ESG due diligence in supply chains – Polish

A Polish mid-sized manufacturing group with operations across three voivodeships received a formal questionnaire from its largest German customer in early 2025. The customer – itself subject to Germany's Supply Chain Due Diligence Act – demanded documented evidence of ESG due diligence across the Polish supplier's own supply chain. The Polish company had no formal programme in place. The timeline for response was 30 days.

ESG due diligence in supply chains is no longer a voluntary exercise for Polish companies. The Corporate Sustainability Reporting Directive (CSRD) and the forthcoming Corporate Sustainability Due Diligence Directive (CSDDD) impose binding obligations on companies meeting defined size thresholds. Polish entities supplying European groups face cascading contractual demands even before domestic implementation is complete. Failure to respond credibly risks contract termination – an irreversible commercial consequence that no legal remedy fully repairs.

This case study traces the steps taken to bring that manufacturing group into compliance within a compressed timeline. It covers the background, the legal strategy chosen, the process executed, and the lessons that apply to any Polish company facing similar pressure from its customer base.

What was the client's starting position?

The client was a manufacturer of industrial components employing approximately 400 people. It fell below the CSRD first-wave threshold but supplied directly to a German group that did not. That asymmetry is now common across Polish industry. The German customer's own obligations under the Lieferkettensorgfaltspflichtengesetz (German Supply Chain Due Diligence Act, LkSG) required it to obtain documented assurances from first-tier suppliers. The Polish company had no ESG reporting structure, no whistleblower compliance channel, and no supplier code of conduct.

Three immediate risks were identified. First, contract loss – the German customer had indicated it would delist suppliers unable to demonstrate a credible programme within 60 days. Second, reputational exposure if the gap became visible during any subsequent audit. Third, regulatory pre-emption: Poland was in the process of transposing the EU Whistleblowing Directive through the ustawa o ochronie sygnalistów (Act on the Protection of Whistleblowers), which entered into force in September 2024 and applies to employers with 50 or more employees. Non-compliance with that statute carries fines of up to PLN 40,000 per violation.

The compliance gap was therefore not only commercial. It intersected with live statutory obligations the client had not yet addressed.

How did the legal team structure the response strategy?

The strategy rested on three pillars: triage, documentation, and contractual protection. Triage meant identifying which obligations were immediately enforceable under Polish law, which were contractual demands from the customer, and which were forward-looking regulatory requirements. That distinction determined sequencing and resource allocation across a 30-day sprint.

We secured a documented compliance baseline for a manufacturing client in Silesia (winter 2025). The work began with a gap analysis against the Act on the Protection of Whistleblowers, the National Court Register (KRS) filing requirements for corporate governance disclosures, and the Polish Financial Supervision Authority (KNF) guidance on ESG risk management for entities in regulated sectors. Although the client was not itself regulated, its parent group had banking relationships that triggered indirect KNF-aligned expectations.

The documentation pillar produced four instruments within 30 days. First, a supplier code of conduct aligned with the UN Guiding Principles on Business and Human Rights. Second, a whistleblower channel hosted on a third-party platform, satisfying the statutory requirement for confidential reporting. Third, an internal ESG due diligence procedure covering first-tier and second-tier suppliers. Fourth, a contractual annex for the client's own supplier contracts, allocating ESG obligations downstream.

The contractual protection pillar addressed the German customer relationship directly. We drafted a letter of assurance with annexed documentation, delivered within the 30-day deadline. The customer accepted it and suspended the delisting process.

What process challenges arose during implementation?

Three process challenges were significant. Each has direct relevance to other Polish companies facing similar demands.

The first was data availability. ESG due diligence in supply chains requires information about suppliers' environmental and social practices. Many of the client's Polish sub-suppliers were small enterprises with no ESG reporting history. Collecting even basic information – energy consumption, labour practices, subcontracting structures – took two weeks of structured outreach. We developed a short-form self-assessment questionnaire, capped at 12 questions, to maximise response rates. Response rate reached 74 per cent within 14 days. That figure mattered: the German customer's audit protocol treated a response rate below 60 per cent as a red flag.

We also assisted a logistics operator in Małopolska in restructuring its supplier contracts to include ESG warranties (spring 2025). That engagement revealed a second challenge common to Polish companies: existing supplier contracts contained no ESG representations. Retrofitting obligations into live contracts required either renegotiation or reliance on general statutory duties under the Kodeks cywilny (Civil Code). In most cases, a bilateral addendum was more practical than litigation risk. For suppliers unwilling to sign, the client introduced a tiered risk classification – a proportionate response that satisfied the customer's audit requirements.

