Global ESG regulation is set to make a leap with new requirements for private businesses to report on and prevent adverse impacts on climate, the environment and human rights. We summarise three key regulatory developments that should be on the agenda for large companies.
- CSDDD: The European Commission adopted its proposal for the Corporate Sustainability Due Diligence Directive1 on 23 February 2022. The CSDDD is an important component of the European Green Deal, 2 as well as a long promised initiative in the EU's human rights strategy,3 and will necessitate strategic and operational changes by businesses globally.
- CSRD: Earlier elements of the European Green Deal focused on disclosure: in particular, under the Sustainable Finance Disclosure Regulation, the Taxonomy Regulation and, most recently, the Corporate Sustainability Reporting Directive which has received provisional political agreement and is expected to complete the final stages of formal approval by the Council and European Parliament shortly. The CSRD will update and reinforce the EU's Non-Financial Reporting Directive,4 and operate in tandem with the CSDDD. Member States are required to implement the CSRD, and its obligations will start to apply as of 1 January 2024.
- SEC: Meanwhile across the Atlantic on March 21, 2022, the U.S. Securities Exchange Commission (SEC) proposed rules to require climate change disclosure in the annual reports and registration statements of public companies registered with the SEC, including any company (domestic or foreign) whose stock is listed on a U.S. stock exchange. The SEC proposal on climate disclosure rules was long awaited, but comes amidst deep disagreement on the role of the SEC in this area. The SEC recently closed the public comment period on the proposal and must review and respond to comments before issuing any final rules. Litigation challenging the SEC's authority is likely if the proposed rules are adopted, including arguments based on the "major questions doctrine," as recently seen in West Virginia v. EPA.5
The CSDDD, once adopted, will necessitate a paradigm shift for global business. It will lay down obligations for large companies that are impacted by it (i) to carry out due diligence to identify and address human rights and environmental adverse impacts included in a list of international conventions annexed to the CSDDD6 and (ii) to produce climate plans.7 The CSDDD will also (iii) introduce specific duties for directors regarding sustainability, obliging directors to consider their company's short, medium and long term environmental impacts and human rights impacts and (iv) impose sanctions on companies for failure to comply, and civil liability for violations of certain due diligence obligations which lead to adverse human rights or environmental impacts.8
The CSDDD applies to
- EU companies with more than 500 employees and more than EUR 150 million global turnover, and
- Companies in third countries with more than EUR 150 million of turnover in the EU (for both EU companies and third country companies, lower thresholds apply to businesses in certain "high impact" i.e. higher risk sectors including those related to textiles, agriculture, food, metal, sand mineral extraction.)9
Significantly, 'company' is defined to include corporates, banks, asset managers, funds and partnerships.10 These 'companies' will have an obligation to impose CSDDD obligations on entities in their 'value chains' with whom they have a direct business relationship through contractual assurances:11
- For corporates, 'value chain' encompasses the activities of third parties involved in the production of goods or the provision of services by the company.
- For banks and other regulated financial undertakings, 'value chain' means clients receiving loans or other financial services.
Under the CSDDD, companies must integrate ESG due diligence into all of their corporate policies, which must be updated annually.12 Companies must identify actual or potential adverse human rights and environmental impacts in their own operations, those of their subsidiaries, and throughout their value chains.13 Identification of these adverse impacts is only the first step: companies would then be obligated to create prevention action plans with clear timelines to prevent or, if prevention is not possible, mitigate, these potential adverse impacts nearer term while working towards prevention.14 In the case of actual impacts identified, companies would be required to take action to end, or if not possible, minimise the extent of the impact.15 Companies in breach of their due diligence obligations under the CSDDD face both financial penalties from regulators across the EU as well as the prospect of civil liability in litigation brought by stakeholders who have been adversely impacted.
The CSDDD as currently proposed does not expressly require companies to conduct due diligence regarding climate change impacts, but large companies must adopt a "Climate Plan" showing that the business model and strategy of the company are compatible with the transition to a sustainable economy and with limiting global warming to 1.5 C in line with the Paris Agreement.
The CSDDD remains subject to approval by the European Parliament and Council, and must then be implemented into national legislation. Both institutions have issued strong support for such legislation, but reflecting the controversy of this proposal to date, further amendments are likely in the adoption process.16 The political will in the European Commission to accelerate the passage of the European Green Deal has increased since the war in Ukraine,17 and there is significant pressure in the EU for stronger rules in the area of corporate sustainability disclosure and due diligence. Obligations could go into effect in 2025/2026 – and will require substantial advance preparation.
