CSDDD Unpacked: Steering Corporations Towards Sustainable Practices
This briefing is the first in a series on the Corporate Sustainability Due Diligence Directive (CSDDD) that BLOMSTEIN will be publishing over the coming weeks. We will address the key aspects that (in)directly affect businesses both within and outside the EU, explore its interplay with the existing legislation in Germany (LkSG) and examine interactions with other acts recently adopted EU legislation (e.g., EUDR and CSRD) which partially set overlapping obligations.
Scope of the Directive
On 24 April 2024, the European Parliament approved the Corporate Sustainability Due Diligence Directive (CSDDD or Directive), an important part of the European Green Deal package. Following intense discussions, the endorsement was contentious, with significant doubts about its adoption, as evidenced by the 235 dissenting votes against the 374 votes in favour—a rejection rate of nearly 40%.
This legislation requires larger companies doing business in the EU to conduct extensive due diligence on the environmental and human rights impacts of their operations throughout their entire value chain, both within and outside the European territory. Drawing inspiration from the German Supply Chain Due Diligence Act (LkSG) (see our briefings from 14 and 18 November 2022), the CSDDD sets a new benchmark for corporate social and environmental responsibility in Europe.
The impact of this act will be far-reaching, affecting not only EU and non-EU companies directly required to comply, but also their subsidiaries and business partners around the world, including contractors and subcontractors.
The CSDDD applies to a certain range of companies doing business in the EU, whether established inside or outside the EU. After a transitional period of 5 years, the Directive will apply to the following companies:
For EU companies, the Directive applies to those that meet both of the following criteria: (1) more than 1000 employees on average, and (2) a net worldwide turnover exceeding EUR 450 million in each of the last two financial years. With regard to the employee threshold, temporary agency workers, seasonal workers and other non-standard forms of employment should be included in the count, where appropriate on a pro rata basis
For non-EU Companies, the Directive applies if the net turnover generated within the EU exceeds EUR 450 million in each of the two financial years preceding the last financial year.
Ultimate Parent Companies that do not meet the above thresholds fall within the scope of the Directive if the economic group meets the thresholds on a consolidated basis. In this case, the parent company may generally fulfil the obligations on behalf of subsidiaries also falling within the scope of this Directive, provided that this ensures effective compliance.
Companies using franchising or licensing models that rely on common business identity, concept and methods are also covered if their royalty income exceeds EUR 22.5 million and they have generated a net turnover of over EUR 80 million worldwide (when EU companies) or within the EU (when non-EU companies).
Although SMEs are not included in the scope, they could be impacted by its provisions as contractors or subcontractors of companies that are.
What is Expected of Companies?
The Directive outlines essential steps for companies to incorporate due diligence into their operational and strategic plans. This includes identifying, prioritizing when necessary, preventing, and mitigating any adverse human rights and the environment impacts associated with their own operations, as well as those of their subsidiaries and business partners throughout their value chains.
Of particular relevance, ‘value chain’ includes the activities of a company’s upstream business partners, as well as those involved downstream in the distribution, transportation and storage of products for or on behalf of the company. While indirect upstream business activities are included, downstream activities that are only indirectly related to the company are not covered.
The due diligence process should consist of the following actions:
Integrating due diligence into company policies: have in place an internal policy that ensures a risk-based due diligence structure that is properly integrated into all relevant policies and risk management systems.
Identifying and assessing actual and potential adverse impacts: ensure that measures are in place to identify and assess actual and potential adverse impacts arising from their own operations, those of their subsidiaries (including those established on non-EU countries), and, where related to their chains of activities, those of their business partners. When many adverse impacts are identified, companies may also need to prioritise.
Preventing and mitigating potential adverse impacts: prevent, and where prevention is not possible, mitigate potential adverse impacts. Prevention can be achieved, for example, through action plans (including in collaboration with industry or multi-stakeholder initiatives), seeking contractual assurances from direct business parties, providing support for business partners in the form of capacity building and financial support, and, as a last resort, refraining from entering into new or expanding existing relations with high-risk business partners.
Ending, minimizing, and providing remediation to actual adverse impacts: bring impacts to an end or minimize their extent. This applies irrespective of whether the impact is caused only by the company, subsidiary, or business partners, alone or jointly, through acts or omissions. When the adverse impact is solely attributed to a business partner, the company may consider offering voluntary remediation or using its influence to ensure the business partner undertakes appropriate remedial actions.
