What is the European Corporate Sustainability Due Diligence Directive?

At a glance: 

• The Corporate Sustainability Due Diligence Directive (CSDDD) is a major piece of EU legislation that will require EU and non-EU companies to conduct environmental and human rights due diligence across their operations, subsidiaries and value chains.
• Under the proposed rules, companies will need to identify potential and real adverse environmental and human rights impacts arising from their own operations, subsidiaries and business relationships. Companies must take measures to prevent or mitigate any potential impacts they identify, as well as end or minimise any real impacts. If companies fail to comply and damage occurs as a result, they may be held liable and face financial penalties.
• The CSDDD will also be the first piece of EU legislation that will mandate companies to adopt a climate transition plan. The requirements are expected to dovetail with the EU’s CSRD and accompanying standards.
• EU lawmakers are currently negotiating the final text of the CSDDD in trilogues and are expected to reach agreement in early 2024. Although we are waiting for clarification on certain areas of the Directive, companies can start to prepare their regulatory responses by taking some ‘no regrets’ actions to accelerate their preparations. These include mapping existing due diligence policies, plotting out the value chain and identifying business partners.
• In this article, we answer important questions on the CSDDD’s scope, compliance deadlines and requirements for companies before then shedding light on key areas currently being negotiated by EU lawmakers. We conclude by recommending immediate actions companies can take.

This article is relevant to practitioners operating within companies’ supply chain management and procurement, sustainability office, compliance office and legal office.

In February 2022, the European Commission published a legislative proposal for a new Corporate Sustainability Due Diligence Directive (CSDDD). The CSDDD aims to reduce the risk of adverse human rights and environmental impacts arising within global value chains by setting out new requirements around how companies must conduct due diligence across their operations and value chains.

Under the proposed rules, companies will need to identify potential and real adverse human rights and environmental impacts connected to their own operations, subsidiaries and business partners operating within their value chain. If real and/or potential impacts are identified, companies must take measures to prevent or mitigate potential impacts, as well as end or minimise real impacts. Due to the new rules’ extraterritorial nature, coupled with ongoing supply chain disruptions, the compliance challenge is likely to be significant for companies within scope of the CSDDD.

With time running out before the EU elections in 2024, EU lawmakers started to negotiate the final text of the CSDDD in the trilogue process at the beginning of summer. We anticipate that a formal deal could be agreed at the beginning of 2024 and, as a result, the CSDDD could enter into force in the first half of 2024. Member States would then have two years to transpose the Directive into national legislation, before then applying it to the largest companies from as soon as 2027. Although 2027 may seem some way off, companies should start their implementation planning very soon – if they have not done so already – to ensure they have sufficient time and resource to comply with the requirements and navigate new and complex risks that will arise as a result of the Directive.

Which companies will be affected by the CSDDD? 

The CSDDD will directly apply to EU companies and non-EU companies operating in the EU internal market that meet certain employee and turnover thresholds. The exact thresholds - and therefore final scope of the Directive – are currently being decided between the European Commission, European Parliament and Council in trilogues. From comparing the Commission’s proposed scope with the Parliament and Council’s amended scopes (see Table 1), however, we can see that the new rules will likely apply to large EU companies (those with a net global turnover of over €150m and more than 500 employees) and large non-EU companies (those with an EU-wide revenue of over €150m).

The definition of the second group of companies is not as clear, but EU companies operating within textiles, agriculture, extraction and manufacturing and having a net global turnover over €40m and over 250 employees should expect to have to comply with the Directive. This also applies to non-EU companies operating within textiles, agriculture, extraction and manufacturing and have a net EU-wide turnover over €40m.

Table 1: Comparison of the European Commission’s proposed scope of the CSDDD with the European Parliament and Council’s suggested changes. Turnover is for the last financial year.

*The Council has proposed that companies must meet the criteria for two consecutive financial years to be within scope.

** High impact sectors relate to textile manufacture and wholesale; agriculture, forestry, fisheries and food product manufacture and wholesale; and extraction and wholesale of mineral resources, and manufacture of metal and non-metal products.

When will the CSDDD apply?

The European Commission, European Parliament and Council are currently determining the compliance deadlines for companies. From examining the European Commission’s legislative proposal with the European Parliament and Council’s positions, the rules will apply on a phased approach dependent on the size of the company. We expect that the largest EU companies (those with over 1000 employees and global net €150m revenue) and non-EU companies (those with EU-wide revenue of €150m) will need to meet the new requirements by 2027. All companies within scope of the Directive should prepare to meet the requirements by 2029.

What will the CSDDD require companies to do?

Although the CSDDD is not yet final, there are several areas of the CSDDD that are unlikely to change significantly. Companies can therefore be expected to have to meet the following requirements: 

Due diligence steps

Under the proposed rules, companies will be required to identify and address potential and actual adverse human rights and environmental impacts across their own operations, subsidiaries and value chain. To do this, the Directive requires companies to follow six specific steps, which mirror the steps defined by the OECD Due Diligence Guidance for Responsible Business Conduct: 

As part of the measures contained in step three to prevent potential adverse impacts and end real adverse impacts, in-scope companies will need to verify that their direct and indirect business partners are complying with the steps and actions in their contractual assurances. Companies may choose an independent third-party or an industry initiative to carry out the verification. 

