EU Corporate Sustainability Due Diligence Directive (CSDDD) proposal has been adopted

The EU Corporate Sustainability Due Diligence Directive (CSDDD) proposal was adopted by the Committee of Permanent Representatives in the European Union (COREPER) on 15 March 2024. It was also adopted by the EU Parliament Legal Affairs Committee on 19 March 2024 (with 20 votes for, 4 against and no abstentions).

It will be voted on in a final vote in the plenary of the European Parliament in April 2024.

If the directive is also adopted by the European Parliament in the final plenary vote, it will have some major effects in relation to corporate sustainability due diligence within its scope of application and in relation to covered companies and their business partners. It may not have as many and substantive effects as wanted by some and not wanted by others. But it will generally provide a good basis and framework for the future work with this in covered companies and their business partners.

The proposal for the directive has been the subject of extensive discussions and negotiations of the EU Member States and the EU Council. Some major changes have been made in relation to some matters. However, as stated by Heidi Hautala, Vice President of the European Parliament, Chair of the EP Responsible Business Conduct working group (RBC WG):

"the core of the directive remains intact. The UN Guiding Principles on Business and Human Rights will be, for the first time, codified in EU law, and businesses will be obliged to conduct environmental and human rights due diligence in their value chains."

The Belgian Presidency of the Council of the EU 2024 on 15 March 2024 on X (formerly Twitter) made the following short comments on the adoption of the proposal for the directive:

"In the EU, it matters how products are made! Ambassadors just confirmed the corporate sustainability due diligence directive (#CSDDD)! It fosters sustainable & responsible corporate behaviour, anchors human rights & environmental considerations for companies' operations."

We provide an overview of the proposed directive and its effects below.

The text of the proposed directive is available here.

Main subject matters of the directive

The directive provides rules on obligations for companies regarding actual and potential human rights adverse impacts and environmental adverse impacts. 

The proposed directive aims to set a horizontal framework to foster the contribution of businesses operating in the single market towards a neutral and green economy in line with the European Green Deal and the UN Sustainable Development Goals.

The proposed directive provides rules on obligations for companies regarding actual and potential human rights adverse impacts and environmental adverse impacts, with respect to their own operations, the operations of their subsidiaries, and the operations carried out by their business partners in the companies' chains of activities.

The proposed directive also provides rules on a company's liability for violations of its obligations under the directive.

The proposed directive further provides rules on a company's obligation to adopt and put into effect a transition plan for climate change mitigation which aims to ensure, through best efforts, compatibility of the business model and strategy of the company with the transition to a sustainable economy and with the limiting of global warming to 1.5 °C.

Scope of application of the directive

The scope of application of the directive is determined by a staged approach based on the size of the companies.

EU companies

EU companies with more than 5000 employees and an annual net worldwide turnover of more than EUR 1500 million will be covered by the directive 3 years after its entry into force. EU companies with more than 3000 employees and an annual net worldwide turnover of more than EUR 900 million will be covered by the directive 4 years after its entry into force. EU companies with more than 1000 employees and an annual net worldwide turnover of more than EUR 450 million will be covered by the directive 5 years after its entry into force.

Non-EU companies

Non-EU companies with an annual net turnover in the EU of more than EUR 1500 million will be covered by the directive 3 years after its entry into force. Non-EU companies with an annual net turnover in the EU of more than EUR 900 million will be covered by the directive 4 years after its entry into force. Non-EU companies with an annual turnover in the EU of more than EUR 450 million will be covered by the directive 5 years after its entry into force.

Ultimate parent companies of groups of companies

The directive covers ultimate parent companies of groups of companies which as a group meet the minimum requirements for application of the directive for companies as stated above.

EU company which has entered into franchising or licensing agreements

The directive covers an EU company which has entered into or is the ultimate parent company of a group of companies which has entered into franchising or licensing agreements in the EU in return for royalties with independent third-party companies if the following requirements all are met:

• These agreements ensure a common identity, a common business concept and the application of uniform business methods.
• These royalties annually amount to more than EUR 22.5 million.
• The company has or is the ultimate parent company of a group of companies which has an annual net worldwide turnover of more than EUR 80 million.

