On 23 February 2022 the European Commission (the “Commission”) published a proposal for a Directive on Corporate Sustainability Due Diligence (the “CSDD proposal”). This long awaited proposal – if adopted unchanged – will require certain (very) large EU and non EU companies to set up mandatory due diligence practices to identify, prevent or mitigate, and ultimately terminate adverse impacts of their corporate activities on human rights and the environment. In addition, this proposal introduces a specific climate change obligation and further specifies a duty of care for directors linked to sustainability matters. The Commission’s proposal thereby aims to foster sustainable and responsible corporate behavior and to anchor human rights and environmental considerations in companies’ operations, value chains and corporate governance.
Background CSDD Proposal
In recent years, there has been increasing attention to the fact that a company, as a participant in society, has its own responsibility to consider its business and its consequences in the light of sustainability and ESG, which stands for environmental, social and governance matters. Following this attention, there is a trend whereby new sector-specific EU-regulations and general mandatory rules increasingly specify how companies should address issues in relation to sustainability, ESG and their activities and what the legal implications are if they fail to do so. Both the European Parliament as well as the European Council have called on the Commission to take regulatory action in this respect. After a long period of research and various initiatives from different angles, the Commission now adopted a concrete proposal.
The CSDD proposal is an important component of the European Green Deal towards a sustainable future. The proposal complements other regulatory initiatives like the Commission’s proposal for a Corporate Sustainability Reporting Directive (the “CSRD proposal“), the Sustainable Finance Disclosure Regulation (“SFDR“) and the Taxonomy regulation. In addition, the CSDD proposal intends to be in line with the UN Guiding Principles (“UNGPs“) and the OECD Guidelines for Multinational Enterprises (“OECD Guidelines“).
Who will need to comply?
The following EU and non-EU companies fall within the scope of the current CSDD proposal:
- EU limited liability companies:
- Group 1: with 500+ employees on average and a net worldwide turnover in excess of EUR 150 million in the last financial year.
- Group 2: not in Group 1 but operating in high-risk sectors, with more than 250 employees and a net worldwide turnover in excess of EUR 40 million in the last financial year, provided that at least 50% of this net turnover was generated in one or more of the high-risk sectors.
- Non-EU limited liability companies active in the EU:
- Group 1: with a net turnover in excess of EUR 150 million in the EU in the financial year preceding the last financial year;
- Group 2: not in Group 1 but with a net turnover in excess of EUR 40 million, but not exceeding EUR 150 million in the EU in the financial year preceding the last financial year, provided that at least 50% of this net worldwide turnover was generated in one or more of the high-risk sectors.
It is estimated that the current CSDD proposal will cover about 13,000 EU companies and 4,000 non-EU companies. Micro companies and SMEs are not directly in the scope of the CSDD proposal, but might be indirectly affected as a result of the actions taken by the bigger companies to comply with the new due diligence requirements.
Obligations and impact CSDD
Mandatory due diligence practices
The mandatory practices as set out in the CSDD proposal should cover six due diligence steps (as earlier defined by the OECD Guidelines) to identify and address adverse human rights and environmental impacts.
- The Annex of the CSDD proposal defines adverse effects as the violation of rights and prohibitions laid down in international human rights conventions (Part I, Section 1), conventions on human rights and fundamental freedoms (Part I, Section 2), and the violation of internationally recognised objectives and prohibitions laid down in environmental conventions (Part II). Specifically, adverse effects can (for example) include human rights issues related to forced labour, child labour, inadequate health and safety in the workplace and worker exploitation, and environmental issues such as greenhouse gas emissions, pollution, or loss of biodiversity and ecosystem degradation.Integrating due diligence into the policies of the company (section 5 CSDD proposal)Companies are required to integrate due diligence into their corporate policies and to establish and annually update a due diligence policy describing a) the company’s approach to due diligence, b) a code of conduct describing the rules and principles of the company and c) the processes put in place to implement due diligence.
- Identifying actual or potential adverse human rights and environmental impacts (section 6 CSDD proposal)Companies must take appropriate measures to identify actual and potential adverse human rights impact and adverse environmental impacts. In order to allow for a comprehensive identification of adverse impacts, such identification should be based on quantitative and qualitative information. As part of the identification process, companies must carry out consultations with potentially affected stakeholders, where relevant.The proposal limits the scope of due diligence that a company is required to undertake to its own operations, subsidiaries, and business partners in an ‘established business relationship’ in its value chain. Established business relationships are direct and indirect business relationships of the company (i) which are lasting (or expected to be) in view of their intensity and duration and (ii) which do not represent a negligible or ancillary part of the value chain. The nature of business relationships as “established” should be reassessed periodically, and at least every 12 months. If the direct business relationship of a company is established, then all linked indirect business relationships should also be considered as established regarding that company.Companies should conduct due diligence in a dynamic way and in regular intervals: (i) prior to a new activity or relationship; (ii) prior to major decisions or changes in the operation; (iii) in response to or in anticipation of changes in the business environment and (iv) periodically, at least every 12 months, throughout the life of an activity or relationship. Regulated financial undertakings providing loan, credit, or other financial services only need to take due diligence measures when they conclude new contracts.
- Preventing, mitigate or end actual and potential adverse human rights and environmental impacts (sections 7 and 8 CSDD proposal)Companies are required to take appropriate measures to prevent or mitigate the identified potential adverse impacts of the identified operations. Such measures may include inter alia the development and implementation of a prevention action plan and the conclusion of contractual assurances from direct business partners for compliance with the company’s due diligence policy with possible contractual cascading in the company’s value chain. This should all be accompanied by compliance verification.In addition, any identified actual adverse impacts must be minimized by, for example, the payment of damages or a corrective action plan.Temporary suspension or permanent termination of a business relationship – as a last resort – may be necessary where an adverse impact is too severe and cannot be ended or adequately mitigated.
