The EU Commission's proposal for a directive on corporate sustainability due diligence

On 23 February 2022, the European Commission (the EC) published the long-awaited proposal for a Directive on Corporate Sustainability Due Diligence (the Proposed Directive). The Proposed Directive was initially expected to be published in June 2021, but was delayed by the Commissions’ Regulatory Scrutiny Board. The text of the Proposed Directive responds to the European Parliament resolution dated 10 March 2021 asking the EC to establish a binding framework on due diligence obligations in the value chain (read more).

This initiative was launched in parallel to the Corporate Sustainability Reporting Directive (CSRD – see our publication), which will soon replace the Non-Financial Reporting Directive (NFRD). Whereas the CSRD focuses on disclosure obligation (and related accountability rules), this Proposed Directive would supplement this effort by requiring modifications of national corporate legislation.

The rebranding of the Proposed Directive, initially labelled as the “Sustainable Corporate Governance” draft, highlights the intention of the EC to impose a general duty on the business community to address adverse human rights and environmental impacts, rather than providing general governance rules.

The Proposed Directive aims to foster the sustainable and responsible behaviour of in-scope companies operating in the European Union (the EU) throughout their global value chains. To this end, in-scope companies will be required to identify, prevent, mitigate and remediate the adverse impacts of their activities on human rights and the environment in Europe and beyond. The goal is not only to contribute to the green transition in the EU, but also to establish a level-playing field within the business community and to offer better transparency for investors.

The Proposed Directive also ensures, according to the view of the European Commission, legal certainty and common rules on due diligence, as some EU Member States (such as France, Germany and the Netherlands for instance) and/or companies have already adopted or are adopting initiatives in this respect (see our recent publication on national initiatives within the EU)¹. 

Which companies are subject to the obligations?

The Proposed Directive applies to the following in-scope entities:

EU companies falling under Group 1 or 2

Group 1: all EU limited liability companies with more than 500 employees on average and a net worldwide turnover in excess of EUR 150 million in the last financial year.

Group 2: other EU limited liability companies with more than 250 employees and a net worldwide turnover in excess of EUR 40 million in the last financial year, provided that at least 50% of this net turnover was generated in one or more of the following high-impact sectors:

• the manufacture of textiles, leather and related products (including footwear), and the wholesale trade of textiles, clothing and footwear;
• agriculture, forestry, fisheries (including aquaculture), the manufacture of food products, and the wholesale trade of agricultural raw materials, live animals, wood, food, and beverages;
• the extraction of mineral resources regardless of where they are extracted, the manufacture of basic metal products, other non-metallic mineral products and fabricated metal products (except machinery and equipment), and the wholesale trade of mineral resources, basic and intermediate mineral products.

For the EU companies falling into Group 2, rules will start to apply two years later than for Group 1.

Non-EU companies fulfilling either of the following conditions:

This is a key feature of the proposal, which was initially proposed by the European Parliament in its resolution of 10 March 2021.

• Group 1: a net turnover in excess of EUR 150 million in the EU in the financial year preceding the last financial year; or
• Group 2: a net turnover in excess of EUR 40 million, but not exceeding EUR 150 million in the EU in the financial year preceding the last financial year, provided that at least 50% of this net worldwide turnover was generated in one or more of the sectors listed under Group 2  above.

Non-EU companies falling within the scope of the Proposed Directive must designate an authorised representative established or domiciled in one of the EU Member States in which it operates. The details of the authorised representative must be notified to a supervisory authority in the relevant EU Member State. Each company must further empower its authorised representative to receive communications from supervisory authorities on all matters necessary for compliance with and the enforcement of national provisions transposing the Proposed Directive and to cooperate with the supervisory authorities.

While the Proposed Directive excludes SMEs from its scope of application, article 14 thereof includes accompanying measures applying to the SMEs² that are present in the value chains of in-scope companies.

What are the in-scope companies’ due diligence obligations under the Proposed Directive?

1. Integrating due diligence into the company’s policies

As a first step to comply with their due diligence obligations, companies must establish a proper due diligence framework by integrating due diligence considerations into their company policies and by updating such policies annually.

In order to comply with this obligation, company policies should at least include: (i) a description of the company’s short- and long-term approach to due diligence, (ii) a code of conduct, and (iii) a description of the processes put in place to implement, monitor and extend due diligence obligations.

2. Identifying actual or potential adverse human rights and environmental impacts

The Proposed Directive defines adverse human rights and environmental impacts as violations of the international conventions listed in the Annex, Part I Section 2 and Part II to the Proposed Directive³.  These include, for example, child labour, the exploitation of workers, discrimination, the infringement of communities’ land rights, pollution, biodiversity loss, etc.

