In the future, companies will have to report more comprehensively than before on the impacts and risks of their business activities. They can be sanctioned if they fail to comply with the related due diligence requirements. What companies should already be doing to remain an attractive business partner.


How companies can manage their sustainability risks

By Michael Wiedmann (Norton Rose Fulbright) and Frank Graichen (DQS GmbH)

More than 20 years ago, the first companies joined the UN Global Compact [1]. In the meantime, it is the world's largest and most important initiative for responsible corporate governance. The vision of the UN Global Compact is an inclusive and sustainable global economy based on its ten universal principles. By joining, companies agree to respect the ten principles and to report annually on progress and problems in implementing the principles. As the reports are based on voluntary self-disclosure and not subject to verification, the seriousness of this reporting is questioned.

In 2011, the UN Human Rights Council [2] adopted Guiding Principles on Business and Human Rights (Guiding Principles) [3], which created an obligation for member states to enshrine respect for human rights along corporate supply chains in law and to demonstrate how they are meeting these obligations with mandatory reporting.

Action plans in 23 countries worldwide

The Guiding Principles are the starting point for a number of laws around the world that have required legislators to require companies to report on human rights abuses in their supply chains. The first such law was California's Transparency in Supply Chains Act in 2012 [4], which in turn was the blueprint for the UK's Modern Slavery Act in 2015 [5].

Update: New development on supply chain law.

On Friday, Feb. 12, 2021, the German government agreed after all on the key points for a supply chain law that is to apply on Jan. 1, 2023. As reported by the German news program "" on 12.02.2021, the three ministries involved had "achieved a breakthrough in the long dispute over a supply chain law on compliance with human rights and environmental standards.

The DQS blog will soon publish an article on the planned scope of the law and the implications for companies to meet their social responsibility along the supply chain.

At the same time, both the United Nations [6] and the EU [7] called on their members to adopt National Action Plans (NAPs) [8] to implement the Guiding Principles. This call has been met by 23 countries worldwide, which have drawn up action plans with specific calls to local companies [9]. Internationally active German companies thus not only have to observe the NAP of the German government, but also, where applicable, the NAPs of the countries in which they are present with subsidiaries.

While the first laws and the resulting obligations were still relatively non-binding for companies, further national laws, in France in 2017 [10] and in the Netherlands in 2019 [11], have been enacted in recent years, imposing not only reporting obligations but also due diligence obligations on companies, non-compliance with which can be sanctioned.

Reporting obligations to be extended

The EU is also thinking along the same lines. The Corporate Social Responsibility (CSR) Directive [12] adopted in 2014, which obliges more than 6000 companies across Europe to also report on their sustainability activities, has been under review since February 2020 as part of a consultation. It is expected that the reporting obligation will be extended to more companies in the future and will be made much more specific. This means that companies will make their suppliers provide the required information even more than before.

EU Justice Commissioner Didier Reynders has announced a European supply chain law for compliance with human rights and environmental protection standards in 2021 [13]. With the adoption of such a supply chain law, companies will likely be required to demonstrate that they have done what is commensurate with their size and causation contribution to prevent or mitigate human rights violations or damage to the environment. If they fail to provide evidence of a risk analysis and the implementation of risk-avoiding or risk-reducing measures, they are likely to be sanctioned.

These EU legislative plans are embedded in the EU Commission's "Green Deal" presented in December 2019, which aims to make Europe grow in a climate-neutral way. This requires a transformation of the economy and supply chains, including the development of sustainable finance [14].

Sustainable finance

Transforming finance means that the EU will encourage companies to focus on long-term goals and the challenges and opportunities associated with sustainable development. This implies that climate and environmental risks must be fully managed and integrated into business considerations, with due consideration given to social risks, such as human rights abuses in cross-border supply chains [15].

As a first step on this path, the EU has introduced a classification system for sustainable and climate-friendly investments - the "taxonomy" [16]. In the future, favorable interest rates on loans for investments will also depend on the extent to which investments, directly or indirectly, do not have adverse impacts on people, climate and the environment.

Catalog of obligations grows larger

Companies must therefore be prepared to report more comprehensively than before on the impacts and risks of their business activities, their business relationships, and those of their products and services [17], and to be sanctioned for non-compliance with related due diligence obligations. Either these legal obligations will affect them directly or these obligations will increasingly be passed on to them by their business partners.

Companies should therefore start now to examine their entire value chain for sustainability risks, avoid them or at least significantly reduce them (in the medium to long term) in order to remain an attractive business partner or not suffer any adverse effects in future financing.

Management systems serve as guard rails

The recommendation to focus on sustainability risks now raises the interesting question of the extent to which existing management systems are suitable for supporting companies in such risk analyses, and what points of contact there might be, for example, in ISO 9001, ISO 14001 or ISO 45001.

The basic ISO structure (High-Level-Structure, HLS), which was introduced years ago, has proved to be helpful in this respect. It has resulted in all management system standards having a similar structure, setting largely identical requirements in relation to the respective subject area and using harmonized terminology.

Involve interested parties

Specifically, the correlations between CSR and the topics "context of the organization and interested parties", "(quality/environmental) policy" and "risks and opportunities with regard to binding commitments" will be addressed below.

