Global | Publication | May 2024
On 24 May 2024, the Council of the European Union approved the long-awaited EU Corporate Sustainability Due Diligence Directive (CSDDD or the Directive). The Directive will introduce a duty on certain companies to undertake human rights and environmental due diligence. As the latest and arguably most significant new law to be introduced requiring businesses to conduct such due diligence in their own operations and value chains, the Directive will harmonize existing requirements across the EU and is likely to serve as a benchmark for other countries looking to enact similar legislation.
Having first been proposed by the European Commission in 2022, the Directive was subject to provisional agreement by the European Parliament and EU Council in late 2023. However, during subsequent ‘trilogue’ negotiations between the three EU legislating institutions, further concessions were made to accommodate concerns of individual EU Member States, leading to a ‘final compromise text’ being approved by the Council on 15 March 2024, and since adopted by the plenary of the European Parliament on 24 April 2024.
| Feature | CSDDD |
| Application to both EU and non-EU companies |
Since its inception, EU legislators anticipated CSDDD would apply to both companies incorporated in an EU Member State and non-EU companies. This scope has been retained in the final text, although the thresholds have been considerably raised. Two types of EU incorporated companies will be covered: (a) those with more than 1,000 employees and an annual net worldwide turnover in excess of €450 million (or ultimate parent companies of such a corporate group); and (b) companies with: (i) EU franchising or licensing agreements for annual royalties that exceed €22.5 million; and (ii) an annual net worldwide turnover in excess of €80 million (or ultimate parent companies of such a corporate group). Two types of non-EU incorporated companies will be covered: (a) those with an annual net turnover of €450 million generated in the EU (or ultimate parent companies of such a corporate group); and (b) companies with: (i) EU franchising or licensing agreements for annual royalties that exceed €22.5 million in the EU; and (ii) an annual net turnover of more than €80 million in the EU (or ultimate parent companies of such a corporate group). |
| Due diligence obligations |
CSDDD will require in-scope companies to undertake risk-based human rights and environmental due diligence to identify and assess actual and potential adverse impacts, and (as appropriate) prevent, mitigate, bring to an end and remedy such impacts in their operations and “chain of activities” (as defined, see below). Consistent with previous drafts proposed by the Commission, Council and Parliament, the final compromise text of the Directive requires companies to implement due diligence policies, supported by “appropriate measures”, to identify and assess actual or potential impacts, and then (a) prevent potential impacts; and (b) address actual impacts, including by (as appropriate) developing and implementing prevention action plans and corrective action plans; provision of compensation; “necessary investments” in infrastructure and production processes; contractual assurances from business partners; and targeted and proportionate support for small and medium enterprises (SMEs). In addition, the final text includes within the meaning of “appropriate measures” reference to improvements to the company’s “own business plan, overall strategies and operations, including purchasing practices, design and distribution practices”. Companies will be obliged by CSDDD not only to identify and address their own adverse human rights and environmental impacts, but also those of direct and indirect business partners in their “chain of activities”. The Directive now also expressly allows companies to prioritise adverse impacts based on their severity and likelihood. This aligns with the criteria of the United Nations Guiding Principles on Business and Human Rights (UNGPs) around prioritisation and severity. |
| Stakeholder engagement |
Companies are also required by the CSDDD to carry out meaningful engagement with affected stakeholders, establish and maintain a notification mechanism and complaints procedure, periodically monitor the effectiveness of the measures taken, and publicly communicate on their due diligence practices. |
| Annual statement |
Companies must publish on their website an annual statement on the matters covered by the Directive unless they are already subject to sustainability reporting requirements under the EU Corporate Sustainability Reporting Directive (CSRD). The EU Commission has been tasked with adopting delegated acts by March 2027, providing further information on the content and criteria of such disclosures. |
| Climate transition plans |
The Directive also requires companies to adopt, implement and update annually a climate transition plan which aims to ensure, through best efforts, that the business model and strategy of the company are compatible with limiting global warming to 1.5 °C in line with the Paris Agreement and the objective of achieving the intermediate and 2050 climate neutrality targets. The final text now explains that the plan should address the exposure of the company to coal-, oil- and gas-related activities. It must set out actions to achieve time-bound targets related to climate change for 2030 and in five-year steps up to 2050 based on conclusive scientific evidence and, where appropriate, absolute emission reduction targets for greenhouse gas for scope 1, scope 2 and scope 3 greenhouse gas emissions. |
| “Chain of activities” |
