The European Parliament voted on April 24, 2024, to approve the proposed EU Corporate Sustainability Due Diligence Directive (CSDDD). This far-reaching legislation will bring about fundamental changes in supply chain management for both EU and non-EU companies, as the European Commission leans on legislative tools to promote human rights and environmental sustainability.
What is the CSDDD (CS3D)?
First proposed in February of 2022, the CS3D will establish new, binding obligations for in-scope companies as it relates to human rights and environmental concerns within their operations. The CS3D’s global impact is expected to be significant.
The CS3D establishes a legal liability regime whereby in-scope companies will be subject to monetary penalties for violations that occur within their supply chain. Penalties for violators can add up to as much as 5% of net global (not just EU) turnover, as well as the attendant public relations challenge of being viewed as indifferent to ESG concerns.
What is the current status of the CSDDD (CS3D)?
Following The European Parliament vote to approve the proposed Directive on April 24, 2024, the law now needs final approval by ministers of EU member states. This means that it will most likely now move to the Committee of the Permanent Representatives of the Governments of the Member States to the European Union (COREPER) for a vote on May 15. Then a final vote will be held by the Competitiveness Council, known as COMPET, for a vote on May 23.
The Timelines Leading Up to Approval
A preliminary final draft of the CS3D was released on January 30, 2024, but was tabled after Germany, France, Italy, and other EU member states indicated a lack of support for the measure as written. The legislation re-emerged on March 15, 2024, after the EU Permanent Representatives Committee approved a modestly scaled-back version of the CS3D, with 20 votes in favor and 4 votes against. On March 19, 2024, the revised text was endorsed by the European Parliament’s Lead Committee on Legal Affairs, marking another critical step towards the CS3D’s passage.
The European Parliament approved the final text of the revised CS3D during its Plenary Session on April 24, 2024.
Who will the Corporate Sustainability Due Diligence Directive Apply to?
Notwithstanding the revised CS3D’s narrowed scope, many large companies will find that the Directive is still broadly applicable to their operations and those of their suppliers. Under the latest version of the CS3D, the legislation applies to four general groups:
Group I
Group I consists of the largest EU companies, defined as those with: (1) 5,000 or more employees on average; or (2) net worldwide turnover in excess of €1.5 billion within the past financial year.
Non-EU companies fall into Group I if they generated a net turnover in excess of €1.5 billion within the European Union in the year preceding the last financial year. EU and non-EU incorporated companies within Group I must be in compliance with CS3D within three years of the Directive’s effective date, projected to be in 2027.
Group II
Group II comprises EU companies with: (1) 3,000 or more employees on average; or (2) net worldwide turnover in excess of €900 million within the past financial year.
Non-EU companies fall into Group II if they generated a net turnover in excess of €900 million within the European Union in the year preceding the last financial year. EU and Non-EU incorporated companies within Group II must be in compliance with CS3D within four years of the Directive’s effective date, projected to be in 2028.
Group III
This group includes EU companies with: (1) 1,000 or more employees on average; or (2) net worldwide turnover in excess of €450 million within the past financial year. This group is the largest, and is estimated to include roughly 5,000 companies within the EU. Non-EU companies fall into Group III if they generated a net turnover in excess of €450 million within the European Union in the year preceding the last financial year.
EU and non-EU incorporated companies within Group III must be in compliance with CS3D within five years of the Directive’s effective date, projected to be in 2029.
Group IV
Certain companies with franchising or licensing business models fall into Group IV. For EU firms, this includes those that (1) have entered into franchising or licensing agreements within the EU; and within the past financial year (a) earned royalties in excess of €22.5 million; or (b) generated––individually or on a consolidated basis as the ultimate parent company of a group––net worldwide turnover in excess of €80 million.
Non-EU companies with franchising or licensing business models fall into Group IV if, in the year preceding the last financial year, they: (1) entered into franchising or licensing agreements within the EU; and (a) generated royalties in excess of €22.5 million within the EU; or (b) generated––individually or on a consolidated basis as the ultimate parent company of a group––net turnover in the EU in excess of €80 million. Entities within Group IV have five years from the Directive’s effective date to be in compliance, projected to be in 2029, assuming that there are no further delays.
How will the CSDDD be enforced?
The CS3D mandates that in-scope companies conduct regular, risk-based assessments of their operations’ impact on human rights and environmental concerns. In order to ensure compliance, the Directive carries with it substantial enforcement authority on an EU Member State level.
Each EU Member State must appoint one (or more) independent supervisory authorities, which will be tasked with overseeing CS3D compliance within their respective jurisdictions. Member States have jurisdiction over EU companies registered within their borders, as well as non-EU firms with a branch in, or who generate most of their EU turnover within, a given state.
Member States will collectively establish a European Network of Supervisory Authorities to coordinate amongst themselves and ensure that all are aligned in enforcing the CS3D’s objectives. The Network is intended to promote information sharing among authorities charged with enforcing the Directive. In addition, the Network will serve as the official publishing body of all decisions regarding enforcement actions levied pursuant to the CS3D, as well as regularly-updated lists of non-EU firms within the Directive’s scope.
Solution
Engage third parties with confidence
Track the lifecycle of third-party relationships across different risk types from initial due diligence to real time monitoring on one platform.
Learn more
How can companies ensure compliance with the CSDDD?
To ensure compliance with the CS3D, companies incorporate due diligence procedures into their operations in order to identify, mitigate, and prevent adverse impacts on both human beings and the environment. This will necessitate impact assessments in the areas of child labor, forced labor, greenhouse gas emissions, and other environmental considerations such as deforestation and pollution within a company’s global footprint.