Effective Engagement with Stakeholders: actively engage with stakeholders at all stages of the due diligence process, in particular to gather the information necessary to identify actual or potential adverse impacts, to develop prevention and corrective action plans, or in the process leading to termination or suspension of a high-risk relationship.
Complaints Procedures: establish a complaints mechanism that allows individuals or organizations to address actual or potential adverse impacts throughout the value chain on a confidential or anonymous basis. Collaborative complaints' procedures and notification mechanisms are allowed, including those established jointly by companies, through industry associations, multi-stakeholder initiatives or global frameworks.
Climate Change Mitigation Plan: set up a climate change mitigation plan consistent with the transition to a sustainable economy and climate neutrality. The plan should contain time-bound goals set from 2030 up to 2050, with the definition of key actions planned to reach the targets and quantified investments.
Monitoring and Reporting: monitor due diligence system at least once a year and publish the reports on their website. The reporting obligation does not apply to companies already subject to sustainability reporting requirement or exempted under the Corporate Sustainability Reporting Directive – CSRD (2022/2464).
Companies may join industry and multi-stakeholder initiatives to help them meet their obligations. They can use risk analysis from these groups and collaborate on effective measures. It's important for companies to monitor the effectiveness of these activities and continue to take appropriate actions tailored to their needs.
Which Human Rights and Environmental Aspects Should be Addressed?
The Directive provides valuable insights into the scope of human rights and the environment considerations.
Concerning human rights, the Directive covers a wide range of rights and prohibitions set out in international human rights treaties. This includes a particular focus on labour-related rights, such as ensuring fair working conditions, fair and adequate living wages, equal treatment in employment (including the prohibition of unequal pay and discrimination based on social origin, race, colour, sex, religion or political opinion), access to adequate housing for workers, the freedom of assembly and association (including the right to join trade unions, engage in strikes, and participate in collective bargaining), as well as full compliance with the prohibitions against torture, degrading treatment, child labour, forced labour, slavery, and slave-trade, among others.
Environmental due diligence should cover the responsible use and disposal of substances such as mercury, hazardous chemicals like asbestos and substances that contribute to the depletion of the ozone layer, such as chlorofluorocarbons (CFCs). It also includes compliance with regulations on the import/export of hazardous waste and measures to prevent pollution from ships.
What Happens if Companies don’t Comply?
The CSDD sets out clear and mensurable consequences for companies which fail to comply.
Civil Liability: the Directives sets general rules on civil liability and limitation periods to ensure that companies are held accountable when they intentionally or negligently fail to comply with provisions that protect natural or legal persons and consequently cause them damage. If the damage is caused jointly by the company and its subsidiary, direct or indirect business partner, the parties involved are jointly and severally liable.
Administrative Fines: national supervisory authorities will be empowered to set fines that are proportionate to the seriousness of the infringement, with a minimum of 5% of the company’s worldwide turnover.
Exclusion from Public Procurement Procedures: compliance with the obligations of the Directive may be one of the award criteria for public and concession contracts.
Next Steps Towards Enforcement
The CSDDD is now approaching its final stages before it enter into force. It still needs to be formally adopted by the EU Council, which is expected to take place in May. Once adopted, Member States will have two years to transpose the Directive into national law and put in place all necessary regulations and administrative measures to ensure proper enforcement. For companies, the implementation of the Directive’s provisions will be phased in over a five-year period, with larger companies subject to a more stricter compliance timetable:
Key Takeaways
The CSDDD represents a significant step forward in the EU's commitment to sustainability driven corporate governance. The extensive obligations set forth by the Directive require companies to develop comprehensive due diligence programmes that are fully integrated across their value chains. This means that despite the 3 to 5 years implementation period, particularly for companies with complex value chains, it is crucial to initiate discussions both within the company and with external stakeholders sooner rather than later. Initiating dialogue with business partners, multi-stakeholder groups, and industry fora will facilitate the effective structuring and allocation of resources needed to achieve the Directive's objective.
BLOMSTEIN will continue to closely monitor and assess the developments and practical application of the CSDDD. If you have any questions on the topic, Florian Wolf, Bruno Galvão and Carolina Vidal will be happy to assist you.
Stay tuned: In our next CSDDD briefing - to be published around 16 May - we will explore the similarities and differences between the CSDDD and the German Supply Chain Due Diligence Act (LkSG).