16 May 202122 minute read

Human rights and environmental due diligence legislation in Europe – Implications for global supply chains

After World War II, there have been increasing calls for the universal application of human rights. To achieve this goal, demands have also been voiced for several decades that not only states but also multinational corporations should strive to increase the positive impacts of their operations and minimize the negative impacts of their activities on human rights and environmental standards. International corporations that do not voluntarily adhere to human rights and environmental standards along their supply chain are criticized for taking advantage of weak and poorly enforced domestic regulations in emerging and developing countries, particularly in the Global South. This backdrop led to the adoption of the “United Nations Guiding Principles on Business and Human Rights” in 2011, which today represent the global soft law standard for preventing and managing the risk of negative impacts on human rights in connection with business activities. The need for companies to comply with these standards is demonstrated by the fact that, in terms of working conditions, the International Labour Organization estimates that 25 million people are victims of forced labor globally and, according to the UN, environmental damage is also steadily increasing around the planet. This background and the tragic collapse of the Rana Plaza factory in Bangladesh back in 2013, which claimed the lives of over 1,000 people, confirmed the need for European lawmakers to establish a binding and more stringent liability regime for corporate supply chains. Accordingly, the concept of mandatory human rights due diligence for companies is gaining momentum in Europe. Legislative initiatives at the EU Member States and EU level suggest that they pose significant challenges and potentially severe liabilities for companies procuring their products through supply chains from developing and emerging countries and sell them in Europe.

This article highlights how companies with global supply chains can maintain/achieve compliance with human rights and environmental standards and safely navigate this new hard law regulatory landscape in the EU Member States France, the Netherlands, Germany and at EU level.

France

France launched its supply chain legislation back in 2017 with the “Duty of Vigilance Act” (Loi de Vigilance). The Duty of Vigilance Act requires all large French companies – with over 5,000 employees in France or over 10,000 worldwide – to undertake due diligence with regard to the companies they control and all their contractors and suppliers. The Duty of Vigilance Act is structured around two mechanisms. First, a “civil duty of vigilance” aimed at preventing risks and serious abuses of fundamental rights, health, personal safety and the environment in connection with business activities. Second, a “redress and liability mechanism” for breaches of these obligations by companies.

Vigilance Plan

The Duty of Vigilance Act requires companies to develop a vigilance plan in consultation with stakeholders and trade unions. The vigilance plan must cover the company’s own activities with regard to possible violations of human rights and environmental standards and those of its controlled subsidiaries, contractors and suppliers. In line with the objective of preventing risks and serious violations of fundamental rights, health, safety of persons and the environment arising from the global operations of companies, the Duty of Vigilance Act provides that a wide range of entities must be included in the “perimeter” of a company’s vigilance. This includes directly or indirectly controlled subsidiaries as well as contractors or suppliers with which the company has an established business relationship (commercial activity with or without a contract). The plan should identify, analyze and map the risks for human rights and the environment arising from the company’s activities and should also include appropriate measures to mitigate these risks. In order to achieve more than a “sophisticated benchmark report,” companies must implement and monitor the effectiveness of their plan. The Duty of Vigilance Act accordingly requires companies to regularly assess the situation in their supply chains and at their subsidiaries with regard to the risks to human rights and the environment identified in their plan. Finally, the plan and its implementation report must be made publicly available so stakeholders can participate in the development of the plan, review its implementation and be informed of the risks that a particular activity may pose to them.

Enforcement Mechanism

The Duty of Vigilance Act provides that companies that fail to publish or implement vigilance plans are subject to:

  • court ordered injunctions or penalty payments (the judge may implement this injunction by the payment of a periodic penalty) if the company does not comply with its obligations under the Duty of Vigilance Act; and
  • companies are held liable if damage results from their failure to properly implement an adequate plan (civil liability action).

Companies that fail to comply with their due diligence obligations under the Duty of Vigilance Act are therefore subject to sanctions and are liable for damages caused by an improperly prepared and monitored vigilance plan, even if these damages are directly caused by third parties.

