Human Rights Due Diligence Legislation in Europe – Implications for Supply Chains to India and South Asia
For several decades, there have been increasing demands that multinational corporations should strive to increase the positive effects of their activities and minimize their negative impact in India and South Asia. International corporations are criticized for developing international supply chains to avoid liability for their harmful impacts on local communities in South Asia, either by hiding behind the “corporate veil,” by exploiting weak and poorly enforced domestic regulations in South Asia or by the inappropriate use of the international investor-state arbitration regime. In terms of working conditions in India, for example, a government report found that workers in India mostly earn less than half of the accepted minimum wage, 71% do not have a written employment contract, 54% do not get paid leave and nearly 80% in urban areas work well beyond the eight-hour workday (48-hour week). The tragic collapse of the Rana Plaza factory in Bangladesh in 2013, which claimed the lives of over 1,000 people, confirmed for European lawmakers the need to establish a strict liability regime for corporate supply chains.
Accordingly, the concept of mandatory human rights due diligence for companies is gaining momentum in Europe. These legislative initiatives suggest imposing significant challenges and severe liabilities on companies that procure their products through supply chains from India and South Asia and sell them in Europe. This article highlights how companies with supply chains to India and South Asia can safely navigate this new regulatory landscape in the EU Member States France, the Netherlands, Germany and at EU level.
France launched its supply chain legislation back in 2017 with the “Duty of Vigilance Act” (Loi de Vigilance). The Duty of Vigilance Act requires all large French companies – with over 5,000 employees in France or over 10,000 worldwide – to undertake due diligence with regard to the companies they control and all their contractors and suppliers. The Duty of Vigilance Act is structured around two mechanisms. First, a “civil duty of vigilance” aimed at preventing risks and serious abuses of fundamental rights, health, personal safety and the environment in connection with business activities. Second, a “redress and liability mechanism” for breaches of these obligations by companies.
The Duty of Vigilance Act requires companies to develop a vigilance plan in consultation with stakeholders and trade unions. The vigilance plan must cover the company’s own activities with regard to possible violations of human rights and environmental standards and those of its controlled subsidiaries, contractors and suppliers. In line with the objective of preventing risks and serious violations of fundamental rights, health, safety of persons and the environment arising from the global operations of companies, the Duty of Vigilance Act provides that a wide range of entities must be included in the “perimeter” of a company’s vigilance. This includes directly or indirectly controlled subsidiaries as well as contractors or suppliers with which the company has an established business relationship (commercial activity with or without a contract). The plan should identify, analyze and map the risks for human rights and the environment arising from the company’s activities and should also include appropriate measures to mitigate these risks. In order to achieve more than a “sophisticated benchmark report,” companies must implement and monitor the effectiveness of their plan. The Duty of Vigilance Act accordingly requires companies to regularly assess the situation in their supply chains and at their subsidiaries with regard to the risks to human rights and the environment identified in their plan. Finally, the plan and its implementation report must be made publicly available so stakeholders can participate in the development of the plan, review its implementation and be informed of the risks that a particular activity may pose to them.
The Duty of Vigilance Act provides that companies that fail to publish or implement vigilance plans are subject to:
- court ordered injunctions or penalty payments (the judge can assort this injunction by the payment of a periodic penalty) if the company does not comply with its obligations under the Duty of Vigilance Act; and
- parent companies are held liable if damage results from their failure to properly implement an adequate plan (“civil liability action”).
Companies that fail to comply with their due diligence obligations under the Duty of Vigilance Act are therefore subject to sanctions and are liable for damages caused by an improperly prepared and monitored vigilance plan, even if these damages are directly caused by third parties.
The Dutch legislation “Child Labor Due Diligence Act” (Wet Zorgplicht Kinderarbeid; Dutch Due Diligence Act) was adopted 2019 and obliges companies to investigate whether their goods or services have been produced using child labor and to develop a plan to prevent child labor in their supply chains. The Dutch Due Diligence Act imposes significant administrative fines, criminal sanctions for non-compliance and also a reporting obligation to the yet-to-be-determined regulatory body (“regulator”). The act will become effective by mid-2022, to give companies a grace period to investigate their supply chains. The Dutch Due Diligence Act applies to all companies that sell or supply goods or services to Dutch consumers, regardless of where the company is based or registered, without exemptions for legal form or size.