Non-EU company which has entered into franchising or licensing agreements

The directive covers a non-EU company which has entered into or is the ultimate parent company of a group of companies which has entered into franchising or licensing agreements in the EU in return for royalties with independent third-party companies if the following requirements all are met:

• These agreements ensure a common identity, a common business concept and the application of uniform business methods.
• These royalties annually amount to more than EUR 22.5 million in the EU.
• The company generated or is the ultimate parent company of a group of companies which generated an annual net turnover of more than EUR 80 million in the EU.

Ultimate parent company which has as its main activity the holding of shares in operational subsidiaries

If an ultimate parent company has as its main activity the holding of shares in operational subsidiaries and does not engage in taking management, operational or financial decisions affecting the group or one or more of its subsidiaries, it may be exempted from carrying out the obligations under the directive if one of its EU subsidiaries is designated to fulfil the obligations on behalf of the ultimate parent company.

General due diligence obligations of covered companies

Member States shall ensure that covered companies conduct risk-based human rights and environmental due diligence ("due diligence") by carrying out the following actions in accordance with the more specific rules thereon in the directive:

• Integrating due diligence into their policies and risk management systems.
• Identifying and assessing actual or potential adverse impacts and, where necessary, prioritising potential and actual adverse impacts.
• Preventing and mitigating potential adverse impacts, and bringing actual adverse impacts to an end and minimising their extent.
• Providing remediation to actual adverse impacts.
• Carrying out meaningful engagement with stakeholders.
• Establishing and maintaining a notification mechanism and complaints procedure.
• Monitoring the effectiveness of their due diligence policy and measures.
• Publicly communicating on due diligence.

The directive in its preamble (foreword) in recital (15) contains some statements in relation to companies’ due diligence obligations under the directive.

It is stated that companies shall take appropriate steps to set up and carry out due diligence measures, with respect to their own operations, those of their subsidiaries, as well as their direct and indirect business partners throughout their chains of activities in accordance with the provisions of the directive.

It is also stated that the directive shall not require companies to guarantee, in all circumstances, that adverse impacts will never occur or that they will be stopped. For example, with respect to business partners where the adverse impact results from state intervention, the company might not be in a position to arrive at such results. Therefore, the main obligations under the directive shall be "obligations of means".

The company shall take the appropriate measures which are capable of achieving the objectives of due diligence by effectively addressing adverse impacts, in a manner commensurate to the degree of severity and the likelihood of the adverse impact.

It is further stated that account shall be taken of the circumstances of the specific case, the nature and extent of the adverse impact and relevant risk factors. The relevant matters to be taken into account also include matters in relation to preventing and minimising adverse impacts, the specificities of the company's business operations and its chain of activities, sector or geographical area in which its business partners operate, the company's power to influence its direct and indirect business partners, and whether the company could increase its power of influence.

Companies' own operations and operations of their subsidiaries and direct and indirect business partners in their chains of activities

Companies shall take appropriate steps to set up and carry out due diligence measures with respect to their own operations and the operations of their subsidiaries and their direct and indirect business partners throughout their chains of activities in accordance with the provisions of the directive.

A company's chain of activities includes activities of its upstream (supplier side) business partners related to the production of goods or the provision of services by the company, including the design, extraction, sourcing, manufacture, transport, storage and supply of raw materials, products or parts of the products and development of the product or the service.

A company's chain of activities also includes activities of its downstream (customer side) business partners related to the distribution, transport and storage of the product, where the business partners carry out those activities for the company or on behalf of the company. This does not include disposal of products. This also does not include distribution, transport and storage of products which are subject to export control under Regulation (EU) 2021/821 (Dual Use Regulation) or export control relating to weapons, munition or war materials, after export of the product is authorised.

A company's business partner includes an entity with whom the company has a commercial agreement related to the operations, products or services of the company or to whom the company provides services ("direct business partner").

A company's business partner also includes an entity which is not a direct business partner, but which performs business operations related to the operations, products or services of the company ("indirect business partner").

