EU Lawmakers Reach Agreement on Sustainability Due Diligence Directive

After intense negotiations since the EU Commission published its proposal in February 2022, the directive is set to lay down significant due diligence obligations for large companies regarding actual and potential adverse impacts on human rights and the environment, with respect to their own operations, those of their subsidiaries and those carried out by their business partners.

It appears that agreement has been reached between the co-legislators on some of the hotly contested details of the legislation, including the definition of the value chain in scope, application of obligations to the financial sector and penalties and civil liability for non-compliance.

Large companies, including those in the financial sector, reportedly must adopt a plan ensuring their business model complies with limiting global warming to 1.5°C. This may have significant implications for companies’ current voluntary net-zero commitments and transition plans.

Notably, the final text is not yet agreed upon or publicly available, so aspects and elements of current guidance could change.

Scope of the directive

The deal reached by the council and the parliament reportedly fixes the scope of the due diligence directive on:

• EU companies having more than 500 employees and net worldwide turnover of €150 million (although lower thresholds will apply for companies in certain “high-risk sectors”); and
• Non-EU companies with €150 million net turnover generated in the EU. The council has indicated that the commission will be tasked with publishing a list of in-scope non-EU companies.

While small- and medium-sized enterprises appear to be outside the scope of the directive, they will nonetheless likely be impacted indirectly by the due diligence that in-scope companies will be required to do on their value chains.

Date of application

It is not clear when the directive would apply to EU and non-EU companies. As a directive, the CSDDD will first need to be transposed into the national law of the EU member states (as well as in Iceland, Liechtenstein and Norway) to apply to companies. Under EU law, member states are usually given two years for this transposition. Some sources suggest that the directive will start to apply to the largest companies in 2027 and then pull additional companies into scope in the two subsequent years 2028 and 2029.

Value chain in scope

During negotiations, each EU institution put forward a different position on the definition of value chain that should be in scope of the due diligence obligations, and we await clarity on the exact legal definition in the final text. Reportedly, due diligence obligations will cover in-scope companies’ “own operations, those of their subsidiaries and those carried out by their business partners.” The council has referred to coverage of a company’s “business chain of activities which covers the upstream business partners of the company and partially the downstream activities, such as distribution or recycling,” while parliament suggests a slightly wider application.

Due diligence obligations

The directive will include a range of due diligence obligations for companies, including:

• Integration of due diligence into policies and risk management systems.
• Identification, assessment, prevention, mitigation and remediation of adverse impacts on human rights and the environment in a company’s own operations and that of its subsidiaries and in-scope business partners. Relevant adverse impacts appear to include “child labor, slavery, labor exploitation, production and use of prohibited persistent organic pollutants, deforestation, excessive water consumption or damage to ecosystems.” Reportedly, agreement has been reached on specific rights and obligations that constitute human rights and environmental impacts, by reference to international conventions, which will be set out in an annex to the directive. The final text will include the specifics on exact due diligence measures, including, for example, obligations with respect to stakeholder engagement and the termination of business relationships as a last resort.
• Adoption and implementation of a climate change transition plan, to ensure that a company’s business model complies with limiting global warming to 1.5°C. The company size and jurisdictional applicability thresholds are still currently unclear. This obligation will add to the disclosures under the Corporate Sustainability Reporting Directive (CSRD), which does not by itself require companies to have climate change transition plans. For companies in scope of both this new CSDDD requirement and the CSRD’s reporting requirements, this likely means that they will have to report on their transition plan as part of their annual CSRD disclosure. This potentially heightens the associated legal risks.

Enforcement

Provisional agreement was also reached on enforcement:

• Supervision: Each EU member state will designate a supervisory authority to monitor whether companies are complying with their due diligence obligations, with mechanisms in place for these bodies to cooperate at an EU level within a European network of supervisory authorities established by the commission.
• Administrative liability: These supervisory bodies will be able to launch inspections and investigations and impose penalties on non-compliant companies, including “naming and shaming” and, reportedly, fines of up to 5% net turnover. Where companies fail to settle fines, the provisional agreement encompasses injunction measures.
• Civil liability: Member states must provide new civil liability procedures to allow for in-scope companies to be held liable for the damage caused by breaching their due diligence obligations. Impacted individuals and their representatives (potentially including trade unions and civil society organizations) will have a five-year window to lodge damages claims. These civil liability procedures will be additional to existing national procedures. To assess the arising legal risks it will be critical to analyze the final text of this provision and draw out its extensions to existing liability mechanisms.

The provisional agreement needs to be formally approved by the parliament and the council before it can enter into force. Transposing the agreement into the agreed legal text will involve further detailed technical negotiation and will likely impact the specifics of how the CSDDD applies to companies. After the CSDDD is formally adopted and published in the EU Official Journal, it will need to be transposed by member states into national legislation.