Preparing for the EU Corporate Sustainability Due Diligence Directive

Despite uncertainty over the scope of the directive and the final text to be agreed by the EU lawmakers, companies and institutions should start thinking about testing their current compliance programmes and policies and how, if necessary, they can amend them.

It will be important to monitor legislative developments closely and to start making all possible preparations for the eventual implementation of the CSDDD.

The EU Corporate Sustainability Due Diligence Directive

The European Commission’s proposed CSDDD will require companies to monitor their supply chains for the risk of violations of human and environmental rights. The scope of these laws aims to help create sustainable economies, but as the regulatory framework that businesses must comply with becomes increasingly fragmented this causes undue administrative burdens on companies and has the potential to affect their competitiveness in the market.

To implement a uniform approach in respect of sustainability due diligence obligations, the Commission proposed the CSDDD in February 2022 which, if adopted, will implement a single, uniform sustainability due diligence obligation across businesses registered or operating in the EU. It could require a vast number of businesses to monitor their supply chains for human and environmental rights risks, and also includes obligations on climate protection.

The proposed directive has been drafted to draw on and complement existing regulatory frameworks such as the OECD Guidelines for Multinational Enterprises, the Non-Financial Reporting Directive and the Sustainable Finance Disclosure Regulations.

New developments

Since the Commission published its proposal in February 2022, the European Council and European parliament have been working separately on their own versions. The Council has already adopted its general approach in December 2022, and most recently on 1 June 2023, the parliament agreed on its position.

Negotiations between the Commission, Council and the parliament, known as the ‘trilogue’, have now begun. Together with the necessary legal editing and translating, the process is expected to take between six and nine months. Only once an agreed text has been adopted can the CSDDD be transposed into national and domestic law. Transposition into national and domestic law will be required within three or five years, depending on the timeline as per the agreed text.

Application of the CSDDD

One of the key differences, and presumably one of the main discussion points, in the trilogue will be the scope of the application of the CSDDD. Initially, the Commission proposed that the CSDDD would directly apply to large businesses registered outside of the EU with a net EU turnover of more than €150 million and medium-sized businesses registered outside of the EU with a net EU turnover of more than €40 million if at least 50% of that turnover is generated from operating in a high-impact sector.

The CSDDD would also apply to large EU companies with more than 500 employees and a net worldwide turnover of €150 million and medium sized EU companies with more than 250 employees and a net worldwide turnover of €40 million if more than 50% of that turnover was generated from operating in high-impact sectors.

The Council agreed with the Commission’s scope, but proposed a phased-in approach (129-page / 827 KB PDF), meaning that at an early stage, the new rules would only apply only to "very large companies" that have more than 1000 employees and €300 million net worldwide turnover. Only non-EU companies with €300 million net turnover generated in the EU would have to comply with the new rules at the outset.

The Council also highlighted that non-EU companies do not need to have a branch in the EU to be covered by the proposal. Three years after the directive's entry into force the obligations would be extended to all businesses meeting the criteria the Commission proposed.

The Council wants to add a new provision to the CSDDD that would require the Commission to set up a "secured system of exchange of information about the net turnover generated in the Union by non-EU companies without a branch in the EU or having branches in multiple member states with the objective of determining the competent member state.

The parliament in turn proposed a threshold criteria whereby the CSDDD would apply to EU companies with more than 250 employees and over €40 million in net worldwide turnover and non-EU companies with a net worldwide turnover of €150 million provided that more than €40 million was generated in the EU. The parliament’s suggested threshold would also cover EU parent companies of a group with more than 500 employees and a net worldwide turnover of €150 million, as well as non-EU parent companies for which at least €40 million was generated in the EU.

The parliament’s proposal differs from the Commission’s proposal in that it does not limit the scope of the CSDDD to certain entities through a requirement that a threshold of their turnover must be generated from a high-impact sector.

Legislators are also discussing the application of the CSDDD to regulated financial undertakings. The Commission proposed that the CSDDD apply to regulated financial undertakings, whereas the Council agreed to exempt the financial sector from most of the rules, allowing the member states to decide independently whether or not to include the financial sector when implementing the directive. The parliament agreed with the proposal to apply the CSDDD to regulated financial undertakings but proposed to limit the scope in that obligations would only extend to activities of a direct client and its corporate group that has linked activities to the contract in question.

