17 August 2022

The first guidance on conducting a risk analysis in line with the German Supply Chain Act (GSCA) requirements has been published by the Federal Office of Economics and Export Control (BAFA).

Available in German only, it includes advice for companies on identifying, weighing, and prioritising human rights and environmental risks, the steps they need to take to deliver a risk analysis and practical tips for implementation.

Our key takeaways for business include:

  • The risk analysis is a key element of your due diligence process. The results create the basis for further action and decisions about the strategic and operational set-up of your risk management system. It is recommended key business areas as well as local stakeholders are involved in the process from the outset.
  • Creating transparency about your own business activities, procurement structure and business relationships is an important starting point for an appropriate risk analysis.
  • The GSCA distinguishes between regular and ad-hoc risk analysis:
    1. Regular annual risk analysis covers direct suppliers and own operations.
    2. Ad-hoc risk analysis can cover the entire supply chain and own operations and can be triggered through (1) substantiated knowledge or (2) significant changes in the risk exposure of the company.
  • Companies have discretion when designing their risk analysis-processes and choosing methods, however their decisions must be comprehensible.
  • BAFA recommends a proactive approach towards regular due diligence, to save the time and resources that would otherwise be needed for ad-hoc due diligence later.
  • A risk-based and step-by-step approach is recommended. The guide differentiates between the consideration of abstract risks at a country or procurement category level and the concretisation and prioritisation of risks at supplier, country, or location level.
  • Companies can weigh and prioritise their risks by applying the appropriateness criteria set out in Article 3(2) GSCA.

We have been supporting companies to identify and address their social risks by integrating human rights due diligence into businesses for over 18 years.  If you have any questions about the law or need support to prepare for its implementation, please contact us at


Share this