Unlike previous drafts which referred to the entire “value chain”, the final text of CSDDD defines “chain of activities” as being limited to: (a) the activities of “upstream” business partners related to the production of goods or provision of services by the company, including design, extraction, sourcing, manufacture, transport or development of products or services; and (b) the activities of “downstream” business partners related to the distribution, transport or storage of products, where undertaken for the company or on its behalf. The disposal of products as well as activities of a company's “downstream” business partners related to the services of the company are excluded. Business partners include entities with whom the company has a commercial agreement (direct business partners) and other entities which perform business operations related to the operations, products or services of the company (indirect business partners). |
| Application to finance sector |
For regulated financial undertakings, Recital 26 states that “only the upstream but not the downstream part of their chains of activities” is covered, indicating that the activities of “downstream” business partners – whether in relation to products or services – are excluded. However, it is worth noting that this is not addressed in the “chain of activities” definition itself, nor any other operative provision in the Directive. Notwithstanding the apparent exclusion of the downstream part of regulated financial undertakings’ chains of activities from CSDDD’s due diligence obligations, Recital 51 notes that the OECD Guidelines for Multinational Enterprises and ancillary financial sector guidance set out expectations concerning the “types of measures” financial undertakings “are expected” to consider regarding adverse impacts, including exercising “so-called ‘leverage’ to influence” their clients. Further, under Article 36, the EU Commission is required to report to the Parliament and Council within two years of the Directive entering into force concerning the need for additional due diligence obligations “tailored to” regulated financial undertakings and financial services. |
| Regulatory enforcement |
CSDDD will require EU Member States to designate supervisory authorities to supervise compliance with its obligations. Supervisory authorities will have the power to require information from companies and conduct investigations. In the event of non-compliance, supervisory authorities will be empowered to require the company to take remedial action, order the company to cease infringements and refrain from future repetition, and impose penalties such as maximum fines of not less than 5% of the company’s net worldwide annual turnover. The supervisory authority may also take interim measures where there is an imminent risk of severe and irreparable harm. In deciding whether to impose penalties, account will be taken of the company’s due diligence and remedial practices, including its investments made, targeted support for SMEs, collaboration with other entities, and the company’s prioritisation of severe and likely adverse impacts. |
| Civil remedy |
CSDDD will also provide for claimants to seek civil remedies against companies based on alleged breaches of their human rights. A company may be liable for damage caused by its intentional or negligent failure to prevent or bring to end an adverse impact through appropriate measures. While importantly a company will not incur civil liability for damage caused only by a business partner in its chain of activities, CSDDD does provide for joint and several liability where the damage was caused “jointly by the company and its subsidiary, direct or indirect business partner”. The Directive also allows for a five-year period for such claims to be brought and sets out procedural provisions relating to disclosure of evidence, injunctive measures and costs. |
| Phased implementation means the largest “in-scope” companies will be required to comply with the Directive within three years, with obligations for smaller companies taking effect in later years. |
|
|
2027 (with disclosures due for financial years commencing on or after 1 January 2028):
|
|
|
2028 (with disclosures due for financial years commencing on or after 1 January 2029):
|
|
|
2029 (with disclosures due for financial years commencing on or after 1 January 2029, though this appears to be an error and the legislators intended to refer to 1 January 2030):
|
|
Following the publication of the Directive in the Official Journal of the European Union the transposition phase will start. Member States have two years to transpose CSDDD’s requirements into national law, in time to ensure that the largest in-scope companies are subject to binding legal obligations within the prescribed three years of the Directive entering into force.
CSDDD aims to create a “level playing field” regarding human rights and environmental due diligence obligations across Europe, noting that France and Germany have already introduced similar legislation in the form of the Loi Vigilance (Vigilance Law) and Lieferkettensorgfaltspflichtengesetz (Supply Chains Act). CSDDD will also supplement an array of separate EU due diligence requirements that apply in specific contexts and to particular sectors, including regarding conflict minerals, deforestation and battery supply chains. As these laws differ in terms of their scope and specific requirements, it is important that companies operating in the EU or trading with EU counterparties assess the specific obligations of each law which may apply to them and whether enhancements may be needed to their existing due diligence processes. Indeed, even as CSDDD aims to create a common framework across the EU, there remains the prospect that Member States may take inconsistent approaches in terms of how the Directive is adopted into national law, including through introducing more onerous obligations (“gold-plating”).
Publication
Miranda Cole, Julien Haverals and Emma Clarke of our Brussels/ London offices are the authors of a chapter on procedural issues in merger control that has been published in the third edition of the Global Competition Review’s The Guide to Life Sciences. This covers a number of significant procedural developments that have affected merger review of life sciences transactions.
Subscribe and stay up to date with the latest legal news, information and events . . .
© Norton Rose Fulbright LLP 2023
