Supply Chain Due Diligence (LkSG)

Implementation of the German Supply Chain Due Diligence Act in the Aldric platform and CONPORT Services GmbH's own due diligence obligations

Version 1.0 — As of: March 2026

The German Supply Chain Due Diligence Act (Lieferkettensorgfaltspflichtengesetz, LkSG) has required companies since 1 January 2023 (from 3,000 employees) and since 1 January 2024 (from 1,000 employees) to establish risk management for human rights and environmental due diligence obligations throughout their supply chains. From 2026, the EU Corporate Sustainability Due Diligence Directive (CSDDD, Directive 2024/1760) will extend these requirements to additional companies. This document describes how the SaaS platform "Aldric" supports customers in fulfilling these obligations and how CONPORT Services GmbH as the provider meets its own due diligence duties.

This document is for informational purposes only and does not constitute legal advice. For legally compliant implementation of the LkSG in your organisation, we recommend consulting a specialist lawyer in commercial law or a specialised compliance consultant.

Part A: The Aldric Supply Chain Module

The Supply Chain Module of the Aldric platform is an integrated due diligence management system covering the requirements of the LkSG, the EU CSDDD, and industry-specific standards (e.g., UN Guiding Principles, OECD Guidelines).

§ 1 Risk Analysis

(1) The LkSG requires companies to conduct regular risk analyses (Section 5 LkSG). The Aldric module supports this process through:

  • Supplier Master Database: Central registration of all direct and significant indirect suppliers with location, industry, commodity group, and risk profile;
  • Automated Risk Classification: Assessment based on country risk (Corruption Perception Index, Global Rights Index), industry risk, and individual factors;
  • Risk Matrix: Visual representation of the risk landscape by severity and probability of occurrence;
  • Regular Reassessment: Configurable review cycles (annual or event-driven) with automatic reminders.

(2) The risk analysis covers the human rights and environmental risks defined in the LkSG:

Risk Category Examples (Section 2 LkSG)
Child Labour Violations of ILO Conventions No. 138, 182
Forced Labour Violations of ILO Conventions No. 29, 105
Occupational Health and Safety Inadequate workplace safety standards
Freedom of Association Obstruction of trade union formation
Discrimination Unequal treatment based on gender, origin, religion
Adequate Remuneration Falling below the applicable minimum wage
Environmental Damage Mercury (Minamata), POPs (Stockholm), hazardous waste (Basel)
Land Grabbing Unlawful deprivation of land, forests, or waters

§ 2 Risk Management and Preventive Measures

(1) The LkSG requires the establishment of adequate risk management (Section 4 LkSG). The Aldric module maps the entire due diligence cycle:

  • Policy Statement: Templates for the human rights strategy pursuant to Section 6(2) LkSG, including descriptions of procedures and prioritised risks;
  • Preventive Measures: Action plans for the company's own business area (Section 6(1-3) LkSG) and towards direct suppliers (Section 6(4) LkSG);
  • Measure Tracking: Responsibilities, deadlines, and effectiveness reviews for each preventive measure;
  • Training Management: Planning and documentation of compliance training for relevant employees and suppliers.

(2) For direct suppliers, the module specifically supports:

  • Creation and management of codes of conduct;
  • Contractual assurances for compliance with due diligence obligations;
  • Conducting and documenting supplier audits;
  • Supplier self-assessments and questionnaire management.

§ 3 Complaints Procedure

(1) The LkSG requires the establishment of a complaints procedure (Section 8 LkSG). The Aldric module uses the platform's integrated whistleblower module and extends it with supply chain-specific functions:

  • Public Reporting Channel: Accessible to affected parties across the entire supply chain, not limited to the company's own employees;
  • Multilingual Support: Reporting forms available in the languages of key supplier locations;
  • Anonymity: Anonymous reports are treated and processed equally;
  • Procedural Rules: Configurable escalation levels and processing deadlines pursuant to Section 8(1) LkSG;
  • Impartiality: RBAC-controlled assignment of independent handlers, separate from the procurement department.

(2) The complaints procedure must be reviewed for effectiveness at least annually and on an ad hoc basis pursuant to Section 8(4) LkSG. The module supports this review through automated evaluations and reminders.

§ 4 Remedial Measures

(1) When a violation or imminent breach is identified, remedial measures must be taken without delay (Section 7 LkSG). The module supports:

  • Action Plans: Structured recording of immediate measures, corrective actions, and long-term strategies;
  • Timeline and Escalation: Deadlines for implementation with automatic escalation upon expiry;
  • Effectiveness Monitoring: Tracking of measure implementation and renewed risk assessment;
  • Last Resort: Documentation of supplier terminations as a last resort when remediation is not possible (Section 7(3) LkSG).

§ 5 Documentation and Reporting

(1) The LkSG requires ongoing documentation (Section 10(1) LkSG) and annual reporting (Section 10(2) LkSG). The module supports both requirements:

  • Automatic Documentation: All risk analyses, measures, complaints, and their processing are continuously recorded in the audit trail;
  • Annual Report Generator: Automated creation of the LkSG report pursuant to Section 10(2) LkSG with all mandatory disclosures;
  • BAFA Export: Export in the format required for submission to the Federal Office for Economic Affairs and Export Control (BAFA);
  • Retention: Reports are retained for at least 7 years (Section 10(1) LkSG).