The CS3D also mandates that in-scope companies apply due diligence frameworks to counterparties within their value chains. This marks an expansion of the traditional scope of corporate responsibility, by expanding in-scope companies liability as it relates to their:
Upstream Value Chain – In-scope companies will be responsible for adverse impacts of their suppliers, such as the providers and transporters of raw materials, parts, products, manufacturers, and those involved in research and development.
Downstream Value Chain – In-scope companies may also be held liable for the conduct of third parties involved in the distribution, transport, and storage of the in-scope company’s goods or services.
As such, compliance with the CS3D will necessitate the adoption and implementation of effective due diligence strategies. Many companies will find that a fulsome review of their operations is in order. Under CS3D, due diligence must be integrated into risk management systems so as to assess actual and potential adverse impacts. Where companies become aware that such impacts may exist within their value chain, they have a continuing obligation to investigate and curtail them.
The CS3D also mandates that in-scope companies adopt and make effective a “transition plan” for climate change mitigation. The plan must ensure that the company is aligned with the EU’s goal of transitioning to a sustainable economy, including: (1) limiting global warming to 1.5 °C, consistent with the Paris Agreement; (2) achieving climate neutrality (as defined by the EU Climate Law), including its 2030 to 2050 targets for emission reduction; and (3) decarbonization, defined as reduced exposure to coal, oil, and gas.
How can companies begin preparing now?
Although the Directive adopts a phased approach which allots a minimum of three years for the largest companies to come into compliance, in-scope companies should begin preparing for the CS3D as soon as possible to ensure a smooth transition.
Assess the Level of Applicability
Companies must first assess the degree to which they are exposed to CS3D. The Directive lays out clear guidelines for companies to assess whether they, or a parent or subsidiary, will be subject to the CS3D. Out-of-scope firms may be indirectly forced to comply by virtue of their role in the operations of their in-scope counterparties. Increasingly, CS3D compliance will become part of the cost of maintaining relationships with EU partners.
Ideally, companies that expect their operations to fall under CS3D’s remit will spend the next several years integrating due diligence into their risk management systems. This is a critical step towards identifying adverse impacts that could result in enforcement pursuant to the Directive.
Identify and Manage Impacts
Should any such impacts be identified in the course of a company’s review of its operations, they should be promptly remediated. This will entail the creation of action plans with firm timelines and measurable goals commensurate with the impact’s severity.Where high-risk operations or counterparties are identified, companies should be prepared to obtain enforceable contractual guarantees of their business partners’ compliance with CS3D.
Counterparties should not be taken at their word; continuous monitoring by an independent third-party would be a best practice in this area. In the event that an adverse impact exists within an in-scope company’s value chain, the company should be prepared to take appropriate remedial action, up to and including suspension of the business relationship in the event that the impact cannot be remediated.
Review Due Diligence Efforts
In-scope companies must review the adequacy and efficacy of their due diligence efforts. This should include a holistic, qualitative assessment as well as the consideration of quantitative factors such as key performance indicators (KPI’s).
Existing due diligence efforts should be assessed in relation to the due diligence requirements imposed by the CS3D. Additional investments will likely be required to fully integrate human rights and environmental impacts in accordance with the CS3D.
Broadly speaking, the CS3D mandates that companies integrate due diligence into their risk management systems. This will enable in-scope firms to assess and prioritize any adverse impacts within their operations, and ideally, to prevent future adverse impacts from ever taking place.
Review Governance Structures
With the CS3D, EU lawmakers have laid out a clear expectation that human rights and environmental conservation must feature prominently within corporate governance structures of in-scope companies.
CS3D compliance will require meaningful engagement with a wide range of stakeholders, including regulators and civil society groups. In-scope companies should review and establish (if necessary) notification and complaints mechanisms that are publicly open and made known to those impacted by their operations, including their governmental or non-governmental representatives (i.e., unions, NGO’s).
Stakeholder engagement is a critical component of the CS3D, and companies are expected to have governance structures in place that enable them to field and effectively respond to the concerns of those impacted by their operations.
What is the timeline for implementation of the CS3D?
Now that the CS3D has been passed by the European Parliament, the timeline for implementation is as follows:
- Three years (2027) after CS3D takes effect, the Directive will apply to EU and non-EU companies in Group I; that is, (1) EU companies with an average of 5,000 employees and net global turnover exceeding €1.5 billion in the last financial year; and (2) non-EU companies with net EU turnover exceeding €1.5 billion in the year preceding the last financial year.
- Four years (2028) after CS3D takes effect, the Directive will apply to EU and non-EU companies in Group II; that is, (1) EU companies with an average of 3,000 employees and net global turnover exceeding €900 million in the last financial year; and (2) non-EU companies with net EU turnover exceeding €900 million in the year preceding the last financial year.
- Five years (2029) after CS3D takes effect, the Directive will apply to EU and non-EU companies in Groups III and IV; that is, (1) EU companies with an average of 1,000 employees and net global turnover exceeding €450 million in the last financial year; (2) non-EU companies with net EU turnover exceeding €450 million in the year preceding the last financial year; (3) EU franchisors and licensors with royalties in excess of €22.5 million in the last financial year; and (4) non-EU franchisors and licensors with EU royalties in excess of €22.5 million in the year preceding the last financial year.
Closing Thoughts
Even in its scaled-back form, the CS3D remains a deeply transformative piece of legislation, the implications of which should not be understated. Companies should continue to monitor CS3D’s passage and implementation on a Member State level as they set out to align their due diligence efforts with those mandated by the Directive.