On 24 April 2024, the European Parliament voted to adopt the long-awaited EU Corporate Sustainability Due Diligence Directive (CSDDD or the Directive). The Directive will introduce a duty on certain companies to undertake human rights and environmental due diligence. As the latest and arguably most significant new law to be introduced requiring businesses to conduct such due diligence in their own operations and value chains, the Directive will harmonize existing requirements across the EU and is likely to serve as a benchmark for other countries looking to enact similar legislation.
Background
Having first been proposed by the European Commission in 2022, the Directive was subject to provisional agreement by the European Parliament and EU Council in late 2023. However, during subsequent 'trilogue' negotiations between the three EU legislating institutions, further concessions were made to accommodate concerns of individual EU Member States, leading to a 'final compromise text' being approved by the Council on 15 March 2024, and since adopted by the plenary of the European Parliament on 24 April 2024.
Key elements
Feature | CSDDD |
---|---|
Application to both EU and non-EU
companies |
Since its inception, EU legislators anticipated
CSDDD would apply to both companies incorporated in an EU Member
State and non-EU companies. This scope has been retained in the
final text, although the thresholds have been considerably
raised. Two types of EU incorporated companies will be covered: (a) those with more than 1,000
employees and an annual net worldwide turnover in excess of
€450 million (or ultimate parent companies of such a corporate
group); and
Two types of non-EU incorporated companies will be covered:(b) companies with: (i) EU franchising or licensing agreements for annual royalties that exceed €22.5 million; and (ii) an annual net worldwide turnover in excess of €80 million (or ultimate parent companies of such a corporate group). (a) those with an annual net turnover
of €450 million generated in the EU (or ultimate parent
companies of such a corporate group); and
(b) companies with: (i) EU franchising or licensing agreements for annual royalties that exceed €22.5 million in the EU; and (ii) an annual net turnover of more than €80 million in the EU (or ultimate parent companies of such a corporate group). |
Due diligence obligations |
CSDDD will require in-scope companies to undertake
risk-based human rights and environmental due diligence to identify
and assess actual and potential adverse impacts, and (as
appropriate) prevent, mitigate, bring to an end and remedy such
impacts in their operations and "chain of
activities" (as defined, see below). Consistent with previous drafts proposed by the Commission, Council and Parliament, the final compromise text of the Directive requires companies to implement due diligence policies, supported by "appropriate measures", to identify and assess actual or potential impacts, and then (a) prevent potential impacts; and (b) address actual impacts, including by (as appropriate) developing and implementing prevention action plans and corrective action plans; provision of compensation; "necessary investments" in infrastructure and production processes; contractual assurances from business partners; and targeted and proportionate support for small and medium enterprises (SMEs). In addition, the final text includes within the meaning of "appropriate measures" reference to improvements to the company's "own business plan, overall strategies and operations, including purchasing practices, design and distribution practices". Companies will be obliged by CSDDD not only to identify and address their own adverse human rights and environmental impacts, but also those of direct and indirect business partners in their "chain of activities". The Directive now also expressly allows companies to prioritise adverse impacts based on their severity and likelihood. This aligns with the criteria of the United Nations Guiding Principles on Business and Human Rights (UNGPs) around prioritisation and severity. |
Stakeholder engagement |
Companies are also required by the CSDDD to carry out meaningful engagement with affected stakeholders, establish and maintain a notification mechanism and complaints procedure, periodically monitor the effectiveness of the measures taken, and publicly communicate on their due diligence practices. |
Annual statement |
Companies must publish on their website an annual statement on the matters covered by the Directive unless they are already subject to sustainability reporting requirements under the EU Corporate Sustainability Reporting Directive (CSRD). The EU Commission has been tasked with adopting delegated acts by March 2027, providing further information on the content and criteria of such disclosures. |
Climate transition plans |
The Directive also requires companies to adopt,
implement and update annually a climate transition plan which aims
to ensure, through best efforts, that the business model and
strategy of the company are compatible with limiting global warming
to 1.5 °C in line with the Paris Agreement and the objective of
achieving the intermediate and 2050 climate neutrality
targets. The final text now explains that the plan should address the exposure of the company to coal-, oil- and gas-related activities. It must set out actions to achieve time-bound targets related to climate change for 2030 and in five-year steps up to 2050 based on conclusive scientific evidence and, where appropriate, absolute emission reduction targets for greenhouse gas for scope 1, scope 2 and scope 3 greenhouse gas emissions. |
"Chain of activities" |
Unlike previous drafts which referred to the
entire "value chain", the final text of CSDDD defines
"chain of activities" as being limited to: (a) the activities of
"upstream" business partners related to the
production of goods or provision of services by the company,