Netherlands

The Dutch legislation “Child Labor Due Diligence Act” (Wet Zorgplicht Kinderarbeid; Dutch Due Diligence Act) was adopted 2019 and obliges companies to investigate whether their goods or services have been produced using child labor and to develop a plan to prevent child labor in their supply chains. The Dutch Due Diligence Act imposes significant administrative fines, criminal sanctions for non-compliance and also a reporting obligation to the yet-to-be-determined regulatory body (regulator). The act will become effective by mid-2022, to give companies a grace period to investigate their supply chains. The Dutch Due Diligence Act applies to all companies that sell or supply goods or services to Dutch consumers, regardless of where the company is based or registered, without exemptions for legal form or size.Under the Dutch Due Diligence Act, companies must comply with the following obligations:

Due Diligence

As part of its due diligence, companies must investigate whether there are reasonable grounds to suspect that a product or service in their supply chain has been produced using child labor. If, following this investigation, a company has reasonable grounds to suspect that goods and/or services have been procured with the use of child labor, it must develop and implement an action plan to ensure that child labor is prevented in its supply chains in the future.

Reporting Requirement

Companies covered by the Dutch Due Diligence Act must submit a declaration to the Dutch regulator affirming that they have exercised an appropriate level of supply chain due diligence to prevent child labor.

Supervision

The Dutch regulator will oversee the implementation and compliance with the Dutch Due Diligence Act. However, instead of actively investigating or initiating enforcement, the regulator relies on affected parties and stakeholders to bring violations to its attention. The complainant will file a complaint with the offending company, requesting a response and instructing the company to resolve the issue. If the company does not resolve the matter within six months, the Dutch regulator will step in to act as a mediator.

If the Dutch regulator determines that a company has violated the Dutch Due Diligence Act, the regulator will issue a legally binding course of action to the company. Failure to follow these instructions or complete the work within the allotted timeline may result in fines or additional penalties for the offending company.

Enforcement Mechanism and Fines

Fines for failing to file a declaration that the company has exercised an appropriate level of supply chain due diligence start at EUR 4,350, and penalties increase exponentially for companies found to have an inadequate due diligence process or lack of an appropriate action plan to detect and prevent child labor. Companies that fail to comply with the Dutch Due Diligence Act can be fined up to EUR 870,000 or 10% of the company’s total worldwide revenue, if a fine of up to EUR 870,000 is not deemed an appropriate penalty. If a company receives two fines for breaching the Dutch Due Diligence Act within five years, the responsible company director is liable for up to two years of imprisonment under the Dutch Economic Offences Act.

The Dutch Due Diligence Act “only” covers human rights violations but not environmental harm of companies’ supply chains. It does not create a direct civil cause of action permitting third parties to sue a company for the adverse consequences of human rights violations, but it has strong enforcement mechanisms and is one of the first criminal enforcement instruments in the field of business and human rights.

Germany

The German government has presented a draft bill for a German “Supply Chain Act” (Sorgfaltspflichtengesetz) that obliges companies to conduct human rights and environmental due diligence in their supply chains. The German Parliament is expected to vote on the final bill during the current legislative period (until September 2021).

Initially, the scope of application of the German Supply Chain Act applies to partnerships and corporations that have their head office, principal place of business, administrative headquarters or statutory registered office in Germany and employ more than 3,000 employees across the entire group (Konzern). From 2024, the German Supply Chain Act will also apply to smaller companies with more than 1,000 employees.

Under German law, companies are most likely not liable for foreign damage claims of other companies in their global supply chain. However, according to the German Supply Chain Act, it will be possible in the future for non-governmental organizations and German trade unions to represent private claimants in German courts by way of representative action (Prozessstandschaft) if there are violations of standards in the supply chain.

Implications for Companies

Under the German Supply Chain Act, the responsibility of companies extends to the entire supply chain, scaled according to the degree of influence. The obligations pursuant to the German Supply Chain Act are to be implemented by the companies in their own business area as well as vis-à-vis their direct suppliers. Indirect suppliers are also to be included in the obligations under the German Supply Chain Act when companies obtain “substantiated knowledge” of human rights violations at this level.

