simply require the supplier to guarantee compliance with all standards throughout the entire supply chain are unusable for several reasons.

For one thing, the BAFA makes clear in its guidance on cooperation in the supply chain that a blanket cascade of the due diligence obligations is ruled out. The supplier's mere warranty to comply with the standards throughout the whole chain, as a rule, makes no effective and appropriate contribution to one's own risk management. It only shifts responsibility on paper instead of actually lowering the risk. For another, a contract cannot directly obligate the indirect suppliers, because contracts to the detriment of third parties are void in principle. A contracting party can, in law, bind only itself.

What holds up, therefore, is a best-efforts and cascade clause (Bemühens- und Weitergabeklausel) that requires the direct supplier, in turn, to pass the agreed expectations on to its own upstream suppliers and to work towards their compliance with appropriate means. The supplier then owes no result for the entire chain, but a best-efforts commitment, geared to its ability to exert influence, to pass the expectations on in cascade fashion. This construction mirrors the system of the Act, which likewise differentiates according to appropriateness and the ability to exert influence, and it does not overburden the supplier with a guarantee it cannot keep.

Which audit and information rights belong in the supply contract?

A warranty without control stays ineffective. Section 6 (4) no. 4 LkSG therefore expressly requires the agreement of appropriate contractual control mechanisms and their risk-based implementation. The contract has to give the buyer the instruments with which compliance can be verified.

Several forms are usual and recognised, and they can be combined. The supplier first grants information and disclosure rights, for example to produce evidence and to answer self-assessment questionnaires. Added to this are on-site inspection rights, exercised by the buyer itself or by a commissioned third party.

Finally, suitable certification or audit schemes are recognised, so far as they ensure independent and appropriate checks. The emphasis is on appropriateness: the intensity of control should be guided by the risk, not by a maximum demand. An audit right that permits inspections at any time, without cause, unlimited and unpredictable for the supplier, is not only disproportionate but also open to challenge if it sits in pre-formulated terms.

It has proven useful in practice to tie the audit right to triggers, for example to concrete indications of a breach, to a substantiated complaint, or to a periodic, risk-based interval. In addition, notice periods, the treatment of confidential information and the allocation of costs should be regulated. Passing the audit power on into the chain also follows the best-efforts logic: the direct supplier undertakes to agree corresponding control rights with its own upstream suppliers, so far as this is possible and reasonable for it.

Termination and suspension: what is permitted as a last resort?

For dealing with breaches, the Act prescribes a clear sequence. Section 7 LkSG follows the principle of enablement before withdrawal. If the buyer identifies a violation, a remedial plan first has to be worked out and implemented with the supplier. Termination of the business relationship (Abbruch der Geschäftsbeziehung) is expressly only the last resort under section 7 (3) LkSG. It is called for only where the violation is to be assessed as very serious, the remedial measures agreed in the plan bring no remedy after the deadline has passed, no milder means is available, and increasing one's own ability to exert influence offers no prospect of success.

The contract should reflect this statutory escalation logic rather than circumvent it. A clause granting the buyer an immediate right of extraordinary termination for every breach, however minor, matches neither the purpose of the Act nor the practical balance of interests.

A staged arrangement makes sense. The first stage carries notification and remedial duties with an appropriate grace period. As an intermediate stage, the contract can provide a right to temporary suspension of supply or of acceptance, placed ahead of final termination. Only at the last stage stands the right of extraordinary termination, modelled on the conditions of section 7 (3), that is, on a serious breach that persists despite remedial attempts.

This arrangement protects both sides. The buyer has an enforceable set of instruments without falling into an all-or-nothing situation at every incident. The supplier gets the chance to put things right before the relationship ends, which is at the same time the aim of the Act: to remedy grievances rather than merely shed suppliers and push the risk into a less visible chain.

Where does section 307 BGB draw the line for compliance clauses?

Compliance clauses are almost always imposed as pre-formulated contract terms and are therefore subject to the content review of standard business terms (Inhaltskontrolle). Under section 307 BGB, clauses are void where they unreasonably disadvantage the contracting party contrary to the requirements of good faith. This review also applies in dealings between businesses, albeit by a different standard than towards consumers. Anyone who offloads the due diligence obligations onto the supplier in an overreaching way risks the central clause not holding up when it matters.

Three constellations are especially critical. First, complete transfer: a clause that imposes on the supplier, in blanket fashion, the very due diligence responsibility that the Act assigns to the buyer disadvantages the supplier unreasonably and can be void.

Second, broad indemnity and liability clauses: a supplier is to indemnify the buyer against all claims and damages arising from the entire supply chain, regardless of fault and the ability to exert influence. Such boundless exclusions to the detriment of the supplier are regularly open to challenge in pre-formulated terms.