Identifying these adverse impacts is key in order to prevent, mitigate and remediate these impacts.

The Proposed Directive therefore requires companies to take appropriate measures to identify actual or potential adverse human rights and environmental impacts arising out of their own operations, the operations of their subsidiaries, and of the business relationships established within their value chains.

The extent of this obligation to business relationships is quite broad, as a company’s value chain includes “activities related to the production of goods or the provision of services by a company, including the development of the product or the service and the use and disposal of the product as well as the related activities of upstream and downstream established business relationships of the company”. The term ‘value chain’ therefore covers a much broader group of business entities than ‘supply chain’.

However, companies operating in high-risk sectors and having more than 250 employees on average and a net worldwide turnover of more than EUR 40 million in the last financial year are only required to identify adverse severe impacts relevant to those sectors.

Credit institutions and (re-)insurance companies providing credits, loans or other financial services are also only required to identify adverse impacts before providing those services.

3. Preventing, mitigating and remediating potential and actual adverse human rights and environmental impacts

After having identified potential and actual adverse human rights and environmental impacts, companies must respond appropriately to prevent, mitigate and, where necessary, remediate such impacts as well as the impacts that should have been identified by the company.

Under the Proposed Directive, appropriate measures are measures that are capable of achieving the objectives while being reasonably available to the company, taking into account the specificities of the case and reflecting the prioritisation of actions. The obligation of the companies is therefore an obligation of means.

On the preventive end, companies must develop a prevention action plan in consultation with affected stakeholders when particular measures must be taken due to their nature or complexity.

On the remediating end, companies must neutralise, or at least minimise, adverse impacts, including by paying financial compensation to the affected persons and/or communities. Where the adverse impact cannot be immediately remediated, companies must develop a corrective action plan in consultation with stakeholders.

In that respect, the Proposal draws in particular from the value chain due diligence obligation laid down by the March 2017 French Vigilance Law. It however brings more clarity by providing a list of actions that may be taken by companies, which include:

• obtain contractual assurances from direct business partners active within their value chain to ensure respect with the company’s code of conduct and the company’s prevention/corrective action plan;
• make the necessary investments in their processes and infrastructures to prevent/remediate adverse impacts;
• support SME business partners where compliance with the company’s code of conduct and prevention/corrective action plan might jeopardise the viability of the SME; and
• collaborate with other entities in order to strengthen the prevention/remediation of adverse impacts.

4. Establishing and maintaining complaint procedures

Companies must establish appropriate procedures to deal with complaints issued by actual or potential victims, relevant trade unions and other workers’ representatives, and relevant civil society organisations. They must further inform relevant workers and trade unions of the various existing procedures.

Complaints issued may relate to the company’s own operations, those of its subsidiaries, as well as its value chains.

When establishing the complaints procedures, companies must make sure that:

• well-founded complaints are considered as identifying an adverse impact, thereby triggering obligations of prevention, mitigation and remediation of that impact by the company;
• complainants have avenues to request a follow-up on their complaint from the company; and
• complainants have the possibility to meet with some company representatives to discuss the adverse impact that they have identified. 

5. Monitoring the effectiveness of the company’s due diligence policies and measures

Companies must conduct periodic assessments of their own operations, subsidiaries and value chains to monitor compliance with their due diligence obligations under the Proposed Directive.

Such assessments must be carried out whenever new risks are reasonably identifiable, and at least once a year.

Companies must further update their due diligence policies based on the results of these assessments.

6. Publicly communicating on due diligence

Interestingly, the Proposed Directive does not introduce additional reporting obligations for in-scope companies that are already subject to reporting obligations under the NFRD, which will soon be replaced by the CSRD (see our publication).

Companies falling outside the scope of the CSRD must however report on the matters covered by the Proposed Directive in an annual statement to be published on their website by 30 April of each year.

As the companies’ due diligence obligations under the Proposed Directive are in line with the existing standards and recommendations laid down in the UN Principles on Business and Human Rights (2011)⁴ and in the OECD Due Diligence Guidance for Responsible Business Conduct (2018)⁵, companies should use these instruments as guiding and inspirational resources.

The Proposal further underlines that the EC may issue guidelines on how companies should fulfil their due diligence obligations, including for specific sectors or specific adverse impacts.

In addition, the EC will provide guidance on model contractual clauses that may be included in contracts with a company’s business partners in order to ensure compliance with the company’s due diligence obligations. In this regard, the Proposed Directive already specifies that contractual assurances obtained from SMEs must be fair, reasonable and non-discriminatory.

Which authorities will supervise and investigate?

The Proposed Directive requires EU Member States to designate one or more national administrative authorities to supervise the application and ensure the effective enforcement of the transposing act.

