Your German customer has sent you a compliance questionnaire. Here is what it means and what you need to do.
The Lieferkettensorgfaltspflichtengesetz (LkSG) โ Germany's Supply Chain Due Diligence Act โ requires large German companies to conduct annual due diligence on every supplier in their chain. If you have received a questionnaire from a German buyer, their advisers (often firms such as BDO, KPMG, or Deloitte) have prepared it on their behalf. Answering it well protects your contract. Answering it poorly โ or not at all โ gives your buyer grounds to find an alternative supplier.
Key regulations in Germany โ LkSG Supplier Guide
LkSG โ Lieferkettensorgfaltspflichtengesetz (Supply Chain Due Diligence Act)
LkSG requires large German companies to identify, prevent and remedy human rights and environmental risks across their supply chains. They must conduct annual Risikoanalysen (risk analyses), implement preventive measures, and establish grievance mechanisms. As a supplier, you are asked to complete a due diligence questionnaire and may be asked to sign a Verhaltenskodex (code of conduct). Your response forms part of your buyer's legal compliance file.
BAFA โ Bundesamt fรผr Wirtschaft und Ausfuhrkontrolle (Federal Enforcement Authority)
BAFA is the German federal authority responsible for enforcing LkSG. It can audit companies, demand documentation, and impose fines of up to โฌ8 million or 2% of global annual turnover โ whichever is higher. Companies can also be excluded from public procurement contracts for up to three years. This enforcement pressure on your buyer is the reason they are asking you for compliance evidence.
CSRD โ EU Corporate Sustainability Reporting Directive
CSRD requires affected companies to produce detailed sustainability reports under the European Sustainability Reporting Standards (ESRS). German companies already subject to LkSG are well positioned. For you as a supplier, this means LkSG-style questionnaires are becoming standard across all EU buyers โ not just German ones. A German questionnaire today is preparation for a European one tomorrow.
CSDDD โ EU Corporate Sustainability Due Diligence Directive
CSDDD will introduce LkSG-style obligations across all EU member states. German companies already compliant with LkSG will be well prepared. For suppliers, due diligence questionnaires will become the standard across the entire EU โ regardless of which country your buyer is based in.
What this means for you as a supplier
You are not directly fined by BAFA. But your buyer is. If your buyer cannot demonstrate adequate due diligence on their suppliers, they face fines of up to โฌ8 million or 2% of global turnover. That makes your compliance response a direct financial concern for them โ and a direct risk to your contract if it is inadequate. Well-prepared suppliers who can provide structured evidence are preferred. Suppliers who cannot respond adequately are replaced.
Key dates
January 2023
LkSG Phase 1 โ companies with โฅ3,000 employees in Germany must comply
January 2024
LkSG Phase 2 โ companies with โฅ1,000 employees in Germany must comply
Annually
LkSG Risikoanalyse โ buyers must re-assess all direct suppliers every year
2025
CSRD Phase 1 โ large EU companies with >500 employees
2026
CSRD Phase 2 โ companies with >250 employees or >โฌ40m turnover
July 2029
CSDDD Phase 1 โ EU-wide supply chain due diligence for largest companies
2029
CSDDD Phase 3 โ companies with โฅ1,000 employees across all EU member states
Why your questionnaire came from an adviser like BDO
Large German companies typically outsource their LkSG compliance programme to a professional services firm โ BDO, KPMG, Deloitte, PwC, or a specialist boutique. That firm designs the supplier questionnaire, collects responses, and prepares the annual Risikoanalyse that the company must file with BAFA.
When you receive a questionnaire from one of these firms, it is legally your buyer's questionnaire โ the adviser is acting on their behalf. Your response goes into your buyer's compliance file. If BAFA audits your buyer, your response (or the absence of one) will be reviewed. A non-response is treated as a red flag in the Risikoanalyse, which increases your buyer's regulatory exposure and makes you a liability rather than an asset in their supply chain.
