Skip to main content
Back to Shop
LkSG Supply Chain Compliance Pack preview
NIS2 COMPLIANCE

LkSG Supply Chain Compliance Pack

LkSG supplier risk, human rights due diligence and BAFA-ready reports. SME alternative to osapiens.

LkSGBAFAsupply-chainGermanyCSDDDNIS2supply-chainLkSG-NIS2

🇪🇺 NIS2 SUPPLY CHAIN OVERLAP

The German LkSG supply chain due diligence requirements overlap with NIS2 Directive Article 21 supply chain security obligations. Organisations complying with LkSG should also map NIS2 requirements for ICT supply chain risk management. First NIS2 audit deadline: 30 June 2026. NIS2 fine: €10M or 2% of global turnover.

🇩🇪 LKSG: IN FORCE — CSDDD EXPANDING TO EU-WIDE IN 2028

Germany's Supply Chain Due Diligence Act (LkSG) applies to companies with 1,000+ employees operating in Germany — with BAFA annual reporting mandatory. The EU Corporate Sustainability Due Diligence Directive (CSDDD) expands this to 5,000+ employee companies across all EU member states from 2028. Non-compliance: up to 2% of global annual turnover plus exclusion from public procurement contracts.

LkSG Compliance — at a Fraction of Enterprise Platform Costs

Enterprise LkSG platforms (osapiens, SAP Sustainability) require SAP integration and six-figure implementation budgets. SummitBridge LkSG Pack operates independently of your ERP system, supports German and English, and produces BAFA-compliant annual report output directly. Built for companies operating in Germany or supplying to German companies with 1,000+ employees.

  • Supplier Risk Classification: High/Medium/Low risk assignment for every supplier based on sector, country of origin, and product category — using BAFA-aligned methodology
  • Human Rights Due Diligence: All 11 international conventions covered under LkSG — child labour, forced labour, wage rights, freedom of association, workplace safety
  • Environmental Due Diligence: Climate impact, water usage, deforestation — mapped to BImSchG and WHG requirements under German environmental law
  • BAFA-Compliant Annual Report: Generated in the format required for BAFA submission — no manual aggregation from multiple spreadsheets
  • Whistleblower Channel: LkSG-compliant complaint and reporting system — also satisfying EU Whistleblower Directive requirements
  • CSDDD Transition Mapping: Shows how your current LkSG work maps to 2028 CSDDD obligations — so you are not starting from scratch
  • Bilingual Support (DE/EN): German for supplier communications; English for your UK or international headquarters — same platform

💷 THE MATHS

£199/month. osapiens LkSG (SAP-integrated): typically £50,000+/year. LkSG consultancy retainer: £3,000–8,000/month. BAFA non-compliance fine: up to 2% of global turnover. SummitBridge LkSG Pack costs approximately 2% of enterprise alternative cost for comparable compliance output.

📅 NIS2 — FIRST UK AUDIT CYCLE: 30 JUNE 2026

For UK parents of EU subsidiaries, LkSG due diligence sits alongside the UK Cyber Security and Resilience (CS&R) Bill, which extends supply-chain cyber-resilience obligations to UK organisations. Both regimes share evidence (supplier risk register, vendor questionnaires) — this pack maps the overlap.

📅 How this subscription works — month-1 to month-12

  • Day 1 onboarding: instant portal access, automated onboarding checklist and baseline assessment intake — getting started guide delivered automatically.
  • First week setup: integrations wired, first report generated, MLRO / DPO / IT lead invited to the portal.
  • Ongoing monthly delivery: updated compliance report, new-regulation tracker delta, audit-trail snapshot, continuous regulatory updates aligned to your sector.
  • Cancellation: cancel any time from the portal — no contract lock-in; 30-day data export window after cancellation.

⚠️ Legal disclaimer (COMPLIANCE): This product is provided for information and compliance documentation only; it is not regulatory advice. Read the full disclaimer below or in our Terms of Service before purchase.

NIS2 Annex I Supply Chain Coverage

LkSG (German Supply Chain Due Diligence Act) overlaps directly with NIS2 Article 21(d) supply chain security and adjacent Annex I measures. This pack extends LkSG due diligence to cover NIS2 cybersecurity supply chain obligations:

  • (a) Risk analysis + supply chain security policy — Supplier risk register template combining LkSG human rights risk and NIS2 cyber risk dimensions
  • (b) Incident handling (supplier breach) — Joint LkSG/NIS2 supplier incident notification workflow with escalation paths
  • (c) Supplier business continuity — Critical-supplier continuity assessment, alternative supplier register, business interruption playbook
  • (e) Supplier system security — ICT supplier security baseline questionnaire (aligned with NIS2 Article 21 + ISO 27001)
  • (g) Supplier training requirements — Cyber awareness clauses for supplier contracts, mandated training evidence requests
  • (h) Supplier encryption requirements — Encryption-in-transit and at-rest contract clauses for supplier data flows
  • (i) Supplier access control — Supplier access management protocol (just-in-time access, RBAC for vendor accounts)
  • (j) Supplier MFA + emergency comms — MFA enforcement clauses for supplier portal access, out-of-band contact register

Article 23 reporting (supplier-originated incidents): 24-hour early warning template covering supplier-originated incidents that could trigger your own NIS2 notification obligation; 72-hour formal notification template with supplier root-cause attribution. Single intake covers LkSG (BAFA), NIS2 (national CSIRT), and downstream customer notifications.

£199.00/mo

MONTHLY SUBSCRIPTION · No VAT (not registered)

Delivery: Instant on payment
Refund: 14-day satisfaction guarantee
Instant download after payment
UK GDPR compliant
Secure checkout via Stripe
Not VAT registered — no VAT charged

Trust & Delivery

ICO registered ZC112810

UK Information Commissioner's Office data controller registration.

Companies House 16419201

SummitBridge Horizon Ltd — registered 30 April 2025, London.

14-day satisfaction guarantee

See refund policy for full terms.

Sample materials available

Request a sample

Compare with the market

3 direct and adjacent competitors tracked.

VendorTheir priceThreatvs SBHTheir advantagesOur advantages
osapiens

DE

CRITICALpricierDE market leaderSME price · English + German
IntegrityNext

DE

HIGHpricier
Workiva

US

MEDIUMpricier

Compliance Snapshot

Regulatory posture for this product — for procurement and security teams.

General-purpose (limited- or minimal-risk)

Conformity scaffold in place — formal record not yet published