The key feature of the new German Supply Chain Act will be the regulation of human rights due diligence obligations for companies. The new due diligence requirements include:

Risk Management

As a first step, companies must identify and assess their risks within their supply chains in order to be able to take appropriate measures to address these risks. The German Supply Chain Act identifies, inter alia, forced labor, child labor, discrimination, violation of freedom of association, problematic employment and working conditions as well as environmental damage as relevant risk areas. The risk analysis must be undertaken by the companies at least once a year and the results of the risk analysis must be communicated internally to the relevant decision-makers – such as their directors or (senior) management – and the decision-makers must give due consideration to the results. As part of their risk management, companies must perform an analysis of the human rights and environmental risks of their direct suppliers. In cases where an improper contractual arrangement has been entered into with the direct supplier or a circumvention transaction has been undertaken, an indirect supplier is considered to be a direct supplier. In addition, if companies obtain substantiated knowledge of a possible violation of human rights or environmental standards by one of their indirect suppliers, they must immediately conduct a risk analysis for these violations. Should a company identify a risk in the course of such an analysis, the management must adopt a policy statement on its human rights and environmental strategy in order to prevent adverse impacts on human rights and the environment.

Obligation to Remedy Human Rights and Environmental Violations

As a consequence of the risk analysis, companies must take measures to prevent, minimize and remedy identified negative impacts. If the company is unable to minimize the human rights and environmental violations in the foreseeable future, it must immediately develop and implement a concept to minimize them: companies should either seek solutions together with the supplier that caused the violation or solutions need to be developed within the industry. Alternatively, the company may temporarily suspend the business relationship with the supplier while efforts are undertaken to minimize the risk. The termination of business relationships should only be used as a last resort in the event of human rights violations by suppliers. Companies must also set up an internal grievance mechanism for misconduct relating to human rights and environmental standards caused by the economic activities of the company or its direct or indirect suppliers.

Reporting Obligation

The companies concerned will also be required to publicly submit an annual report on the actual and potential negative impacts of their business activities on human rights and the environment. The report shall be made publicly available on the company’s website for a period of seven years.

Obligation to Make Best Efforts and Proportionality

Both the duty to analyze risks and the duty to undertake follow-up measures are not intended as a duty to succeed, but as a duty to use one’s best efforts. In other words, companies are not obliged to prevent all human rights and environmental violations in their own business operations and those of their direct suppliers under all circumstances. Rather, the required risk management is based on the principle of proportionality. The measures that are proportionate and reasonable for the individual company depend in particular on the actual influence that the company can exert within its supply chain and on the countries to which the supply chain extends. However, termination of the business relationship with a supplier is only required if the violation of human rights or the environment is assessed as very serious, no remedy can be obtained, and no other mitigating measures are available to the company.

Monitoring, Fines and Sanctions

Under the future German Supply Chain Act, the Federal Office for Economic Affairs and Export Control (Bundesamt für Wirtschaft und Ausfuhrkontrolle) will monitor compliance with due diligence requirements and conduct onsite inspections of companies. Complaints from those affected by human rights and environmental violations can also be reported directly to the Federal Office for Economic Affairs and Export Control.

In the event that a company fails to comply with due diligence requirements, the German Supply Chain Act provides for sanctions in the form of penalty payments (Zwangsgeld) up to EUR 50,000 in administrative enforcement proceedings and/or fines. The amount of the fines is to be up to 2% of a company’s global revenue. In addition, companies that have already been fined a large amount can be excluded from public contracts for up to three years.

EU Level

At the European level, both the European Commission and the European Parliament are strongly advocating legislation that would require mandatory corporate due diligence on human rights and environmental issues.

In February 2021 the European Parliament’s Legal Committee adopted a “Draft Directive on Corporate Due Diligence and Corporate Accountability” (Draft Directive) calling on the European Union to legally require companies to respect human rights and the environment in their supply chains. The text of the draft Directive was adopted on 10 March 2021. This initiative is intended to increase the EU’s scrutiny of companies regarding the impact of their business on the environment and people globally, not only in the 27 EU Member States. The Draft Directive covers large, small and medium-sized undertakings governed by the law of an EU Member State or the law of third countries, if they operate in the internal market and sell goods or provide services.

