Summary: Supply chain due diligence is the structured process of identifying, assessing, and addressing human rights, environmental, and governance risks across the supplier network. What was once a voluntary ESG practice is now a compliance requirement under regulations such as LkSG, CSDDD, and CSRD, which means procurement teams need documented risk assessments, supplier monitoring, and corrective action processes. Effective due diligence protects continuity, reduces legal exposure, and makes supply chain sustainability measurable.
Table of contents
Supply chain due diligence is the structured process of identifying, assessing, and addressing risks across a company’s entire supplier network. These risks span human rights, environmental, and governance concerns. Importantly, this process is now a legal obligation for thousands of companies worldwide.
Regulations such as Germany’s Supply Chain Due Diligence Act (LkSG), the EU Corporate Sustainability Due Diligence Directive (CSDDD), and the Corporate Sustainability Reporting Directive (CSRD) have transformed voluntary best practices into mandatory compliance requirements. As a result, companies face significant financial and reputational consequences for non-compliance.
Furthermore, ESG accountability throughout global value chains continues to intensify. Building a robust supply chain due diligence program has therefore become a critical priority. Specifically, Chief Procurement Officers, ESG Managers, and Supply Chain Compliance teams at companies of all sizes must take action.
Consumers, investors, and regulators now place a higher value on responsible business practices. Consequently, supply chain due diligence has become an essential step for companies seeking to protect their reputation. It also helps them comply with evolving laws and promote supply chain sustainability throughout their operations.
What is Supply Chain Due Diligence?
Supply chain due diligence is the process of systematically assessing and managing risks within a company’s supply chain. Specifically, these risks include human rights violations, forced labor, child labor, environmental degradation, money laundering, and corruption.
In practice, this involves collecting and analyzing information about suppliers, sub-suppliers, vendors, and business partners across all tiers. Ultimately, the goal is to identify potential adverse impacts and implement preventive and remediation measures. Moreover, frameworks such as the UN Guiding Principles on Business and Human Rights (UNGPs) and the OECD Guidelines for Multinational Enterprises underpin both LkSG and CSDDD. Under these frameworks, due diligence is understood as a continuous, risk-based process rather than a one-time compliance check.
Why is it Important?
Supplier due diligence matters for multiple interconnected reasons. First, it helps companies identify and mitigate supply chain risks before they escalate into crises. These risks range from human rights abuses and environmental violations to financial fraud and cybersecurity exposures.
Additionally, it enables companies to identify and address adverse impacts their supply chains may cause to people and the environment. Most importantly, in 2025–2026 it ensures companies meet their expanding legal and regulatory obligations.
Germany’s Supply Chain Due Diligence Act (LkSG / GSCA) requires companies with 1,000 or more employees in Germany to conduct annual due diligence on their direct suppliers. When substantiated concerns arise, the law also covers indirect suppliers. Since January 2024, the threshold was lowered to 1,000 employees. Consequently, this change significantly expanded the number of companies in scope.
Notably, the law carries substantial sanctions for non-compliance. Fines can reach up to €800,000, or up to 2% of global annual turnover for companies with revenues above €400 million. In addition, companies may face exclusion from public procurement for up to three years.
Beyond LkSG, the EU Corporate Sustainability Due Diligence Directive (CSDDD) represents the next wave of mandatory legislation. The EU adopted CSDDD in 2024. It requires large EU companies and non-EU companies with significant EU revenue to identify, prevent, mitigate, and remediate adverse human rights and environmental impacts across their entire value chains. Phased compliance deadlines begin in 2027. Together, LkSG and CSDDD are redefining what supply chain due diligence and accountability mean at the corporate level.
30+ Audit and inspection checklists free for download.
The Challenges of Managing Supply Chain Due Diligence
Managing supplier due diligence at scale is operationally challenging. This is particularly true for companies with complex global supply chains spanning hundreds or thousands of suppliers across multiple geographies and industries.
One of the primary challenges is achieving multi-tier visibility. Identifying tier 1, 2, and 3 suppliers and understanding each tier’s risk profile requires significant data collection effort. In particular, this is especially difficult when sub-suppliers operate in high-risk regions or sectors. Furthermore, both LkSG and CSDDD require companies to go beyond tier 1 in their risk assessments when substantiated concerns exist. As a result, the bar for supply chain mapping capabilities continues to rise.
A second major challenge involves maintaining due diligence on a continuous basis rather than as an annual exercise. Supply chain conditions change rapidly. New suppliers come on board, existing suppliers change ownership or practices, and geopolitical events create new risk exposures. Similarly, regulatory thresholds shift over time.
