Supply Chain Act (LkSG) Risk Analysis

The LkSG risk analysis under §

5 is a systematic procedure for identifying, assessing, and prioritising human rights and environmental risks across the entire supply chain. It forms the core element of risk management under the German Supply Chain Due Diligence Act.The process consists of three main steps:1. Risk identification: Capturing all potential risks in your own business area and at direct suppliers through country risk assessments, industry analyses, and supplier-specific assessments.2. Risk assessment and prioritisation: Evaluating identified risks by severity, probability of occurrence, and the company’s degree of influence. The BAFA guidance recommends a multi-level methodology.3. Deriving measures: Developing appropriate prevention and remediation measures based on risk prioritisation, with clear responsibilities and timelines.The results of the risk analysis must be documented and reported to management. ADVISORI supports the development of a structured risk analysis methodology that covers both legal requirements and industry-specific considerations.

Supply chain risk assessment under the LkSG involves five essential steps that must be completed systematically.1. Supply chain inventory: Mapping all direct suppliers with capture of locations, product categories, and sub-suppliers. Prioritisation by procurement volume and strategic importance.2. Abstract risk analysis: Evaluation of country risks, industry indices, and external data sources to identify high-risk suppliers. Use of risk indices such as the BAFA country risk report.3. Concrete risk analysis: In-depth review of prioritised suppliers through self-assessments, on-site audits, and document reviews. Assessment of actual human rights and environmental risks.4. Risk classification: Categorisation of risks by severity, reversibility, and number of affected persons. Creation of a risk map with prioritisation levels.5. Measure derivation: Development of appropriate prevention measures per risk class. Definition of KPIs for effectiveness measurement.ADVISORI guides companies through implementing this risk assessment methodology and integrating it into existing risk management processes.

The regular risk analysis under the Supply Chain Act must be conducted at least once annually. In addition, an event-triggered risk analysis is required when substantiated knowledge of potential violations emerges.The LkSG distinguishes two analysis types:1. Regular risk analysis (annual): Covers the company’s own business area and all direct suppliers. Involves updating the risk map and reviewing existing measures.2. Event-triggered risk analysis: Triggered by substantiated knowledge of risks at indirect suppliers, significant changes in business activities, complaints through the grievance mechanism, or new insights into industry risks.In practice, the BAFA recommends continuous monitoring to supplement the annual mandatory analysis. Companies should establish a monitoring system that detects changes at suppliers early.ADVISORI supports the establishment of a structured analysis calendar and automated early warning systems for your supply chain.

The LkSG risk analysis at direct suppliers examines compliance with the due diligence obligations defined in §

2 of the Supply Chain Act in two core areas.Human rights due diligence:- Prohibition of child labour and forced labour- Occupational health and safety- Freedom of association and right to collective bargaining- Prohibition of discrimination in employment- Adequate remuneration (minimum wage)- Prohibition of unlawful forced evictions- Prohibition of engaging private security forces in human rights violationsEnvironmental due diligence:- Prohibition of causing harmful soil and water contamination- Prohibition of unlawful emissions- Prohibition of excessive water consumption- Compliance with the Minamata, Stockholm, and Basel ConventionsThe risk analysis must be appropriate and effective, meaning the type and scope of the analysis must correspond to the identified risk potential. ADVISORI develops industry-specific risk analysis frameworks that systematically cover all due diligence obligations.

The LkSG provides for two levels of risk analysis that differ in depth, scope, and trigger.Abstract risk analysis:- First level of risk assessment- Uses country risk indices, industry reports, and publicly available data sources- Identifies potential risks based on supplier location and industry- Result: Classification of suppliers into risk categories (low, medium, high)- Conducted for all direct suppliersConcrete risk analysis:- In-depth review of identified high-risk suppliers- Uses supplier-specific data such as self-assessments, audit reports, and on-site inspections- Assesses actual risks and specific violations- Result: Detailed risk assessment with action plan- Conducted on a risk-oriented basis for prioritised suppliersThe BAFA expects companies to methodically conduct and document both analysis levels. ADVISORI supports the development of a multi-level analysis methodology that efficiently connects both levels.