On 23 February, the European Commission published its long-awaited proposal for EU-wide legislation on sustainable corporate governance – the Corporate Sustainability Due Diligence Directive (CSDDD). The proposal is the latest initiative in the Commission’s strategic policy agenda to become the global flag-bearer of stakeholder capitalism, using the regulatory means at its disposal to correct market forces, which in the Commission’s eyes incentivise “short-termist” behaviour prioritising shareholder value over the impact of businesses on the environment and society.
The objective of the CSDDD is twofold:
- Holding companies accountable for human rights and environmental standards in their supply chain through mandatory supervision and accountability mechanisms (“due diligence”)
- Introducing directors’ duties of care for developing and enforcing these due diligence strategies
Who is Covered by the Proposal
The scope covers businesses with their legal incorporation both inside and outside the EU, but with a gradation in compliance requirements:
“Large” companies enjoy facilities for “limited” compliance, i.e., they benefit from reduced obligations. The Directive is only applicable if they are active in sectors with a high structural risk of human rights and/or environmental violations in their supply chains, as identified by the OECD:
- Textiles, garments, footwear production and wholesale
- Agriculture, forestry, fisheries, food manufacturing and agricultural/forestry commodity wholesale
- Extractive industries
- Basic and fabricated metal products (excluding machinery and equipment)
- Basic intermediary products, e.g., chemicals, refining and constructions products
Their due diligence obligations cover only the identification of severe impacts of their business in these high-risk sectors.
Financial institutions also enjoy facilities. They must only vet their clients at the conclusion of contracts for fulfilling their due diligence obligations but are not primary addressees of the Directive on their own.
What are the Diligence Obligations?
The due diligence obligations cover the companies themselves, their subsidiaries and direct and indirect “established business relationships,” as judged by duration and/or intensity. They cover companies in all parts of the product lifecycle – from raw materials sourcing, over design and production, to distribution and disposal.
The creation of formal policy and risk management processes: Businesses must describe and integrate a due diligence policy in their internal processes, establish a Code of Conduct and establish oversight and enforcement mechanisms of this Code of Conduct.
Risk mapping and identification: They must scrutinise their business relationships as outlined for any actual and potential adverse human rights and environmental impacts. An annexe to the CSDDD establishes the materiality which is a total of 55 existing international or European treaties, laws and conventions, e.g., the UN Child Labour Convention, the UN Declaration on the Rights of Indigenous People, the UN Biodiversity Convention, the Basel Convention on cross-border hazardous waste shipments, etc.
Risk prevention and correction: Where risks have been identified – or they have materialised – businesses must take measures to either prevent, remediate, contain or eliminate. They must adopt prevention action plans, must take all “appropriate” measures to neutralise risks, strive towards contractual assurances by their vendors to act on the risks, or use their purchasing power to nudge vendors into compliance. Where Member State law allows, they may be required to terminate their business relationship.
The effectiveness of the measures must be reviewed periodically.
Grievance mechanisms: Businesses must allow individuals or collective organisations such as NGOs to raise complaints, which must then be investigated.
Public disclosure: The relevant policies must be disclosed. This includes companies which are not already covered by the Non-Financial Reporting Directive (future Corporate Sustainability Reporting Directive).
The Commission may issue guidance documents in the future to help companies comply with these requirements. This includes model contractual clauses, which may be used vis-a-vis business partners in ensuring that risks are being acted upon. Companies may also develop voluntary best-practice schemes or enter into industry-level schemes if it helps them fulfil their obligations under the CSDDD.
What are the Roles of Corporate Boards?
Boards of directors and supervisory boards or, where such boards do not exist, functionally equivalent persons, are subject to new duties of care. They must ensure that the due diligence mechanisms are actually being developed, integrated into corporate strategy and followed. In the future, it will be their duty as a company executive that the relevant processes and policies are in place, and that their company follows the CSDDD rules.
Member States must also amend their company laws in a way that directors “take into account” the impact of their actions on human rights, the climate and the environment. Filling this provision with life will be up to the legal order of Member States. One particular standout issue is the obligation that all “very large” companies covered by this Directive adopt a mandatory strategy to reach the 1.5 °C target of the Paris Climate Agreement.
What About Liability
Member States must designate an authority to oversee companies’ compliance with the CSDDD – to this end, non-EU companies must equally designate a legal representative in the EU. The authorities will supervise the CSDDD’s application and investigate suspected breaches, which can be sanctioned by fines.
Companies face administrative liability (fines) if they fail to abide by the mandatory due diligence procedures outlined above.
Member States must also adapt their legal orders and allow for civil liability where this is not yet in place, so that victims of human rights breaches or environmental incidents may hold companies liable for damages, which could have been prevented if due diligence procedures had been followed. Notably, this includes incidents which occur in third countries (i.e., outside the EU’s own jurisdiction).
What is Missing in the CSDDD? And What Will Happen Next?
The proposal presented is greatly reduced as per the Commission’s original intention in light of numerous legal obstacles that were encountered in the drafting process. With the exception of the remaining Paris Climate Agreement strategy, corporate boards are no longer obliged to set themselves material targets such as biodiversity, deforestation or the circular economy.
Instead, corporate boards’ responsibilities are now largely procedural, making sure that processes rather than substantive materiality are followed.
A “product withdrawal mechanism” for products made with forced labour was cleaved out of the CSDDD but will follow in a separate legislative proposal in the second half of 2022.
The proposal will now enter the European Parliament and Council of the EU for the law-making process. In the Parliament, the Social Democrat and Green groups are fighting for the leadership on this file and have previously expressed that they would like to beef up corporate obligations, particularly on the directors’ duties. In the Council, a core coalition around Sweden, Denmark and Finland opposes directors’ duties as regulatory overreach. Members of the Parliament have also expressed dismay at the calculation criteria for “very large” and “large” companies, so they may alter these thresholds.
Once adopted, the CSDDD will enter into a transition period of two years for “very large” companies, and four years for “large” companies. During this time, Member States are required to adopt their relevant company laws.