The third challenge was internal governance. The client had no designated compliance function. Responsibility for the ESG programme was assigned to the head of legal, who had no prior CSRD Poland experience. We provided a structured implementation manual and a 90-day monitoring calendar. That calendar identified the next statutory milestone: the obligation to publish a non-financial information statement once the client crossed the CSRD second-wave threshold, projected for the 2026 financial year.

What lessons does this matter transfer to other Polish companies?

Four lessons stand out for any Polish company operating in European supply chains.

Contractual pressure arrives before regulatory deadlines. German and Dutch customers are already demanding LkSG-aligned assurances. Polish companies should treat those demands as the effective compliance date, not the statutory transposition date.
Whistleblower compliance is not optional for employers above 50 staff. The Act on the Protection of Whistleblowers is in force. Fines reach PLN 40,000 per violation. A compliant channel is also a prerequisite for credible ESG reporting.
Supplier questionnaires must be proportionate. A 50-question survey sent to a 10-person sub-supplier produces hostility, not data. Short-form tools with a 14-day response window outperform elaborate frameworks.
AML and ESG due diligence share infrastructure. Supplier identification, beneficial ownership verification, and risk classification processes required for AML compliance – addressed in detail at our AML compliance obligations for Polish companies resource – can be extended to cover ESG risk at marginal cost.

Polish companies with Romanian subsidiaries face an additional layer of complexity. Compliance programme design must account for both jurisdictions simultaneously. Our analysis of compliance programme design for Romania subsidiaries in Poland addresses that cross-border dimension directly.

One further point on sequencing: companies under financial pressure should not treat ESG compliance as a post-restructuring task. Lenders and investors increasingly assess ESG governance as part of creditworthiness. Our restructuring practice in Poland has encountered several situations where an early ESG programme preserved financing options that would otherwise have closed.

What to prepare before an ESG supply chain audit

Any Polish company anticipating a customer or regulatory audit should assemble the following before the request arrives:

A supplier register with tier-one and tier-two coverage, including beneficial ownership data.
A signed supplier code of conduct or equivalent contractual ESG clause in all active supplier agreements.
Evidence of a functioning whistleblower channel meeting the statutory requirements of the Act on the Protection of Whistleblowers.
A completed self-assessment questionnaire from at least 60 per cent of tier-one suppliers by value.
An internal ESG due diligence procedure, version-controlled and approved at board level.

Each of these items can be produced within 30 to 45 days with focused legal support. Waiting until a customer questionnaire arrives compresses that timeline to a point where quality suffers.

Frequently asked questions

Q: Does CSRD apply to Polish companies that are not listed?

A: CSRD applies in waves based on size thresholds, not listing status. Large Polish companies meeting the employee count, turnover, or balance sheet criteria are captured in the second wave, with reporting obligations beginning for the 2025 financial year. Smaller companies in European supply chains face contractual pressure regardless of whether they are directly regulated. Polish transposition legislation is expected to confirm these thresholds without material deviation from the Directive.

Q: How long does it take to implement a compliant ESG due diligence programme from scratch?

A: A baseline programme covering whistleblower compliance, a supplier code of conduct, and a first-tier supplier questionnaire process can be operational within 30 to 45 days. A programme capable of satisfying a formal CSRD audit – including second-tier supplier coverage and board-level governance documentation – typically requires three to six months. The timeline depends heavily on the number of active suppliers and the availability of internal legal resource.

Q: Is a whistleblower channel the same as an ESG hotline?

A: No. A whistleblower channel under the Act on the Protection of Whistleblowers is a statutory requirement for employers with 50 or more staff. It must meet specific confidentiality and non-retaliation standards. An ESG hotline is a broader tool for collecting sustainability-related concerns from employees and supply chain partners. Many companies operate a single platform that satisfies both functions, but the statutory requirements for the whistleblower channel cannot be diluted by combining it with a general ESG reporting tool.

To discuss how ESG due diligence obligations apply to your supply chain, contact info@kordeckipartners.com. Your company's specific supplier structure and customer contractual demands require a tailored assessment. Delay in establishing a documented programme precludes the ability to respond to customer audits on short notice – a gap that can trigger irreversible contract loss before any legal remedy is available.

For a tailored strategy on ESG compliance programme design, reach out to info@kordeckipartners.com. We will map your regulatory exposure, identify the fastest path to a defensible baseline, and draft the contractual and governance instruments your customer relationships require.

About KORDECKI & Partners

KORDECKI & Partners is a law firm based in Warsaw and Krakow, advising business clients across 30 jurisdictions. Our team combines expertise in Polish and international law with a practical approach to ESG compliance, supply chain due diligence, and corporate governance. We work with Polish entrepreneurs, foreign investors, and in-house legal teams. To discuss your situation, contact info@kordeckipartners.com.