Introduction

On February 23, the European Commission (the “Commission”) proposed a Directive1 intended to extend the standards of due diligence performed by large companies with business operations in the European Union (EU) (the “Directive”). The Commission’s goal to mitigate the environmental effects of business is described in the Directive’s preamble as being key to the success of the EU’s burgeoning climate laws2.

If implemented, Relevant Companies (defined below) would be obliged to consider and mitigate adverse effects upon human rights and the environment caused by their (or their subsidiaries’) business operations (“Adverse Effects”). More onerously, Relevant Companies would be obliged to conduct due diligence on third party companies comprising their “Value Chain” (defined below).

The ambitious Directive does not encompass small- and medium-sized businesses (SME) directly, but its extraterritorial applicability and the horizontal value chain due diligence would necessarily impact SMEs contracted by Relevant Companies.

Relevant Companies

The Directive would apply to two types of companies (“Relevant Companies”):

Type 1 – EU Companies: a limited liability company incorporated in an EU member state that:

  1. Has over 500 employees and €150 million turnover.
  2. Has over 250 employees and €40 million turnover and operates in a relevant sector3.

Type 2 – Foreign Companies: a limited liability company incorporated in a third country that:

  1. Has over €150 million turnover in the EU.
  2. Has over €40 million turnover in the EU and operates in a relevant sector4.

The proposals are broad in scope, applicable not only to Relevant Companies, but also to their subsidiaries, and—notably—their Value Chain operations, i.e., those entities with which the Relevant Company has an “established business relationship” (“Value Chain”).

The definition of a business relationship is extensive, comprising any legal entity which performs business operations related to the company’s products and services, or with which the Relevant Company has a commercial agreement, or to which the company provides finance or insurance services. Whether or not the Relevant Company has a business relationship with a third party is to be re-assessed annually5. Similarly broad, the definition of “Value Chain” includes any activities related to the production of the Relevant Company’s goods or provision of its services whether upstream or downstream.

Although the practical applicability of horizontal due diligence is uncertain, existing regimes may provide useful context. The Commission notes in its preface to the Directive that horizontal due diligence is not entirely new, and has already been legislated in some EU states including France and Germany.

Standard of Due Diligence

The Directive contains seven landmark proposals comprising a new extensive due diligence regime. The requisite due diligence ought to extinguish or mitigate both actual and potential Adverse Effects, and requires both internal policy and external publications by the Relevant Companies.

Relevant Companies would have to implement the following due diligence measures:

1. Integrate due diligence into corporate policies. Integration would be evidenced by a “due diligence policy” comprising a description of the company’s approach to due diligence and a code of conduct detailing rules and principles followed by the Relevant Company’s employees and subsidiaries.

2. Identify actual or potential Adverse Effects. It is anticipated that this identification process would be data-led and informed by a required complaints procedure, likely interacting with the Taxonomy and Disclosure regimes in the EU (read more about them in our previous Client Alert). Certain Relevant Companies with revenue below €150 million turnover (Type 1(ii) and Type 2(ii), above) would only be obliged to identify actual or potential adverse impacts that were “severe.”

3. Prevent or mitigate potential Adverse Effects. The obligation would be two-tiered, requiring, in the first instance, prevention of potential Adverse Effects. Only where prevention would not be immediately possible would “mitigation” be an adequate solution. The obligation would likely be onerous, requiring (where relevant) the development of a prevention action plan (detailing timelines and indicators for improvement), the seeking of contractual assurances from Value Chain third parties, and collaboration with other companies and stakeholders.

4. End or minimize existing Adverse Effects. The proposed obligation is broad in scope, applicable to those actual Adverse Effects which have been identified (1, above) as well as to those which ought to have been identified. The obligation would likely be similarly onerous to 3 (above) in requiring an action plan as well as contractual assurances from (and collaboration with) Value Chain third parties. However, the requirement does have more clear defined financial obligations, including damages to affected stakeholders and “where necessary” investment into the management and production infrastructures associated with the Adverse Effects.

5. Implementation of complaints procedure. The envisaged complaints procedure will interact with the other due diligence obligations, and inform the mechanism by which Relevant Companies must identify actual and potential Adverse Effects. The direct procedure must at least afford complaints from (1) persons who are affected by or believe they might be affected by an Adverse Effect, (2) trade unions representing workers in the Value Chain, and (3) civil society organizations related to the Value Chain. The procedure must include consideration and conclusion of the foundations of each complaint.

6. Re-assessment. Periodical re-assessment of the company’s due diligence measures at least every 12 months or where there are reasonable grounds to believe that “significant” new risks of Adverse Effects have arisen.

7. Accountability. Annual publication of a statement describing due diligence efforts and potential and Adverse Effects and actions taken by those. Note that this provision will only apply to Relevant Companies not caught by Directive 2013/34/EU, the scope of which we considered in a previous Client Alert.

Sustainability Compliance

In addition to the above due diligence provisions, the Directive would require most Relevant Companies with revenue over €150 million (Type 1(i) and Type 2(i), above) to adopt a business plan which is compatible with the sustainable economy envisaged by the Paris Agreement; namely, its commitment to limit global warming to 1.5 degrees centigrade. Though currently unclear in detail, it is expected that a compatible plan would specify the company’s emissions objectives and the extent to which climate change is a “risk” for the company’s business operations. The Directive does specify that, for companies using variable remuneration for directors, such sustainability compliance must be “taken into account” when calculating remuneration.

Liability for Delinquency

The Directive proposed mandatory civil liability provisions coordinated by a European Network of Supervisory Authorities, anticipated to be involved with intra-Union data sharing, sanctioning and complaint-handling. Proposed civil penalties include liability in damages for Relevant Companies that fail to identify and prevent potential Adverse Effects, or fail to end or minimize existing Adverse Effects.

Directors would be responsible under the Directive to set up and oversee all of the above due diligence measures and for adapting corporate strategy accordingly. More pointedly, the Directive proposes an additional directors’ duty to take into account the consequences of their decisions upon sustainability matters, human rights and climate change. This would overlap with the duty to act in the best interests of the company, and the likely test for compliance would reference the due diligence measures above.

Existing Framework

The Directive interacts closely with the EU’s climate laws: namely, the Non-Financial Reporting Directive (NFRD), the Corporate Sustainability Reporting Directive, as well as the EU’s general human rights law, and the Taxonomy Regulation.

The due diligence envisaged by the Directive is to be data-driven and will likely be influenced by the emergent disclosure rules under the Sustainable Finance Disclosures Regulation (SFDR) (considered in a previous Client Alert) and environmental metrics in the Taxonomy Regulation.