Skip to content
GT
⚖️ Human Rights Due Diligence
Back to course
Regulatory LandscapeLesson 2 of 46 min readFrench Loi de Vigilance (2017), German LkSG (2023)

French Duty of Vigilance & German Supply Chain Act

French Duty of Vigilance and the German Supply Chain Act

Before the EU CSDDD created a pan-European framework, two member states moved independently to make human rights due diligence a legal obligation for large businesses. France's Loi relative au devoir de vigilance, enacted in 2017, and Germany's Lieferkettensorgfaltspflichtengesetz (LkSG), which entered into force in January 2023, became the two most influential national mandatory HRDD laws in the world. Together they shaped the architecture of the CSDDD and set the template for compliance approaches that companies are now scaling to meet EU-wide requirements.

France: Loi de Vigilance (2017)

France's duty of vigilance law was the first national legislation anywhere in the world to impose a mandatory human rights and environmental due diligence obligation on large companies. It applies to French companies with at least 5,000 employees in France, or at least 10,000 employees worldwide (including in subsidiaries), for two consecutive years. This threshold captures roughly 150 to 200 of the largest French multinational enterprises.

The law requires these companies to establish, publish, and implement a plan de vigilance (vigilance plan) covering:

  • Mapping of risks across the company's activities, those of its subsidiaries, and those of its subcontractors and suppliers with which it has an established commercial relationship.
  • Regular risk assessment procedures based on the mapping.
  • Actions adapted to mitigate risks and prevent serious violations of human rights, fundamental freedoms, personal health and safety, and the environment.
  • An alert mechanism to collect reports of risks and violations, developed in consultation with representative trade unions.
  • A monitoring scheme to assess the effectiveness of measures implemented.

The vigilance plan must be published in the company's annual management report, making it publicly accessible and subject to civil society scrutiny.

Civil Liability Under the Loi de Vigilance

Any person with a legitimate interest - including affected communities, NGOs, and trade unions - can give formal notice to a company to comply with the law. If the company fails to act within three months, the requester may bring a court action. Courts may order the company to publish, implement, or modify its vigilance plan, and may award damages where a failure to establish or implement the plan caused harm. This regime has already generated major litigation, including cases against TotalEnergies and BNP Paribas concerning their energy projects in Uganda.

Germany: Lieferkettensorgfaltspflichtengesetz (LkSG), 2023

The German Supply Chain Due Diligence Act entered into force on 1 January 2023 for companies with at least 3,000 employees in Germany, and expanded to companies with at least 1,000 employees on 1 January 2024. This brings an estimated 900 companies into direct scope. Like the French law, it also has indirect effects on the suppliers of those companies, since in-scope companies must conduct due diligence with respect to their direct suppliers and, where there is substantiated knowledge, their indirect suppliers as well.

The LkSG requires in-scope companies to implement the following elements across their own operations and direct supply chains:

  • Risk analysis: Annual identification and assessment of human rights and environment-related risks, including a risk prioritisation based on the likelihood and severity of adverse impacts.
  • Prevention measures: Adoption of a policy statement (Grundsatzerklarung) committing to due diligence, and implementation of preventive measures including supplier contracts, training, and capacity building.
  • Remedial action: Where violations are identified, immediate action to stop, prevent, minimise, or end them.
  • Complaints procedure: Establishment of a grievance mechanism accessible to those inside and outside the company, including workers in the supply chain.
  • Documentation and reporting: Annual due diligence report published online, to be reviewed by the Federal Office for Economic Affairs and Export Control (BAFA).

The human rights and environment standards covered by the LkSG are drawn from an annex of international conventions, including core ILO conventions on forced labour, child labour, freedom of association, and non-discrimination, as well as the Minamata Convention on mercury and the Stockholm Convention on persistent organic pollutants.

Analogy: The LkSG as a Risk Management Audit

A company's LkSG obligations are structurally similar to a financial risk management programme. Just as a bank must identify credit risks, assess their likelihood and magnitude, put mitigation controls in place, and report on the effectiveness of those controls to its regulator, a German company must identify human rights risks in its supply chain, prioritise them, take preventive action, and report to BAFA. The key insight is that the obligation is one of due diligence - systematic process - not a guarantee of zero adverse impacts.

