Earlier this year, the EU Parliament voted to adopt a legislative initiative report that would urge the EU Commission to introduce a due diligence law.
The due diligence law would hold companies, their suppliers, and sub-contractors liable when they harm or contribute to harming human rights, the environment, and good governance.
The law would require companies to “cease, mitigate and prevent” risks in their supply chains.
Additionally, the EU Parliament requested to include a ban on importing products linked to human rights violations. Especially companies linked to forced labor by Uyghurs in Xinjiang exporting to the EU will be under strict observation.
Organizations that intend to access the EU internal market must prove that their company complies with human rights and environmental due diligence commitments.
Check out our infographic on how to assess and secure your supply chain!
How Germany has adopted the Due Diligence Law
Along the EU Due Diligence Law lines, the German Parliament adopted a new law protecting human rights and the environment in supply chains on 11 June 2021.
Starting in 2023, the law requires large companies with more than 3,000 employees to identify and address human rights and environmental risks in their direct supply chains. From 2024 companies with more than 1,000 employees will have the same duties.
Companies must publish an annual report outlining the steps they have taken to identify and avert human rights risks. Additionally, national authorities will be empowered to impose up to EUR 800,000 on companies that fail to carry out their obligations.
However, worldwide human rights initiatives and environmentalists have criticized the law for not going far enough. For example, it does not require companies to undertake thorough and systematic due diligence on indirect suppliers further down the supply chain although this is often where the most severe abuse occurs.
International Spotlight on Supply Chain Security and Ethics
The EU Due Diligence Law and its German adoption result from governments worldwide beginning to place measures and regulations on supply chain security and ethics.
Only recently, the Monetary Authority of Singapore (MAS) imposed measures, which requires all financial institutions to assess all suppliers’ third-party technology vendors, ranging from revealing evaluation on security measures to assuring safe programming practices.
In addition, the US Department of Commerce issued an interim final rule on the Information and Communications Technology and Services (ICTS) supply chain designed to prohibit certain ICTS Transactions from listed foreign adversaries. The list includes China, Russia, Iran, North Korea, Cuba, and Venezuela.
On top of that, the COVID-19 pandemic and consequent lockdowns have also interrupted the global supply chain, highlighting the extent to which countries depend on globalized production chains, which in turn pushed states to enhance their home-grown industries.
Do you enjoy this story? Subscribe now to receive weekly Intelligence and news on the geopolitical and cyber threat landscape once a week straight into your inbox.
How to Keep Your Supply Chain Secure Now
Undoubtedly, supply chains are in the international spotlight. On the one side, cybercriminals are constantly scanning for vulnerabilities they can maliciously exploit. On the other side, both governmental regulators and the general public increase the pressure for organizations to keep their supply chains secure and ethical.
To prepare, respond and mitigate potential security and ethical risks, companies must be ready and resilient. Essential steps to enhance companies’ supply chain security include:
- Evaluate all critical components of the supply chain, including trade routes affecting your companies and your suppliers.
- Understand risks in the countries you are based in or have commercial relationships with, including geopolitical risks, natural hazards, and cybersecurity regulations.
- Increase your resilience with supply chain shock scenario-based exercises once the potential risks affecting your supply chain are identified. Develop and review crisis management plans based on the identified scenarios.
- Build sufficient flexibility to protect against future disruptions by diversifying suppliers and adopt technology-led and threat intelligence solutions to monitor future threats.
- Avoid open vulnerabilities triggered by rushed decisions! Start scouting early for new suppliers and take time to test their security precautions. Only then can you make sure that your products and data are secure.
- Prepare for increased costs in monitoring and controlling your supply chain and have resources ready. The EU Due Diligence Law might force you to switch to more expensive suppliers and requests an annual report on your efforts.
- Equip early against supply shortages. Some industries, e.g., the semiconductors sector, might be strongly affected by increased demand for (new) suppliers.
- Watch out for industrial espionage! Increased demand for suppliers boosts competition and might result in espionage attacks.