Supply Chain Act - a use case for smart contract and blockchain

The Supply Chain Due Diligence Act, better known as the Supply Chain Act, will come into force on 01.01.2023. Its overarching goal is to be able to trace working conditions throughout the entire production chain of an item. In fact, this is nowadays hardly possible or only possible with a lot of effort for many companies that source their raw materials or already processed products from other countries. In the past, the tough price war in many industries also favored the tendency to buy raw materials and other commercial goods as cheaply as possible. In developing and emerging countries, this in turn leads to production under questionable working conditions, exploitation of nature and the environment, or even with the help of child labor.

The Supply Chain Act takes into account the fact that only with complete transparency of the production chain is it possible for companies, but also for end customers, to consciously avoid items that were produced under inhumane conditions. Blockchain technology, in particular, seems tailor-made to track products throughout their entire production process as a digital proof of origin.

Does the supply chain law also affect SMEs?

In the first step, only companies with more than 3000 employees are affected by the Supply Chain Act. From 2024, companies with more than 1000 employees will also be affected. By common definition, SMEs are those in which no more than 250 people work. Initially, they are not directly affected. However, if SMEs act as suppliers to large corporations, this may result in obligations under the Supply Chain Act. Moreover, legislation is dynamic. If the Supply Chain Act achieves the desired success, this could result in the boundaries shifting downwards over the years. The vast majority of those responsible in companies presumably have an interest in not offering or processing products that have been created under inhumane working conditions anyway. In this respect, it can also be an opportunity to have only fairly produced and traded products in the product range in this way.

Obligations for companies

Achieving the desired transparency across borders of countries and continents is a major challenge. The German Federal Ministry for Economic Cooperation and Development (BMZ) summarizes the obligations for responsible parties in five blocks:

1. the company must adopt a policy statement on respect for human rights.

2. a risk analysis must be carried out to identify any adverse effects on human rights in the production process.

3. risk management shall ensure preventive measures and remedial actions for identified problems.

4. a complaints mechanism must be established to which employees involved in the production process have access.

5. each company concerned must report transparently to the public on measures and violations.

When considering these points, it already becomes clear that a real improvement of the situation will probably only be possible if a tamper-proof document is kept for each product or batch. In addition, this must be capable of being extended as required. Every entity involved in the manufacturing process must be able to add its own entries. According to the initial assessment of experts, blockchain technology seems to be a suitable tool.

Some information on blockchain and smart contract.

Blockchain technology has become known through the cryptocurrency "Bitcoin". It is a decentralized collection of data based on cryptographic functions. The principle is that the blockchain itself is public and can be downloaded by anyone involved or interested. Any information can ultimately be stored in a block and "chained" inseparably with the previous elements. It is because of this feature that the technology got its name. In addition to the actual content, each block must have a header and a footer. The hash value of the previous block is stored in the header. This is a cryptographically secure checksum that can be used to rule out any subsequent falsification of the previous block. In the footer, the creator uses his private key to sign the content he has created. At the same time, he must make his public key available to the general public so that anyone involved can immediately validate the content. Usually, there is also an instance for checking each new block in such a system. This would sensibly also have to manage the valid public keys.

For permissioned blockchains, participants are expected to legitimize themselves to the network in order to be part of it. Only those who have permission participate in the process and can view the blocks.

Smart Contracts are programs that take advantage of blockchain technology. They are automated documents, so to speak, that contain legally binding contracts or transactions. Ultimately, a smart contract is able to independently add information to a blockchain, depending on programmable conditions. In this way, it is possible, for example, to track an object in an automated manner throughout its entire production and usage period.

The concrete implementation

Of course, the protection for affected workers stands or falls with the design on site. The law also provides for controls by the Federal Office of Economics and Export Control. In theory, blockchain technology makes it possible for employees involved in production to be irrevocably recorded with little effort. This could be done, for example, by scanning a biometric identifier. Legislation stipulates that employees must be given an opportunity to lodge complaints. Complaints could also easily be added to a product's blockchain in a permanent and tamper-proof manner. Software to read out the integrity of a blockchain could be offered by the respective manufacturer.

Regardless of whether it can achieve all its goals, the Supply Chain Act is aiming in the right direction. Those responsible for SMEs should address the issue in good time in order to be able to meet future requirements from customers. Smart contracts, by the way, can be checked for security gaps and logical errors in an audit before they are used. This step is advisable precisely because human interaction usually no longer takes place at a later date.