including design, extraction, sourcing, manufacture, transport or
development of products or services; and
Business partners include entities with whom the company has a
commercial agreement (direct business partners) and other entities
which perform business operations related to the operations,
products or services of the company (indirect business
partners).(b) the activities of "downstream" business partners related to the distribution, transport or storage of products, where undertaken for the company or on its behalf. The disposal of products as well as activities of a company's "downstream" business partners related to the services of the company are excluded. |
Application to finance sector |
For regulated financial undertakings, Recital 26
states that "only the upstream but not the downstream part
of their chains of activities" is covered, indicating
that the activities of "downstream" business partners
– whether in relation to products or services – are
excluded. However, it is worth noting that this is not addressed in
the "chain of activities" definition itself, nor any
other operative provision in the Directive. Notwithstanding the apparent exclusion of the downstream part of regulated financial undertakings' chains of activities from CSDDD's due diligence obligations, Recital 51 notes that the OECD Guidelines for Multinational Enterprises and ancillary financial sector guidance set out expectations concerning the "types of measures" financial undertakings "are expected" to consider regarding adverse impacts, including exercising "so-called 'leverage' to influence" their clients. Further, under Article 36, the EU Commission is required to report to the Parliament and Council within two years of the Directive entering into force concerning the need for additional due diligence obligations "tailored to" regulated financial undertakings and financial services. |
Regulatory enforcement |
CSDDD will require EU Member States to designate supervisory authorities to supervise compliance with its obligations. Supervisory authorities will have the power to require information from companies and conduct investigations. In the event of non-compliance, supervisory authorities will be empowered to require the company to take remedial action, order the company to cease infringements and refrain from future repetition, and impose penalties such as maximum fines of not less than 5% of the company's net worldwide annual turnover. The supervisory authority may also take interim measures where there is an imminent risk of severe and irreparable harm. In deciding whether to impose penalties, account will be taken of the company's due diligence and remedial practices, including its investments made, targeted support for SMEs, collaboration with other entities, and the company's prioritisation of severe and likely adverse impacts. |
Civil remedy |
CSDDD will also provide for claimants to seek
civil remedies against companies based on alleged breaches of their
human rights. A company may be liable for damage caused by its
intentional or negligent failure to prevent or bring to end an
adverse impact through appropriate measures. While importantly a company will not incur civil liability for damage caused only by a business partner in its chain of activities, CSDDD does provide for joint and several liability where the damage was caused "jointly by the company and its subsidiary, direct or indirect business partner". The Directive also allows for a five-year period for such claims to be brought and sets out procedural provisions relating to disclosure of evidence, injunctive measures and costs. |
Phased implementation means the largest "in-scope" companies will be required to comply with the Directive within three years, with obligations for smaller companies taking effect in later years. | |
2027 (with disclosures due for financial
years commencing on or after 1 January 2028):
|
|
2028 (with disclosures due for financial
years commencing on or after 1 January 2029):
|
|
2029 (with disclosures due for financial
years commencing on or after 1 January 2029, though this appears to
be an error and the legislators intended to refer to 1 January
2030):
|
Next steps
The final steps of the legislative process include endorsement by the EU Ambassadors (COREPER I) and Competitiveness Council, scheduled for 15 May and 23 May 2024 respectively. Thereafter, the Directive will be published in the Official Journal of the European Union and the transposition phase will start. Member States have two years to transpose CSDDD's requirements into national law, in time to ensure that the largest in-scope companies are subject to binding legal obligations within the prescribed three years of the Directive entering into force.
CSDDD aims to create a "level playing field" regarding human rights and environmental due diligence obligations across Europe, noting that France and Germany have already introduced similar legislation in the form of the Loi Vigilance (Vigilance Law) and Lieferkettensorgfaltspflichtengesetz (Supply Chains Act). CSDDD will also supplement an array of separate EU due diligence requirements that apply in specific contexts and to particular sectors, including regarding conflict minerals, deforestation and battery supply chains. As these laws differ in terms of their scope and specific requirements, it is important that companies operating in the EU or trading with EU counterparties assess the specific obligations of each law which may apply to them and whether enhancements may be needed to their existing due diligence processes. Indeed, even as CSDDD aims to create a common framework across the EU, there remains the prospect that Member States may take inconsistent approaches in terms of how the Directive is adopted into national law, including through introducing more onerous obligations ("gold-plating").
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.