In the latest, special episode of Corrs' Essential ESG podcast, Phoebe Wynn-Pope and Kate Gill-Herdman unpack the European Union's Corporate Sustainability Due Diligence Directive (CSDDD).
One of the most significant corporate responsibility reforms made globally in recent years, the impact of the CSDDD is going to be felt well beyond the EU, including in Australia.
Phoebe and Kate consider the likely impacts on Australian businesses and discuss what organisations can do now to prepare.
Essential ESG is a podcast series presented by Corrs that breaks down topical issues affecting the rapidly evolving environmental, social and governance landscape in Australia and beyond.
Phoebe Wynn-Pope, Head of Responsible Business and ESG, Corrs Chambers Westgarth
Kate Gill Herdman, Special Counsel, Responsible Business and ESG, Corrs Chambers Westgarth
Phoebe: Welcome to another edition of Essential ESG, coming to you from the lands of the Wurundjeri people of the Kulin nation. My name is Phoebe Wynn-Pope and I'm the Head of Responsible Business and ESG at Corrs and I'm joined today by Kate Gill-Herdman, Special Counsel in our Responsible Business and ESG team. Welcome Kate.
Kate: Thanks for having me Phoebe.
Phoebe: I'm so excited to have you here to talk about Europe's human rights and environmental due diligence directive and how it's going to be impacting Australian businesses. It's a pretty big topic for us to get through and I think we're going to have a little bit of fun. When we're talking about this directive it's important to know what we're actually talking about. It's the European Union's corporate sustainability due diligence directive and it's one of the most significant corporate responsibility reforms in recent years. Its impact is going to be felt well beyond the EU, including here in Australia, which is why we're talking about it of course. And it was formally adopted by the EU parliament in April. The directive is going to require EU member states to implement legislation in accordance with the articles of the CSDDD, or let's call it the 'directive' for the purposes of today, and it's going to require extensive due diligence to identify business impacts on both people and the environment. But before we get to those objectives and the requirements of the directive, can you tell me Kate, which Australian businesses might fall in scope?
Kate: Yes, sure. So there are really two ways of explaining it. So there's in-scope and out-of-scope. But what's important about this is even the out-of-scope entities will be impacted in Australia. So, the directive will apply directly to in-scope entities and it will also apply to entities that are majority owned by an in-scope entity. And if you're an Australian company and you have an EU-based parent company, it's likely that they will look to implement some of the due diligence requirements through their corporate structure. And then the third way that the CSDDD will impact Australian businesses is for entities outside the scope of the regime. But if they supply goods or services to an entity that is within the scope, they will be impacted. And we know that in Australia, we have a large number of businesses who supply goods and services into the EU.
Phoebe: Right. Okay. So, just to summarise, there's basically three ways an Australian business can be impacted – they can be in-scope directly, they can be a subsidiary of an in-scope organisation, or they can be supplying goods and services to an in-scope organisation.
Kate: Yes, that's right.
Phoebe: Great. So now we know exactly what it looks like, what exactly are the objectives of the directive? What is the European Union hoping to achieve with this?
Kate: So we know that the EU is really looking for businesses to take responsibility for actual and potential adverse human rights and environmental impacts throughout their value chain. And the regime requires businesses to conduct risk-based human rights and environmental due diligence to identify, assess, prevent, mitigate and remediate those impacts.
Phoebe: And that sounds very familiar. Some of the other podcasts that we've been talking on have talked about the UN Guiding Principles on Business and Human Rights and the requirement of those principles to understand your human rights impacts.
Kate: Yes, that's right, it will be familiar to Australian businesses that conduct human rights due diligence but I suppose the difference is that with this directive, it now applies to environmental impacts. And we know in Australia that we have fairly strong environmental regulation, but the directive will require enterprise-wide environmental due diligence as opposed to what we usually do which is at the site or the project level. So that's one of the main objectives and then it also requires monitoring the effectiveness of those due diligence efforts and reporting on those due diligence efforts and a number of other related requirements which we will come to. But Phoebe, I've been doing a lot of talking so I'm going to ask you a question. We've been talking a lot about human rights and environmental due diligence to identify impacts, but in the directive, what human rights and what environmental impacts are we actually talking about?