Under the Dutch Due Diligence Act, companies must comply with the following obligations:
As part of its due diligence, companies must investigate whether there are reasonable grounds to suspect that a product or service in their supply chain has been produced using child labor. If, following this investigation, a company has reasonable grounds to suspect that goods and/or services have been procured with the use of child labor, it must develop and implement an action plan to ensure that child labor is prevented in its supply chains in the future.
Companies covered by the Dutch Due Diligence Act must submit a declaration to the Dutch regulator affirming that they have exercised an appropriate level of supply chain due diligence to prevent child labor.
The Dutch regulator will oversee the implementation and compliance with the Dutch Due Diligence Act. However, instead of actively investigating or initiating enforcement, the regulator relies on affected parties and stakeholders to bring violations to its attention. The complainant will file a complaint with the offending company, requesting a response and instructing the company to resolve the issue. If the company does not resolve the matter within six months, the Dutch regulator will step in to act as a mediator.
If the Dutch regulator determines that a company has violated the Dutch Due Diligence Act, the regulator will issue a legally binding course of action to the company. Failure to follow these instructions or complete the work within the allotted timeline may result in fines or additional penalties for the offending company.
Enforcement Mechanism and Fines
Fines for failing to file a declaration that the company has exercised an appropriate level of supply chain due diligence start at EUR4,350, and penalties increase exponentially for companies found to have an inadequate due diligence process or lack of an appropriate action plan to detect and prevent child labor. Companies that fail to comply with the Dutch Due Diligence Act can be fined up to EUR870,000 or 10% of the company’s total worldwide revenue, if a fine of up to EUR870,000 is not deemed an appropriate penalty. If a company receives two fines for breaching the Dutch Due Diligence Act within five years, the responsible company director is liable for up to two years of imprisonment under the Dutch Economic Offences Act.
The Dutch Due Diligence Act “only” covers human rights violations but not environmental harm of companies’ supply chains. It does not create a direct civil cause of action permitting third parties to sue a company for the adverse consequences of human rights violations, but it has strong enforcement mechanisms and is one of the first criminal enforcement instruments in the field of business and human rights.
The German government has presented a draft bill for a German “Supply Chain Act” (Sorgfaltspflichtengesetz) that provides for the regulation of due diligence obligations with regard to internationally recognized human rights. The German Parliament is expected to vote on the final bill during the current legislative period (until September 2021).
Initially, the scope of application of the German Supply Chain Act applies to partnerships and corporations that have their head office, principal place of business, administrative headquarters or statutory registered office in Germany and employ more than 3,000 employees across the entire group (Konzern). From 2024, the German Supply Chain Act will also apply to smaller companies with more than 1,000 employees.
Under German law, companies are most likely not liable for foreign damage claims of other companies in their global supply chain. However, according to the German Supply Chain Act, it will be possible in the future for non-governmental organizations and German trade unions to represent private claimants in German courts by way of representative action (Prozessstandschaft) if there are violations of standards in the supply chain.
Implications for Companies
The key feature of the new German Supply Chain Act will be the regulation of human rights due diligence obligations for companies. The new due diligence requirements include:.
As a first step, companies must identify and assess their risks within their supply chains in order to be able to take appropriate measures to address these risks. The German Supply Chain Act identifies, inter alia, forced labor, child labor, discrimination, violation of freedom of association, problematic employment and working conditions as well as environmental damage as relevant risk areas. The risk analysis must be undertaken by the companies at least once a year and the results of the risk analysis must be communicated internally to the relevant decision-makers – such as their directors or (senior) management – and the decision-makers must give due consideration to the results. As part of their risk management, companies must perform an analysis of the human rights and environmental risks of their direct suppliers. If a company identifies a risk in the course of such an analysis, the management must adopt a policy statement on its human rights strategy in order to prevent adverse impacts on human rights and the environment. In cases where an improper contractual arrangement of the direct supplier relationship or a circumvention transaction has been undertaken, an indirect supplier is considered to be a direct supplier.
Obligation to Remedy Human Rights Violations
As a consequence of the risk analysis, companies must take measures to prevent, minimize and remedy identified negative impacts. If the company is unable to minimize the human rights and environmental violations in the foreseeable future, it must immediately develop and implement a concept to minimize them: companies should either seek solutions together with the supplier that caused the violation or solutions need to be developed within the industry. Alternatively, the company may temporarily suspend the business relationship with the supplier while efforts are made to minimize the risk. The termination of business relationships should only be used as a last resort in the event of human rights violations by suppliers. Companies must also set up an internal grievance mechanism for misconduct relating to human rights and environmental standards caused by the economic activities of the company or its direct or indirect suppliers.