For example, disruptions such as the COVID-19 pandemic demonstrated how quickly emergency procurement decisions can introduce unknown risks. Organizations without systems for real-time monitoring and automated reassessment find themselves constantly playing catch-up with their compliance obligations.
A third challenge relates to data quality and comparability. Supplier self-assessments and questionnaires are only as reliable as the data suppliers provide. In fact, there is significant variation in the depth and accuracy of supplier responses. However, building a supply chain due diligence program that combines self-assessments with on-site audits, third-party verification, and continuous monitoring can address this challenge. To that end, companies need structured processes and purpose-built technology to manage these efforts at scale.
What is a Supplier Due Diligence Program and How to Build One
A Supplier Due Diligence Program is a comprehensive, risk-based framework that companies use to systematically assess and manage risks across their supplier networks. Specifically, an effective program encompasses a risk-based supplier segmentation approach and standardized procedures for identifying human rights, environmental, and governance risks.
Additionally, the program should include documented mitigation measures and corrective action workflows. It also requires grievance mechanisms for suppliers and affected communities. Above all, regular monitoring, reporting, and improvement processes must align with applicable regulatory requirements.
To build an effective due diligence program aligned with LkSG, CSDDD, and CSRD requirements, companies should begin by mapping their supplier base. Specifically, the first step involves conducting a risk-based segmentation that prioritizes suppliers by country risk, sector risk, and relationship characteristics.
The next step involves developing standardized assessment tools and questionnaires. These should capture the specific risk indicators relevant to your industry and applicable regulatory frameworks. Furthermore, clear communication with suppliers about their supply chain due diligence obligations is essential for program effectiveness. Companies must specify what information suppliers need to provide, the expected timeframe, and which channels to use.
Finally, companies should establish governance structures with clear ownership and escalation pathways for identified risks. In addition, a documented audit trail of all due diligence activities is critical for supporting regulatory reporting.
Technology plays a critical enabling role in due diligence programs at scale. Certainty Software provides structured tools including the LkSG/GSCA Due Diligence Checklist and the Supplier Social and Environmental Compliance Checklist. These tools enable companies to conduct consistent, auditable supplier assessments and track corrective actions. As a result, organizations can generate the documentation needed to evidence compliance with LkSG, CSDDD, and CSRD reporting requirements.
Frequently Asked Questions (FAQs)
What is the difference between supply chain due diligence and supplier audits?
Supply chain due diligence is the overarching process of identifying and managing risks across the supplier network, encompassing risk assessment, mitigation planning, grievance mechanisms, and ongoing monitoring. Supplier audits are a key tool within the due diligence process — structured assessments (on-site or remote) that verify whether suppliers’ actual practices meet the standards and obligations identified during risk assessment. Effective due diligence programs use audits as one component of a broader system that also includes supplier self-assessments, third-party data, continuous monitoring, and corrective action management.
Which companies are required to conduct supply chain due diligence under CSDDD?
The EU CSDDD applies in phases. From 2027, it will apply to EU companies with more than 5,000 employees and €1.5 billion in net worldwide turnover, and non-EU companies with more than €1.5 billion in EU net turnover. From 2028, the thresholds lower to 3,000 employees and €900 million turnover. By 2029, the directive will cover EU companies with more than 1,000 employees and €450 million in net worldwide turnover — encompassing a significantly larger population of businesses than the current LkSG scope.
How does CSDDD differ from LkSG (the German Supply Chain Act)?
LkSG (Germany’s Lieferkettensorgfaltspflichtengesetz) was a pioneer in national mandatory due diligence legislation, applying to companies with 1,000+ employees in Germany since January 2024. CSDDD is the EU-wide directive that builds on and broadens this foundation — applying to a wider range of companies across all EU member states, covering the entire value chain (including downstream activities), and requiring companies to adopt a transition plan aligned with the Paris Agreement’s 1.5°C pathway. Companies that have already built LkSG compliance programs have a strong foundation for CSDDD compliance, but will need to extend their due diligence scope and governance processes to meet the broader requirements.
What role does technology play in supply chain due diligence?
Purpose-built compliance technology significantly improves the efficiency, consistency, and auditability of supply chain due diligence programs. Platforms like Certainty Software enable companies to standardize supplier assessment processes, automate data collection and scoring, track corrective actions in real time, and generate the documentation needed to evidence compliance with LkSG, CSDDD, and CSRD requirements. Without dedicated technology, managing due diligence across hundreds or thousands of suppliers using manual processes creates data quality risks and audit trail gaps that can undermine regulatory defensibility.