Phoebe: The directive defines environmental and human rights impacts by reference to a fairly large list of international instruments that attach to the directive. And the international and environmental prohibitions and obligations and the human rights instruments that are referenced in the CSDDD. So that will be the starting point for organisations. They're pretty wide-ranging and they include things that are more familiar to us – like modern slavery, child labour and exploitation, that you would expect – and then other human rights like the right to adequate housing, freedom of thought and discrimination. So the directive also includes biodiversity loss, pollution and destruction of natural heritage. So it's a much broader requirement than what we're used to. In Australia, although some of those international obligations are integrated into Australian law, for example the modern slavery offences that are in the Criminal Code, not all of them are. So, it may not be sufficient to rely on compliance with Australian laws in order to meet the requirements of the directive. And this is where organisations are going to have to look pretty closely at their value chain. So unlike traditional corporate due diligence, which is aimed at identifying and mitigating the risk to the business, the objective of the directive is to identify and mitigate the risks to people and the environment. And this is a slightly different way of thinking about due diligence and it really requires an enterprise-wide approach to the governance of human rights and environmental risks. And also consultation with stakeholders that will help inform that due diligence process, an absolutely critical requirement. So to give listeners a little bit of a sense of what will be needed to be done, we thought we'd go through a few of the mandatory requirements and these are just some of the things that will be required to give you a little bit of a taste of the demands of in-scope entities.
Kate: Yes, and we've picked a few highlights. One of the first requirements is around governance which is really about integrating human rights and environmental due diligence into company policies and risk management systems. This can be a pretty significant undertaking for Australian organisations, particularly because their existing policies and procedures tend to be directed to identifying risks to the business and mitigating those risks. Here, we're really looking at identifying risks to people and the environment and mitigating those risks. And then on the environment specifically, there's a requirement not only to have but also to implement a climate change mitigation transition plan that aligns the entity's business model and strategy with the Paris Agreement to a global warming scenario of 1.5 degrees. And just really pausing here to reflect that it actually requires implementation. And this goes beyond disclosure requirements that we are seeing around the world to simply disclose the transition plan if one exists.
Phoebe: And then on human rights due diligence, the directive really draws heavily from the UN Guiding Principles on Business and Human Rights, the UNGPs as we've discussed, particularly in terms of requiring organisations to, as we've said, identify, assess both actual and potential adverse human rights impacts from their own operations, from their subsidiaries and also from their value chain and business partners. So these are familiar concepts, but they are also quite explicit in terms of some of the things that organisations might need to do in order to prevent those adverse impacts, which may include things like, for example, the preparation of a preventative action plan that includes both qualitative and quantitative indicators for measuring improvements or seeking contractual assurance from direct business partners. While they do go into quite a bit more detail, all the familiar elements are there. The remediation is there, requirements for grievance mechanisms are there, the requirement for meaningful engagement with stakeholders, as we've already mentioned – it's there. All these things are familiar but one of the things that's going to be particularly challenging for everybody and listeners will be familiar because we know how difficult it is under the Modern Slavery Act, is this requirement to monitor the adequacy of the effectiveness of those diligence procedures. This is really tricky. Conducting an annual assessment of the effectiveness, and we know those effectiveness measures are very difficult to identify and let alone measure on the way through. So this is going to be a big challenge.
Kate: Yes, it really will be. And you think about this then in the context of an organisation's value chain. It's quite, not only explicit, but quite a significant undertaking.
Phoebe: Yes, and that's where the assessment comes in, because we can remember and take a little bit of heart from the fact that it's not expected to be done across absolutely every single activity of the business or every single supplier in your value chain, but you do need to be able to identify and recognise where your most salient risks may be and to address those.
Kate: Yes, and that is the risk-based approach that the directive requires.
Phoebe: Absolutely. And on that basis, Kate, what happens if organisations don't put in place this diligence framework? Are there any consequences?
Kate: Well, yes, there are. There are quite significant penalties that apply for non-compliance and they are based on a company's net worldwide turnover.
Phoebe: Worldwide turnover?
Kate: Yes. So very significant. In-scope entities can be held civilly liable for intentional or negligent failure to comply with a preventative or corrective action plan. So going back to what we were talking about before. And where harm is caused to a person, including a legal person – so obviously not the business – in-scope entities may also be held jointly and severally liable for the damage caused together with subsidiaries or business partners. And the threshold there, focusing on intentional or negligent and the causation factor of causing harm to the other business or a person.
