Search Close search

HomeA big step closer to a sustainability due diligence directive

A big step closer to a sustainability due diligence directive

Update on the CSDDD — The European Council's main preparatory body, Coreper, has adopted the Corporate Sustainability Due Diligence Directive (CSDDD), (most likely) marking the conclusion of a long and chaotic legislative process.
18 March 2024

The adopted directive differs significantly from the Commission’s original proposal, but once fully implemented and in force, it will nevertheless impose significant new requirements on large companies in Europe.

On 23 February 2022, the EU Commission presented its proposal for the Corporate Sustainability Due Diligence Directive. On 1 December 2022, the European Council adopted its negotiating position and on 1 June 2023, the European Parliament adopted its negotiating position. In December 2023, the Parliament and the Council reached a provisional political agreement on an overall compromise text and thus completed the trilogues. Following a struggle to obtain a majority among the EU member states, on 15 March 2024 the Belgian presidency of the EU Council managed to obtain a majority in Coreper in favour of a draft overall compromise package. The compromise text differs significantly from both the Commission’s original proposal for a directive and from the provisional political agreement.

The CSDDD sets out obligations for large companies to carry out due diligence to identify their actual and potential adverse impacts on human rights and on the environment, as well as take steps to prevent and mitigate such adverse impacts. However, the CSDDD does not require companies to guarantee, in all circumstances, that adverse impacts will not occur or that such adverse impacts will be stopped. The main obligations are ‘obligations of means’, meaning that a company should “take the appropriate measures which are capable of achieving the objectives of due diligence by effectively addressing adverse impacts, in a manner commensurate to the degree of severity and the likelihood of the adverse impact.

Which companies must comply with the new directive?

With the final compromise, the CSDDD will apply to the following:

(i) EU companies with more than 1,000 employees and a net worldwide turnover of more than EUR 450 million;

(ii) EU companies that did not reach the thresholds under (i) but is the ultimate parent company of a group that reaches the thresholds;

(iii) EU companies that have entered into or is the ultimate parent company of a group that has entered into franchising or licensing agreements in the EU in return for royalties with independent third-party companies, where these agreements ensure a common identity, a common business concept and the application of uniform business methods, and where these royalties amount to more than EUR 22.5 million, provided that the company had or is the ultimate parent company of a group that had a net worldwide turnover of more than EUR 80 million;

(iv) non-EU companies generating a net turnover of more than EUR 450 million in the EU;

(v) non-EU companies that did not reach the thresholds under point (iv) but is the ultimate parent company of a group that on a consolidated basis reaches the thresholds;

(vi) non-EU companies that have entered into or is the ultimate parent company of a group that has entered into franchising or licensing agreements in the EU in return for royalties with independent third-party companies, where these agreements ensure a common identity, a common business concept and the application of uniform business methods, and where these royalties amount to more than EUR 22.5 million, provided that the company generated or is the ultimate parent company of a group that generated a net turnover of more than EUR 80 million in the EU.

Holding company exemption

Ultimate parent companies that have as their main activity the holding of shares in operational subsidiaries and that do not engage in taking management, operational or financial decisions affecting the group or one or more of its subsidiaries, may – following application to the relevant authorities – be exempt from carrying out the obligations under the CSDDD. However, the exemption is subject to the condition that one of the ultimate parent company’s subsidiaries established in the EU is designated to fulfil the due diligence obligations on behalf of the ultimate parent company.

No high-risk sectors

In contrast to the Commission’s proposal and the Council’s mandate, the applicability of the CSDDD is not based on whether a company operates in a so-called “high-risk sector”. However, the compromise text contains an option to introduce such a sector-specific approach in high-risk sectors later on if appropriate.

Financial sector is partly included

Whereas seemingly in principle also comprised by the directive, financial undertakings shall not carry out due diligence with respect to their downstream business partners that are receiving their services and products. Therefore, as regards regulated financial undertakings, only the upstream but not the downstream part of their chain of activities is covered by the directive.

Although regulated financial undertakings are only subject to due diligence obligations for the upstream part of their chain of activities, the preamble of the directive emphasises, as it is highlighted also in the OECD Guidelines for Multinational Enterprises, that regulated financial undertakings are expected to consider adverse impacts and to use their “leverage” to influence companies. The exercise of shareholders’ rights can be a way to exercise leverage.

Similar to the “high risk” sectors, a review clause has been included regarding the financial sector, requiring the Commission to make a new impact assessment and, if relevant, a legislative proposal, on the later inclusion of financial undertakings in the full scope of the CSDDD.

“Chain of activities”

Companies should take appropriate steps to set up and carry out due diligence measures, with respect to their own operations, those of their subsidiaries, as well as their direct and indirect business partners throughout their chains of activities.

The “chain of activities” should cover activities of a company’s upstream business partners related to the production of goods or the provision of services by the company, including the design, extraction, sourcing, manufacture, transport, storage and supply of raw materials, products or parts of the products and development of the product or the service, and activities of a company’s downstream business partners related to the distribution, transport and storage of the product, where the business partners carry out those activities for the company or on behalf of the company.

Disposal of products will not be comprised by the due diligence obligations.

Also, “chain of activities” does not include the activities of a company’s downstream business partners related to the services of the company.