The European Parliament’s Draft Directive proposes an EU law requiring companies to monitor, identify, prevent and remedy risks to human rights, the environment and governance in their operations and business relationships – including suppliers and subcontractors. This would, inter alia, include labor rights, such as minimum age requirements and occupational safety. When risks of human rights or environmental violations emerge, a company will be required to publicly disclose the details of such a risk and take steps to remedy them. National authorities must monitor companies for compliance, investigate complaints and can impose significant penalties. The Draft Directive also provides victims of human rights violations with the right to take companies to court in the EU. Companies will be obliged to consult trade unions, indigenous peoples and civil society when developing their required due diligence plans. The Draft Directive additionally highlights that the Draft Directive will not reduce the level of protection for human rights or the environment established at national, Union or international level.

It is noticeable that the European Parliament’s Legal Affairs Committee has chosen to refer to a company’s “value chain” rather than its “supply chain.” The European Parliament’s initiative defines a “value chain” as all entities with which the company has a direct or indirect, upstream or downstream, business relationship and which either (i) supply products or services that contribute to the company’s own products or services, or (ii) purchase products or services from the company. The term “value chain” consequently encompasses a much larger group of companies than the term “supply chain.”

Implications for Companies

The European Parliament’s Draft Directive therefore requires companies to:

  • identify, assess, prevent, cease, mitigate, monitor, communicate, account for, address and remediate the potential and/or actual adverse impacts on human rights, the environment and good governance that may arise from their own activities and those of their value chains and business relationships;
  • take all proportionate and reasonable measures and efforts within their means to prevent adverse impacts on human rights, the environment and good governance from occurring in their value chains;;
  • properly address adverse impacts (first point above) when they occur;;
  • undertake a risk assessment and effectively implement a due diligence strategy (to be published on the company’s website);;
  • conduct an ongoing monitoring, review the risk assessment and evaluate if the due diligence strategy is still working, at least once a year and revise it accordingly; and;
  • provide a grievance mechanism and remediation process for potential or actual adverse impacts on human rights, the environment and good governance. Companies must also report on substantiated concerns raised through their grievance mechanisms and regularly report on the progress made in these cases.;

Enforcement Mechanism

EU Member States are required to:

  • implement rules to ensure that companies carry out effective due diligence;
  • designate independent national authorities responsible for the monitoring of the application of the Draft Directive – including investigations – and for disseminating best due diligence practices;
  • establish an effective civil liability regime under which companies can be held liable for any harm arising from adverse impacts on human rights, the environment and good governance. The national regime should include a rebuttable presumption in favor of the victim and companies would have to prove that they took all due care in line with the Draft Directive to avoid the harm in question; and
  • implement a penalty regime, including regulatory sanctions and administrative fines. These sanctions include, inter alia, temporary or indefinite exclusion of companies from public procurement and/or state aid. With regard to fines, recital 50 Draft Directive provides that fines should be “comparable in magnitude to fines currently provided for in competition law and data protection law.” In the context of the other national European legislation on supply chain lability it is probable that a future EU instrument will also impose a financial penalty of up to 10% of the company’s worldwide revenue.

Implementation of the Draft Directive

Normally, the EU Commission jealously guards its right of initiative when it comes to proposals for EU legislation. However, the Commission already has a legislative initiative in mind in this area, so a proposal for new EU legislation on supply chains can be expected in the second quarter of 2021. If it is adopted more or less in the same vein as the European Parliament’s proposal, the new EU legislation on supply chains will certainly have a decisive impact on the legislative landscape with regard to sustainable corporate governance.

If an EU Corporate Due Diligence and Corporate Accountability Directive is adopted by the EU, it would then have to be transposed into the national laws of the EU Member States, making existing national regulations on supply chains with a lower level of protection obsolete.

Summary

On the one hand, it should be noted that the proposed Draft Directive would create a level playing field through its applicability to all companies selling goods and services in the EU, as it is applicable to both EU companies and companies from third countries. On the other hand, however, the requirements of the present Draft Directive would also be quite burdensome, particularly for small and medium-sized enterprises (SMEs). Moreover, it is one thing to require companies to take human rights and sustainability into account in their key purchasing decisions; it is another to demand that they monitor these issues in overseas countries to an extent which could be regarded by those countries as unwarranted interference in internal affairs. These countries might therefore also perceive the EU supply chain legislation as disguised protectionism.