Phoebe: So just going back, the preventative and corrective action plan is going to be really critically important, isn't it? Because if you have one of those in place and you don't adhere to it and a harm occurs to a person, then the penalties are potentially quite significant.
Kate: Yes, they are very significant. If you have your preventative action plan, because it's required by the directive, and you don't follow it, at the very least it's probably going to be negligent.
Phoebe: Okay. So, Kate, on that basis, the effects on Australian businesses – let's talk about that now. For Australian subsidiaries of in-scope entities, it's likely that those in-scope entities will require the Australian subsidiaries to implement the substantive requirements of the directive in full. This is going to be pretty challenging for many Australian businesses who aren't subject to the same regulatory requirements. It's going to take quite a lot of persuading of management and the board to invest in what's required, isn't it?
Kate: Yes, that's right. And, you know, we've seen this with the German Supply Chain Act and fairly long periods of negotiation and implementation by Australian subsidiaries who have been having to implement directives coming from their German-based parent companies. And so we really expect to see similar here.
Phoebe: Then also doing business with in-scope entities, there's going to be a lot more Australian businesses who might not actually be a subsidiary but who are actually doing business with entities that are in-scope. Can you give me an example of the three things, that if you're going to do business with in-scope entities in Europe, what are you going to find are going to be the three things, or is going to be the impact of the directive on your business here in Australia?
Kate: So I'd start with requests for information. So you might find requests for omissions data to enable your business partners in the EU to assess the alignment of their transition plans to global warming scenarios of 1.5 degrees. You might also find requests for data around the scope of your human rights due diligence, if it exists. And I expect to see, at least for some sectors, the imposition of stringent contractual terms in supply and other commercial agreements. And this is as a result of EU in-scope entities seeking to ensure, I suppose, that their business partners here in Australia adopt practices directed to preventing adverse human rights and environmental impacts. And just to expand on that a little bit further, there could be contractual terms directed to reducing emissions requiring direct business partners to adhere to those preventative or corrective action plans that we talked about earlier, or to notify. So notify risks and incidences of adverse human rights and environmental impacts. And potentially, we might also see built in to contracts rights to inspect records, including transition plans. So there's a whole range of different information requests and contractual requirements that might be imposed on Australian entities and we might also see requirements to indemnify in scope entities against losses caused by the Australian business for intentional negligent failure to comply with a preventative or corrective action plan imposed by the in-scope entity. And that really comes back to EU entities seeking to protect themselves from the penalties that might arise in situations of joint and several liability.
Phoebe: So we're going to finish up this podcast with three things that Australian businesses can do to get ready.
Kate: Yes, and I'm going to take the first two Phoebe and then you can finish with the last. So my tips for getting ready are firstly, as a very first step, find out if EU-based parent companies or EU-based business partners are in-scope entities, so within the scope of the CSDDD, and when their obligations will commence, because there's a phased-in approach to implementation. So you really need to be ready to meet those requirements that are going to be imposed and make those enquiries now. The second is, to the extent you can, engage with your EU-based parent company or business partners to understand the scope of contractual obligations they may seek to impose on you so that you can really start to understand what they may mean for your business – whether there's uplift required and any key negotiation points during the course of those re-forming of the contracts.
Phoebe: Right. Okay. So that's one and two and, my tip, which is number three, is to assess readiness by conducting a bit of a gap analysis between the likely impacts and current human rights and environmental risk management frameworks that you may have, if any, and what's likely to be required under the CSDDD, under the directive. That will help you assess your readiness and to identify any systems changes that might need to be put in place. And I think it will also help you with the process of getting ready for the directive, which is going to be quite significant. And so you'll need a bit of time to put this plan together and make sure that you're ready by the time the directive is in effect. So having that sort of readiness plan and understanding what the gap is will be really important going forwards.
Kate: Yes, readiness plan – I like that Phoebe. That's a good way of explaining it. So I suppose what Australian businesses really need to be doing is making sure that they remain attractive as suppliers or business partners and helping their EU-based parent companies or their business partners meet those obligations. And that's really going to be critical for those Australian businesses moving forward.
Phoebe: That's right. Thanks a lot Kate. There's been so much to talk about and I feel like we've only scratched the surface. So we'll continue to bring you updates, all the listeners updates, and insights about how to progress work on the CSDDD over the next few months.
Kate: Thanks very much for having me, Phoebe.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
Lawyers Weekly Law firm of the year
2021 |
Employer of Choice for Gender Equality
(WGEA) |