The competent supervisory authority must be that of the EU Member State in which the company has its registered office (for in-scope companies incorporated in the EU), in which the company has a branch (for non-EU in-scope companies) or in which the company generated most of its net turnover in the EU in the financial year preceding the last financial year (when the non-EU in-scope company has no branch in the EU or has branches in several EU Member States).

The Proposed Directive requires EU Member States to ensure that the supervisory authorities will have the power to request information and carry out investigations related to compliance with the obligations set out in the Proposed Directive. For example, supervisory authorities will have the power to initiate investigations of their own accord, but also - quite remarkably - as a result of “substantiated concerns” communicated to them by anyone having reasons to believe, based on objective circumstances, that an in-scope company is failing to comply with its obligations under the transposing act.

The EC will ensure the cooperation and a coordinated approach of the supervisory authorities at EU level by setting up a European Network of Supervisory Authorities, composed of representatives of the national supervisory authorities.

What are the sanctions?

The Proposed Directive contains a broad range of public and private enforcement mechanisms.

Administrative enforcement

In the case of non-compliance, the supervisory authorities must impose effective, proportionate and dissuasive sanctions, including fines and compliance orders. In doing so, the supervisory authorities must take into account the company’s efforts to comply with any remedial action ordered, with investments made and collaboration with other entities in order to prevent and end adverse impacts.

Any decision of the supervisory authorities containing sanctions must be published and an effective judicial remedy against these decisions must be provided for under national law.

The Proposed Directive states that the supervisory authorities must at least have the power to:

• order the cessation of infringements of the transposing act and, where appropriate, remedial action within an appropriate period of time;
• impose administrative fines based on the company’s turnover; and
• adopt interim measures to avoid the risk of severe and irreparable harm.

The Proposed Directive does not provide for criminal liability as had been envisaged by the European Parliament Committee on Legal Affairs, but EU Member States remain free to provide for stricter measures in their transposing acts.

The Proposed Directive also requires EU Member States to ensure that companies applying for public support have not been sanctioned for non-compliance with their due diligence obligations under the Proposed Directive.

Civil liability

EU Member States must ensure that victims have the opportunity to hold in-scope companies that have failed to comply with their obligations to account, by taking legal action to obtain compensation for damage which could have been avoided or mitigated with appropriate due diligence measures.

A company will however not be liable for damage caused by an adverse impact that arose from the activities of an indirect partner, if the company had obtained the required contractual assurances from its direct business partner, unless it was unreasonable for the company to expect that the action taken would suffice to prevent, mitigate, remediate or minimise the adverse impact.

The Proposed Directive further states that the civil liability of the parent company must be without prejudice to the civil liability of its subsidiaries or of any direct or indirect business partners in the value chain.

Finally, EU Member States are also required to ensure that the civil liability provided for in their transposing act is an overriding mandatory provision, in order for it to apply in cases where the law applicable to the claims is not that of the EU Member State, such as cases in which the harm was suffered outside the EU.

How does climate change fit into the proposal?

The Proposed Directive creates a specific mechanism regarding climate impact.

First, large in-scope companies (both EU and non-EU) must adopt a “plan” to ensure that the business model and strategy of the company are compatible with the transition to a sustainable economy and with the limiting of global warming to 1.5 °C, in line with the Paris Agreement. This is direct reference to the disclosure obligation of such plans mentioned in the CSRD (see below).

The company’s plan must therefore identify the extent to which climate change is a risk for, or an impact of, the company’s operations. If climate change is or should have been identified as a principal risk for, or a principal impact of, the company’s operations, the company must include emission reduction objectives in its plan. 

Second, climate change becomes directly linked to directors. Obligations related to climate change plans must be taken into account when setting variable remuneration, but only if that variable remuneration is linked to the contribution of a director to the company’s business strategy and long-term interests and sustainability. Furthermore, but only for EU companies, the directors’ duty of care will need to integrate the consequences of their decisions on climate change, including in the short, medium and long term.

An attention point is the directive’s review contemplated 7 years after its entry into force. The Commission will be expected to assess whether, in addition to the climate change plans, the general due diligence process should be extended to adverse climate impacts.

How will this impact directors’ duties and corporate strategy?

Clarification of directors’ duties of care

Under the Proposed Directive, directors must incorporate sustainability matters into their decision-making process. To this end, the Proposed Directive contains a clarification of the directors’ duty of care; as such duty exists in all of the EU Member States’ national laws.

The EC thereby wishes to ensure that this general duty is understood and applied in a manner that is coherent and consistent with the due diligence obligations introduced by the Proposed Directive.

When fulfilling their duty to act in the interests of the company, directors of in-scope EU companies must take into account the consequences of their decisions for sustainability matters, including, where applicable, human rights, climate change and environmental consequences in the short-, medium- and long-term. Breaches of this obligation will be considered a breach of fiduciary duties under national laws.

