Out-Law Analysis | 23 Nov 2022 | 10:14 am | 6 min. read
Businesses in and outside the EU need to prepare for the EU Corporate Sustainability Due Diligence Directive, which will require them to monitor their supply chains for the risk of violations of human and environmental rights.
In recent years, international and national authorities have started to focus on building sustainable economies. Businesses and their supply chains are at the heart of such initiatives. As a result, more and more countries have started to introduce national legislation in respect of how companies should conduct business to comply with human rights and reduce their impact on the environment.
The scope of these laws is to help create sustainable economies, but as the regulatory framework that businesses must comply with becomes increasingly fragmented this causes undue administrative burdens on companies and has the potential to affect their competitiveness in the market.
To implement a uniform approach in respect of sustainability due diligence obligations, the European Commission proposed a Corporate Sustainability Due Diligence Directive in February 2022 which, if approved by the European Parliament and the Council, will implement a single, uniform sustainability due diligence obligation across businesses registered or operating in the European Union. It could require a vast number of businesses to monitor their supply chains for human and environmental rights risks, and also includes obligations on climate protection.
Although the directive will mainly apply to businesses registered in an EU member state, it will also require companies registered in third party countries to comply with the obligations as long as they operate in the European Union and meet the relevant thresholds
Although the directive has not been adopted yet, businesses need to start preparing for its implementation. They need to start reviewing their operations across the EU, determine if the directive is applicable to them, and start reviewing their supply chain to understand where the main issues are going to be, both from a human rights perspective and from an environmental risks perspective.
The proposed directive has been drafted to draw on and complement existing regulatory frameworks such as the OECD Guidelines for Multinational Enterprises, the Non-Financial Reporting Directive and the Sustainable Finance Disclosure Regulations.
The proposed directive is expected to be reviewed, amended and approved by the European Parliament and the Council at some point in 2023. EU member states will then have between two and four years to implement the new rules into national law. Accordingly, businesses will need to have their strategies in place ideally well before 2025.
Although the directive will mainly apply to businesses registered in an EU member state, it will also require companies registered in third party countries to comply with the obligations as long as they operate in the European Union and meet the relevant thresholds. Also, non-EU businesses supplying EU-businesses will often be indirectly affected by the directive.
There are four categories of company directly covered by the directive:
The list of high-risk sectors is very broad. It includes, among others, agriculture, mining, textiles and food.
The European Commission assumes that a total of 13,000 companies in the EU and 4,000 non-EU companies would be affected by the new obligations.
Notably, the directive would not apply to smaller enterprises as this would create undue pressure on such businesses. However, the Commission acknowledges that smaller businesses may still have to comply with the directive indirectly as companies higher up in the supply chain will seek to flow down their own obligations in accordance with the terms of the directive.
So even businesses to which the directive does not directly apply – either because they are too small or because they do not operate in the EU – can be nevertheless strongly affected by it if they are part of the supply chain of a business to which the directive applies.
If the directive enters into force as proposed, businesses meeting the thresholds will have to identify actual and potential negative impacts on human rights and the environment of their business activities and those of the businesses from which they are supplied, and prevent or significantly minimise such impacts. They will also have to monitor and publicly report on the effectiveness of the measures taken. They will have to establish a complaints procedure through which violations of environmental and human rights could be reported directly to them.
Companies with more than 500 employees and an annual turnover of more than €150m will also be required to develop a plan to ensure that their business strategy is in line with the goal of limiting the global temperature increase to 1.5 degrees Celsius as set out in the Paris Climate Agreement.
Non-EU businesses will need to designate authorised representatives that are either established or domiciled in an EU country in which the business operates. The supervisory authorities of the respective member state will communicate with those authorised representatives on compliance and enforcement matters.
The directive also includes new obligations for directors:
Each member state will have to create a supervisory authority which will oversee the implementation of the directive. These supervisory authorities will have the right to request that companies provide information to prove compliance as well as to carry out investigations - both announced and unannounced. In order to enable collaboration between the supervisory authorities in different states and to ensure a uniform implementation of the directive, a European Network of Supervisory Authorities will also be created.
If a company is found to be in breach of the directive, according to the draft new rules the supervisory authority may impose administrative sanctions on the company. Each member state will be free to decide what those sanctions will be in accordance with their national laws. Any monetary sanctions imposed by the authorities will be based on the company's turnover and will take into account the company’s efforts to comply with the directive and any remedial action plan requested by the supervisory authority.
In addition to administrative sanctions, companies could also be held liable for damages as a result of a breach of the directive. If the company is in breach of the directive as a result of the actions of an indirect partner, the company will not be liable to the extent that it has taken steps to prevent, mitigate and stop the risks, unless it was unreasonable to expect that such measures would be effective. In respect of a director’s breach of its duty of care, the "usual" consequences for a breach under applicable national law will apply.
Although the directive has not been adopted yet, in preparation for its implementation, businesses who are likely to be caught by the directive - either directly or indirectly - should seek to:
Co-authored by Ioana Chiva of Pinsent Masons
25 Feb 2022
16 Sep 2022