What is the proposed EU Corporate Sustainability Due Diligence Directive?
11 January 2023
In February 2022, the European Commission adopted a proposal for a Directive on Corporate Sustainability Due Diligence, sometimes referred to as CSDD, EU mandatory Human Rights Due Diligence or EUmHRDD. The aim of the Directive is to ensure EU companies prevent and mitigate human rights and environmental harms within their operations in Europe and beyond.
Negotiations over the proposed Directive are ongoing at present. The proposed Directive is closely related to the Commission’s recent prohibition on products made with forced labour.
Why is an EU Directive needed?
Many companies recognise the need to address the negative impacts of their activities on human rights and the environment. But the increasing complexity and global nature of supply chains as well as the fragmentation of national rules on sustainability-related disclosure has resulted in slow and uneven implementation of good practice.
EU research has found that most voluntary efforts have failed to generate systemic improvements in how corporations fulfil their human rights responsibilities. A mandatory due diligence system will provide increased legal clarity to companies regarding their obligations.
So many civil society representatives, trade unions, consumers, even businesses, have been calling for mandatory due diligence rules. Seventy percent of respondents to a public consultation on the sustainable corporate governance initiative launched by the European Commission sent a clear message: EU action on human rights due diligence is needed.
The proposed EU Directive is consistent with existing international standards on responsible business conduct, including the United Nations Guiding Principles on Business and Human Rights (UNGPs), the OECD Due Diligence Guidance on Responsible Business Conduct and sectoral guidance (OECD Due Diligence Guidance), and the United Nations Sustainable Development Goals (SDGs).
The Directive will complement existing EU legislation such as the Sustainable Finance Disclosure Regulation, the EU Non-Financial Reporting Directive (NFRD), the Conflict Minerals Directive, and the new Corporate Sustainability Reporting Directive (CSRD).
Is the proposed Directive legally binding on companies?
EU Directives are legal instruments which are binding on Member States. This means that once it is finalised, the Directive will require Member States to create national laws and policies to mandate human rights due diligence, within two years. Directives can only be used to hold national governments accountable. Therefore, the Directive itself cannot be used against companies directly - national laws and instruments will be used for such accountability.
What types of companies are covered by the proposed Directive?
The proposed Directive applies to the following companies (as set out in article 2 of the proposal):
- Businesses registered in the EU with more than 500 employees and more than 150 million euros net worldwide turnover in the last financial year;
- Businesses registered in the EU that are operating in high-risk sectors (such as manufacture of textiles, agriculture, forestry, fisheries, etc.) with more than 250 employees and a 40 million euros net worldwide turnover; and
- Businesses that are registered outside the EU (non-EU companies) that are active in the EU and generate a turnover in the EU exceeding the above-mentioned thresholds (either 40 million euros if the company is in a high-risk sector or 150 million otherwise).
The Commission estimates that the Directive will cover about 13,000 EU companies and 4000 non-EU companies.
What will companies be expected to do?
Companies are expected to identify and mitigate their impacts in relation to issues such as child labour, worker exploitation, working conditions, biodiversity loss, and pollution. To do so, they must perform the following six due diligence steps (as set out in articles 4 – 11 of the Directive, and in the OECD Due Diligence Guidance):
- Integrate due diligence into company policy: Businesses will need to implement a policy which will at least contain a description of their human rights due diligence process, a code of conduct for employees and subsidiaries, and a description of the measures taken to implement the due diligence.
- Identify actual or potential adverse human rights and environmental impacts: These impacts could result from the company’s own operations, the activities of its subsidiaries or any human rights impacts arising within its global value chains. The value chain encompasses the whole lifecycle of a product or service, from the development to the use and, in the case of a tangible product, its disposal.
- Prevent, mitigate, cease and minimise actual and potential and adverse human rights, and environmental impacts: To prevent harm, companies may, for example, make the necessary investments into management or production processes, seek contractual assurances from direct business partners that they will ensure compliance with human rights standards and monitor such compliance by business partners. Where prevention is not possible, companies should adequately mitigate impacts through corrective action (including by the payment of damages, financial or non-financial compensation and other forms of support to the affected persons or communities).
- Establish and maintain a complaints procedure for affected parties: Affected parties must be able to submit complaints if they have legitimate concerns regarding actual or potential human rights and environmental adverse impacts within the operations of companies or their value chains.
