Used Services and Cookies

Our website uses cookies to enhance your user experience. Some cookies are essential for the operation and management of the site, while others are used for anonymous statistics or personalized content. Please note that limiting cookie use may impair certain functions of the website.

More information: Imprint, Data protection

Essential cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website or, for example, saving your cookie settings. The website cannot function properly without these cookies. This category cannot be deactivated.
  • Name:
    ukie_a_cookie_consent_manager
  • Domain:
    blomstein.com
  • Purpose:
    Stores the cookie preferences of website visitors.
  • Name:
    blomstein_session
  • Domain:
    blomstein.com
  • Purpose:
    The session cookie is essential for the basic functioning of the website. It allows users to navigate through the site and use its basic features.
  • Name:
    XSRF-TOKEN
  • Domain:
    blomstein.com
  • Purpose:
    This cookie serves security purposes and aids in preventing Cross-Site Request Forgery (CSRF) attacks. It is a technical necessity.
These cookies collect information about how you use a website, e.g. which pages you have visited and which links you have clicked on.
  • Name:
    _ga
  • Domain:
    blomstein.com
  • Purpose:
    The Google Analytics cookie _ga is used to distinguish users by assigning a unique identification number to each visitor. This number is sent to Google Analytics each time a page is accessed in order to collect user, session and campaign data and to statistically evaluate the use of the website. The cookie helps website operators to understand how visitors interact with the website by collecting information anonymously and generating reports.
  • Name:
    _ga_*
  • Domain:
    blomstein.com
  • Purpose:
    The _ga_[container_id] cookie, specific to Google Analytics 4 (GA4), is used to distinguish website visitors by assigning a unique ID for each session and each user. It enables the collection and analysis of data on user behavior on the website in anonymized form. This includes tracking page views, interactions and the path users take on the website to give website operators deeper insights into the use of their site and improve the user experience.
  • Name:
    _gid
  • Domain:
    blomstein.com
  • Purpose:
    The _gid cookie is a cookie set by Google Analytics that is used to distinguish users. It assigns a unique identification number to each visitor to the website, which is sent to Google Analytics each time the page is accessed. This makes it possible to track and analyze user behavior on the website over a period of 24 hours.
  • Name:
    _gat_gtag_UA_77241503_1
  • Domain:
    blomstein.com
  • Purpose:
    The _gat_gtag_UA_77241503_1 cookie is part of Google Analytics and Google Tag Manager and is used to throttle the request rate, i.e. it limits data collection on high traffic websites. This cookie is linked to a specific Google Analytics property ID (in this case UA-77241503-1), which means that it is used for performance monitoring and control of data collection for that specific website property.

ESG – Equipment for Security goes Green

LkSG, CS3D, CBAM, EUDR and CRMA in the defense industry

As announced in January, BLOMSTEIN is publishing a series of briefings introducing European and German legal issues for the security and defense sector. In our last briefing we provided an overview of new funding opportunities made available to industry by the European Investment Bank.

This issue deals with various new ESG obligations for the defense and security industry. Companies in this sector are subject to a wide range of regulatory obligations. For some time now, these have included ESG obligations in particular. The number of new requirements for companies in this area is high. There were already some changes in the first half of the year (see our corresponding ESG briefings). This briefing provides an overview of the latest developments in Germany and at European level in the ESG area and their impact on the defense and security industry.

Tightening of the LkSG: extended target group

In Germany the Supply Chain Due Diligence Act (LkSG) has been in force since January 1, 2024 for companies with 1,000 or more employees instead of 3,000 or more. The group of affected parties has therefore expanded significantly. Since the beginning of the year addressees have had to regularly analyze their supply chains and establish a functioning complaints mechanism (for details of the obligations to be fulfilled, see our briefing here). Companies should carefully document their compliance with the due diligence obligations, as an annual report on compliance must be published.

The BAFA has suspended the review of the reporting obligations for the companies already affected until January 1, 2025. In 2025, however, it is expected to critically examine the first-time reports of the "thousands" and investigate possible violations. The past year has already shown that the authority is not acting without teeth but is exercising its powers confidently. Although no fines were imposed under the LkSG - as far as can be seen - the BAFA did intervene when violations were detected. It investigated 58 companies on the basis of the law. According to the authority's findings, a freight forwarding company was active along their supply chain that did not pay its truck drivers a wage. On the basis of the LkSG, the BAFA ensured that the truck drivers concerned were not deprived of their wages. In the coming months BAFA will be asking companies for information on their risk management in order to verify compliance with legal obligations. Based on last year's experience, it is to be expected that this will take place in several rounds.

LkSG is followed by CS3D

On June 13, 2024 further future ESG obligations were added at EU level. The Supply Chain Directive (CSDDD) was published in the Official Journal of the EU on July 5, 2024. It is aimed in particular at:

  1. EU companies with global sales of more than EUR 450 million and more than 1,000 employees as well a

  2. non-EU companies with a turnover of more than EUR 450 million in the EU.

While the LkSG focuses more on the protection of human rights in addition to environmental aspects, the Supply Chain Directive addresses additional environmental issues (for the main differences between the two regulations, see our briefing here). Indirectly, companies can also fall within the scope of the CS3D if they are part of the supply chain of the directly liable companies (see our briefing here).

