What the LkSG Compliance Gap Actually Looks Like to BAFA
A BAFA audit of LkSG compliance reviews the company's risk analysis methodology, documentation of supplier engagement, and evidence of proportionate remedial measures. If 70% of tier-1 suppliers have never received a human rights due diligence questionnaire, the audit record doesn't show a program under development — it shows a program that didn't run. Under LkSG, the obligation to assess begins with the full tier-1 supplier base, not a risk-prioritized subset. CSDDD will extend that scope further. The documentation deficit compounds each year the gap persists.
Questionnaire Deployment, Risk Scoring, and BAFA Report Generation in One Workflow
An AI Labor Company agent deploys LkSG-compliant human rights and environmental risk assessment questionnaires to the full tier-1 supplier base — structured for the 16 protected legal positions the law specifies — through the supplier engagement channels already configured in OneTrust and iManage. Responses are aggregated and risk-scored in OneTrust using a consistent methodology that produces a defensible, auditable record of each supplier's assessed risk level. Diligent handles board-level reporting obligations; Workiva compiles the annual LkSG report with the complete audit trail BAFA requires, formatted to the statutory reporting structure. The Head of Responsible Sourcing reviews the risk-scored exception list and approves the submission — the agent has built the record.
Audit Defense and Scalability for CSDDD
The business case here is primarily risk avoidance: BAFA administrative proceedings under LkSG can result in fines of up to 2% of global annual turnover for large companies, and an undocumented supplier base is the most direct path to enforcement action. Beyond the immediate audit, establishing a functioning questionnaire-and-scoring workflow now positions the company for CSDDD's extended obligations without rebuilding the program from scratch. The agent recovers 60–80% of the manual effort currently required to run supplier assessments at scale, making the full tier-1 coverage that LkSG requires operationally feasible rather than aspirational. Deployment typically runs about 5 weeks.
Does the agent's questionnaire format meet LkSG and CSDDD requirements, or does the legal team need to draft it?
The questionnaire templates are configured with your legal team before deployment — the agent applies them consistently and tracks responses, but the legal team owns the content and compliance determination. The agent's role is execution and documentation, not legal analysis.
What happens when suppliers provide incomplete or evasive responses to risk assessment questions?
Incomplete or flagged responses are scored accordingly in OneTrust and surfaced in the exception list for the Head of Responsible Sourcing to review. The agent documents what was received and when, supporting the company's position that it made good-faith outreach and assessed responses proportionately — which is what BAFA evaluates.