CSDDD obligations

The Commission initially proposed that the CSDDD would apply to entities that fall within the scope together with all established business relationships within their “value chains” – meaning business relationships that perform activities related to the production of goods or the provision of services both upstream and downstream in the supply chain.

The Council proposed to limit the obligation to only business partners that fall within the “chain of activities”. Again, both upstream and downstream activities are covered, but downstream is limited to business partners carrying on activities for or on behalf of the company.

The parliament seems to agree with the Commission’s proposal with regard to the obligations extending to business relationships of the in-scope entity, with the caveat that it does not need to be “established” business relationships and that all activities in the “value chain” are covered. However, special rules for the value chain of regulated financial undertakings are proposed.

Civil liability

The Commission proposed that member states must establish civil liability for failure to comply with due diligence obligations that results in damages, however no liability will accrue to indirect business relationships if reasonable due diligence measures were taken.

The Council also aims to amend the rules for liability of companies failing to comply with the CSDDD. The four conditions that have to be met in order for a company to be held liable were clarified in the Council position and the element of fault was included. The four conditions are:

• damage caused to a natural or legal person;
• a breach of the duty;
• the causal link between the damage and the breach of the duty; and
• a fault – either intentionally or by negligence.

The Council's compromise text expressly provides for a right of full compensation for victims of human rights or environmental adverse impacts. The only exception being no liability if the damage was caused only by company’s business partners in the chain of activities.

The parliament differs in that it proposed liability also for damage caused by indirect established business relationships, regardless of a defence of due diligence, and also proposed further procedural rules regulating the civil liability.

Code of conduct

All the three proposals seek to ensure that companies integrate due diligence into their corporate policies, having in place a code-of-conduct. The Commission and the Council emphasise that this code of conduct should also be applied to business relations in the value chain – a rule-based approach. The parliament, on the other hand, proposes a more principles-based approach, namely putting in place appropriate measures to implement due diligence in the value chain. This approach leaves more discretion to the value chain partners to determine their own appropriate measures to achieve the CSDDD objectives.  

Benefits of the CSDDD for companies

For the first time ever, companies operating in the EU market will have common and clear rules on corporate sustainability due diligence that help to prevent legal fragmentation across the bloc. While some EU countries already have national rules governing the risk of violations of human and environmental rights in supply chains, their scope is inconsistent from one country to another.

The new directive will also help companies to meet consumers' increasing demand that products are made in an ethically and environmentally sustainable way. Likewise, investors often require assurances about value chain standards and wider transparency. The CSDDD will give companies a clearer view of their operations and supply chain, including higher awareness of their negative impacts.

In addition, the EU has said that companies which incorporate sustainability factors into their policy generate higher returns and increased resilience to major disruptive events, such as the Covid-19 pandemic.

Obligations for companies under the CSDDD

The proposed CSDDD would place an obligation on companies to review their own operations, and those of their business partners in their supply chains, to identify potential adverse impacts on human and environmental rights. The new directive will require firms to update their policies, procedures and systems and review and amend existing contracts with parties in the supply chain.

Companies will also have to prepare new contractual provisions to be included in new contracts with suppliers and third parties, such as the right to request information to satisfy CSDDD disclosures, remedies when such information is not disclosed and contractual guarantees to comply with a certain code of conduct.

The CSDDD might also impose a wider duty of care on directors to act in the best interest of their companies, and directors could be required to incorporate corporate strategy and monitor its implementation. The directive might also establish a possible link between directors’ remuneration and their contribution to their company’s business strategy and long-term interests and sustainability.

The new rules on due diligence will apply to companies of significant size and economic strength and those operating in high impact sectors such as textiles, agriculture and extraction of minerals. While SMEs are not subject to direct obligations in the proposal, accompanying measures will support SMEs that may be indirectly affected.

In order to comply with the new rules, companies may incur costs related to establishing and operating due diligence processes and procedures. In addition, companies may also incur additional transition costs from investments needed to change their own operations and value chains to address adverse impacts.

Co-written by Yoenes Kameh Khosh and Eugenie Werth of Pinsent Masons.