Author: Jasmin Fraser and Isabella Seitz
Date: 13 August 2024
In a move towards increased corporate accountability, the Corporate Sustainability Due Diligence Directive (CSDDD) was published in the EU Official Journal on 5 July 2024. Member States are required to adopt and publish the laws, regulations and administrative provisions necessary to comply with the CSDDD by 26 July 2026, and the obligations come into force, in a phased approach, over 3-5 years from its entry into force.
In this blog post, we explore some of the requirements of the CSDDD and what they mean for company directors.
Background
First tabled by the EU Commission on 23 February 2022, difficult political and technical discussions ensued which led to the more limited version of the CSDDD that was eventually adopted.
The CSDDD is a response to persistent issues of environmental degradation and human rights abuses within global value chains, including instances of labour exploitation, environmental harm, and violations of human rights linked to multinational corporations’ operations. To date, international standards have sought to help companies address these challenges (e.g., the UN Guiding Principles on Business and Human Rights; the OECD Guidelines for Multinational Enterprises; the Guidance for Responsible Business Conduct; and the International Labour Organization’s Tripartite Declaration of Principles concerning Multinational Enterprises and Social Policy), however these standards and voluntary and not legally enforceable.
Where current legislative frameworks to prevent environmental and social harms do exist, they tend to be fragmented and siloed, and have proven insufficient in addressing complex sustainability challenges, often allowing companies to turn a blind eye to issues in their value chains or capitalise on “lower production standards in emerging economies without fully internalising the costs they impose on people, environment, and climate”. The CSDDD acknowledges these interconnected challenges, by adopting a ‘One Health’ approach; recognising that the health of humans, animals and ecosystems are closely interlined and interdependent. It aims to create a level playing field for in-scope companies, providing legal certainty for both EU businesses and large non-EU businesses operating in the EU, aiming to address the challenges associated with fragmented due diligence legislation across different member states (e.g., Germany’s Act on Corporate Due Diligence Obligations in Supply Chains and France’s Duty of Vigilance law).
What does the CSDDD require of in-scope companies?
The CSDDD calls on in-scope companies to take responsibility for their environmental and human rights impacts across their value chains. It does this by laying down rules on:
- obligations for companies regarding actual and potential human rights adverse impacts and environmental adverse impacts, with respect to its operations, those of its subsidiaries, and carried out by business partners;
- liability for violations of the obligations referred to in (1); and
- obligations for companies to adopt and put into effect a transition plan for climate change mitigation in line with the Paris Agreement.
The CSDDD adopts a risk-based approach, requiring integration of due diligence into company policies and risk management systems (Article 7). Companies are obligated to identify and address potential risks regarding human rights and environmental impacts throughout their operations, by first prioritising areas with the highest likelihood and severity of harm (Article 8, Article 9). Potential adverse impacts should be prevented, and where not possible, mitigation strategies should be implemented (Article 10).
Beyond preventative matters, the CSDDD requires in-scope companies to address past harms caused by their activities and actively cease any ongoing practices with a negative environmental or human rights impact (Article 11). Companies should remediate actual adverse impacts, where applicable (Article 12). Companies will be required to report on matters covered by the CSDDD by publishing an annual statement on their website (Article 16).
Enforcement
Public and private methods will be used to enforce the CSDDD, and penalties could be substantial. Civil liability claims may arise if an individual or entity seeks legal compensation resulting from a harm caused to persons or the environment by the company’s non-compliance (Article 29). In addition, pecuniary penalties amounting to not less than 5% of the net worldwide turnover of the company could be imposed, as well as ‘naming and shaming’ (Article 27). Whilst penalties should be dissuasive and proportionate, they will only be effective if adequately enforced by the relevant regulator in each Member State.
Implications for companies and directors
The CSDDD has implications for directors’ duties, greenwashing and company climate transition plans.
Director duties: In all European jurisdictions, directors are obliged to oversee the company in compliance with the duties of care and loyalty. In order to ensure that the general ‘duty of care’ in Member States is understood and applied in a manner coherent and consistent with the CSDDD’s due diligence obligations, the proposal for the CSDDD laid down that directors should take into account the sustainability matters including, human rights, climate change and environmental consequences, including in the short, medium and long term horizons. However, these provisions were removed in the final version. This was due to concerns expressed by Member States that the provisions amounted to an “inappropriate interference with national provisions regarding directors’ duty of care, and potentially undermining directors’ duty to act in the best interest of the company”.
It is therefore left to national laws of Member States to determine the duties and liability of directors. This does not mean that directors are free from scrutiny or liability. Firstly, the civil liability regime under the CSDDD may be a stepping stone to directors’ liability (e.g., after establishing company fault, it might be found that directors contravened one or more of their statutory duties under domestic law). Secondly, where public statements are made (e.g., the annual reporting on CSDDD compliance), stakeholders may be in possession of information that enables them to question the measures taken by companies or to lodge disclosure requests.
Greenwashing: The CSDDD is seen as an important tool to prevent greenwashing and to support the achievement of international and EU climate objectives. Where companies portray outcomes of due diligence under the CSDDD as environmentally friendly and socially responsible without substantive supportive evidence, greenwashing allegations may arise. Greenwashing can result in legal and reputational risks, including loss of trust among stakeholders.