Third, non-transparent clauses: section 307 requires terms to be clear and comprehensible. A reference to extensive, indefinite catalogues of expectations whose content the supplier cannot survey breaches the transparency requirement (Transparenzgebot).

For contract drafting this yields a double requirement. The clauses have to be appropriate in substance, aligning the burdens with actual influence and fault, and they have to be transparent. The supplier code of conduct should therefore not simply be imposed as standard business terms but incorporated, where possible, as an individually negotiated agreement (Individualvereinbarung), because the content review does not apply in the same way to individually agreed provisions.

Attention must also be paid to the collision with the counterparty's purchasing or sales terms. If the supplier's standard business terms contain a defence clause, the binding force of one's own compliance provision can be at risk. A more robust approach is to agree the core human rights obligations expressly and document that agreement, rather than leaving their validity to a later battle over standard terms.

About the author

Martin Neupert
Martin Neupert
Real Estate & Procurement Partner
Get in touch

Martin Neupert advises companies on public procurement and foreign trade law, on classified information protection and export control, and on access to security-related contracts.

Aerial view of a road bridge crossing a green river between autumn-colored banks

Draft supply contracts to withstand the LkSG

We review and draft supplier and framework agreements so that suppliers are involved effectively, responsibilities remain clear and the provisions withstand German standard-terms review.

Get in touch

Frequently Asked Questions on LkSG Contract Clauses

Directly subject to the Act are companies with at least 1,000 employees in Germany and their seat, head office or branch in Germany; in the first year of application, 2023, the threshold was still 3,000 employees. Smaller suppliers are not formally covered but are bound indirectly, because their buyers who are subject to the Act pass the requirements on by contract. Under the Omnibus package, the future EU directive CSDDD will only take effect from 5,000 employees and 1.5 billion euro turnover.

No, at least not fully. The statutory due diligence responsibility stays with the company subject to the Act. The contract serves to tie the supplier in, not to get rid of one's own duty. The BAFA expressly points out that a blanket cascade of the due diligence obligations is ruled out and that a mere warranty from the supplier makes no effective contribution to risk management. Clauses that offload responsibility in an overreaching way can, in addition, be void under section 307 BGB.

It has to attach to specific, verifiable standards instead of merely referring in general to compliance with human rights. What has proven effective is the warranty under section 6 (4) no. 2 LkSG combined with a supplier code of conduct incorporated as an annex that names the relevant prohibitions and standards on a risk basis. The warranty is supplemented by audit and information rights and by staged remedial and termination provisions, so that it is actually enforceable.

As pre-formulated terms they are subject to the content review under section 307 BGB, which also applies between businesses. Overreaching clauses, for instance the complete transfer of the due diligence obligations, boundless indemnities or non-transparent catalogues of expectations, are open to challenge and, in case of doubt, void. Appropriate, transparent provisions geared to the ability to exert influence remain valid. The core human rights obligations should, where possible, be individually agreed and not imposed through standard business terms alone.

The supplier code of conduct, often called a Supplier Code of Conduct, is the annex that sets out the specific human rights and environmental expectations of the supplier. It makes the contractual warranty tangible in content and can be adapted when the risk position changes. For LkSG purposes it must be incorporated into the contract in a binding way and interlocked with control and remedial clauses. A code that is merely published without binding force does not satisfy the warranty requirement.

The LkSG remains in force but is being reworked. The reporting obligation under section 10 is suspended, the BAFA reporting form has been deactivated since 7 November 2025, and the authority is for now pursuing only serious breaches. The government draft provides for the reporting obligation to be repealed retroactively and the fine provisions to be reduced. In the medium term the LkSG is to be replaced by an act transposing the EU directive CSDDD. The substantive due diligence obligations and the contractual integration of suppliers remain in their core unaffected.

The Act provides for coercive penalties and fines, though the government draft reduces the underlying offences and tailors them to more serious cases, such as the failure to take preventive and remedial measures (Präventions- und Abhilfemaßnahmen) or to run a complaints procedure. At present the BAFA, following the directive of 26 September 2025, pursues only serious breaches. Independent of regulatory enforcement, contractual consequences remain: if a supplier breaches its warranted obligations, the agreed remedial, suspension and termination rights take effect.

Contact

Get in touch

Send us a message. We will get back to you within one working day.

Maxfeld.legal

Rechtsanwaltsgesellschaft mbH
Leipziger Platz 21
90491 Nuremberg

Brochure

Request brochure

Enter your contact details. We will send you the brochure by email right away.