EU’s Proposed Directive on Corporate Sustainability Due Diligence: What US companies need to know

The European Union (EU) will soon have fully enacted two major pieces of legislation that require corporate reporting on human rights and environmental impacts: the Corporate Sustainability Reporting Directive (CSRD) and the Corporate Sustainability Due Diligence Directive (CSDDD/CS3D Directive – together with the CSRD, the Directives). Both Directives establish a duty of corporate due diligence for companies to prevent adverse human rights and environmental impacts in the company’s own operations and across their value chains.

This is the second alert in our series “Global ESG Regulations: What US companies need to know.” In our first installment, we discussed the CSRD’s effect on operations of US companies. In this alert, we explore the CSDDD, the most recent and most comprehensive global legislation on corporate value chain sustainability due diligence. For more information on the CSDDD, please see our previous client alerts “Proposed EU corporate sustainability due diligence directive: what US companies need to know” and “European Commission proposal for the Corporate Sustainability Due Diligence Directive.”

What is CSDDD and when is it expected to come into force?

As discussed in our previous alerts, the Proposal for the Corporate Sustainability Due Diligence Directive (CSDDD/CS3D) was first published by the European Commission on February 23, 2022. On December 1, 2022, the European Council adopted its own negotiating position, or “General Approach” to the proposal. Then, on June 1, 2023, the European Parliament adopted the CSDDD as a negotiating text. The next step in passing the Directive will be a “Trialogue” negotiation process to resolve the differences between these three proposals, which is expected to conclude by 2024. Once officially adopted, the Directive will be transposed into domestic laws within two years by EU member states.

The current proposals for CSDDD set out a comprehensive framework of corporate due diligence for companies to identify actual or potential risks to human rights and the environment and to establish processes to mitigate these risks. According to the Council, the rules of the Directive will apply to a company’s “chain of activities,” which cover a company’s upstream and downstream activities, as well as operations across the company’s subsidiaries and value chain. The purpose of the Directive is to improve the regulatory framework on human rights and sustainability due diligence, which will aid in the EU’s transition to a climate-neutral and green economy. Additionally, CSDDD will establish consistency across different EU directives, such as the Non-Financial Reporting Directive (NFRD), the CSRD, and the Sustainable Finance Disclosure Regulations (SFDR).

CSDDD will also harmonize ESG due diligence laws to ensure the EU’s operation as a single market, as some EU jurisdictions are already enforcing ESG due diligence requirements. For instance, the German Act on Corporate Due Diligence Obligations in Supply Chains (Lieferkettensorgfaltspflichtengesetz) has been in effect since January 2023 and requires German and non-German companies registered in Germany that have 3,000 or more employees[1] to undertake human rights and environmental due diligence. Non-compliance can result in fines of up to two percent of global revenue. Similarly, France’s Law of Vigilance (Loi de Vigilance) was adopted in 2017 and applies to French companies with over 5,000 employees in France-based subsidiaries or over 10,000 employees in direct and indirect subsidiaries globally. It requires these companies to undertake environmental and human rights due diligence and to publish a plan to identify and address violations across the supply chain. The Loi de Vigilance is enforced through penalties and provisions for civil liability. Additionally, the recently enacted Norwegian Transparency Act requires mapping actual and potential risks of adverse impacts on decent working conditions and human rights. Other EU member states such as Belgium, the Netherlands, Luxembourg, and Sweden have also proposed new supply chain due diligence laws, which will likely evolve in response to the CSDDD.

Issues under deliberation in the Trialogue negotiation process

The Directive is subject to future negotiations, and certain provisions may be amended during the negotiation process. Given the widespread public support and the Joint Declaration of Legislative Priorities of 2022 by the European Parliament and Council, there is a general consensus that the Directive will be adopted, likely by 2024. However, the process to adopt the Directive may take longer, due to several differences between the three proposals for CSDDD.

The subjects under negotiation include:

• The turnover and employee thresholds for companies in scope, and whether or not, as the Council proposed, there will be an initial restriction for the first three years of the Directive’s operation to only apply to companies with more than 1,000 employees and more than EUR300 million global net turnover.
  
  The Commission proposed that CSDDD will apply to companies in the EU with over 500 employees and global net turnover over EUR150 million; companies in the EU with over 250 employees and global net turnover over EUR40 million, provided that 50 percent of turnover was generated in high impact sectors, eg, textiles, agriculture, forestry, and extraction of minerals; and non-EU companies doing business in the EU with a turnover of the aforementioned thresholds. Based on these thresholds, it is expected that the Directive could directly impact approximately 13,000 EU companies and 4,000 non-EU companies.[2]


• The applicability of the Directive to financial service companies, and whether this should be within the discretion of member states, or whether the Directive will include all financial service companies that meet the turnover and employee thresholds.


• The scope of directors’ duties regarding due diligence, and whether due diligence responsibilities should extend to a “business relationship” or “business partner,” and how these terms are defined.


• The scope of due diligence requirements across the “supply chain,” the “chain of activities,” or the “value chain,” which encompasses the production, distribution and sale of a good, including the development and waste management of the product or service by individual consumers.


• The type of adverse human rights and environmental impacts that should be identified in due diligence, and which adverse impacts should be prioritized.
  
  Adverse human rights impacts may include the use of forced labor or child labor, modern slavery, not obtaining Free, Prior, and Informed Consent (FPIC) during land acquisitions, race or gender-based discrimination in the workplace, inadequate workplace health and safety, and other rights listed in Annex, Part 1 of the Directive from the Commission. Adverse environmental impacts may include greenhouse gas emissions, pollution, loss of biodiversity, and ecological degradation.