Interplay with other EU legislation

Furthermore, the chain of activities should not encompass distribution, transport, storage and disposal of products comprised by Regulation (EU) 2021/821 (the Dual Use Regulation), which also in and of itself address negative adverse impacts in the field of human rights or environmental protection. In particular, pursuant to the Dual Use Regulation member states should consider the risk of such goods being used in connection with internal repression or the commission of serious violations of human rights and international humanitarian law.

Impact on SMEs

Micro, small and medium-sized undertakings (so-called SMEs) are clearly excluded from the scope of the CSDDD. However, SMEs could be indirectly impacted by the provisions of the directive as contractors or subcontractors to the companies which are in the scope.

Companies, whose business partner is an SME, are also encouraged to support them to comply with due diligence measures and use fair, reasonable, non-discriminatory and proportionate requirements vis-a-vis the SMEs.

Furthermore, with a view to limiting the burden on smaller companies created by in-scope companies’ requests for information, where information necessary for the identification of adverse impacts can be obtained from business partners at different levels of the chain of activities, it is directly stated in CSDDD that companies should exercise restraint with regard to business partners that do not themselves present risks of adverse impacts and privilege reaching out, where reasonable, directly for more detailed information to business partners at levels in the chain of activities where, based on the mapping, potential or actual adverse impacts are most likely to occur.

Directors’ duties

Articles 25 and 26 of the Commission’s original proposal for a directive contained provisions about directors’ duties. The much debated provisions have not been included in the final compromise text adopted by the Council.

Contractual clauses and guidelines

Companies must take appropriate measures to prevent, or where prevention is not possible or not immediately possible, adequately mitigate potential adverse impacts identified as part of its due diligence.

One such adequate measure may be for the company to seek contractual assurances from their direct business partners that such business partner will ensure compliance with the company’s code of conduct and, as necessary, a prevention action plan.

The Commission, in consultation with member states and stakeholders, shall adopt guidance about voluntary model contractual clauses.

Further, the Commission (in prior consultation with member states, international organisations and other stakeholders) shall issue guidelines, including general guidelines and for specific sectors or specific adverse impacts, in order to provide support to companies on how to fulfil their due diligence obligations in a practical manner.

Enforcement and liability

Administrative liability and penalties

Member states shall establish rules on penalties, including pecuniary penalties, applicable to infringements of national provisions adopted pursuant to the CSDDD. The penalties provided for shall be effective, proportionate and dissuasive. When pecuniary penalties are imposed, they shall be based on the company’s net worldwide turnover. The maximum limit of pecuniary penalties shall be not less than 5% of the net worldwide turnover of the company.

Civil liability

Member States shall ensure that a company can be held liable for a damage caused to a natural or legal person, provided that the company intentionally or negligently failed to comply with the obligations of the CSDDD and such failure resulted in a damage to the natural or legal person’s legal interest protected under national law.

A company cannot be held liable if the damage was caused only by its business partners in its chain of activities.

Where liability is established, a natural or legal person shall have the right to full compensation for the damage occurred in accordance with national law. Full compensation shall, however, not lead to overcompensation, whether by means of punitive, multiple or other types of damages.

The limitation period for bringing actions for damages under the CSDDD shall be at least 5 years and, in any case, not lower than the limitation period laid down under general civil liability national regimes.

Trade unions, NGOs and other organisations

Trade unions and civil society organisations will be entitled to submit complaints to in-scope companies for potential non-compliance with the obligations.

Member states shall establish a structure under which any alleged injured party may authorise a trade union, non-governmental human rights or environmental organisation or other non-governmental organisation based in a member state to bring actions to enforce the rights of the alleged injured party.

Member states may set up certain requirements in their national law as to when unions, NGOs and organisations may be authorised to take actions on behalf of injured parties.  These requirements may include maintaining a permanent presence of its own and, in accordance with its statutes, not engaging commercially and not only temporarily in the realisation of rights protected under the CSDDD. In essence, this seems to be an attempt to limit the development of a commercial litigation industry pursuing CSDDD claims.

Public tenders

In addition, compliance with the CSDDD may also be used as a criterion to qualify for the award of public tenders in member states.

Phasing in

The timing of when the new rules will take effect has changed as a consequence of the increased thresholds. Thus, according to the compromise text, companies with 5,000+ employees must comply with the requirements 3 years after their entry into force, companies with 3,000+ employees after 4 years, and companies with 1,000+ employees after 5 years.

Next steps

The draft overall compromise package that has been agreed by Coreper is now subject to adoption by the European Parliament (and a formal approval by the EU Council).

In Gorrissen Federspiel, we are closely monitoring the next steps towards final adoption. With the very difficult birth of the CSDDD up until now, new challenges and political turmoil cannot be entirely ruled out.

Gorrissen Federspiel can provide support and advice regarding interpretations of the requirements as well as advice on how to start the process towards becoming compliant with the requirements of the CSDDD, including assistance with carrying out a gap analysis and handling of interplay with existing due diligence and reporting requirements, notably the Corporate Sustainability Reporting Directive (CSRD) and the Sustainable Finance Disclosure Regulation (SFDR).

If you have any questions or would like to discuss the impact of the CSDDD on your business, please feel free to contact a member of our Compliance & Sustainability team.

Sign up for our newsletter

Sign up for Gorrissen Federspiel’s news updates and receive the latest legal news and event invitations directly in your inbox.

Thank you for signing up

You have already signed up