The CSRD requires large companies to report on "sustainability matters", but does not itself require the due diligence processes needed to obtain the information to disclose, so it will operate alongside the CSDDD.
The CSRD introduces the majority of new sustainability reporting obligations in a new Article 19a in the Accounting Directive.18 It will require management reports to include: the resilience of the company's business model and strategy to risks related to sustainability matters; plans ensuring compatibility with the Paris Agreement; sustainability targets, progress and processes. Companies will also have to include principal actual or potential adverse impacts in the company's value chain and own operations, as well as the actions taken to prevent, mitigate or remediate these adverse impacts.19 Companies should also report both forward-looking and retrospective information; all information reported must be verifiable.20
Article 19b imposes more granular reporting obligations relating to environmental, social and governance standards, which should be aligned with the information needed by sell side counterparts under the Sustainable Finance Disclosure Regulation ("SFDR") and Taxonomy Regulation ("TR").
It is not yet clear how the disclosure of "sustainability matters" will operate with the SFDR, which requires disclosures from financial market participants on sustainable investments. Together with the TR, these key elements in the reporting aspects of the European Green Deal are intended to create a "consistent and coherent flow of sustainability information throughout the financial value chain."21 The TR itself will be complemented by the European Commission Complementary Climate Delegated Act, which includes, under specific conditions, nuclear and natural gas energy activities in the list of environmentally sustainable economic activities.22
The CSRD amends four existing pieces of legislation and aims to revise and strengthen the Non-Financial Reporting Directive. The CSRD applies more widely than the CSDDD to include large undertakings with EUR 40 million+ turnover, EUR 20 million+ balance sheet and 250+ employees.23 The CSRD also applies to all undertakings listed on EU regulated markets,24 including small and medium-sized enterprises.25
Significantly, EU subsidiaries of a non-EU parent will be exempt from the requirement to prepare sustainability reports if the non-EU parent company prepares consolidated management reports that may be considered equivalent in scope. If the non-EU parent does not produce an equivalent management report on sustainability matters, then in scope EU subsidiaries shall be required to prepare their own reports.26
The CSRD places collective responsibility on the administrative, management and supervisory bodies of a company to ensure that it reports in accordance with EU standards in the required digital format.27 All disclosures made will have to be externally accredited and certified by an independent auditor, to ensure the sustainability information provided by the disclosing companies complies with certification standards that have been adopted by the EU. Pascal Durand, who led negotiations on the CSRD on behalf of the European Parliament, has indicated that it will be open to "new certified players" to carry out this auditing process and not just the traditional 'big four'.28
Like the CSDDD, under the CSRD, Members States may impose pecuniary sanctions on companies for non-compliance.29
The SEC proposal on climate disclosure
The SEC proposal on climate disclosure rules30 as discussed in our client alert was long awaited, but faces deep disagreement on the role of the SEC in this area. Thousands of public comments were submitted to the SEC, many expressing support of the proposal and others asserting legal and policy reasons in opposition. Certain commenters responded that a final rule would implicate the major questions doctrine, an argument that has gained substantial momentum in U.S. administrative law when challenging regulatory action, including in the recent U.S. Supreme Court decision which held that the Environmental Protection Agency (EPA) does not have authority to require "generation shifting" of power generation from coal and natural gas to lower-emitting sources absent "clear congressional authorization."31 The SEC will review comments before issuing any final rules. Implementation of final rules is likely to be delayed as a result of legal challenges to EPA's authority to mandate expansive climate disclosures without clear congressional authorization to do so.
The table below compares some of the key provisions across the CSDDD, the CSRD and the SEC proposal.
As highlighted in the table, the CSDDD represents a paradigm shift in global ESG regulation. By extending to businesses globally – through EU-generated turnover or supply chain cascade – and imposing hard obligations to ultimately prevent both human rights adverse impacts and environmental adverse impacts, we are looking at a new and radical phase in global ESG regulation. This seismic change will be accompanied by new and far reaching disclosure obligations. Companies in scope would be well advised to review their existing strategies, policies and procedures to prepare for these incoming regulations.