On March 10, 2021, the European Parliament adopted a resolution calling for mandatory human rights, environmental and governance due diligence standards across the value chain for companies operating in the EU internal market (the “Resolution”). The Resolution was accompanied by an annex setting out recommended text (the “Recommendations”) for a Directive on Corporate Due Diligence and Corporate Accountability (the “Directive”), for consideration by the European Commission. The Commission has announced that it will submit a legislative proposal for the Directive later in 2021.
If adopted, all EU Member States will be required to implement the Directive into their national laws. This will result in substantive due diligence requirements being imposed on companies, whether based in the EU or selling their products and services into the EU, across their entire value chain, with potential sanctions for non-compliance.
This latest development arrives in the context of a significantly enhanced focus on environmental, social and governance (ESG) issues at the EU level. It follows, for example, the entry into force on January 1, 2021 of the EU Conflict Minerals Regulation, requiring EU-based importers of tin, tantalum, tungsten and gold to perform due diligence across their supply chains to ensure that they meet international responsible sourcing standards, as well as the phasing in, starting March 10, 2021, of the EU Sustainable Finance Disclosure Regulation (SFDR). A cornerstone of the European Commission’s Action Plan on Sustainable Finance, the SFDR imposes on EU fund managers and certain non-EU fund managers heightened due diligence and reporting requirements with respect to the sustainability impacts of investment decisions.
If the Recommendations are adopted, the new rules will apply to the following companies:
- All “large undertakings,” regardless of whether they are private or State-owned and regardless of their sector of activity. “Large undertakings” under EU law are generally understood to be companies that, on their balance sheet dates, exceed at least two of the following three criteria: (a) balance sheet total: € 20 million; (b) net turnover: € 40 million; and (c) average number of employees during the financial year: 250.
- All publicly listed small- and medium-sized enterprises (SMEs), regardless of their sector of activity. Under EU law, SMEs are generally understood to be companies that, on their balance sheet dates, fall within at least two of the following three parameters: (a) balance sheet total: between € 4 million and € 20 million; (b) net turnover: between € 8 million and € 40 million; and (c) average number of employees during the financial year: between 50 and 250.
- Any other SME operating in a “high-risk sector.” “High-risk sectors” remain to be defined by the Commission in its legislative proposal, although the Resolution refers, for example, to the garment and footwear, forestry and mineral sectors.
All such companies selling goods or providing services in the EU internal market will be bound to comply with the new rules, including companies established outside the EU.
What Obligation of Due Diligence?
If the Recommendations are adopted, the duty of due diligence will require companies to “identify, assess, prevent, cease, mitigate, monitor, communicate, account for, address and remediate the potential and/or actual adverse impacts on human rights, the environment and good governance that their own activities and those of their value chains and business relationships may pose.”
“Adverse impacts on human rights, the environment and good governance”
The proposed due diligence framework targets three categories of “potential and/or actual adverse impacts,” namely, those on:
- human rights, as embodied in international human rights treaties, including social, worker and trade union rights;
- the environment, by reference to internationally recognized and EU environmental standards, including the right to a safe, clean, healthy, sustainable and biodiverse environment. The Resolution refers specifically to climate change, and stresses that corporate due diligence laws must be in line with the goals of the Paris Agreement; and
- good governance, including compliance with anti-corruption, bribery and money laundering laws.
“Business relationships” and “value chains”
The proposed duty of due diligence will apply to a company’s own activities, and also in connection with its “business relationships” throughout its “value chain.” Under the Recommendations:
- “business relationships” means subsidiaries and commercial relationships of a company throughout its value chain, including with suppliers and sub-contractors, which are directly linked to the company’s business operations, products or services; and
- “value chain” means a company’s activities, operations, business relationships and investment chains, including entities with which the company has a direct or indirect business relationship, both upstream and downstream, and which either: (a) supply products, parts of products or services that contribute to the company’s products or services, or (b) receive products or services from the company.
A company therefore will have to make all efforts within its means to ensure that its business partners (both direct and indirect, and upstream and downstream) have in place human rights, environmental and good governance policies that are in line with the company’s obligation of due diligence. The Recommendations contemplate that this may be achieved, for example, by means of framework agreements, contractual clauses, codes of conduct or certified and independent audits.
