Criminal law risks and ESG compliance in Germany and the EU

Global supply chains are an integral part of modern business operations. They enable efficiency, specialisation, and cost advantages. Yet where economic opportunities arise, legal risks follow. When child labour, environmental pollution, or the suppression of trade unions abroad become part of a company’s own value chain, the question of corporate responsibility inevitably arises.

These issues are increasingly captured under the concept of environmental and social corporate responsibility—commonly referred to as ESG. What was long regarded as primarily an ethical or reputational matter has now come into the focus of legislators, not only in the form of reporting obligations or civil liability, but also with regard to criminal responsibility. Particular attention is being paid to the scope of due diligence obligations and the legal consequences that may arise from their breach.

Following the German legislator’s introduction of extensive regulations through the Supply Chain Due Diligence Act (LkSG), the EU is further tightening requirements for ESG compliance and corporate liability in the areas of environmental and human rights protection with the Corporate Sustainability Due Diligence Directive (CSDDD/CS3D). The directive goes beyond the German Supply Chain Act, requiring companies to review their entire supply chain across the EU and to minimise associated risks.

The German Perspective

Climate protection before the Federal Constitutional Court – a wake-up call with impact

The starting point of the legal ESG debate in Germany was marked not by legislation, but by a court ruling.

In its decision of 24 March 2021, the Federal Constitutional Court held parts of the Climate Protection Act to be unconstitutional. The Court reasoned that the provisions placed a disproportionate burden on future generations, thereby infringing the fundamental rights to freedom. The ruling was more than a warning—it sent a constitutional signal that has since been reflected in ESG legislation.

Supply Chain Act: Between political ambition and legal reality

With the LkSG, which came into force at the beginning of 2023, the legislator sought to initiate a paradigm shift. Companies with more than 1,000 employees were required to identify and minimise human rights and environmental risks within their supply chains and, where necessary, take remedial action. This included, among other things, risk analyses, preventive measures, an internal complaints mechanism, and an annual report to the Federal Office for Economic Affairs and Export Control (BAFA).

The sanction mechanisms provided for by the Act were far from insignificant. In cases of non-compliance, companies could be subject to fines amounting—depending on company size—to up to two percent of their global annual turnover. In addition, companies could be temporarily excluded from participation in public procurement procedures. Administrative enforcement measures, such as coercive fines in cases of inaction, were also предусмотрed to ensure compliance with the obligations. The compliance requirements did not only affect large corporations but, in practice, also many small and medium-sized enterprises through their role as suppliers.

However, the Act was politically controversial and was effectively hollowed out after the coalition government took office in 2021. Reporting obligations were abolished, enforcement was largely suspended (with only limited exceptions), and the Act itself is set to be replaced by a new framework aligned with EU law.

Cases from practice: When abstract obligations become concrete

The impact of the LkSG is illustrated by a look at the first proceedings before the Federal Office for Economic Affairs and Export Control (BAFA). Particularly notable were:

• The Mazur case: Polish truck drivers reported exploitative working conditions. BAFA is currently examining whether German companies, as contracting parties, have violated the LkSG.
• The Edeka/Rewe case: NGO complaints about conditions at suppliers in banana production led to BAFA proceedings against the two retail chains.
• The BMW case: New indications of problematic sourcing of raw materials (cobalt from Morocco) are the focus of upcoming reviews.

These cases demonstrate that responsibility does not end at the factory gate. Companies must approach their supply chains from a legal perspective and, where necessary, be prepared to defend them legally.

Criminal Law Risks with Respect to ESG

What many underestimate is that criminal law risks in the ESG context already exist— even without specific ESG legislation. The German Criminal Code contains a range of offences that sanction environmentally harmful or human rights–violating conduct within companies, for example:

• Sections 324 et seq. of the German Criminal Code (StGB): water pollution, air pollution, soil contamination, and illegal waste disposal
• Sections 263 and 264a of the German Criminal Code (StGB): fraud and investment fraud, for example in cases of “greenwashing” of supposedly sustainable products
• Section 16 of the German Act Against Unfair Competition (UWG): misleading advertising, for example regarding environmental or social standards
• Section 30 of the German Administrative Offences Act (OWiG): corporate fines for organisational failures

Prominent examples range from “Dieselgate” to DWS (greenwashing allegations) and proceedings concerning the illegal dismantling of ships abroad (“beaching”). Even if criminal liability often depends on strict conditions in individual cases, the investigations themselves are burdensome — both for the company and for those responsible.

