24 July 202416 minute read

Corporate Sustainability Due Diligence Directive: 10 questions to understand its impact on your business

After two and half years of intense negotiations and the possibility of full rejection, the Corporate Sustainability Due Diligence Directive (CSDDD or Directive) was officially adopted and published in the Official Journal of the European Union (EU) on 5 July 2024.

The Directive requires European and non-European companies operating in the EU to conduct due diligence of all of their global value chains to identify and address adverse human rights and environmental risks that might arise in their operations inside and outside the EU. The aim is to foster sustainable and responsible corporate behaviour.

The Directive will take effect on 25 July and will become applicable to companies in stages starting from 26 July 2027.

In this article, we've tried to address ten of our clients' most frequently asked questions about the CSDDD to help you understand how the new framework affects your company. Get in touch if you'd like to discuss in more detail.

 

1. Which companies are in scope?

The CSDDD applies to both companies established in the EU and companies established outside the EU.

Fulfils one of the following criteria for two consecutive financial years:

 

Companies established in the EU (Article 2(1) of CSDDD)
Companies established outside the EU (Article 2(2) of CSDDD)
Fulfils one of the following criteria for two consecutive financial years:
More than 1,000 employees on average and net worldwide turnover of more than EUR450 million in the last financial year. Generated a net turnover of more than EUR450 million in the EU in the financial year preceding the last financial year.
Is the ultimate parent company of a group that has more than 1,000 employees on average and net worldwide turnover of more than EUR450 million in the last financial year. Is the ultimate parent company of a group that generated a net turnover of more than EUR450 million in the EU in the financial year preceding the last financial year.
Entered into franchising or licensing agreements in the EU with royalties of more than EUR22.5 million and had a net worldwide turnover of more than EUR80 million in the last financial year.

Entered into franchising or licensing agreements in the EU with royalties of more than EUR22.5 million and had a net worldwide turnover of more than EUR80 million in the financial year preceding the last financial year.

 

Ultimate parent companies whose main activity is holding shares in operational subsidiaries and which don't engage in management, operational and financial decisions affecting the group or one or more subsidiaries are exempted, if one of their subsidiaries established in the EU is designated to fulfil the obligations under Articles 6, 16 and 22 of the CSDDD (discussed below).

The CSDDD also affects upstream and downstream business partners that are part of the value chain of companies falling within the scope of the Directive, regardless of where these business partners are based.

 

2. How to conduct due diligence?

The EU approach aligns, to a certain extent, with the existing international standards and frameworks, such as the UN Guiding Principles on Business and Human Rights and the OECD Guidelines on Responsible Business Conduct. It prescribes a six-steps due diligence process.

STEP 1: INTEGRATING DUE DILIGENCE INTO POLICIES AND MANAGEMENT SYSTEMS

Article 7 of the CSDDD requires companies to:

  • integrate due diligence into all relevant policies and risk management systems;
  • establish a due diligence policy that contains a description of company's approach to due diligence and processes put in place to integrate due diligence into the business, and;
  • most importantly, to accurately set out the code of conduct which describes the rules and principles to be followed by the company and its subsidiaries, as well as direct and indirect business partners.

The due diligence policy should be developed in consultation with employees and their representatives and be updated when a "significant change" occurs or at least every two years.

STEP 2: IDENTIFYING AND ASSESSING ADVERSE HUMAN RIGHTS AND ENVIRONMENTAL IMPACTS

The Directive requires companies to take "appropriate measures," such as analysing their value chains, reviewing audit reports, make use of independent reports and information provided by stakeholders, to:

  • map operations to identify areas where adverse impacts are most likely to occur and to be most severe;
  • based on this mapping, conduct an in-depth assessment of the likely risks and their severity.

One of the major difficulties faced by multinational companies in this stage is the need to assess the company's own operations, in those of its subsidiaries, but also those of their business partners (Article 8 CSDDD).

STEP 3: PREVENTING, CEASING OR MINIMISING ACTUAL AND POTENTIAL ADVERSE HUMAN RIGHTS AND ENVIRONMENTAL IMPACTS

Companies have to take appropriate measures to prevent or adequately mitigate potential adverse impacts that have been or should have been identified in the previous steps of the due diligence process. Examples of measures that companies can implement include:

  • prevention action plan
  • contractual assurances (direct, but also indirect business partners) and third-party verification
  • financial and non-financial investments in processes and infrastructure
  • improving the company’s operations (including purchasing, design and distribution practices)
  • supporting business partners that are SMEs (capacity-building, guidance, administrative and financial support)
  • collaborating with other entities and business partners

In deciding which appropriate measures to implement, companies should consider their ability to influence the business partner causing any adverse impacts including their own involvement in those impacts. The rationale of the CSDDD is to nudge companies to establish an ongoing dialogue and engagement with their suppliers to prevent adverse impacts together. In the same spirit is the requirement to allow stakeholders to submit complaints and notifications of bad behaviour.