“Identify, assess, prevent, cease, mitigate, monitor, communicate, account for, address and remediate”
The Recommendations spell out the core components of the proposed obligation of due diligence, which will require a company to:
- Conduct a risk assessment to evaluate “the likelihood, severity and urgency of potential or actual impacts on human rights, the environment or good governance.” If the company concludes that it neither causes nor contributes to any such impact, it shall publish a statement to that effect. The statement must be reviewed in the event new risks emerge.
- Establish and effectively implement a due diligence strategy aimed at preventing, ceasing or mitigating potential or actual impacts through the adoption of “proportionate and commensurate policies and measures.” A due diligence strategy must be “carefully designed to be an ongoing and dynamic process,” and not a mere “box-ticking exercise.”
- Elaborate a prioritization policy in keeping with Principle 17 of the United Nations Guiding Principles on Business and Human Rights, in the event the company is unable to deal with all of its impacts at the same time.
- In establishing and implementing its due diligence strategy, engage in good-faith, effective, meaningful and informed discussions with relevant stakeholders, including trade unions and workers’ representatives.
- Ensure transparency, by making the company’s most recent risk assessment statement or due diligence strategy publicly available (with due regard for commercial confidentiality).
- Carry out an annual evaluation and review of its due diligence strategy, and make any revisions as are necessary.
- Provide a legitimate, accessible, predictable, equitable, transparent and rights-compatible internal grievance mechanism, “allowing any stakeholder to voice reasonable concerns regarding the existence of a potential or actual adverse impact.” Such mechanisms must be based on engagement and dialogue rather than retaliation, and must not undermine a victim’s right to seek recourse before the competent national authorities or courts.
Lastly, as part of its duty of due diligence, when the company identifies that it has caused or contributed to, or that it is directly linked to, an adverse impact, it must participate in the remediation process to the best of its abilities. The appropriate remedy for victims of adverse impacts is to be determined in consultation with the affected stakeholders, and may consist of financial or non-financial compensation, reinstatement, public apologies, restitution, rehabilitation or contribution to an investigation. The company must also give guarantees of non-performance. A company’s proposal for remediation must not be to the exclusion of judicial remedies. Nor shall ongoing proceedings before a company’s grievance mechanism impede victims’ access to the courts. Decisions resulting from an internal grievance mechanism shall be duly considered by courts, but shall not be binding on them.
What Liability for a Company’s Non-Compliance with its Due Diligence Obligations, or Adverse Impacts?
Under the Recommendations, enforcement of the proposed framework will operate at a national level, with Member States responsible for investigating and sanctioning a company’s non-compliance with its due diligence obligations.
If the failure to comply could lead to irreparable harm, the adoption of interim measures by the company concerned or the temporary suspension of activities may be ordered. In the case of companies governed by the law of a non-Member State, the temporary suspension of activities may imply a ban on operating in the EU internal market.
The Recommendations stipulate that sanctions for non-compliance must be effective, proportionate and dissuasive, taking into account the severity of the infringement. They may include, for example: fines; exclusion from public procurement, State aid or public support schemes, including schemes relying on Export Credit Agencies and loans; seizure of commodities; or any other appropriate administrative penalty.
Under the Recommendations, the fact that a company abides by its due diligence obligations shall not absolve the company of civil liability for harm arising out of potential or actual adverse impacts that the company, or any entity under the company’s control, has “caused or contributed to” by acts or omissions.
The Recommendations suggest, however, that having a “robust and adequate” due diligence process in place “may help” companies to avoid a finding that they have caused or contributed to harm (without specifying whether a failure to conduct due diligence shall be tantamount to such a finding).
Thus, it shall be a defense to a civil liability claim if the company can demonstrate that it acted with due care and took all reasonable preventative measures.
The Resolution (including its Recommendations) was adopted by a clear majority of Members of the European Parliament. While not binding on the Commission, it provides a strong indication as to the substance of the Commission’s legislative proposal, which is expected as early as June 2021. The Directive, as finally adopted, must then be transposed into national legislation before it becomes binding on companies.