The companies concerned will also be required to publicly submit an annual report on the actual and potential negative impacts of their business activities on human rights and the environment. The report shall be made publicly available on the company’s website for a period of seven years.
Obligation to Make Best Efforts and Proportionality
Both the duty to analyze risks and the duty to undertake follow-up measures are not intended as a duty to succeed, but as a duty to use one’s best efforts. In other words, companies are not obliged to prevent all human rights violations in their own business operations and those of their direct suppliers under all circumstances. Rather, the required risk management is based on the principle of proportionality. The measures that are proportionate and reasonable for the individual company depend in particular on the actual influence that the company can exert within its supply chain and on the countries to which the supply chain extends. However, termination of the business relationship with a supplier is only required if the violation of human rights or the environment is assessed as very serious, no remedy can be obtained, and no other mitigating measures are available to the company.
Monitoring, Fines and Sanctions
Under the future German Supply Chain Act, the Federal Office for Economic Affairs and Export Control (Bundesamt für Wirtschaft und Ausfuhrkontrolle) will monitor compliance with due diligence requirements and conduct onsite inspections of companies. Complaints from those affected by human rights violations can also be reported directly to the Federal Office for Economic Affairs and Export Control.
In the event that a company fails to comply with due diligence requirements, the German Supply Chain Act provides for sanctions in the form of penalty payments (Zwangsgeld) up to EUR50,000 in administrative enforcement proceedings and/or fines. The amount of the fines is to be up to 2% of a company’s global revenue. In addition, companies that have already been fined a large amount can be excluded from public contracts for up to three years.
At the European level, both the European Commission and the European Parliament are strongly advocating legislation that would require mandatory corporate due diligence on human rights and environmental issues.
In February 2021 the European Parliament’s Legal Committee adopted a “Draft Directive on Corporate Due Diligence and Corporate Accountability” (Draft Directive) calling on the European Union to legally require companies to respect human rights and the environment in their supply chains. This initiative is intended to increase the EU’s scrutiny of companies regarding the impact of their business on the environment and people globally, not only in the 27 EU Member States. The Draft Directive covers large, small and medium-sized undertakings governed by the law of an EU Member State or the law of third countries, if they operate in the internal market and sell goods or provide services.
The European Parliament’s Draft Directive proposes an EU law requiring companies to monitor, identify, prevent and remedy risks to human rights, the environment and governance in their operations and business relationships – including suppliers and subcontractors. This would, inter alia, include labor rights, such as minimum age requirements and occupational safety. When risks of human rights or environmental violations emerge, a company will be required to publicly disclose the details of such a risk and take steps to remedy them. National authorities must monitor companies for compliance, investigate complaints and can impose significant penalties. The Draft Directive also provides victims of human rights violations with the right to take companies to court in the EU. Companies will be obliged to consult trade unions, indigenous peoples and civil society when developing their required due diligence plans. The Draft Directive additionally highlights that the Draft Directive will not reduce the level of protection for human rights or the environment established at national, Union or international level.
It is noticeable that the European Parliament’s Legal Affairs Committee has chosen to refer to a company’s “value chain” rather than its “supply chain.” The European Parliament’s initiative defines a “value chain” as all entities with which the company has a direct or indirect, upstream or downstream, business relationship and which either (i) supply products or services that contribute to the company’s own products or services, or (ii) purchase products or services from the company. The term “value chain” consequently encompasses a much larger group of companies than the term “supply chain.”
Implications for Companies
The European Parliament’s Draft Directive therefore requires companies to:
- identify, assess, prevent, cease, mitigate, monitor, communicate, account for, address and remediate the potential and/or actual adverse impacts on human rights, the environment and good governance that may arise from their own activities and those of their value chains and business relationships;
- take all proportionate and reasonable measures and efforts within their means to prevent adverse impacts on human rights, the environment and good governance from occurring in their value chains;
- properly address adverse impacts (first point above) when they occur;
- undertake a risk assessment and effectively implement a due diligence strategy (to be published on the company’s website);
- conduct an ongoing monitoring, review the risk assessment and evaluate if the due diligence strategy is still working, at least once a year and revise it accordingly; and
- provide a grievance mechanism and remediation process for potential or actual adverse impacts on human rights, the environment and good governance. Companies must also report on substantiated concerns raised through their grievance mechanisms and regularly report on the progress made in these cases.
