Key Takeaways
- Companies are now required to identify, assess, document, and respond lawfully to risks across their entire supply chain.
- Even after the suspension of enforcement of key parts of the German Supply Chain Due Diligence Act (LkSG), criminal liability risks remain — particularly regarding environmental damage, (investment) fraud, misleading advertising, and corporate fines for organizational failure.
- The EU is tightening ESG compliance and corporate liability standards in the areas of environmental and human rights protection. The new EU framework goes beyond the German LkSG, obliging companies to examine and mitigate risks throughout their entire EU-wide supply chain.
- At the same time, companies must disclose ESG risks and strategies using unified reporting standards.
- Criminal law is also becoming an instrument of European ESG regulation — for example, in cases involving pollutant emissions, illegal waste transport, violations of biodiversity rules, and deforestation regulations. Fines of up to 5% of annual turnover or €40 million may apply.
- To prevent liability and strengthen their legal defense, companies should adapt their compliance systems in time and treat ESG not as a PR issue, but as a legally binding compliance matter.
Global supply chains are an integral part of corporate reality. They enable efficiency, specialisation and cost benefits. However, where economic opportunities arise, legal risks also arise. When child labour, environmental pollution or the exclusion of trade unions abroad become part of a company’s own value chain, the question of corporate responsibility arises.
These issues are increasingly being subsumed under the term environmental and social corporate responsibility – ESG for short. What for a long time was primarily of an ethical or reputation-related nature is now being taken up by legislators – not only in the form of reporting obligations or civil liability, but also with regard to criminal liability. In particular, the focus is on the question of what duties of care exist and what legal consequences breaches of these can have.
After the German legislator has already created extensive regulations with the Supply Chain Due Diligence Act (LkSG), the EU is tightening the requirements for ESG compliance and corporate liability in the area of environmental and human rights protection with the Corporate Sustainability Due Diligence Directive (CS3D). The CS3D goes beyond the German Supply Chain Act and obliges companies to review their entire supply chain throughout the EU and minimise risks.
The German perspective
Climate protection before the Federal Constitutional Court – a wake-up call with effect
The legal ESG debate in Germany was kicked off not by a law, but by a ruling.
In a ruling on March 24, 2021, the Federal Constitutional Court declared parts of the Climate Protection Act to be unconstitutional. The Federal Constitutional Court justified its decision by stating that the regulations would place a disproportionate burden on future generations and thus violate the promise of freedom protected by fundamental rights.
The ruling was more than just a warning, it was a constitutional signal that has been reflected in ESG legislation ever since.
Supply Chain Act: Between political ambition and legal reality
With the LkSG, which came into force at the beginning of 2023, the legislator wanted to initiate a paradigm shift. Companies with 1,000 employees or more were obliged to identify and minimize human rights and environmental risks in their supply chain and to take remedial action if necessary.
This included risk analyses, preventative measures, an internal complaints procedure and an annual report to the BAFA.
The sanction mechanisms provided for by the law were not insignificant. In the event of violations, companies could be fined up to two percent of their global annual turnover, depending on the size of the company. It was also possible to temporarily exclude companies from participating in public tenders. Official coercive measures, for example in the form of fines for failure to act, were also provided for in order to ensure that the obligations were enforced. The compliance requirements not only affected large companies, but in fact also many SMEs through their role as suppliers.
However, the law was politically controversial and was effectively gutted after the coalition government took office in 2021. Reporting obligations were abolished, enforcement was suspended (with a few exceptions) and the law itself is to be replaced by a new EU-compliant set of regulations.
Cases from practice: When abstract obligations become concrete
A look at the first proceedings before the BAFA shows that the LkSG has had an impact. These were particularly high-profile:
- The Mazur case: Polish lorry drivers reported exploitative working conditions. BAFA is currently investigating whether German companies as clients have violated the LkSG.
- The Edeka/Rewe case: NGO complaints about abuses at suppliers in banana production led to BAFA proceedings against the two retail chains.
- The BMW case: New indications of problematic raw material procurement (cobalt from Morocco) are the focus of upcoming investigations.
These cases show: Responsibility does not end at the factory gate. Companies must be able to think legally about their supply chains and, if necessary, defend them legally.
Criminal law risks in relation to ESG
What many underestimate: The criminal law risks in the ESG area have existed for a long time, even without special ESG laws!