- Establishing and maintaining complaints procedures (section 9 CSDD proposal) Implementation of the CSDD proposal obliges companies to set up an adequate complaint procedure. This procedure should allow affected persons and certain trade unions, workers’ representatives and civil society organizations related to the value chain concerned, to submit complaints if they have legitimate concerns regarding actual or potential human rights and environmental adverse impacts within their own, their subsidiaries’ or value chain’s operations.
- Monitoring the effectiveness of the company’s due diligence policies and measures (section 10 CSDD proposal)Companies must conduct periodic assessments of their own operations, subsidiaries and value chains to monitor compliance and effectiveness. Such assessments must be carried out at least once a year and whenever new risks are reasonably identifiable. In addition, companies must update their due diligence policies based on the results of these assessments.
- Publicly communicating on due diligence (section 11 CSDD proposal)Companies will have to communicate annually about the aforementioned. The EU companies will in principle do so via their annual report (in line with their reporting obligations under the Non-Financial Reporting section of the Accounting Directive 2013/34/EU).Companies not covered by the Accounting Directive must post an annual statement on their website. The Commission will issue guidelines in this respect.In order to assist companies or the supervisory authorities, the CSDD proposal allows the Commission to issue guidelines on how companies should fulfil their due diligence obligations. The guidelines may cover specific sectors or specific harmful effects. They may be drawn up in consultation with the European Union Agency for Fundamental Rights, the European Agency or other international bodies, as appropriate.
Combating climate change (section 15 CSDD proposal)
Group 1 EU and non-EU companies operating in the EU will also be required to draft a plan to ensure that their business model and strategy is compatible with limiting global warming to 1.5 °C (in line with the target set under the Paris Agreement). The plan should, in particular, identify the extent to which climate change is a risk for, or an impact of, the company’s operations. If risks are, or should have been, identified, the company must include emission reduction objectives in its plan. The variable remuneration of directors should be linked to the achievement of the plan if ESG aspects are taken into account in the remuneration.
The impact on directors’ duties and corporate strategy (sections 25 and 26 CSDD proposal)
Implementation of the CSDD proposal adds a specific consideration for directors when fulfilling their duty to act in the best interest of the company. Directors must take into account the consequences of their business decision for sustainability matters, including, where applicable, human rights, climate change and environmental consequences in the short-, medium- and long-term. Not taking this specific consideration into account when fulfilling the duty to act in the best interest of the company will have to qualify as a breach of directors’ duties under the laws of the Member States.
In addition, the directors will be responsible for setting up and overseeing the due diligence processes and integrating due diligence into the corporate strategy. Directors should thereby take into account the input of stakeholders and civil society organizations.
Enforcement of CSDD obligations (supervision, sanctions and civil liability for companies)
The CSDD proposal foresees a combination of administrative enforcement and civil liability to monitor and ensure overall compliance.
Member States must designate one or more national authorities for supervision. The Commission will set up a European network of national supervisors for a coordinated approach. According to the CSDD proposal, national authorities should have the power, among other things, to request information, to carry out investigations and to impose administrative orders and sanctions in the event of non-compliance. Administrative sanctions should be effective, proportionate and dissuasive. Supervisors should take into account the efforts of a company to comply.
The proposal foresees civil liability for companies. The CSDD proposal requires Member States to establish a civil liability regime for companies for damage suffered by victims due to a company’s failure to exercise due diligence and take appropriate measures to end identified adverse impacts. EU Member States must ensure that the civil regime for the liability of companies has an overriding mandatory application, so that civil liability cannot be denied on the sole ground that the law applicable to such claims is not the law of a Member State. The CSDD proposal furthermore contains certain limitations on liability, intended to ensure proportionality for the companies covered.
Responses to the CSDD proposal
Although many approve the intention of the CSDD proposal, the proposal has been received somewhat critically. The current proposal is less far-reaching than the earlier proposed resolution of the European Parliament and the intentions of the Dutch government to further regulate corporate social responsibility.
One of the frequently heard critiques is that the CSDD proposal is not sufficiently aligned with the existing international due diligence framework, including the OECD guidelines and the UNGPs. For instance, it is argued that the concept of direct and indirect ‘established business relationships’ limits the due diligence obligations for companies in the value chains. The Dutch cabinet endorses this criticism.
Another point of criticism concerns the scope of the CSDD proposal: the fact that the proposal only applies to certain (very) large companies would have too little impact. The Dutch government for instance proposes to align with the scope of the CSRD proposal (extending the application to large companies, listed SMEs and high-risk SMEs) while others propose to broaden the scope to all companies.
There is also much discussion about the legal liability regime and the duty of care for directors. Some parties believe that the thresholds for liability and remedies for victims are still far too high. Others feel that the new duty of care for directors and the liability regime for companies are too vague and will be too burdensome.
The adoption of the CSDD proposal is the start of a legislative procedure under European law. The CSDD proposal will now be discussed, and possibly amended, by the European Parliament and the Council. Once adopted, EU Member States will have two years to transpose the Directive into their national legislation. The obligations for Group 2 EU and non-EU companies will start to apply two years later than for group 1 EU and non-EU companies.
In the coming period, many parties in the EU – including the Dutch government – will focus on adapting specific parts of the CSDD proposal to their wishes.
The Commission has opened a platform for stakeholders to provide feedback on the CSDD proposal. The portal is up until May 23, 2022.