If companies identify potential and/or real adverse impacts in their value chain, the new rules encourage companies to engage with their value chain to prevent and mitigate potential adverse impacts and/or minimise and end the real adverse impacts. Companies are discouraged from terminating business relationships when adverse impacts materialise, unless it is only temporary or it is ultimately a last resort.   

Civil liability and pecuniary sanctions 

Under the proposed rules, companies will be liable for damages if they failed to prevent potential adverse impacts and/or end real adverse impacts, and an adverse impact occurred as a result, which then led to damage. Affected persons will be able to bring forward action and can claim compensation.

The Directive will also require Member States to designate national supervisors to ensure proper enforcement and to monitor the correct implementation of the rules. The supervisors will be able to investigate and, if required, sanction infringing companies. Sanctions will be ‘effective, proportionate and dissuasive’ and based on a company’s turnover. 

Climate transition planning 

The CSDDD is also the first piece of EU legislation that mandates companies to adopt a climate transition plan. Under the proposed rules, the largest in-scope companies would need to adopt a plan that ensures their business models and strategies are aligned with limiting global warming to 1.5C, in turn forcing them to devise and implement key changes to the way they operate. It is expected that the requirements will dovetail with the transition planning requirements contained within the CSRD to maximise regulatory consistency.  

Which areas of the CSDDD are currently under negotiation?  

The European Commission, European Parliament and the Council are currently negotiating the final text of the CSDDD. Although the three institutions are aligned on the key elements of the Directive, there are considerable gaps on certain positions of the text, with the European Parliament pushing for tougher approaches on the scope, extent of the due diligence and civil liability. Trilogues are therefore expected to be contentious, and a formal deal is not expected until early next year. Once EU lawmakers have published the final text, we will have definitive details of the following: 

1. Scope and timing: EU lawmakers will determine exactly which companies must comply with the rules and by when. This includes whether financial services will fall within the final scope and, if so, how the sector would need to apply the rules. The decision will iron out considerable uncertainty, but if agreed, will require financial services firms to navigate a complex compliance challenge. In particular, firms will need to overcome considerable practical obstacles when applying the rules to downstream value chains and addressing heightened litigation risks. 

2. Extent of the due diligence: There will be clarification on which downstream and upstream activities within a company’s value chain will need to be included within a company’s due diligence. EU lawmakers will also decide whether companies will be required to remediate real adverse impacts, such as via compensation, rehabilitation and reinstatement, and whether companies will need to engage and consult with stakeholders affected by impacts. The outcome will therefore significantly determine the scale and complexity of companies’ regulatory responses as well as the consequent implications on corporate strategy. 

3. Role of parent company: Parent companies will understand whether they can fulfil the requirements on behalf of a subsidiary. The outcome will affect how parent companies prepare for the new requirements and dedicate sufficient resource to coordinate regulatory action and streamline multiple regulatory responses. 

4. Third-party verification: Companies will know whether they can choose to use third party verification to validate their compliance with all six due diligence steps set out in the Directive, or alternatively decide not to verify their compliance. If companies choose to, it will build on the existing requirement for companies to provide verification that their business partners are complying with their respective responsibilities. There will also be clarification on whether the independent third-party must be a statutory auditor, accredited auditor or an independent assurance services provider, and whether the Commission will publish additional legal detail on the minimum standards required for verification. 

5. Civil liability: EU lawmakers will decide if civil society as well as trade unions and Ombudsmen can initiate civil proceedings on behalf of a victim, and whether companies may be liable for damage caused by the activities of business partners. The outcome will likely drastically influence companies’ exposure to new and complicated legal risks. 

6. Climate transition planning: There will be clarification on whether all in-scope companies must adopt and implement a transition plan. If agreed, smaller companies currently not subject to other transition planning requirements will need to rapidly develop their understanding of what a credible and actionable transition plan looks like. EU lawmakers will also conclude whether Directors’ variable remuneration will need to be linked to companies’ transition plans if the company has over 1000 employees. If included in the final text, the decision will push these companies to understand how remuneration can really incentivise behaviour and help the organisation meet its sustainability objectives. 

7. Corporate governance: EU lawmakers will also decide whether to explicitly make directors responsible for setting up and overseeing the due diligence, or possibly provide Member States with the option to regulate this through national provisions. Regardless of the outcome, however, directors should consider how the CSDDD will affect their roles and responsibilities, and how to ensure accountability and drive wider organisational awareness of environmental and human rights due diligence. 

What can companies do now? 

The compliance challenge for companies within scope of the CSDDD is significant, especially for those large companies with extensive, multi-national value chain that span multiple countries. As a result, the 2027 implementation date is relatively tight. Companies should therefore start to prepare their regulatory responses, if they have not already done so. 

Although the CSDDD is not yet final and we are currently waiting for EU lawmakers to provide clarification on certain areas of the Directive, the key elements of the Directive are in place and unlikely to change. Companies can therefore start their preparation by taking some ‘no regrets’ actions without delay. These include mapping existing due diligence policies and processes, plotting out the value chain, identifying direct and indirect business partners, and identifying any new actual or potential environmental and human rights risks. From this information, companies can begin to create the basis of a gap analysis to determine regulatory readiness and consider what more they need to do and what changes they need to implement. By taking action now, companies can cut through the complexity of compliance and know that this effort will not be wasted.