The member states still have to implement the directive. This will lead to a level playing field within the EU if the member states do not (significantly) go beyond the minimum standards of the directive. In Germany, the BAFA is likely to continue to be entrusted with the supervision of the LkSG, which has been adapted to the Supply Chain Directive. Based on previous experience with the LkSG, it can be assumed that the BAFA will confidently exercise its new powers under the CS3D. Companies are therefore well advised to adapt their compliance strategies to the requirements of the CS3D at an early stage. This is because in the event of a breach there is a risk of substantial fines, the maximum of which amounts to at least 5% of the company's global net turnover in the financial year prior to the decision. The directive also provides for civil liability for damages. It is currently being discussed whether the obligations under the LkSG should be suspended during the two-year implementation phase of the CS3D. A motion by the CDU/CSU parliamentary group "to repeal the law on corporate due diligence to prevent human rights violations in supply chains" was rejected by the Bundestag on June 14. As things stand, the LkSG is still in force - with the exception of the delayed review of reports.

Increased climate protection measures & ESG obligations through CO2 border adjustment mechanism

In addition, further ESG requirements will be tightened this year. Imports of certain goods are subject to reporting obligations under the EU Carbon Border Adjustment (CBAM). With this regulation, the EU is stepping up its ambitious climate protection efforts. The CBAM is intended to put European producers subject to European CO2 certificate trading on an equal footing with importers from third countries. Until now, European companies in energy-intensive sectors have received EU ETS certificates free of charge or by auction. These form the legal basis for CO2 emissions. However, fewer and fewer of these certificates are being issued in the interests of climate protection.

The CBAM ties in with this. It is intended to prevent carbon leakage from occurring as a result of fewer or no certificates. Carbon leakage describes the relocation of CO2-intensive production and the associated emissions to third countries with less stringent standards.  Since October 2023 importers have had to report direct and indirect (i.e. electricity-based) emissions from their CBAM products to the European Commission. The actual submission phase begins in 2026. Importers will then be subject to a CO2 price. The regulation covers imports of iron, steel and aluminum, among other things, meaning that the defense and security industry is also directly affected by it. Detailed information on this topic can be found in our briefing on the impact of the CBAM on the defense industry (see here).

More is more: climate protection through sustainable and deforestation-free supply chains

The applicability of the new EU regulation for deforestation-free products (EUDR) was also advanced and will enter into force on December 30, 2024. The regulation aims to ensure that no listed products that contribute to deforestation or forest degradation in the EU and worldwide circulate on the internal market. At the same time it also aims to reduce carbon emissions caused by the production and consumption of affected products. Among other things, the EUDR also regulates the import of rubber and certain rubber products. Rubber plays an important role in the security and defense industry due to its wide range of applications and special properties such as durability and resistance. Companies in these sectors are therefore well advised to check the EUDR. This is because violations can result in import bans, confiscation of the relevant raw materials and fines.

More resilient supply chains

The EUDR is complemented by the Critical Raw Materials Act (CRMA), which came into force on May 23, 2024 (see also our briefing here). The aim of the Act is to ensure a sustainable supply of critical raw materials for the EU. It aims to help the EU build its capacity and make its supply chains more resilient by reducing dependence on individual countries. Instead, domestic supply chains are to be strengthened and win-win partnerships with non-EU countries promoted. The EU wants to raise the benchmarks for the extraction, processing and recycling of strategic raw materials to 10%, 40% and 25% annually by 2030.

Critical raw materials include lithium, cobalt and nickel, which are essential for battery production. Another critical raw material is gallium, which is required for solar panels. But certain critical raw materials such as aluminum, titanium and tungsten are also indispensable in the defense sector. For companies, this may mean tighter control of their supply chains, including any reporting obligations. Companies that employ more than 500 people have a global net turnover of more than EUR 150 million and use strategic raw materials, for example for equipping drones, missile launchers or robotics, must carry out regular risk analyses and, if necessary, make efforts to diversify.

Concerns had previously been raised in this context that there could be an uncontrolled outflow of sensitive data when the analysis results are transmitted to the BMWK. According to the latest information from the Ministry, however, these concerns appear to have been dispelled. Risk analyses are to be carried out for purely internal purposes, i.e. without data being passed on externally. How the state will monitor and enforce compliance with the obligations is still unclear at present. Nevertheless, companies should carry out appropriate risk analyses and diversify their supply chains where necessary. From November 24, 2026, violations of the CRMA will be punished by the member states.

Conclusion

In conclusion it can be said that ESG requirements for companies will remain a hot topic this year. In order to bring the internal compliance system up to date it is essential to deal with the content of LkSG, CS3D, CBAM, EUDR and CRMA. As shown, the regulations are also aimed at the security and defense industry. The good news is that certain methodological approaches and requirements run like a common thread through the new regulations. Following a risk-based approach, companies have to fulfill various due diligence obligations, in particular a) to obtain and evaluate relevant information (for exampel along the supply chain), b) to establish a system to continuously assess risks, take preventive measures and appropriate remedial action, and c) to create transparency through documentation, reports and publications. These are already familiar tools from compliance which should now be updated in accordance with LkSG, CS3D, CBAM, EUDR and CRMA.

BLOMSTEIN will closely monitor the challenges for the security and defense industry with regard to new ESG requirements. If you have any questions regarding the implementation of LkSG, CS3D, CBAM, EUDR and CRMA obligations, please do not hesitate to contact the Defense and Security Focus Group.