Transition plans: companies are required to put into effect a transition plan for climate change mitigation, which should align with limiting global warming to 1.5 °C under the Paris Agreement. Specifically, the transition plan should contain:
- time-bound targets for 2030 and to 2050, and key actions planned for reaching them;
- a description of decarbonisation levers;
- an explanation and quantification of investments and funding supporting the implementation of the transition plan; and
- a description of the role of company management in connection with the plan
These time horizons might be longer than those boards usually consider in strategic planning, and may have significant implications for financial planning. Companies should effectively put its transition plan into effect, update it every 12 months to assess progress made towards its targets, and adequately communicate where such targets will not be met (as per the requirements of the CSDDD). Failure to do so might result in allegations of greenwashing or penalties under the CSDDD.
Board directors should think carefully about the implications of the transition plan on business strategy, especially as the requirement for the transition plan to include a description of the role of management means there will be clear identification of responsibility and accountability if things go wrong.
The European Financial Reporting Advisory Group will be publishing practical guidelines on transition plans. In the meantime, companies should look to international best practice guidance and frameworks such as the UK Transition Plan Taskforce (the “gold standard” for climate transition plans), for which the International Sustainability Standards Board is assuming responsibility.
Practical steps for directors
Directors could consider taking the following practical steps:
- Determine whether your company is in scope: Companies will be in-scope if they were incorporated within the EU and certain threshold conditions were fulfilled in two consecutive years (e.g., employee numbers, net worldwide turnover/royalties) (Article 2(1), 2(5)). Companies will also be in-scope if they were incorporated outside of the EU and certain threshold conditions were fulfilled in two consecutive years (e.g., net turnover in the EU) (Article 2(2), 2(5)). Financial institutions may also fall in-scope.
The extra-territorial effect of the CSDDD means its reach is substantial. Even if not directly within scope, companies may be indirectly in-scope through the ‘trickle-down’ effect – the contractual delegation of CSDDD obligations to suppliers.
- Be clear where the obligations lie: An ultimate parent company may be exempt from the requirements of the CSDDD where its main activity is the holding of shares in operational subsidiaries and it does not engage in taking management, operational or financial decisions affecting the group or its subsidiaries (Article 2). Parent companies may also fulfil the obligations on behalf of subsidiaries which are also in scope (Article 6).
In such cases, necessary information will need to be shared to ensure it is clear where the obligations lie and where subsidiaries are required to abide by the parent’s policies. Clearly defined obligations are necessary to reduce risk of non-compliance.
Director involvement in setting up and overseeing the implementation of corporate due diligence processes and measures, as well as integrating due diligence into the corporate strategy, can help demonstrate how directors are fulfilling their duty of care by implementing measures to ensure compliance with incoming obligations under the CSDDD as part of their general risk management.
- Consider whether due diligence policies need to be introduced or updated: These policies will need to be developed in prior consultation with company employees and their representatives. Modifications of, or improvements to, the company business plan, overall strategies and operations, including purchasing practices, design and distribution practices might be required.
- Evaluate how well you know your value chain: Map out and engage in an in-depth assessment of your company’s operations, those of its subsidiaries and, where related to their chains of activities, those of their business partners, to identify general areas where adverse impacts are most likely to occur and to be most severe. Engagement with business partners, suppliers and subsidiaries should be done earlier rather than later.
- Consider whether you will need to include contractual assurances: Evaluate whether contractual assurances will be required from direct business partners and seek to understand any compliance challenges with your new code of conduct and/or policies. Contractual assurances should be designed to ensure that responsibilities are shared appropriately by the company and its business partners.
- Consider whether you have adequate access to high quality and relevant data: Quantitative and qualitative information will be needed to assess actual and potential human rights adverse impacts and environmental adverse impacts. Companies should consider obtaining this information as soon as possible, to prevent gaps in assessments of impacts or underreporting. Where data does not yet exist, or in instances where it is challenging to obtain, companies could consider using digital tools and technologies (e.g., for tracking, surveillance or tracing raw materials) such as satellites or drones, and be transparent where challenges exist. Commercial providers are rapidly developing the technological tools that can assist companies with obtaining the necessary data.
- Consider whether you have the capacity to carry out monitoring: Companies should carry out periodic assessments of their own operations and measures, those of their subsidiaries and, where related to the chain of activities of the company, those of their business partners. Consider assessing your company’s ability to allocate additional human, financial and/or technical resources to implement the due diligence strategy and process. Engagement of third party verifiers may be required to support the implementation of due diligence obligations.
Conclusion
In today’s global and interconnected world, the legal boundaries of business are being expanded beyond the company’s own operations, to address the adverse impacts on people and planet across global value chains.
The CSDDD presents both risks and substantial opportunities for companies and their directors. Compliance failures could expose companies to legal penalties and indirectly result in reputational damage. On the other hand, the CSDDD offers a framework for companies to proactively address environmental and human rights impacts, fostering greater transparency and accountability, and could present an opportunity for improved financial performance in the long term by promoting sustainable practices that lead to cost savings, enhanced efficiency, and reduced risk. By embracing the CSDDD’s mandates, companies can enhance their sustainability credentials, build stronger stakeholder trust, and contribute positively to global sustainability goals. The CSDDD both challenges businesses to elevate their standards and empowers them to lead in the transition towards a more sustainable global economy.