Corporate Sustainability Due Diligence: A long-awaited proposal revealed

The European Parliament, in its resolution of 10 March 2021, called upon the Commission to propose a new directive on corporate due diligence and corporate accountability in a bid to further embed sustainability into the European Union's corporate governance framework. Unusually, the Parliament's resolution included a draft text of its own which it invited the Commission to adopt as a legislative proposal; the Parliament's draft text was extremely ambitious in terms of its application (including certain small and medium sized enterprises ("SMEs")) and requirements. Following on from this, in April 2021, the European Commissioner for Justice, Didier Reynders confirmed that new legislation would be introduced in 2021 that would require EU companies to carry out human rights and environmental due diligence throughout their value chains. However, the proposal was subject to a series of delays in June, October and December 2021, before it was eventually unveiled last week.

One of the aims of the CSDD is to underpin the Sustainable Finance Disclosure Regulation (the "SFDR"), that requires financial market participants and financial advisers to publish, among other things, a statement on their due diligence policies with respect to principal adverse impacts of their investment decisions on sustainability factors on a comply or explain basis. Together with the Taxonomy Regulation (a transparency tool that facilitates decisions on investment in order to tackle greenwashing), the SFDR and the CSDD seek to form a package of complementary measures designed to help improve the flow of capital towards sustainable activities. While any increase in corporate reporting will be welcomed by asset managers who are themselves required to report under the SFDR and Taxonomy Regulations, as we discuss below, the CSDD's narrowly drawn scope is likely to bring limited benefits to this group of entities.

The Commission also considers that the CSDD complements its recent proposal on Corporate Sustainability Reporting ("CSRD") which would amend and enlarge the scope of the Non-financial Reporting Directive ("NFRD"). Although it is the case that most companies within the scope of the CSDD would be required to report sustainability under the CSRD, the two proposals have different scope thresholds, leading many to question why the scopes were not aligned.

The CSDD will apply to any of the following companies:

1. Companies based in the EU with more than 500 employees and a net worldwide turnover of more than EUR 150 million in the last financial year.
2. Companies based in the EU with more than 250 employees and a net worldwide turnover of more than EUR 40 million in the last financial year, provided at least 50% of this turnover is generated in one of the following high-risk sectors:
   1. 1. the manufacture and / or wholesale of textiles, leather and related products (including footwear);
      2. agriculture, forestry, fisheries (including aquaculture), the manufacture of food products, and the wholesale trade of agricultural raw materials, live animals, wood, food, and beverages; or
      3. the extraction of mineral resources regardless from where they are extracted (including crude petroleum, natural gas, coal, lignite, metals and metal ores, as well as all other, non-metallic minerals and quarry products), the manufacture of basic metal products, other non-metallic mineral products and fabricated metal products (except machinery and equipment), and the wholesale trade of mineral resources, basic and intermediate mineral products (including metals and metal ores, construction materials, fuels, chemicals and other intermediate products),
         
         (together, the "High-Risk Sectors").
3. Companies based outside the EU with a turnover generated in the EU of more than EUR 150 million.
4. Companies based outside the EU with a turnover generated in the EU of more than EUR 40 million, provided at least 50% of its net worldwide turnover is generated in a High-Risk Sector.

It is worth noting that the definition of "company" also covers regulated financial undertakings regardless of their form, including investment firms and asset managers. The CSDD could be quite burdensome for asset managers considering that the operations of covered organisations' subsidiaries must also be diligenced.

The European Commission has estimated that the CSDD will cover 13,000 EU companies and around 4,000 third country companies. While SMEs are not directly in scope, they will be impacted by the CSDD to the extent that they operate within the value chains of any company in scope. This limited primary scope is in contrast to the European Parliament's initially proposed text which would have covered all large as well as listed companies - an estimated 50,000 companies in the EU.

Companies within the scope of the CSDD would need to implement a number of specific human rights and environmental due diligence measures. 

• Integrate: Article 5 states that covered companies shall integrate due diligence into their corporate policies and implement a due diligence policy. The due diligence policy would need to contain a description of the company's approach to due diligence, a code of conduct and a description of the processes put in place to implement due diligence. This latter obligation is to be extended to the company's "established business relationships". This new concept, seemingly borrowed from the French national law on a duty of vigilance, covers direct or indirect lasting relationships (on account of intensity or duration) which do not represent negligible or merely ancillary parts of the value chain. Due diligence must also be integrated into the policies of subsidiaries within a non-EU company's corporate group structure and arguably this imposes, through regulatory means, a form of parent company liability. 
  
  
• Identify: Article 6 states that covered companies shall identify actual and potential adverse human rights impacts and adverse environmental impacts arising from their own operations, subsidiaries and "established business relationships" with their value chains.
  
  
• Prevent: Article 7 states that covered companies shall take appropriate measures to prevent, or where not possible, adequately mitigate potential adverse human rights impacts and adverse environmental impacts that have been, or should have been, identified pursuant to Article 6. Inclusion of the "should have" language implies that companies could be liable for impacts they are not aware of, if they did not adequately (or at all) diligence their operations and value chain.
  
  In addition, Article 15 requires large companies (with turnovers greater than EUR 150 million) to adopt a plan to ensure that the business model and strategy of the company are compatible with the transition to a sustainable economy and with the limiting of global warming to 1.5 °C in line with the Paris Agreement.
  
  
• End and minimise: Article 8 states that covered companies shall take appropriate measures to bring actual adverse impacts that have been, or should have been, identified pursuant to Article 6 to an end. Where the adverse impact cannot be brought to an end, companies will be required to minimise the extent of such an impact.
  