(2) The report must be published and submitted to BAFA no later than 4 months after the end of the financial year. The module provides timely reminders and templates.

§ 6 Indirect Suppliers

(1) For indirect suppliers, an event-driven due diligence obligation applies (Section 9 LkSG). The module supports:

  • Substantiated Knowledge: Recording and assessment of indications of violations at indirect suppliers;
  • Event-Driven Risk Analysis: In-depth review upon concrete indications or structural risks;
  • Concept Development: Templates for prevention and remediation concepts regarding indirect suppliers;
  • Industry Initiatives: Documentation of participation in industry initiatives as an appropriate measure.

§ 7 Fines and Sanctions

(1) Violations of the LkSG can result in significant sanctions (Section 24 LkSG):

Violation Fine
No or inadequate risk analysis (Section 5) Up to EUR 500,000
No preventive measures (Section 6) Up to EUR 500,000
No complaints procedure (Section 8) Up to EUR 500,000
No remedial measures (Section 7) Up to EUR 800,000
No/incorrect reporting (Section 10) Up to EUR 100,000

(2) For companies with an average annual turnover exceeding EUR 400 million, the fine can amount to up to 2% of worldwide annual turnover (Section 24(3) LkSG).

(3) Additionally, BAFA can order exclusion from public procurement for up to 3 years (Section 22(1) LkSG).

Part B: CONPORT Services GmbH's Own LkSG Compliance

As the provider of the Aldric platform, CONPORT Services GmbH independently fulfils due diligence obligations in its supply chain. The following sections document the company's own compliance.

§ 8 Applicability and Voluntary Commitment

(1) The LkSG directly applies to companies with 1,000 or more employees. Regardless of its current headcount, CONPORT Services GmbH has decided to voluntarily implement the essential due diligence obligations of the LkSG in order to:

  • Build supply chain compliance structures early;
  • Use and test the platform in production (dogfooding);
  • Meet requirements of enterprise customers who extend their due diligence obligations to suppliers;
  • Proactively address the requirements of the EU CSDDD.

§ 9 Supply Chain of CONPORT Services GmbH

(1) As a SaaS provider, CONPORT Services GmbH's supply chain primarily comprises digital service providers and infrastructure suppliers:

Category Suppliers Risk Assessment
Cloud Infrastructure Hosting providers (EU data centres) Low (EU location, ISO 27001)
Open-Source Software PostgreSQL, Redis, NestJS, React et al. Low (community projects, open source)
Third-Party Services Keycloak, MinIO, SendGrid Low to medium (US providers, DPA in place)
Hardware Laptops, server components Medium (manufacturers' global supply chains)
Office Equipment Furniture suppliers, office materials Low (EU sourcing)

(2) The main risks in the company's own supply chain lie in hardware procurement, as manufacturers (e.g., of semiconductors and electronic components) maintain global supply chains with production sites in countries with elevated risks for labour rights violations.

§ 10 Policy Statement

(1) CONPORT Services GmbH is committed to the following principles:

  • Respect for internationally recognised human rights in all business areas and throughout the entire supply chain;
  • Avoidance and minimisation of adverse impacts on people and the environment;
  • Fair working conditions within the company and with business partners;
  • Transparent communication about risks and measures;
  • Continuous improvement of due diligence processes.

(2) These principles are an integral part of the corporate strategy and are the responsibility of the management. They are regularly reviewed and adjusted as necessary.

§ 11 Own Preventive Measures

(1) CONPORT Services GmbH implements the following preventive measures:

  • Supplier Evaluation: New suppliers are assessed against sustainability and human rights criteria before contract conclusion;
  • Contractual Provisions: Material contracts include clauses requiring compliance with human rights and environmental standards;
  • Code of Conduct: A Supplier Code of Conduct defines minimum requirements for all business partners;
  • Complaints Mechanism: The platform's whistleblower channel is also available to suppliers and their employees (see Whistleblower Protection);
  • Training: Regular awareness-raising for employees in procurement and supplier management.

§ 12 EU Corporate Sustainability Due Diligence Directive (CSDDD)

(1) The EU Corporate Sustainability Due Diligence Directive (CSDDD, Directive 2024/1760) extends the scope of the LkSG:

Aspect LkSG (German) CSDDD (EU)
Threshold From 1,000 employees From 1,000 employees + EUR 450M turnover (phased)
Supply Chain Direct + event-driven indirect Entire value chain (activity chain)
Climate Protection Not covered Climate transition plan required
Civil Liability Not provided for Liability for damages in case of breach
Sanctions Max. 2% annual turnover Max. 5% net worldwide turnover

(2) The Aldric platform will be extended with CSDDD-specific features in future releases, particularly climate transition plans and extended value chain mapping.

§ 13 Contact

For questions about supply chain compliance at CONPORT Services GmbH:

For information about the Aldric Supply Chain Module, please contact our sales team at info@conport.services.

§ 14 Final Provisions

(1) This document is reviewed regularly and updated when the legal framework changes. The current version is always available on this page.

(2) In the event of conflicts between this document and the statutory provisions of the LkSG, the statutory provisions shall prevail.

(3) For further legal information, we refer to:

As of: March 2026