EU Member States are required to:
- implement rules to ensure that companies carry out effective due diligence;
- designate independent national authorities responsible for the monitoring of the application of the Draft Directive – including investigations – and for disseminating best due diligence practices;
- establish an effective civil liability regime under which companies can be held liable for any harm arising from adverse impacts on human rights, the environment and good governance. The national regime should include a rebuttable presumption in favor of the victim and companies would have to prove that they took all due care in line with the Draft Directive to avoid the harm in question; and
- implement a penalty regime, including regulatory sanctions and administrative fines. These sanctions include, inter alia, temporary or indefinite exclusion of companies from public procurement or state aid. With regard to fines, recital 50 Draft Directive provides that fines could be “comparable in magnitude to fines currently provided for in competition law and data protection law.” In the context of the other national European legislation on supply chain lability it is probable that a future EU instrument will also impose a financial penalty of up to 10% of the company’s worldwide revenue.
The new EU legislation on supply chains is expected to be forthcoming in the second quarter of 2021 and will certainly have a decisive impact on the legislative landscape with regard to sustainable corporate governance. If an EU Corporate Due Diligence and Corporate Accountability Directive is adopted by the EU, it would then have to be transposed into the national laws of the EU Member States, making existing national regulations on supply chains with a lower level of protection obsolete.
In response to current and forthcoming supply chain legislation in Europe, it is first necessary to conduct an independent risk analysis of the company’s entire current value chains, assessing the risk of potential human rights or environmental violations. In this context, it is imperative – especially in India and South Asia – to take country- and industry-specific factors into account to ensure a comprehensive risk analysis. To avoid liability of companies for fines up to 10% of global revenue and criminal sanctions against their directors and their management, it is strongly recommended that this risk analysis be conducted by independent third parties with knowledge of the reality in India and South Asia.
Second, it is imperative for companies to expand their compliance structure by incorporating sustainability and human rights aspects of their entire corporate value chains. In this regard, it is important to create a compliance structure and screening mechanism that takes into account the cultural diversity of India and South Asia and ensures that suppliers comply with the due diligence obligations incumbent on the company under European supply chain legislation in order to avoid liability. The UN’s “Guiding Principles on Business and Human Rights” can be used as a guide for implementing such compliance management systems.
Third, the effective plan to be developed by companies under European supply chain legislation that identifies, analyzes and maps the risks posed by the company's activities in relation to human rights violations requires companies to engage the expertise of independent third parties with knowledge of the aforementioned framework in India and South Asia. The integration of this knowledge of independent third parties is also important in order to monitor the effectiveness of the company’s plan with respect to human rights violations and to take appropriate measures to mitigate these risks.
Fourth, as part of their annual reporting obligations, companies must conduct a risk analysis of their value chains, verify that the due diligence mechanisms installed concerning their value chains are working and conduct an effective analysis of their preventive grievance mechanisms.
If a company identifies risks within the company’s entire value chain during the required risk analysis, it must take preventive measures; for example, by concluding appropriate agreements with its suppliers in which the suppliers are also required to comply with due diligence requirements relating to human rights, labor and environmental standards.
Good contract design that takes into account the specific features of India and South Asia can significantly reduce the cost of risk analysis and help reduce the need for action as part of the required ongoing screening process. In their supplier agreements, companies should require suppliers to comply with their code of conduct, which must ensure that the obligations under the applicable European supply chain laws are met. These supply contracts must also describe the expected cooperation with the supplier, which is shaped by the European supply chain laws, in a precise and legally binding manner. In addition, it is necessary to contractually secure audit rights from suppliers with regard to the obligations set out in the European supply chain legislation and to contractually embed an obligation on the part of the suppliers to prove that they have provided continuous training on the subject of human rights and environmental protection. Regular random checks of the aforementioned requirements, also on site, are likewise part of effective supplier management – preferably by independent third parties who are familiar with the characteristics in India and South Asia. Furthermore, suppliers can be required to ensure that the compliance standards described above are also observed in the downstream value chains.
Implementing the above will allow companies to safely navigate European supply chain legislation without exposing themselves to significant liability of up to 10% of worldwide annual revenue, sanctions or criminal penalties.