The German Criminal Code contains a whole series of offences that sanction environmentally related or human rights violating behaviour in companies, e.g:
- § 324 ff. StGB: Water pollution, air pollution, soil pollution, illegal waste disposal
- §§ Sections 263, 264a StGB: Fraud and investment fraud – e.g. ‘greenwashing’ of sustainable products
- § Section 16 UWG: Misleading advertising – e.g. environmental or social standards
- § Section 30 OWiG: Corporate fines for organisational failure
Prominent examples range from ‘Dieselgate’ and DWS (greenwashing allegations) to proceedings for illegal ship devaluation abroad (‘beaching’). Even if criminal liability in individual cases is often subject to strict conditions, the investigation proceedings themselves are incriminating, both for the company and for those responsible.
The European perspective
It is not only the German legislator that has become active in this respect. There have also recently been extensive initiatives in the area of ESG at EU level.
From the Green Deal to the sustainability obligation
The starting point for current developments is the European Green Deal. The aim is to make Europe the first climate-neutral continent by 2050. A large number of regulatory initiatives are derived from this political vision – from the taxonomy regime and sustainability reporting (CSRD, SFDR) to the new EU Environmental Crime Directive. The economic transformation is to be flanked by compliance obligations for companies, which are increasingly being made justiciable.
The CS3D: Supply chain as a legal risk area
With the CSDDD (Corporate Sustainability Due Diligence Directive – CS3D for short), the EU is concretising its concept of responsible corporate governance. Companies with more than 1,000 employees and a turnover of more than 450 million euros (inside or outside the EU) are obliged to identify and assess human rights and environmental risks along their entire supply and value chain and to take appropriate remedial action.
The scope of the CS3D is significantly broader than the German LkSG, as it not only applies to direct suppliers, but also to downstream processes such as distribution and disposal. Companies must also submit a transformation concept for climate protection.
Mitigation through omnibus packages
However, the EU – particularly under the impression of economic burdens and political reservations – weakened central points of the directive again with the so-called Omnibus Packages I and II:
- The scope of application has been reduced.
- Companies now only have to carry out in-depth risk analyses in the supply chain if there are specific indications of risks.
- The obligation to terminate business relationships as a ‘last resort’ no longer applies.
- Reference is made to national legal systems for civil liability.
- The implementation deadline has been postponed to 2027 and the first mandatory application to 2028.
Implementation in Germany is to take place via the planned ‘Gesetz zur internationalen Unternehmensverantwortung’.
Sustainability reporting and financial market regulation
In parallel with CS3D, the EU is working to standardise ESG reporting obligations and thus promote transparency in the area of ESG. The Corporate Sustainability Reporting Directive (CSRD) obliges companies to disclose their ESG risks and strategies using uniform reporting standards across Europe. The Sustainable Finance Disclosure Regulation (SFDR) also obliges financial market players to provide ESG transparency for products and investments.
Overall, these regulations lead to a significant expansion of disclosure and documentation obligations combined with liability risks in the event of incorrect or omitted disclosures.
EU Environmental Criminal Law Directive: ESG and criminal law interlinked
The Directive on the protection of the environment through criminal law (EU 2024/1203) adopted in May 2024 will also make criminal law an instrument of ESG regulation. The directive obliges member states to criminalise certain particularly environmentally harmful behaviour, such as
- unauthorised emissions of pollutants into air, water or soil
- illegal waste shipments
- ship disposal in circumvention of recycling
- Violations of species protection or deforestation regulations
Companies face severe sanctions: Fines of up to 5% of annual turnover or 40 million euros, as well as the public announcement of convictions or exclusion from funding.
CONCLUSION: EUROPE TAKES ESG TO A NEW LEVEL
The German and European requirements for ESG compliance have a profound impact on corporate decision-making processes – and do not only affect large corporations. The combination of due diligence obligations, reporting obligations and criminal law flanking means that ESG is no longer voluntary in Europe. Anyone operating along complex supply chains today must be able to recognise, assess and document risks and react in a legally robust manner in the event of a crisis.
Companies should adapt their compliance systems in good time and understand ESG risks not just as a PR problem, but as a legal issue relevant to liability, which also affects the area of criminal liability. The establishment of a functioning ESG risk management system is therefore not only relevant to fines – it is also part of a preventive defence strategy.
Pragal & Prinzenberg supports companies in this area of conflict with many years of experience in commercial and environmental criminal law and a clear view of official procedures. Our services range from strategic compliance advice and preventive risk analyses to defence in investigation and fine proceedings. ESG not only needs policy expertise, but also criminal law judgement.
At the 27th International Conference of the International Bar Association (IBA) in Santiago de Chile, our partner Dr Oliver Pragal spoke about current developments in the interplay between environmental, human rights and commercial criminal law under the title: ‘Supply chain and criminal offences – the German perspective’.
This blog post picks up on the key content of this presentation and examines developments in German and European law, in particular the Supply Chain Due Diligence Act (LkSG) and the new Corporate Sustainability Due Diligence Directive (CS3D), accompanying reporting obligations and the role of criminal law.