• The liability for civil damages, and whether this should be dependent on proof of fault in the form of intent or negligence.


• The extent of penal sanctions for non-compliance. Under the Commission’s Proposals, which are in line with traditional practice in this regard, member states would designate supervisory authorities which would determine enforcement sanctions. However, monetary penalties must be based on turnover and member states would be obliged to require companies applying for public support to certify that they have not been the subject of sanctions under the regime. As drafted, therefore, considerable discretion as to enforcement remains with EU member states, alongside an obligation to set up a national supervisory regulatory body to enforce the Directive.
  
  The Parliament’s proposal would extend the scope of sanctions to provide for public statements of censure against companies and the suspension of their products from the normal rights of free circulation in the Single Market and export. The Parliament also proposes that the upper limit for monetary sanctions should not be less than 5 percent of global turnover of the relevant concern in the financial year preceding the decision to impose such a sanction. It also proposes that third country undertakings (ie, those based outside the EU/EEA) may be excluded from public procurement processes if they fail to comply with the Directive.


• The ability for certain obligations to be met collectively, rather than at the entity level.


• The interaction of the Directive with existing legislation adopted in a number of member states, namely Germany and France.

How will CSDDD impact businesses in the United States?

Due to the global nature of multinational corporations’ value chains, the Directive will have implications for companies across the world. Even if a company in the United States does not fall directly within the scope of the Directive, they may be implicated if they are part of the value chain of an EU business that is in scope. In this case, US companies may need to evaluate their value chains and operations for adverse human rights and environmental impacts.

Some major corporations in the US have already voluntarily undertaken operational and value chain due diligence in accordance with the Organization for Economic Co-operation and Development Guidelines for Multinational Enterprises (OECD Guidelines) and the United Nations Guiding Principles on Business and Human Rights (UNGPs). If they are considered in-scope under the CSDDD, US companies should perform a gap analysis between their existing policies and CSDDD requirements. To satisfy the Directive, in-scope US companies will need to meet due diligence requirements, create a strategy to manage risks and mitigate adverse impacts, and (re)design contracts with business partners in their value chains.

Proactive steps for US companies

Although the Directive will only come into effect once transposed into national legislation of EU member states, US companies likely to fall within the direct or indirect scope of CSDDD may want to consider implementing or streamlining due diligence policies now to avoid future value chain and operational disruptions. It can take years for a company to map out risks within the company’s value chain due to challenges with accessing information and even longer to remediate concerns. Companies with value chain partnerships and due diligence practices in compliance with the Directive will be positioned to avoid penalties and maintain a global reputational advantage.

Voluntary standards cited in the Commission’s proposal can provide valuable guidance in the interim period while negotiations for the final provisions of the Directive take place. These standards have been incorporated into the business strategies and investment decisions of corporations and institutional investors worldwide. For instance, the Corporate Human Rights Benchmark (CHRB) by the World Benchmarking Alliance (WBA) demonstrated a steady adoption of human rights due diligence practices, with over 75 percent of the 230 major corporations assessed in the apparel, food and beverage, extractive and tech manufacturing sectors improving their scores between 2017 and 2020. Further, the 2022 WBA benchmarking report uncovered that 66 percent of the 57 food and agricultural product companies, 65 percent of the 43 information and communications technology companies, and 57 percent of the 29 automotive companies had increased their CHRB score since 2017.

US companies may prepare for CSDDD and gain a competitive advantage by proactively taking these steps:

1. Identify existing and potential adverse environmental and human rights impacts of the company’s activities across its value chain: Identifying environmental and human rights impacts is critical to the due diligence process, since these issues vary for each company. Companies may undertake environmental and human rights impact assessments to identify adverse impacts specific to their operations and value chains, which may well evolve over time. Mapping value chains and business relationships, and consulting with affected or relevant stakeholders on a regular basis will strengthen the assessment. Further, the assessment may integrate voluntary ESG standards including the OECD guidelines and the UNGPs. This data gathering exercise could inform the company’s sustainability strategy and guide action.


2. Prevent potential adverse impacts: Where the assessment or any other identification process reveals a potential risk of environmental or human rights harm, companies may adopt a preventative strategy by (re)designing operations and value chains—potentially in collaboration with value chain partners. Companies may also update existing policies and procedures and communicate their commitments to business partners.


3. Mitigate adverse impacts: If the company becomes aware of ongoing adverse impacts in its direct or indirect operations or relationships, the CSDDD requires the company to “prevent, mitigate, and account” for these harms. A company’s mitigation response will depend on the nature and gravity of the adverse impacts as well as practices of peer companies and industry norms. For instance, companies may collaborate with stakeholders to address sustainability issues or adjust their business relationships to avoid adverse impacts.


4. Create effective grievance and remediation mechanisms: The CSDDD requires companies to have a complaints procedure for rights holders, their representatives, and civil society organizations.


5. Track and monitor ESG due diligence outcomes: ESG due diligence is an ongoing exercise. Through tracking, monitoring, annual disclosures and reporting, and other transparency mechanisms, companies can proactively manage potential and actual adverse environmental and human rights impacts. In this context, it is worth noting the responsibility of directors to take into account human rights concerns and oversee due diligence.

Companies will need to undertake these steps and adopt and integrate policies and communications carefully to avoid assuming a duty of care and thus liability for third parties’ adverse impacts on rightsholders.

This alert is the second installment of our series “Global ESG Regulation: What US companies need to know.” You may also enjoy our prior alert in this series on EU’s Corporate Sustainability Reporting Directive. Learn more about the implications of the CSDDD by contacting any of the authors or your DLA Piper relationship lawyer, and visit our Environmental, Social, and Governance portal for the latest information on ESG developments.