With the (planned) introduction of extended reporting requirements and a supply chain law that will have a striking influence on the internal relationship between an organization and its suppliers, changes occur in the "external issues" and the "context" in which a company operates (see ISO 9001, chap. 4.1). Equally affected are the requirements and expectations of interested parties (see ISO 9001, Ch. 4.2), which become "relevant" and thus obligatory/binding simply because legal and regulatory requirements are formulated with the reporting obligations and the Supply Chain Act.

Shaping quality and environmental policy

Direct, derivable references also arise when defining the company's policy. For example, the quality and/ or environmental policy must include "a commitment to meet applicable requirements" (ISO 9001, chap. 5.2.1c). A European directive or a law is without doubt such an applicable requirement. Furthermore, management system standards require that the "policy (of the organization) is appropriate for (...) the context".

Thus, when the context changes and expectations from consumers, financial organizations, and legislators directly or indirectly modify requirements for an organization's strategy, products, services, processes, and supply chains, this can - indeed must - be reflected in a changed, adapted corporate policy.

With regard to the topic "Risks & Opportunities" (ISO 9001, chap. 6.1.1), three aspects and questions become apparent which companies should be able to analyze and answer for themselves:

  • What undesirable effects would it have for the company if it only inadequately complied with a possible reporting obligation or if no appropriate consideration of compliance with human rights and/or avoidance of environmentally relevant damage could be demonstrated in the supply chains?
  • What opportunities and possibilities would arise from a consistent commitment and active positioning of the company with regard to CSR, e.g. in terms of image, brand positioning, market shares, development of new target groups, sales and earnings?
  • Does the company take into account the requirements that could arise from the CSR Directive and the Supply Chain Act as part of its supplier management and procurement processes? And what information, including contractual agreements, is provided to "external suppliers" (ISO 9001, chap. 8.4.3)?

This makes it almost imperative to integrate these topics into internal and external audits as quickly as possible and to derive adjustments in the relevant corporate processes from the results obtained.

The Authors

Michael Wiedmann is a compliance lawyer in the Frankfurt office of Norton Rose Fulbright. In the German Institute for Compliance e.V. (DICO), he is also involved as co-chair of the CSR/human rights working group. Frank Graichen headed the Auditor Management & Competence division of DQS GmbH, is an auditor for ISO 9001 and a lecturer on auditing topics at the German Society for Quality (DGQ), Frankfurt/Main.

fragen-antwort-dqs-fragezeichen auf wuerfeln aus holz auf tisch

Do you have any questions?

We are looking forward to talking to you!


1 Ten principles of the Global Compact:
2 Details on the Human Rights Council:
3 Guiding Principles on Business and Human Rights: Shortlink directly to PDF:
4 California Transparency in Supply Chains Act of 2010:
5 Modern Slavery Act 2015:
6 UN Working Group on Business and Human Rights
7 EU Commission, EU Strategy for CSR 2011 - 2014, p. 1, Shortlink directly to PDF:
8 German NAP:
9 List of the High Commissioner for Human Rights:
10 LOI n° 2017-399 du 27 mars 2017 relative au devoir de vigilance des sociétés mères et des entreprises donneuses d'ordre:
11 Wet van 24 oktober 2019 houdende de invoering van een zorgplicht ter voorkoming van de levering van goederen en diensten die met behulp van kinderarbeid tot stand zijn gekomen (Wet zorgplicht kinderarbeid):
12 Directive 2014/95/EU:
13 European Parliament Working Group on Responsible Business Conduct, webinar of 29.04.2020.
14 A European Green Deal:
15 EU consultation on sustainable finance (query ran until 15.07.2020):
16 More information on the "taxonomy" and the results of the Technical Working Group on Sustainable Finance:
17 Recommendation of the Sustainable Finance Advisory Council of the German Federal Government, Interim Report - The Importance of Sustainable Finance for the Great Transformation of 5.03.2020:


The above article first appeared in the 09/2020 issue of the German trade journal "QZ Qualität und Zuverlässigkeit". It is published here with the kind permission of the publisher.

Michael Wiedmann

From June 2017 to December 2020, Michael Wiedmann was a compliance lawyer in the Frankfurt office of Norton Rose Fulbright. Prior to that, he held a wide variety of management positions at METRO Group for two decades; including Chief Compliance Officer, Senior Vice President Public Affairs, Head of Corporate Development/ General Manager, General Counsel and Company Secretary. He has extensive experience in compliance, governance and corporate matters, which he brings to bear in advising his clients, particularly in the development and design of compliance management systems. In addition to his involvement with the German Institute for Compliance e.V. (DICO) as co-chairman of the CSR/Human Rights working group, Michael Wiedmann regularly publishes on the topics of human rights and whistleblowing. Furthermore, he is a member of the executive committee of the German Wettbewerbszentrale in Bad Homburg, which combats unfair commercial practices.


Relevant articles and events

You may also be interested in this
paper people doing teamwork in their business

The Corporate Sustainability Due Diligence Directive (CS3D) is coming – Overview and Timeline

Top view of Deep water port with cargo ship and containers. It is an import and export cargo port wh

Integrating Logistics & Transportation Service Providers into your Human Rights Due Diligence: Legal Requirements & Approach

Prüfung Nachhaltigkeitsbericht Landis+Gyr

External audit of Landis+Gyr sustainability report: A successful premiere