Introduction
The Directive on Corporate Sustainability Due Diligence (CSDDD) reflects a growing emphasis on integrating human rights and environmental standards into business practices, particularly in global value chains. This aligns with the broader trend of increasing attention to corporate social responsibility and sustainability.
The CSDDD is part of a broader effort to establish a comprehensive framework for corporate sustainability, echoing similar movements in various European Member States, such as the German Supply Chain Act of 2021.
There is an acknowledgment of the potential impact on developing countries, and the proposal recognizes the need for accompanying measures, particularly to support small and medium-sized enterprises (SMEs). This consideration reflects an understanding of the potential challenges and differences in the capacities of businesses, especially in diverse economic contexts, as only large companies will fall within the Directive’s scope, namely with a net worldwide turnover of €450million and 1,000 employees.
Framework legislation
On 23 February 2022, the European Commission adopted a proposal for the CSDDD, which aims at fostering sustainable and responsible corporate behavior and at anchoring human rights and environmental considerations in companies’ operations and corporate governance. With the goal to advance the green transition and protect human rights in Europe and beyond, the Directive's rules are meant to ensure that businesses address adverse impacts of their actions, including in their value chains inside and outside of Europe.
The CSDDD complements other legislative acts in the EU targeting sustainable and responsible conduct within corporates’ supply chains, such as the Deforestation Regulation, the Conflict Minerals Regulation, or the draft Regulation prohibiting products made with forced labor. The CSDDD will form an important part in supporting the goals of the European Green Deal.
In June 2023, the European Parliament adopted its position for further negotiations on CSDDD’s final text, and the Council finally approved a compromise text on 15 March 2024, after lengthy negotiations. The final text has been adopted at the European Parliament's plenary session on 24 April 2024. The Directive will come into force from the 20th day after it has been published in the Official Journal of the European Union (expected end of May 2024) and then will have to be transposed by Member States within two years.
Scope
The CSDDD will apply to EU and oversea companies reaching a defined threshold in terms of EU turnover and employees within the EU. These threshold levels have been subject to intense discussions, and the initially proposed lower thresholds for businesses operating in certain high impact sectors (such as for example the manufacture of textiles, leather and related products, certain parts of agriculture and food and forestry sector, and certain activities around mineral resources) have been abandoned. Under the original proposal the CSDDD would have applied to companies with 500 employees and a turnover of €150 million. Those numbers have been raised to 1,000 employees and a net worldwide turnover of €450 million.
The Directive will be implemented in phases, starting with a two-year transposition of the CSDDD into national law by Member States, phased-in as follows:
- 3-year period for companies with over 5000 employees and EUR 1500 million turnover (from 2027)
- 4-year period for those with over 3000 employees EUR 900 million turnover (from 2028)
- 5-year period for companies with over 1000 employees and EUR 450 million turnover, and for companies having entered into franchising or licensing agreements with over EUR 80 million turnover in the EU and EUR 22.5 million in royalties (from 2029).
Main obligations
CSDDD applies to a company's own operations, its subsidiaries and its value chains (direct and indirect business relationships).
The core provision, Article 6 of the CSDDD establishes the obligation for Member States to ensure that companies take appropriate measures to identify and assess actual or potential adverse human rights and environmental impacts “arising from their own operations or those of their subsidiaries and, where related to their chains of activities, those of their business partners.”
Companies will be required to:
- integrate due diligence into policies,
- identify actual or potential adverse human rights and environmental impacts,
- prevent or mitigate those impacts,
- establish and maintain a complaints procedure,
- monitor the effectiveness of the due diligence policy and measures,
- publicly communicate on due diligence.
Member States will be required to appoint surveillance authorities enforcing the new rules. CSDDD will not only put companies’ due diligence actions on public spotlight, member states’ implementation acts will also include fines for cases of non-compliance. Moreover, in order to ensure effective compensation of victims of adverse impacts, CSDDD will require Member States to lay down rules governing the civil liability of companies for damages arising due to its failure to comply with the due diligence process.
Impact on insurance companies
The CSDDD will impact business operations of companies active in the insurance sector. First of all, insurance companies can be hit by the relevant thresholds of CSDDD as every other company and as a result, will be considered in-scope companies if they have 1,000 employees and a turnover of €450 million.
The CSDDD clarifies that providing financing, insurance or reinsurance will be considered a relevant business relationship and provides for certain limitations as to what will be considered a part of the relevant value chain in the financial and insurance sector. However, under the compromised text, for regulated financial undertakings, there is no obligation to carry out due diligence in relation to downstream business partners that are receiving services and products, ie only the upstream but not the downstream part of their chain of activities is covered by the Directive. Regardless, insurers can still be the subject of due diligence requests of their impact by any of their clients who are in scope (.e the insurer will be in the upstream value chain of its client), so that insurers may well receive due diligence inquiries that they need to respond to.
