Publication
Generative AI: A global guide to key IP considerations
Artificial intelligence (AI) raises many intellectual property (IP) issues.
Global | Publication | 二月 2022
The Directive is the latest, and by far the most important, step to date in the development of an EU-wide mHREDD law1. It provides that businesses must conduct due diligence to identify – and then cease or mitigate – the actual and potential human rights and environmental impacts of their operations, subsidiaries and business relationships in the value chain. As such, the Directive will enshrine in EU law binding due diligence requirements that draw heavily from the UN Guiding Principles on Business and Human Rights (UNGPs).
The Directive extends to both EU and non-EU entities2. Two types of EU incorporated companies are covered: (a) those with more than 500 employees and a net annual turnover in excess of €150 million; and (b) those with more than 250 employees and a net annual turnover in excess of €40 million (midcap firms) where at least half of that turnover is generated from certain high-impact sectors (such as textiles, agriculture and mineral extraction).3 The Directive only extends to midcap companies after a two year transition period.
Non-EU companies will need to comply with the Directive if they generated: (a) more than €150 million in the EU in the year preceding the last financial year; or (b) more than €40 million in the EU in the year preceding the last financial year (midcap firms), where at least half of the company’s worldwide turnover was derived from the high-impact sectors.4
The Directive requires EU Member States to impose obligations on companies to conduct mHREDD through: (a) integrating due diligence into their policies; (b) identifying actual or potential adverse impacts; (c) preventing and mitigating potential adverse impacts; (d) ending and mitigating the extent of actual adverse impacts; (e) establishing a complaints procedure; (f) monitoring the effectiveness of due diligence measures; and (g) communicating publicly on due diligence.
The scope of the mHREDD obligation extends to a company’s own operations, those of its subsidiaries and its “established business relationships” in the value chain (Article 1). The term “established business relationships” initially seems akin to the concept of “relations commerciales établies” under the French Loi de Vigilance. However, “established business relationship” is defined in the Directive as a “direct or indirect” business relationship “which is expected to be lasting, in view of its intensity or duration and which does not represent a negligible or merely ancillary part of the value chain”. Accordingly, the Directive’s mHREDD obligation extends beyond just those entities with whom the company has a direct contractual relationship (e.g. tier 1 suppliers) to other value chain participants.
The Directive’s principal mHREDD obligations are set out in Articles 5 to 11:
Of particular interest, is that articles 7(5) and 8(6) provide that where a company is unable to prevent or adequately mitigate potential impacts, or bring to an end or minimise actual impacts, it should refrain from extending or entering into new commercial relations with a relevant business partner where the impact has arisen. Further, the company must, to the extent legally possible, temporarily suspend commercial relations with the partner while pursuing efforts to (as appropriate) prevent, mitigate, minimise or bring to an end the impact, or terminate the relationship if the potential or actual impact is considered severe5. Financial institutions are not required to terminate a financial services contract where doing so may reasonably be expected to cause substantial prejudice to the counterparty.6
It is unclear how businesses may comply with these provisions whilst also seeking to increase leverage over the business partner to mitigate the relevant impact as envisaged by the commentary to UNGP 19. Further, as noted by the UNGPs, in some situations suspending or ending a commercial relationship may itself raise further human rights impacts which need to be assessed and managed. Engagement with a business partner is usually preferable with termination generally considered a last resort.
Under Article 17(1), EU Member States must designate a national supervisory authority to supervise compliance with legislation implementing the Directive. Such supervisory authorities are to have the power to initiate investigations on their own motion or as a result of “substantiated concerns” submitted by any person that a company is failing to comply with national law implementing the Directive.7
In terms of powers, supervisory authorities may: (a) order the cessation of any infringements; (b) impose pecuniary sanctions, calculated by reference to the company’s turnover;8 or (c) adopt interim measures to avoid the risk of severe and irreparable harm.9 When determining the appropriate sanction, the authority must take “due account” of any remedial steps undertaken by the company pursuant to article 7 and 8 (see above) or in response to a direction from the authority.10 However, the Directive is express that remedial action by the company will not preclude sanctions, or indeed civil liability.
Few provisions will attract as much attention as those which address civil liability. Under Article 22, Member States will be obliged to ensure that a company is liable for damages if it: (a) fails to comply with articles 7 and 8 (which require companies to take action to address actual or potential adverse impacts); and (b) such failure led to damage.
Interestingly, companies will not be liable for damages caused by an adverse impact “arising out of the activities of an indirect partner with whom it has an established business relationship (emphasis added)” so long as the company has taken the specific measures prescribed in articles 7 and 8 of the Directive concerning contractual assurances, unless it was unreasonable in the circumstances to expect that the action taken (including to verify compliance by business partners with a contractual obligation) would be adequate to prevent, mitigate, bring to an end or minimise the extent of the adverse impact.
This incorporates an objective ‘reasonableness’ standard into the defence. While it will be for the relevant courts to determine what is reasonable in all the circumstances, it is clear that companies will not be able to simply incorporate contractual obligations into their contracts with direct business partners without more, relying upon ‘contractual cascading’ to ensure these obligations reach indirect business partners. In many cases, depending on the risks, this will not be reasonable and therefore sufficient for the defence. As noted above, the Directive requires periodic monitoring of the effectiveness of measures put in place.
Article 15 requires Member States to ensure that large companies (i.e. EU entities with a net turnover of more than € 150 million and more than 500 employees, and non-EU entities which generated more than € 150 million in net turnover in the EU in the previous financial year) adopt a plan to ensure that the company’s business model and strategy is compatible with the transition to a sustainable economy and limiting global warming to 1.5 degrees Celsius in line with the Paris Agreement. The plan should identify “the extent to which climate change is a risk for, or an impact of, the company’s operations”. Further, if climate change is (or should have been) identified as a principal risk for, or a principal impact of, the company’s operations, the plan shall include emission reduction objectives. Finally, Member States must legislate so these obligations are considered by companies in assessing directors’ variable remuneration linked to the company’s “business strategy, long term interests and sustainability”.
Under Article 25, Member States will also be required to ensure that directors of EU companies are obliged to take into account sustainability matters including human rights, climate change and the environment in the “short, medium and long term” when fulfilling their duty to act in the best interests of the company.12 Once this provision has been transposed into the domestic law of Member States, non-compliance may lead to a breach of directors’ duties.
The Directive will now proceed through a formal legislative process and will be debated in the EU Parliament and EU Council of Ministers. Once it becomes law, EU Member States will have two years to transpose the Directive’s requirements into domestic legislation.
Publication
Artificial intelligence (AI) raises many intellectual property (IP) issues.
Publication
We are delighted to announce that Al Hounsell, Director of Strategic Innovation & Legal Design based in our Toronto office, has been named 'Innovative Leader of the Year' at the International Legal Technology Association (ILTA) Awards.
Publication
After a lacklustre finish to 2022 when compared to the vintage year for M&A that was 2021, dealmakers expected 2023 to see the market continue to cool in most sectors, in response to the economic headwinds of rising inflation (with its corresponding impact on financing costs), declining market valuations, tightening regulatory scrutiny and increasing geopolitical tensions.
Subscribe and stay up to date with the latest legal news, information and events . . .
© Norton Rose Fulbright LLP 2023