BAFA: The German Enforcement Authority

Unlike the French Loi de Vigilance, which relies primarily on civil litigation to enforce compliance, the LkSG establishes a dedicated administrative enforcement mechanism. BAFA (Bundesamt fur Wirtschaft und Ausfuhrkontrolle, the Federal Office for Economic Affairs and Export Control) has authority to:

  • Request documentation and conduct audits of companies' due diligence processes.
  • Issue orders requiring companies to take specific actions to address identified deficiencies.
  • Impose administrative fines of up to EUR 8 million, or, for companies with more than EUR 400 million annual turnover, up to 2% of global annual turnover.
  • Exclude companies from public procurement for up to three years in cases of serious violations.

The LkSG does not create a private civil liability cause of action for supply chain victims. However, it does not prevent victims from pursuing claims under general tort law or under the French model, where applicable.

Comparative Analysis

FeatureFrench Loi de Vigilance (2017)German LkSG (2023)
Scope threshold5,000 employees in France or 10,000 worldwide3,000 employees in Germany (2023); 1,000 from 2024
Value chain coverageSubsidiaries, subcontractors, established commercial relationshipsOwn operations and direct suppliers; indirect suppliers on substantiated knowledge
Key document requiredVigilance plan (plan de vigilance)Policy statement + annual due diligence report
Enforcement mechanismCivil litigation (injunctions and damages)Administrative enforcement by BAFA (fines up to 2% global turnover)
Civil liability for victimsYes - explicit in the lawNo explicit private right of action (general tort law available)
Environmental coverageYes - health, safety and environmentYes - specific listed environmental conventions

Practical Implications and the Path to CSDDD

Companies that have already built compliance programmes for the French or German laws will find the CSDDD's architecture largely familiar. Both national laws informed the CSDDD's design: the French model's civil liability provisions are echoed in the EU Directive's liability regime, while the German model's administrative enforcement and BAFA-style supervisory authority concept underpins the CSDDD's requirement for designated national supervisory authorities in each member state.

For companies currently in scope of both national laws and the forthcoming CSDDD, the practical challenge is integration: building a single due diligence system that satisfies all three frameworks simultaneously, using the most demanding requirements as the baseline and layering jurisdiction-specific reporting obligations on top.

Example: A French Company's Vigilance Plan in Practice

A French telecommunications company with 12,000 global employees publishes its vigilance plan covering six risk categories: working conditions in device assembly factories, mineral sourcing from conflict-affected regions, data privacy in surveillance technology sales, health and safety in infrastructure construction, freedom of association for service subcontractors, and environmental impacts of e-waste recycling. Each risk category includes identified salient risks, preventive measures (supplier audits, contractual clauses, capacity building programmes), and KPIs tracked annually. An NGO coalition filed a formal notice in 2022 requesting improvements to the mineral sourcing section, triggering a three-month compliance window and subsequent litigation.

Key Takeaways

  • 1France's Loi de Vigilance (2017) was the world's first mandatory HRDD law, requiring approximately 200 large French multinationals to publish and implement a vigilance plan covering their own operations, subsidiaries, and established supplier relationships
  • 2Germany's LkSG (2023) expanded scope to around 900 companies, introducing an administrative enforcement model through BAFA with fines up to 2% of global turnover and the potential for public procurement exclusion
  • 3The key structural difference is enforcement: France relies on civil litigation, Germany on administrative sanctions, while the CSDDD combines both approaches
  • 4Both laws explicitly draw on ILO core conventions, UNGP principles, and OECD guidelines for the substantive standards they require companies to respect
  • 5Companies should build integrated due diligence systems that satisfy all three frameworks, using the most demanding threshold as the baseline to avoid duplicating compliance effort

Knowledge Check

1.Which companies are in scope of France's Loi de Vigilance (2017)?

2.What enforcement mechanism does Germany's LkSG use, and which authority administers it?

3.What is the key structural difference between the French Loi de Vigilance and the German LkSG in terms of civil liability for supply chain victims?

2 of 4