Supervisory convergence
The European Commission, in a Frequently Asked Questions published in July 2024, set out what practical measures companies need to adopt to prevent, mitigate and bring to an end any adverse impact. The measures are as follows:
- developing and implementing prevention and corrective action plans (only for complex issues);
- seeking to obtain contractual assurances from a direct business partner, including cascading requirements through the chain of activities;
- making the necessary financial or non-financial investments, including in their chains of activities (for example, upgrading infrastructures);
- providing support (such as capacity building) to their small and medium-sized enterprises (“SME”) business partners where necessary in light of the resources, knowledge and constraints of the SME;
- providing financial support (such as direct financing, low-interest loans, guarantees of continued sourcing, or assistance in securing financing) to their SME business partners where compliance with the code of conduct or the prevention action plan would jeopardize the viability of the SME;
- adapting their business plans, strategies and operations (including purchasing practices, design and distribution practices); and
- collaborating with other entities to resolve the issues including with a view to increase their leverage over business partners.
The European Commission also stated that under the Directive, companies are required to prioritize engagement with business partners in their chain(s) of activities. Disengagement is only required in case of severe impacts and only as a “last resort” measure when all other measures have failed.
National implementation
European texts: Directive on corporate sustainability due diligence (CSDDD)
The Directive on Corporate Sustainability Due Diligence (CSDDD) has not yet been adopted. A fortiori, there are no corresponding Austrian implementation measures.
Contacts: Jasna Zwitter-Tehovnik | DLA Piper Anže Molan | DLA Piper
European texts: Directive on corporate sustainability due diligence (CSDDD)
The Directive on Corporate Sustainability Due Diligence (CSDDD) has not yet been adopted. A fortiori, there are no corresponding Belgian implementation measures.
Contacts: Pierre Berger / Alexander Hamels
European texts: Directive on corporate sustainability due diligence (CSDDD)
The Directive on Corporate Sustainability Due Diligence (CSDDD) has not yet been adopted. A fortiori, there are no corresponding Croatian implementation measures.
Contacts: Jasna Zwitter-Tehovnik | DLA Piper Ivan S. Males | DLA Piper
European texts: Directive on corporate sustainability due diligence (CSDDD)
On 24 May 2024, the Council of the European Union (EU) adopted the EU Corporate Sustainability Due Diligence Directive (CSDDD). The Directive entered into force on 26 July 2024. Denmark and the other EU member states must implement the Directive into national law by 26 July 2026.
Denmark has not yet made any proposal for implementing the Directive into Danish law.
Per Vestergaard Pedersen, Partner / Pernille Sølling, Partner / Stine Gellert, Senior Associate
European texts: Directive on corporate sustainability due diligence (CSDDD)
The Directive on Corporate Sustainability Due Diligence (CSDDD) has not yet been adopted. A fortiori, there are no corresponding French implementation measures.
Contacts: Luc Bigel / Hamza Akli
European texts: None
As of 2023 the German Act on Corporate Due Diligence in Supply Chains (Lieferkettensorgfaltspflichtengesetz, “LkSG”) imposes a binding obligation on companies to establish, implement and update due diligence procedures to improve compliance with specified core human rights and, to a limited extent, environmental protection in supply chains.
Scope
Companies with a head office, principal place of business, administrative headquarters, registered office or branch with 3,000 or more employees in Germany are subject to the requirements under the act. As of 2024, this threshold will be set to 1,000 employees in Germany.
The supply chain covered by the LkSG generally encompasses all of a company’s indirect suppliers. However, the main due diligence obligations apply in relation to the company's own business, including subsidiaries over which the company has a “decisive influence”, and its direct suppliers. Such obligations include conducting proactive risk analysis and implementing further risk management including preventive and remedial measures and public reporting.
In respect of indirect suppliers – where no direct contractual relationship between the in-scope company and the supplier exist – due diligence obligations apply where the company has “substantiated knowledge” of a possible infringement of an obligation covered by the act.
Compliance with the LkSG is enforced by the Federal Office for Economic Affairs and Export Control (“BAFA”). It is expected that the German act will be amended once the new CSDDD has been adopted at EU level (e.g. addressees such as overseas companies, obligations towards indirect suppliers, environmental risks, supply chain processes, management obligations and civil liability).
Main obligations
Companies in scope of LkSG are required to take appropriate risk management measures to ensure that their supply chains comply with the requirements set forth in the act. The aim is to prevent or minimize potential violations of human rights and environmental risks protected by the LkSG or to end any violations of such rights. The standard of due diligence depends on the nature and scope of the business activity, the potential influence of the company on the possible violation, the weight and risk of a (possible) violation as well as the company’s share of causation or responsibility. The relevant obligations include the following:
- establishing a risk management system,
- defining where responsibility for compliance lies within the company,
- performing regular risk analyses,
- issuing a policy statement of the top management on the company’s human rights strategy,
- establishing preventive measures within the company’s own field of business and in relation to any direct suppliers,
- taking remedial measures,
- establishing a complaints procedure for persons who claim to be affected by human rights or environmental obligation violations arising from the economic activities of the company in its own field of business or from the economic activities of a direct supplier and also from indirect suppliers of the in-scope-company,
- implementing due diligence obligations with respect to risks at indirect suppliers, and
- establishing necessary documentation and reporting both to the competent authority and to the general public.
