This month, the European Parliament and Council will take up the proposal for a Corporate Sustainability Due Diligence Directive (CSDD) that the Commission put forward in February. In this short comment, we look at the background, key features and potential implications of the current draft of the CSDD.

Background

The European Commission (EC) published the long-awaited proposal for a CSDD on 23 February 2022 and is seeking to gain approval of the proposal from the European Union co-legislators before the end of 2022. Once the draft is approved, Member States will have two years after the entry into force of the directive to transpose the necessary rules into national law.

If adopted, the CSDD would establish obligations for companies regarding actual and potential human rights and environmental adverse impacts with respect to their own operations, the operations of their subsidiaries, and the value chain operations carried out by entities with whom they have “established business relationships”. It also establishes rules on liability for violations of the obligations it imposes. The Directive defines “human rights adverse impacts” and “environmental adverse impacts” broadly to include impacts resulting from violations of international human rights and environmental conventions listed in the Annex to the proposal.

Companies will be within the scope of the CSDD legislation if they: (a) are European and have more than 500 employees and worldwide turnover in excess EUR 150 million; or (b) are non-European with a European turnover in excess EUR 150 million. A lower turnover threshold of EUR 40 million applies to companies with at least 50% of their net turnover a “high-risk” sector, which includes textiles, clothing and footwear, agriculture, forestry, fisheries, food and extractives.

Approach to the due diligence requirement

The proposed CSDD would require Member States to ensure that companies conduct human rights and environmental due diligence by: (i) integrating due diligence into policies; (ii) identifying actual or potential adverse impacts; (iii) preventing potential adverse impacts; (iv) bringing actual adverse impacts to an end; (v) establishing and maintaining a complaints procedure; (vi) monitoring the effectiveness of their due diligence policy and measures; and (vii) publicly communicating on due diligence.

The CSDD also provides some detail regarding what each of these steps should entail. For example, as part of the duties to exercise due diligence to prevent potential adverse impacts and bring actual adverse impacts to an end, the CSDD provides that companies should be required to: (i) develop and implement an action plan in consultation with affected stakeholders; (ii) seek auditable contractual assurances from direct business partners and an action plan with respect to those partners’ own partners (including contractual cascading); (iii) make necessary investments; (iv) provide targeted and proportionate support for SMEs with which the company has an established business relationship; and (v) collaborate with other entities.

The CSDD also provides that, where impacts cannot be prevented or mitigated, or halted by these means, the company shall be required to suspend or terminate commercial relations with the partner in question. Financial services firms, however, do not need to terminate a relationship, if doing so would cause substantial prejudice to the entity receiving the services. As part of the duty to bring actual adverse impacts to an end, the CSDD provides that companies should be required to “neutralise the adverse impact”, including by the payment of proportionate damages and financial compensation.

The due diligence obligations established by the proposed CSDD relate not only to the corporate group, but also the “value chain”, which is defined to include the activities of both upstream and downstream established business relationships. However, obligations within the value chain extend only to “established business relationships”. “Established business relationship” is defined to as a “business relationship, whether direct or indirect, which is, or which is expected to be lasting, in view of its intensity or duration and which does not represent a negligible or merely ancillary part of the value chain.”

For financial services, “value chain” is defined more narrowly to include only the activities of companies who receive financial services directly and to exclude SMEs. Financial services companies are only required to conduct due diligence before they provide a financial service. The due diligence obligation is also narrower for companies that meet only the lower turnover threshold; they are only required to identify actual and potential severe adverse impacts relevant to the high-risk sectors in which they are involved.

Approach to enforcement

The proposed CSDD requires Member States to empower a regulatory authority to supervise compliance. The authority may investigate on its own motion or where a third party with a “legitimate interest” (e.g., an NGO) submits a “substantiated concern” that a company is breaching its obligations under the Directive. It shall have the power to request information and conduct an inspection without prior warning to the company (i.e., make a “dawn raid”). Supervisory authorities shall have the power to: (i) order the company to cease or abstain from repeating the relevant conduct and take remedial action; (ii) impose “effective, proportionate and dissuasive” pecuniary sanctions based on the company’s turnover; and (iii) adopt interim measures to avoid the risk of severe and irreparable harm.

Member States also shall ensure that companies are liable for damages if: (i) they fail to comply with the obligations to use due diligence to prevent adverse impacts or bring adverse impacts to an end; and (ii) as a result of this failure, an adverse impact occurs and leads to damage. The CSDD’s liability rules must be of overriding mandatory application in all cases relating to companies and situations covered by the directive, unless the law of a Member State provides for stricter liability. A company will not be liable for the activities of an indirect partner with whom it has an established business relationship, if it put in place auditable contractual assurances, and it was reasonable to expect that these would be adequate to prevent, mitigate or cease the adverse impact.

Comment

While some aspects of the CSDD may change and enforcement is some years away, in-scope companies should begin preparing for compliance with the CSDD’s due diligence obligation now. Designing and implementing appropriate due diligence systems and controls and embedding them into operations could take several years. Making codes of conduct binding through cascading contractual clauses and establish credible auditing systems, as contemplated in the CSDD, could also take time.

Given the significant consequences of non-compliance with the proposed directive, the CSDD is likely to prompt in-scope companies, as well as the companies they do business with, to treat human rights due diligence as a core business concern now. Companies could be held liable under the CSDD in the future for actual or potential adverse impacts that due diligence could identify, and companies could prevent or mitigate now. Moreover, companies could be required to suspend or terminate commercial relations with business partners with whom they could avoid contracting now.

Once the CSDD takes effect, companies will be required to report on their due diligence efforts annually, thereby providing information regarding their compliance to potential litigants. Risk to directors also will increase, as the proposed CSDD holds them responsible for due diligence systems and requires Member States to ensure that their laws provide for a breach of directors’ duties when directors fail to take into account the consequences of their decisions for human rights.

If it is adopted as drafted, the CSDD is likely to cause companies operating in the European single market to avoid sourcing from high-risk markets out of fear that they may be held liable for human rights harm occurring there. This will be the likely result of the EC proposal to extend the scope of legal liability to the entire value chain of established business relationships regardless of a company’s involvement in the human rights harm. This will have a dramatic impact on global trade patterns, potentially measured in the many billions of dollars.