  
• Complaints: Article 9 states that covered companies shall establish a complaints procedure, which allows interested parties that have legitimate concerns regarding actual or potential adverse human rights or environmental impacts to submit complaints to them. Complainants would be allowed to meet with representatives and request a follow-up on the complaint.
  
  
• Monitoring: Article 10 states that covered companies shall ensure that companies carry out periodic assessments of their own operations, their subsidiaries' operations and their value chain's operations to monitor the effectiveness of the identification, prevention, mitigation, bringing to an end and minimisation of the extent of human rights and environmental adverse impacts. Assessments would be carried out at least every 12 months and would feed into the company's due diligence policy.
  
  
• Communication: Article 11 states that covered companies that are not subject to reporting requirements under Articles 19a and 29a of Directive 2013/34/EU¹ report on the matters covered by the CSDD by publishing an annual statement on their website.

National Supervisory Bodies

The Commission envisages that enforcement will be the responsibility of national supervisory bodies who would have the power to carry out investigations, supervise, coordinate, and exchange information. The CSDD provides for a combination of penalties as well as civil liability for a failure to comply with Articles 7 (Prevention) and 8 (End and Minimise). This new two-pronged enforcement regime lies in contrast to existing penalty regimes under the corporate reporting obligation of the UK's Modern Slavery Act, for example, which has been criticised by some for lacking enforcement "teeth".

EU in-scope companies would be supervised by the national authority located in the Member State in which the company has its registered office. Third countries within the scope of the CSDD will be supervised by the authority located in the Member States that they have a branch in. If the third-country company does not have a branch in the EU, or has multiple branches, it will be supervised by the national authority in the Member State in which the company generated most of its net turnover in the Union (Article 17). In addition, a 'European Network of Supervisory Authorities' is proposed in order to facilitate the cooperation and coordination of the various Member States' supervisory authorities (Article 21).

Pecuniary Measures

Where proportionate, the supervisory authority may impose pecuniary sanctions on the non-compliant company based on the company's turnover (Article 20), with Member States themselves laying down the specific amounts of such sanctions and taking necessary measures to ensure they are enforced. Companies may also become liable for damages if they fail to bring to an end or mitigate an actual adverse impact under Articles 7 or 8 of the CSDD, and as a result, this failure causes damage (Article 22).

Director's Duty of Care

The CSDD imposes a duty of care on directors to take into account the consequences of their decisions on human rights, climate change and the environment (Article 25). If a director's remuneration package is linked to their alignment of the company with the company's long-term strategy, a failure to consider these sustainability measures could impact director remuneration. The CSDD would require Member States to integrate these provisions into any existing laws, regulations and administrative provisions regarding breach of directors’ duties.

Whilst the CSDD has been Heralded by the European Commission as "a game-changer" which will "project European values on value chains", and welcomed broadly as a step in the right direction, the proposal has already been criticised by some for not going far enough. For example, the CSDD does not go into great detail on the specific actions that companies will need to undertake to prevent or mitigate adverse impacts that are identified. This could potentially lead to legal uncertainty, which could pose a particular problem from an enforcement perspective if third parties attempt to bring forward damages claims against companies.

Critics have also pointed out that the new rules will only apply to a very small proportion of all EU companies - by contrast, the UK's MSA applies to all organisations providing goods and services companies with a significantly lower turnover threshold of £36M. That said, in practice larger companies will likely look to their suppliers and contractors to help them in discharging their responsibilities and shouldering at least some of the liability risk.  In fact, the CSDD specifically contemplates that companies should obtain "contractual assurances" from business partners and then verify compliance, ensuring that all contractual terms with SMEs are "fair, reasonable and non-discriminatory" (Article 7). 

While it is unclear exactly how these "contractual assurances" will manifest, the Commission has indicated that it intends to publish a set of model clauses to assist companies. There are concerns that sustainability due diligence may become a "box-ticking" exercise in which liability is passed along supply and value chains by companies whose behaviour should be moderated by the CSDD.

A further, important criticism of the CSDD is around the concept of "established business relationships". It is feared that this may encourage "supplier shopping" in order to avoid having to enter into and therefore diligence supplier relationships, and further that human rights and environmental impacts should be identified and managed regardless of where occurring within a supply chain. In response to this criticism, the EU Commission suggests that the due diligence obligation also extends to information on impacts that is uncovered by companies outside of established business relationships, but that position is not clearly supported by the text as presently drafted.

The CSDD will now be negotiated with the European Parliament and the European Council (made up of the Heads of the EU's 27 member states), with changes likely during this process. There remains mounting pressure on both the European Parliament and the European Council to harmonise a growing number of national human rights and due diligence laws (such as the German law on Corporate Due Diligence in Supply Chains and the French Duty of Vigilance Law) to ensure better alignment across the European Union. The Commission has an ambitious timetable for approval of the draft by the co-legislators, with approval even possible before the end of 2022.

Member States will have two years after the entry into force of the directive (four years for smaller organisations) to transpose the necessary rules into national law. Depending on how quickly the text progresses through the legislative process, we expect that the due diligence obligations will only begin to apply from 2025 or quite possibly later. 

Business organisations and NGOs have already been heavily engaged in the CSDD's numerous consultation processes, and ensuring that the rules meet their target while remaining proportionate for smaller businesses will be a key consideration in future negotiations.

^{1 Directive 2013/34/EU of the European Parliament and of the Council of 26 June 2013 on the annual financial statements, consolidated financial statements and related reports of certain types of undertakings - OJ L 182 - available here.}