- The standard of due dilligence obligations (including prevention mesures and immediately required remedial measures) under the LksG varies depending on whether the risk concerned stems from a company’s own field of business, a direct supplier or an indirect supplier. Simplified, the respective standard can be summarised as follows:
In cases where the risk stems from the company’s own business it is generally expexted that identifyed risks or vialations are stopped. In terms of direct suppliers, the companies in scope of the act are required to consider potential human rights and environmental expectations when procuring. Amongst other requirements, the companies in scope of the act must obtain contractual assurances by their direct suppliers in terms of their compliance with the human rights and environmental expecations. The act acknowledges that the company may not be able to immediately stop risks and violations at the direct supplier level, and therefore provides that if a violation cannot be stopped in a foreseeable time, the company must immediately adopt and implement a minimization and prevention concept.
Companies in scope of the act are generally not expected to include indirect suppliers in their due diligence. Rather, the companies have to carry out a risk analysis only in certain scenarios. For example in case of substantiated knowledge of relevant violations or in abusive cases.
Impact on insurance companies
Companies in the insurance industry are covered by the LkSG in the same way as companies in all other industries – if the relevant thresholds are reached (3,000 employees in Germany, as of 2024: 1,000).
However, when applying the LkSG to companies in the banking and insurance industry, industry and product-specific particularities must be taken into account. The relevant authority, BAFA, recently issued a guideline on application of the LkSG to insurance and banking companies (can be accessed here). The guidance clarifies that the customers of the (insurance) companies are not required for the manufacturing process and are therefore not part of the supply chain. Therefore, insurance companies have generally no due diligence obligations under the LkSG in their relationship with their customers.
Of course, insurance companies can also be covered as suppliers of companies in scope of the act. Insofar as institutions or insurance companies act as (indirect or direct) suppliers of other companies that are in scope of the act, insurance transactions can be covered by the LkSG. This means that the due diligence obligations of the insured company also covers the insurance services.
European texts: Directive on corporate sustainability due diligence
- The negotiation process for the Directive on Corporate Sustainability Due Diligence (CSDDD) negotiation process to is underway and expected to conclude by 2024.
- Once officially adopted, the Directive will be transposed into Irish law within two years.
Contacts: Naoise Harnett / Lindi Raath | DLA Piper
European texts: Directive on corporate sustainability due diligence (CSDDD)
The Directive on Corporate Sustainability Due Diligence (CSDDD) has not yet been adopted. A fortiori, there are no corresponding Italian implementation measures.
Contacts: David Marino / Valentina Grande
The EU Directive on Corporate Sustainability Due Diligence (CSDDD) has not yet been adopted and therefore no Dutch implementation have taken place yet. According to the deal reached between the Council and the European Parliament on 14 December 2023, the financial services will be temporarily excluded from the scope of the directive, but there will be a review clause for a possible future inclusion of the financial downstream sector based on a sufficient impact assessment. Please check the landing page on CSDDD for further details.
Contact: Paul Hopman or Aline Kiers
European texts: Directive on corporate sustainability due diligence (CSDDD)
The Directive on Corporate Sustainability Due Diligence (CSDDD) has not yet been adopted. However, Norwegian Authorities have been on the forefront of introducing its own supply chain due diligence legislation. On 1 July 2022 the Norwegian Transparency Act entered into force with an aim to promote companies' respect for fundamental human rights and decent working conditions in their own operations and supply chains. The Act requires larger companies to (i) conduct human rights due diligence assessments; (ii) publish an annual report on the human rights due diligence assessment; and (iii) provide written information to “any person” on how the company is addressing actual and potential adverse impacts on fundamental human rights and decent working conditions.
DLA Piper’s Norway based ESG-team has advised many multinationals including insurance companies on how to structure their work with risk mapping and mitigation related to human rights and decent working conditions in accordance with the requirements under the Norwegian Transparency Act.
Contacts: Hugo-A. B. Munthe-Kaas, Head of Compliance | DLA Piper Marthe Oldernes, Associate | DLA Piper
European texts: Directive on corporate sustainability due diligence (CSDDD)
The Directive on Corporate Sustainability Due Diligence (CSDDD) has not yet been implemented. Sweden is expected to implement the Directive into national law within two years from 25 July 2024.
Contacts: David Johansson, Managing Associate | DLA PiperFrida Nordström, Senior Associate | DLA Piper
The CSDDD was adopted after Brexit and therefore does not apply in the UK. However, firms in scope of section 414CB CA’06 (see United Kingdom section on CSRD page) are required to provide “a description of [the firm’s] business relationships, products and services which are likely to cause adverse impacts, and a description of how it manages the principal risks”.
Contacts: George Mortimer / Matthew Hunter | DLA Piper