If potential adverse impacts have materialised, the company has to take similar appropriate measures to bring the adverse impacts to an end or mitigate them.

STEP 4: MONITORING AND ASSESSING THE EFFECTIVENESS OF MEASURES

Companies have to periodically assess the implementation of their own operations and measures, and those of their subsidiaries and business partners. They also have to monitor the adequacy and effectiveness of the measures adopted in light of the obligations in step 2. This should be done after any significant change occurs or at least every 12 months. If required, the due diligence policy, adverse impacts identified and the appropriate measures must be updated accordingly.

STEP 5: COMMUNICATING

Companies have to report on the matters covered by this Directive with an annual statement published on their website no later than 12 months after the balance sheet date of the financial year for which the statement is drawn up.

Companies in scope of the Corporate Sustainability Reporting Directive (CSRD) and already subject to reporting obligations don't have to report under the CSDDD.

STEP 6: PROVIDING REMEDIATION

If a company causes, alone or jointly, an actual adverse impact, it has to provide remediation. This involves putting the affected person or persons, communities or environment back to a situation equivalent to where they would have been in had the actual adverse impact not occurred. If this is not possible then the restorative action needs to place the affected person or persons back into a position as close as possible to their original situation. Examples of remediation measures include financial and non-financial compensation or reimbursing costs for remedial measures.

 

3. How does the CSDDD affect a company's relationship with suppliers?

The reach of the CSDDD isn't limited to companies directly in scope of the Directive. It also affects upstream and downstream business partners.

Companies in scope of the CSDDD will need to conduct thorough due diligence not only in their own operations but also in those of their suppliers. So, in practice, they'll need enhanced monitoring, checks and audits of their business partners. Companies might also need to revise their contracts to include specific sustainability and human rights clauses and impose new obligations on suppliers. They might also have to offer measures like capacity building and training to smaller entities to support them in complying with the CSDDD. The Commission is expected to issue guidance about voluntary model contractual clauses by 2027.

Suppliers should be ready to disclose more detailed information about their operations and sourcing practices to help companies fulfil their due diligence obligations. An important aspect if suppliers don't comply with the requests by companies in scope is the possibility, as a last resort, to temporarily suspend or even terminate the relationship with a business partner where actual adverse impacts could not be brought to an end or mitigated.

 

4. Does the CSDDD take a risk-based approach?

In cases when a company identifies a number of adverse impacts but can't prevent, mitigate, bring to an end or minimise them at the same time and to their full extent, the EU legislator allows companies to address them using a risk-based approach. In practice, companies can prioritise risks that are most severe and most likely to occur before addressing other adverse impacts. A reasonable and correct prioritisation could also limit the responsibility of a company in case of damages stemming from less severe and less likely adverse impacts that the company had not yet addressed.

 

5. What does the engagement with stakeholders imply?

The CSDDD urges companies to engage effectively and meaningfully with stakeholders, which include company's employees, trade unions and workers’ representatives, consumers, national human rights and environmental institutions and civil society organisations. The Commission will issue more detailed guidance on how this engagement should take place. At this stage, the law requires companies to:

  • consult stakeholders at certain stages of the due diligence process, eg when identifying and assessing the actual and potential adverse impacts, developing prevention and corrective action plans, when deciding on the termination or suspension of business relationships, during the adoption of measures to remediate adverse impacts; and
  • provide stakeholders with relevant and comprehensive information, proactively or following a request.

Article 13(6) CSDDD sets out a mechanism to facilitate to a certain extent communication between companies and stakeholders other than company's own employees and their representatives. It allows companies to fulfil the obligations on meaningful engagement with stakeholders through industry or multi-stakeholder initiatives.

 

6. What is the Climate Transition Plan?

Certain businesses are already required to comply with the Corporate Sustainability Reporting Directive (CSRD) which requires those companies in scope to adopt and implement a climate transition plan. This is a plan that aims to ensure the business model and corporate strategy are compatible with the transition to a sustainable economy, in particular with the goal of limiting global warming to 1.5°C in line with the Paris Agreement, with net zero targets, and the exposure to coal-, oil- and gas-related activities.

