Corporate Sustainability Due Diligence Directive incoming

Irwin Mitchell’s Keith Davidson recently wrote about the Corporate Sustainability Due Diligence Directive (“CSDDD” / “the Directive”) as part of a wider piece on Mandatory ESG (Environmental, Social and Governance) Reporting in March 2023.

The Directive was approved by the EU parliament on 24 April 2024.

In this article we consider the Directive in more detail and in particular what compliance measures companies will need to introduce in order to avoid falling foul of the new directive.

What is the CSDDD?

The Directive creates a legal enforcement and due diligence requirement on sustainability issues for certain businesses operating in the EU. These sustainability requirements are directly attributable to prevent adverse environmental impacts, protect human rights and slow climate change. 

Practically, the implementation of the Directive will mean certain companies will have an obligation to recognise, prevent and eliminate activities which cause an adverse impact via a range of due diligence measures failing which they will be subject to penalties. 

These obligations will not only require due diligence on companies’ own business operations but will place a positive requirement on companies to consider the activities of their subsidiaries and other entities with which they have a direct and/or indirect relationship regarding their supply chain. 

The Directive applies to both EU and non-EU companies that fall within certain parameters. 

When will CSDDD requirements commence?

Member states will have two years to incorporate the Directive into national law. The Directive will be subject to a gradual implementation over a longer period to allow companies to prepare for compliance with the new directive rules. 

What is the likely impact of the CSDDD?

1. Increased Due Diligence Requirements: Companies that are to comply with the Directive will be obligated to conduct thorough due diligence to identify and mitigate adverse human rights and environmental impacts in their operations and supply chains. 
2. Supply Chain Transparency: The Directive aims to enhance transparency by requiring companies to disclose information about their supply chains. Businesses will need to provide details on suppliers, subcontractors, and the steps they take to ensure responsible practices throughout the supply chain.
3. Legal and Reputational Risks: Non-compliance with the Directive could result in legal penalties, fines, and reputational damage, although to what extent remains to be seen given the implementation timeline. Businesses that fail to implement the requisite due diligence measures may face legal action or public scrutiny, which is likely to affect their brand image, reputation and investor / stakeholder confidence.

Which companies are likely to be impacted?

Companies with 5,000 employees and €1,500 million turnover will be impacted in 3 years; reporting will be required for the financial year starting 1 January 2028. 

Companies with 3,000 employees and €900 million turnover will be impacted in 4 years; reporting will be required for the financial year starting 1 January 2029. 

Companies with 1,000 employees and €450 million turnover will be impacted in 5 years; reporting will be required for the financial year starting 1 January 2030. 

What are the sanctions for non-compliance?

Member states will determine the penalties that will be applicable to breaches of national provisions which have been adopted under the Directive. The Directive does, however, require that member states shall provide for pecuniary penalties alongside a public statement indicating the details of the company responsible for the breach, together with details of the breach in the event of non-compliance. 

The European Commission recommends dissuasive and proportionate enforcement which may result in a maximum of 5% of the company’s net worldwide turnover. 

Top tips for impacted companies

Companies can prepare for the implementation of the Directive by:

• Reviewing their existing contracts to establish whether they comply with the Directive;
• Mapping their existing due diligence policies and procedures to ensure they align with the Directive;
• Plotting out their existing value chain and seek to ensure they are also compliant with the Directive;
• Identifying who its subsidiaries are and analysing their sustainability policies for compliance and raising concerns at an early stage before compliance is required;
• Prepare regulatory responses;
• Identifying current and future business investments and partners with a view to whether they are compliant with the relevant terms of the Directive;
• Identifying any potential new or current environmental and /or human rights risks or areas of non-compliance with the Directive that can be acted upon to ensure compliance at the relevant time; and 
• Take action now ready for member state implementation.

In summary, businesses will need to adapt their practices, invest in due diligence processes, and prioritise sustainability to comply with the Directive and mitigate risks associated with non-compliance.