Conclusion

In general the French Duty of Vigilance Act, the Dutch Due Diligence Act, the German Supply Chain Act and the EU Draft Directive on Corporate Due Diligence and Corporate Accountability are in line with the three pillars “Protect, Respect and Remedy” of the UN’s Guiding Principles on Business and Human Rights as they require companies to perform human rights due diligence to prevent human rights violations along the corporate supply chain and provide access to remedies if human rights are not respected. In addition to human rights, European supply chain legislations – with the exception of the Dutch Due Diligence Act – also cover mandatory compliance with environmental standards. This illustrates that the increasing awareness of sustainability has given rise to legislation that goes beyond the requirements of the UN’s Guiding Principles on Business and Human Rights. If the new European Draft Directive indeed introduces a value chain liability regime, and if this future EU legislation applies to all companies doing business in Europe, it will be a turning point for globalization as it will help to ensure that global businesses comply with human rights and environmental standards worldwide.

Companies should be aware that by complying with human rights and environmental standards along their supply chains, they enhance the value and standing of their company, brands and trademarks and the products they sell.

In order to respect human rights and environmental protection and in response to current and forthcoming supply chain legislation in Europe, it is first necessary for companies to conduct an independent risk analysis of the company’s entire current value chains, assessing the risk of potential human rights or environmental violations.

In this context, it is imperative to take country- and industry-specific factors into account to ensure a comprehensive risk analysis regarding human rights and environmental violations. To avoid, in addition, the liability of companies for fines up to 10% of global revenue and criminal sanctions against their directors and management, it is strongly recommended to have this risk analysis performed by independent third parties with knowledge of the reality in the respective developing and emerging countries.

Second, it is essential for companies to expand their compliance structure by integrating sustainability and human rights aspects into their entire corporate value chain. In this regard, it is important to create a compliance structure and screening mechanism that ensures that suppliers comply with the due diligence obligations incumbent on the company under European supply chain legislation. Compliance with the new standards will ultimately avoid liability. The UN’s Guiding Principles on Business and Human Rights can be used as a guide for implementing such compliance management systems.

Third, the effective plan to be developed by companies under European supply chain legislation that identifies, analyzes and maps the risks posed by the company’s activities in relation to human rights and environmental violations requires companies to engage the expertise of independent third parties with knowledge of the challenges in the relevant markets. The integration of this third party know-how is also important in order to monitor the effectiveness of the company’s plan with respect to human rights and environmental violations and to take appropriate measures to mitigate these risks.

Fourth, as part of their annual reporting obligations, companies must conduct a risk analysis of their value chains, verify that the due diligence mechanisms installed concerning their value chains are effective and conduct an analysis of their preventive grievance mechanisms.

If a company identifies risks within its value chain during the required risk analysis, it must take preventive measures; for example, by concluding appropriate agreements with its suppliers in which the suppliers are also required to comply with due diligence requirements relating to human rights, labor and environmental standards.

Good contract design that takes into account the specific features of the relevant countries can significantly reduce the cost of risk analysis and help reduce the need for action as part of the required ongoing screening process. In their supplier agreements, companies should require suppliers to comply with their code of conduct, which must ensure that at least the obligations under the applicable European supply chain laws are met. The supply contracts must also describe the supplier’s expected cooperation, which is shaped by the European supply chain laws, in a precise and legally binding manner. In addition, it is necessary to contractually secure audit rights from suppliers to meet the standards of European supply chain legislation and to contractually embed an obligation on the part of the suppliers to prove that they have provided continuous training on the subject of human rights and environmental protection. Regular random checks of the aforementioned requirements, also on site, are likewise part of effective supplier management – preferably by independent third parties. Furthermore, suppliers can be required to ensure that the compliance standards described above are also observed in the downstream value chains.

Implementing the above measures will enable companies to maintain/achieve compliance with human rights and environmental standards and allow them to safely navigate European supply chain legislation without exposing themselves to significant liability of up to 10% of worldwide annual revenue, sanctions or criminal penalties.

Print