While sustainability matters may already be part of some companies’ best business practices, the Proposed Directive aims to make this a legal requirement for all in-scope companies. This will expand the directors’ duty of care under the laws of EU Members States to the extent that such duty to act in the best interest of the company does not already encompass such sustainability matters.

Corporate strategy to include sustainability matters

The Proposed Directive also has an impact on the corporate strategy. National legislation will need to include provisions requiring directors to adapt the corporate strategy and take into account the adverse impacts identified in the company’s due diligence process.

Directors will also be responsible for putting in place and overseeing the due diligence actions prescribed by the Proposed Directive and, in particular, the due diligence policy, with due consideration for relevant input from stakeholders and civil society organisations.

What are the interactions with the other key EU Green Deal initiatives?

The proposal is new building block in the new architecture the Commission is building to reorient corporate business and finance towards sustainability and the goals of the Paris Agreement.

The strongest link is with the CSRD. The proposal currently negotiated with the EU Counsel and the European Parliament mandates disclosure by companies in the management report of their plans to ensure transition to a sustainable economy, with a specific reference to the limiting of global warming to 1.5 °C in line with the Paris Agreement.

If the impact assessment, the Commission duly notes that both CSRD and the Proposed Directive are closely interrelated and is hopeful it will lead to synergies. CSRD is seen as the “last step”, or “reporting state”, of the due diligence created by the Proposed Directive.

In addition, the Proposed Directive will also tie to the financial angle of the Green Deal. First, the Commission notes it will underpin the Sustainable Finance Disclosure Regulation (SFDR) entered into force in 2021 and applicable to financial market participants as well as financial advisers. Similarly, the Proposed Directive will complement the Taxonomy Regulation, the EU’s sustainable activities classification system (read more).

It is less clear how the Proposed Directive will articulate with other EU sector-specific disclosure and due diligence obligations (e.g. 2017 Conflict Mineral Regulation, which entered into force in 2021, or the proposed Battery Regulation), especially since the Proposed Directive aims at covering high-impact sectors.

Next steps

Now that the Proposed Directive has been published, several steps will need to be completed in order to formally adopt the text of the Proposed Directive. The European Parliament and the Council will now review, amend and finalise the text to reflect the political agreement amongst the EU institutions. The European Parliament’s negotiation position is likely to have significant bearing on negotiation given its existing resolutions. In that respect, some aspects of the Proposed Directive could evolve for instance regarding enforcement powers.

Given the expected negotiations, sensitivities and resultant delay, the Proposed Directive is not expected to be adopted before 2023; and it is unlikely that such new Directive will have effect before 2025/2027, since EU Member States will then have to transpose the text into national law within the next two or four years, depending on whether the in-scope companies are part of Group 1 or Group 2 (see ‘Scope of Application’ above).

Upcoming Webinars - Navigating the BHR framework in Europe

European countries are witnessing a rapid development in legislation establishing corporate due diligence obligations and corporate accountability for human rights violations, triggering more and more business and human rights-related litigation (which ranges from civil proceedings to criminal investigations).

During a first webinar on Wednesday, 16 March 2022, a panel of BHR specialists (Gauthier van Thuyne, Suzanne Spears, Udo Olgemoeller and Romaric Lazerges) will take a closer look at the latest legislative trends in Europe aimed at integrating BHR principles into reporting and compliance obligations.

This will be followed by a second webinar on Wednesday, 30 March 2022, during which a panel of litigation specialists (Camille Leroy, Suzanne Spears, Tim Mueller and Hippolyte Marquetty) will focus on civil claims, risks for directors and criminal liability.

If you would like to join one or both of these webinars, please send an email to be_ao_events@allenovery.com

Footnotes

_{1 Taking into account that some EU Member States have already adopted or are in the process of adopting national initiatives to promote and protect human rights, the environment, and/or the climate, which may go beyond the requirements set out in the Proposed Directive, it is clarified that the Proposed Directive will not constitute grounds for reducing the level of protection provided for by the national law of EU Member States.
2 We note that the thresholds that trigger the applicability in terms of employees and turnover figures for SMEs should be aligned in the further legislative process to ensure a cohesive regulatory approach re SMEs in the EU.
3 Available at: https://ec.europa.eu/info/sites/default/files/1_2_183888_annex_dir_susta_en.pdf.
4 Available at: https://www.ohchr.org/documents/publications/guidingprinciplesbusinesshr_en.pdf.
5 Available at: http://mneguidelines.oecd.org/OECD-Due-Diligence-Guidance-for-Responsible-Business-Conduct.pdf.}