The European Perspective

It is not only the German legislator that has taken action in this area. There have also been extensive ESG-related initiatives at the EU level in recent years.

From the Green Deal to mandatory sustainability

The starting point for current developments is the European Green Deal, which aims to make Europe the first climate-neutral continent by 2050. A wide range of regulatory initiatives derive from this political framework—from the EU Taxonomy and sustainability reporting regimes (CSRD, SFDR) to the new EU Environmental Crime Directive. This economic transformation is being accompanied by compliance obligations for companies that are increasingly designed to be legally enforceable.

The CS3D: Supply chains as a legal risk area

With the CSDDD (Corporate Sustainability Due Diligence Directive – CS3D), the EU is giving concrete shape to its concept of responsible corporate governance. Companies with more than 1,000 employees and a turnover exceeding €450 million (whether within or outside the EU) are required to identify and assess human rights and environmental risks across their entire supply and value chain and to implement appropriate remedial measures.

The scope of the CSDDD is significantly broader than that of the German LkSG, as it extends beyond direct suppliers to include downstream activities such as distribution and disposal. Companies are also required to adopt and implement a climate transition plan.

Easing through omnibus packages

However, particularly in light of economic pressures and political reservations, the EU has softened key aspects of the directive through the so-called Omnibus Packages I and II:

• The scope of application has been reduced.
• Companies are now required to conduct in-depth risk analyses within their supply chains only where there are concrete indications of risks.
• The obligation to terminate business relationships as a measure of last resort (“ultima ratio”) has been removed.
• Civil liability is left to be governed by national legal systems.
• The transposition deadline has been postponed to 2027, with initial application required from 2028.

Implementation in Germany is to take place through the planned “Act on International Corporate Responsibility.”

Sustainability reporting and financial market regulation

Alongside the CSDDD, the EU is pursuing a harmonisation of ESG reporting obligations, thereby enhancing transparency in the ESG domain. The Corporate Sustainability Reporting Directive (CSRD) requires companies to disclose their ESG risks and strategies in accordance with uniform reporting standards across Europe. The Sustainable Finance Disclosure Regulation (SFDR) likewise obliges financial market participants to ensure ESG transparency in relation to products and investments.

Overall, these frameworks lead to a significant expansion of disclosure and documentation obligations, coupled with liability risks in cases of incorrect or omitted information.

EU Environmental Crime Directive: ESG and criminal law intertwined

With the Directive on the protection of the environment through criminal law (EU 2024/1203), adopted in May 2024, criminal law is also becoming an instrument of ESG regulation. The directive requires Member States to criminalise certain particularly harmful environmental conduct, including for example:

• unlawful emissions of pollutants into air, water, or soil
• illegal shipment of waste
• ship dismantling in circumvention of proper recycling requirements
• violations of species protection or anti-deforestation requirements

Companies face significant sanctions: fines of up to 5% of annual turnover or €40 million, as well as the public disclosure of convictions and potential exclusion from public funding.

Conclusion: Europe takes ESG to a new level

German and European ESG compliance requirements deeply affect corporate decision-making processes —and they do not only concern large corporations. The combination of due diligence obligations, reporting duties, and criminal law enforcement means that ESG in Europe is no longer voluntary. Companies operating within complex supply chains today must be able to identify, assess, document risks and respond in a legally robust manner in the event of a crisis.

Companies should adapt their compliance systems in a timely manner and understand ESG risks not merely as a PR issue, but as a liability-relevant legal matter that may also involve criminal responsibility. Establishing an effective ESG risk management system is therefore not only relevant in terms of administrative fines, but also forms part of a preventive defence strategy.

Pragal Rechtsanwälte supports companies in this field of tension with many years of experience in white-collar and environmental criminal law, as well as in-depth knowledge of regulatory enforcement practices. Our services range from strategic compliance advice and preventive risk assessments to defence in criminal investigations and administrative fine proceedings. ESG requires not only policy expertise, but also sound criminal law judgement.

Frequently asked questions on criminal law risks related to ESG compliance

---

As part of the 27th International Bar Association (IBA) Conference in Santiago de Chile, Dr. Oliver Pragal presented on current developments at the intersection of environmental, human rights, and white-collar criminal law under the title: “Supply chain and criminal offenses – the German perspective.”

This blog post builds on key aspects of that presentation and examines the German and European legal developments, in particular the Supply Chain Due Diligence Act (LkSG) and the new Corporate Sustainability Due Diligence Directive (CSDDD/CS3D), as well as related reporting obligations and the role of criminal law.