Current Status โ A Law in Transition
The LkSG is currently in a significant transitional phase ahead of the EU Corporate Sustainability Due Diligence Directive (CSDDD), which Germany must transpose into national law by July 2028. Since autumn 2025, BAFA has been instructed to pursue enforcement only in cases of serious violations โ specifically where companies have failed to take timely preventive or remedial measures or have not established an effective grievance mechanism. The annual reporting obligation has been effectively suspended: BAFA's reporting portal was deactivated in November 2025, and a government draft law proposes its retroactive abolition from 1 January 2023 onwards.
Crucially, however, the underlying due diligence obligations and the documentation requirement remain fully in force. Companies must continue to conduct risk analyses, implement appropriate measures, and maintain internal records for at least seven years โ they simply no longer need to file an annual report with BAFA.
The German government has committed to replacing the LkSG with a new law implementing the CSDDD. However, the CSDDD's scope โ companies with more than 5,000 employees and more than โฌ1.5 billion in worldwide turnover โ is significantly narrower than the LkSG's current 1,000-employee threshold. Many companies presently subject to the LkSG will not fall within the CSDDD's direct scope when it comes into force in 2029.
The Question Your Customer Will Ask
The LkSG does not oblige your customer to fix every risk in the supply chain. It obliges them to identify, assess, and document those risks โ and to take proportionate action where risks are found. This means that what your customer needs from you is not a guarantee of perfection, but credible, verifiable evidence of low risk.
In practice, this translates into a very specific question your customer will ask, explicitly or through a supplier questionnaire:
What tangible proof do you have that your products, raw materials, and production processes do not involve human rights violations or significant environmental harm โ and how can you demonstrate this?
The answer to this question is not a signed declaration. It is documentation.
Two Examples Where This Becomes Concrete
The timber importer. A company importing timber or wood products from outside the EU may consider itself "just an importer" โ buying from established suppliers, passing goods on, not manufacturing anything. But a retail customer subject to the LkSG needs to document the risk status of that timber. Where was it harvested? Under what labour conditions? Is there evidence of legal logging? Does the importer have supply chain documentation going back to the forest of origin, or at least to the sawmill or processing facility? In the absence of this, the importer becomes a risk in the customer's own documentation โ and risks losing the contract, or being asked to provide documentation they do not currently have.
The furniture manufacturer sourcing within Europe. A furniture producer buying components exclusively from European suppliers might assume that European sourcing means low risk. This is often correct, but it is not automatically documented. A large retail customer โ say, a DIY or furniture chain โ needs to be able to record why the sourcing is low risk, not simply assume it. This means the manufacturer needs to be able to provide: confirmation of the origin of wood and other materials, evidence that suppliers meet applicable labour and environmental standards, and ideally certification or audit documentation that a risk assessor can point to as substantiated evidence.
In both cases, the operative issue is not whether the SME has done anything wrong. It is whether they have documentation that allows their customer to demonstrate, to their own auditors or to BAFA, that the risk was assessed and found to be low.
What SMEs Should Prepare
The requests coming from LkSG-subject customers are not standardised โ different companies use different questionnaires, different terminology, and different depth of inquiry. But the underlying questions converge on a consistent set of topics:
Origin and traceability. Where do your raw materials or components come from? Can you name the country, region, or supplier? For higher-risk commodities โ timber, textiles, agricultural inputs โ can you go further up the chain?
Labour standards. Do your own operations and those of your key suppliers meet applicable legal standards on wages, working hours, freedom of association, and prohibition of child and forced labour? Is this documented through audits, certifications, or supplier declarations?
Environmental compliance. Do your operations and supply chains comply with applicable environmental regulations? Are there relevant certifications โ FSC, PEFC, ISO 14001, or equivalent โ that provide independent verification?
Grievance and complaint mechanisms. Is there a channel through which employees or affected parties could raise concerns? Even a basic, documented internal process demonstrates that the issue has been considered.
Existing documentation. What do you already have? Certificates, audit reports, supplier questionnaires you have sent further up your own chain, customs documentation, origin declarations โ all of this constitutes evidence that can be compiled and shared.
The SME does not need to build a compliance programme from scratch. The starting point is simply to know what they already have, what gaps exist, and to be able to present it in a structured way when asked.
The Commercial Reality
The LkSG โ and the CSDDD that will follow it โ does not create a legal obligation for SMEs. But it creates a commercial one. Large buyers cannot place orders with suppliers who represent undocumented risks in their own compliance chain. As enforcement intensifies and internal audit standards at large corporations rise, the informal tolerance for "we don't have that documentation" will shrink.
SMEs that invest now in knowing their supply chain, documenting their risk status, and being able to respond clearly to customer inquiries will be better placed โ not only for compliance purposes, but as preferred suppliers in an environment where sustainability credentials are increasingly a condition of doing business.
The LkSG is enforced by the Federal Office for Economic Affairs and Export Control (BAFA). Current status: the annual reporting obligation to BAFA has been suspended since November 2025, but all due diligence and documentation obligations remain in force. The LkSG will be replaced by a national law transposing the EU CSDDD, expected to apply from 2029.