What your German buyer's questionnaire will ask
LkSG questionnaires typically cover six areas, aligned to the human rights and environmental standards set out in ยง2 LkSG. The more structured evidence you can provide for each, the lower the risk your buyer faces โ and the more secure your supplier relationship.
Human rights policy (Menschenrechtspolitik)
A written policy covering forced labour, child labour, freedom of association, and equal treatment. Must be signed by senior management.
Environmental management (Umweltmanagement)
Evidence of GHG emissions tracking, waste management practices, and any environmental certifications (ISO 14001, EMAS).
Health & safety (Arbeitsschutz)
Workplace safety policies, incident records, and certification such as ISO 45001 or equivalent national standard.
Anti-corruption (Antikorruption)
Code of conduct (Verhaltenskodex), whistleblowing mechanism, and records of anti-bribery training for relevant staff.
Grievance mechanism (Beschwerdeverfahren)
A formal process for workers and stakeholders to raise concerns โ required under ยง8 LkSG for your buyer; increasingly expected of suppliers too.
Your own supplier due diligence
Evidence that you conduct due diligence on your own supply chain. This is the Tier 2 question โ your buyer must show BAFA they have checked this.
What happens if your response is inadequate
- โYour buyer's adviser flags you as a high-risk supplier in the Risikoanalyse
- โYour buyer is required by LkSG to take corrective action โ which may mean requesting remediation from you, or replacing you
- โIf BAFA audits your buyer and finds gaps in supplier documentation, your buyer faces fines of up to โฌ8 million or 2% of global turnover
- โAs CSRD and CSDDD come into force, the same questions will arrive from buyers across the EU โ not just Germany
BAFA enforcement: the pressure behind the questionnaire
BAFA (Bundesamt fรผr Wirtschaft und Ausfuhrkontrolle) is the German federal authority that enforces LkSG. It can audit companies at any time, demand documentation, and impose significant penalties. This is why your buyer takes the questionnaire seriously โ and why you should too.
| Violation | Maximum fine | Additional sanction |
|---|---|---|
| No Risikoanalyse (risk analysis) conducted | โฌ8,000,000 | Or 2% of global turnover if higher |
| No preventive measures implemented | โฌ8,000,000 | Or 2% of global turnover if higher |
| No grievance mechanism (Beschwerdeverfahren) | โฌ500,000 | โ |
| No annual report published (ยง10 LkSG) | โฌ500,000 | โ |
| Exclusion from public procurement | Up to 3 years | Triggered when fines exceed โฌ175,000 |
Source: ยง24 LkSG. Fines apply to your buyer, not to you directly. But your buyer's compliance depends on your response โ making inadequate supplier documentation a direct risk to your contract.
What a strong supplier response looks like
Advisers like BDO are looking for documented evidence, not just yes/no answers. The difference between a supplier who passes the Risikoanalyse and one who is flagged as high-risk usually comes down to whether they can produce written policies and records โ not whether they actually operate responsibly.
Written policies
Human rights policy, environmental policy, and code of conduct โ signed and dated by a director or equivalent.
Operational records
Training logs, incident records, audit reports, and supplier questionnaires you have sent to your own supply chain.
Third-party evidence
ISO certifications, EcoVadis ratings, Sedex membership, or any external audit that validates your self-assessment.
This is not going away: LkSG is the floor, not the ceiling
LkSG currently applies to German companies with 1,000 or more employees. The EU's Corporate Sustainability Due Diligence Directive (CSDDD) will extend equivalent obligations to large companies across all 27 EU member states by 2029. French buyers, Dutch buyers, Polish buyers โ all will be sending the same questionnaires.
The compliance infrastructure you build to answer your German buyer's LkSG questionnaire today is the same infrastructure that will answer every EU buyer's questionnaire in three years. Building it once, properly, is significantly more efficient than scrambling to respond to each new buyer separately.
Last reviewed: April 2026. This guide is for general information only and does not constitute legal advice. Regulations change โ verify current requirements with a qualified adviser.