- Monitor the effectiveness of the due diligence policy and measures: Companies will have to carry out periodic assessments to monitor the effectiveness of their due diligence measures. These assessments will focus not only on their own and their subsidiaries’ operations, but also on those of the business partners involved in their value chain.
- Publicly communicate due diligence efforts and outcomes: Companies will have to publish on their website an annual statement in respect of their activities. The content of that statement will be established subsequently by an implementing act of the European Commission.
What does the 'value chain' cover?
The proposed Directive requires businesses to conduct due diligence across global value chains. “Value chain” is defined in the broadest possible terms in the proposal, including everything from the production and use to disposal of the product. It includes direct and indirect established business relationships of the company that design, extract, manufacture, transport, store and supply raw materials or goods (upstream entities) as well as direct and indirect relationships that use or receive products, and ultimately dispose of the product.
In the financial services sector, the “value chain” is limited to the activities of the clients receiving such services, and the subsidiaries whose activities are linked to those services.
What types of rights and impacts should the due diligence process cover?
The proposal provides that the due diligence process should cover any violation or possible violation of the rights and prohibitions enshrined in international conventions and human rights law. This means that the Directive aims to protect and promote all human rights. Due diligence should also encompass adverse environmental impacts that either create adverse flow-on effects on human rights or which are in themselves violating key international environmental conventions.
How will mandatory due diligence affect directors’ duties?
In all EU Member States, directors owe a duty of care to act in the best interests of the company. Article 25 of the Directive notes that when fulfilling their duty of care, directors should take into account the consequences of their decisions for human rights and the environment, including in the short, medium and long term. In order to ensure that directors’ duties are coherent and consistent with due diligence obligations, the Directive requires EU countries to ensure that their relevant corporate laws account for the requirements of Article 25.
How will the proposed Directive be enforced?
Once adopted, the Directive will be enforced by the EU through a combination of regulatory oversight and civil liability:
- Administrative supervision (articles 17 and 18): At the national level, EU Member States are required to have a national administrator or regulator to supervise companies with respect to their compliance with national laws. Sanctions in the case of non-compliance may include substantial fines and compliance orders (article 20). At the regional level, the Commission will set up a European Network of Supervisory Authorities that will bring together representatives of national authorities to ensure a coordinated approach to enforcement (article 21).
- Civil liability (article 22): Member States must ensure that victims can take legal action to obtain compensation for damages and effective judicial remedies for harms that result from the failure of companies to comply with their due diligence obligations.
When will the proposal be adopted as a binding Directive?
The Proposal is currently being scrutinised by the European Parliament and the Council of the European Union. If those two institutions reach an agreement on the Proposal, it will be adopted. The average EU timeline from the Commission proposal to formal adoption is around 18 months. Therefore, the earliest the Directive is likely to be adopted is mid-2023. However, given the political sensitivity of the Proposal and divergent views among Member States and EU institutions, delays are expected due to intense negotiations.
If adopted, Member States will have two years to transpose the Directive into their national law (article 20). As of today, two Member States, France and Germany, have already introduced domestic mandatory due diligence laws. Several other Member States are also in the process of legislating or considering such actions.
What will be the outcome of the Directive?
If adopted, the Directive will be a ground-breaking development in the way that companies account for human rights and environmental costs in their business activities throughout their global supply chains. Not only will it create a more even playing field to ensure that all companies doing business in the EU are held to the same standard, it will also provide an agreed framework for access to remedy so that rights-holders can pursue justice and accountability.
Other unique provisions of the Directive, such as “substantiated concerns” in article 19, allow third parties to submit claims to any regulatory authority where they have reasons to believe that a company is not fulfilling its due diligence obligations. Such provisions will ensure that civil society organisations and worker rights groups can be involved in the monitoring and oversight process.
What are the shortcomings?
The effectiveness of the Directive will depend on how well it is translated into national law and the extent to which it will improve the human rights of those it is designed to protect. Human rights organisations have observed that the absence of small, medium and micro-enterprises from the proposed Directive could limit the extent of systemic change in harmful “business as usual” practices. In fact the Open Society Foundations has claimed that “Statistically, it is easier to win the lottery than identify a[n ICT] company obliged under the EU’s new due diligence legislation. The exclusion of companies’ conduct in relation to climate change from civil liability is also a cause of concern, as climate change and its impacts are already having catastrophic impacts on human rights and the environment.