Article 22 CSDDD requires the plan to contain:

  • time-bound targets, including science-based goals for 2030 and every five years up to 2050, and emission reduction targets for scope 1, 2 and 3 greenhouse gas emissions;
  • decarbonisation strategies, ie key actions and steps to achieve these targets, potential changes in company's products and services offering, adoption of new technologies;
  • investment details, ie explanation and qualification of investments and funding for the transition plan;
  • governance role, including a description of the roles and responsibilities of the administrative, management and supervisory bodies regarding the transition plan.

The plan needs to be reviewed every 12 months and include a description of the company's progress towards achieving the set targets.

Companies that report their climate transition plan under the CSRD are deemed to be complying with this obligation established in the CSDDD.

 

7. Will companies get additional guidance on the implementation?

Yes, as the pioneering legal text of this nature, the CSDDD establishes a general framework for corporate due diligence, leaving more specific aspects to future implementing legislation and guidelines.

By 2027 the Commission will develop general and sector-specific guidelines on a number of topics, including:

  • guidance on how to conduct due diligence, with a particular focus on identifying and prioritising adverse impacts, appropriate measures to adapt purchasing practices, responsible disengagement, remediation, stakeholder engagement;
  • practical guidance on the climate transition plan;
  • guidance on assessing company-level, business operations, geographic and contextual, product and service, and sectoral risk factors, including those associated with conflict-affected and high-risk areas;
  • information on stakeholder engagement; and
  • further tools and resources to facilitate compliance with the Directive.

It will also adopt delegated acts to clarify the content and criteria for reporting and communicating due diligence measures, in line with the sustainability reporting standards and the CSRD.

According to Article 18 CSDDD, the Commission will also develop guidance about voluntary model contractual clauses that companies could use to require their business partners to comply with their code of conduct and further measures adopted pursuant to this Directive. This will be a crucial aspect for numerous companies with global value chains that struggle to obtain information or specific assurances from their business partners in third countries.

Member states also have to adopt accompanying measures to help companies comply with the Directive. These measures can include dedicated websites, platforms and portals, a helpdesk and guidance.

Finally, the CSDDD recognises the role that industry and multi-stakeholder initiatives play in supporting the implementation of the due diligence obligations and encourages companies to participate in them.

 

8. What's the timeline? (transposition, applicability to companies)

The CSDDD was published in the Official Journal on 5 July 2024 and will take effect on 25 July 2024. Member states will have two years to transpose the European rules into national measures, i.e. by 26 July 2026.

The measures will become applicable in stages, based on whether the company is based in the EU, its number of employees and turnover, as from 26 July 2027.

 

9. How does the CSDDD interact with the CSRD and other laws?

With regard to the CSRD, the main takeaway is that the CSDDD requires companies to take concrete steps to improve their environmental and social impacts along the value chain, whilst the CSRD requires them to report and publicly disclose these efforts. Generally, companies in scope of the CSRD (which already applies to the first batch of companies that need to report in 2025 for financial year 2024) are also in scope of the CSDDD. So reporting under the CSRD would avoid additional reporting under the CSDDD.

We highlight that the CSDDD is a general framework that will apply in addition to other more specific due diligence legislative acts, like the Conflict Mineral Regulation, the Batteries Regulation, the Deforestation Regulation or the soon-to-be-adopted Forced Labour Regulation. If you fall within the scope of these regulations , it's important to make a more in-depth assessment dealing with the specifics of the regulatory requirements as your obligations might go beyond the CSDDD.

Generally, companies that fall in scope of and comply with the reporting obligations laid down in the CSRD are exempted from several obligations under the CSDDD, such as preparing a transition plan for climate change mitigation as mentioned above and the obligation to publish an annual statement on their website. EU member states have to transpose the CSRD by 6 July 2024 and CSRD obligations are about to become applicable to the first batch of companies in scope.

 

10. How can companies prepare?

Companies can already start to prepare for the CSDDD by:

  • conducting risk assessments to identify actual and potential adverse impacts within their own operations, subsidiaries and value chains;
  • adopting measures to prevent or where this is not possible, minimise the identified adverse impacts;
  • preparing suitable and fair contractual assurances to be included in direct and indirect business partner agreements, and;
  • adopting measures to verify compliance with these contractual assurances.

Companies can start engaging suppliers by:

  • communicating the code of conduct of the company;
  • starting to obtain contractual assurances of compliance with the company’s code of conduct, and prevention and corrective action plan, if applicable, from direct and indirect suppliers; and
  • working with suppliers to prevent and end adverse impacts and providing training on the requirements of the CSDDD.

During the transposition period of the Directive, companies affected can continue advocacy and engage with regulators to get guidance to ensure the CSDDD is implemented properly in EU national member state legislation.

At DLA Piper, we have extensive experience helping companies with their compliance and advocacy efforts. If you have any questions or if you'd like a more in-depth discussion, please reach out to us.

Print