Micro, small and medium-sized enterprises (SMEs)

Micro, small and medium-sized enterprises (SMEs) are not included in the scope of application of the directive. But they could be impacted by its provisions as contractors or subcontractors to the companies which are in the scope of application.

The aim is nevertheless to mitigate financial and administrative burden on SMEs.

Companies whose business partner are SMEs shall provide proportionate support for the SMEs to support their compliance with due diligence measures.

Companies shall also use fair, reasonable, non-discriminatory and proportionate requirements in relation to the SMEs.

The directive provides for a limitation of the burden on smaller companies created by covered companies' requests for information in some cases. In cases where information necessary for the identification of adverse impacts can be obtained from business partners at different levels of the chain of activities, then companies should exercise restraint with regard to business partners that do not themselves present risks of adverse impacts. Companies should prioritise reaching out, where reasonable, directly for more detailed information to business partners at levels in the chain of activities where, based on the mapping, potential or actual adverse impacts are most likely to occur.

Prevention action plan and contractual clauses and assurances

The directive in its preamble (foreword) in recital (34) provides some statements in relation to covered companies' making and use of preventive action plans and contractual clauses and assurances.

It states that a covered company should develop and implement a prevention action plan where this is necessary due to the complexity of prevention measures.

It also states that a covered company should seek to obtain contractual assurances from a direct business partner that it will ensure compliance with the code of conduct and, as necessary, the prevention action plan, including by seeking corresponding contractual assurances from its partners to the extent that their activities are part of the company's chain of activities.

It further states that contractual assurances should be designed to ensure that responsibilities are shared appropriately by the company and the business partners. The contractual assurances should be accompanied by appropriate measures to verify compliance. However, the company should only be obliged to seek the contractual assurances, as obtaining them may depend on the circumstances.

The directive provides that the EU Commission, in consultation with member states and stakeholders, shall adopt guidance about voluntary model contractual clauses.

Other measures and activities to prevent and reduce adverse impacts

The directive in its preamble (foreword) in recital (34) also provides some statements in relation to covered companies' use of other measures and activities to prevent and reduce adverse impacts.

It states that to ensure comprehensive prevention of potential adverse impacts, companies should also make financial or non-financial investments, adjustment or upgrades, which aim to prevent adverse impacts, and collaborate with other companies, in compliance with EU law.

It also states that where relevant, companies should adapt business plans, overall strategies and operations, including purchasing practices, and develop and use purchase policies that contribute to living wages and incomes for their suppliers, and that do not encourage potential adverse impacts on human rights or the environment.

It further states that to conduct their due diligence in an effective and efficient manner, companies should also make necessary modifications of, or improvements to, their design and distribution practices. Companies should do so to address adverse impacts arising both in the upstream (supplier side) part and the downstream (customer side) part of their chain of activities, before and after the product has been made. Adopting and adapting such practices, as necessary, could be particularly relevant for the company, to avoid an adverse impact in the first instance.

Engagement with stakeholders

Companies are required to engage meaningfully with stakeholders. This includes consultations that take place in the due diligence process.

Companies may fulfil this obligation through industry or multi-stakeholder initiatives, as appropriate.

Combating climate change

Companies are required to adopt and put into effect a transition plan for climate change mitigation which aims to ensure, through best efforts, compatibility of the business model and strategy of the company with the transition to a sustainable economy and with the limiting of global warming to 1.5 °C.

The climate transition plan must be in line with the Paris agreement. The contents of the plans must be aligned with the EU Corporate Sustainability Reporting Directive (CSRD).

Civil liability

EU Member States shall ensure that a company can be held liable for a damage caused to a natural or legal person, provided that the company intentionally or negligently failed to comply with the obligations under the directive, and that such failure resulted in a damage to the natural or legal person's legal interest protected under national law.

A company cannot be held liable if the damage was caused only by its business partners in its chain of activities.

Where a company is liable, a natural or legal person shall have the right to full compensation for the damage occurred in accordance with national law. Full compensation shall not lead to overcompensation, whether by means of punitive, multiple or other types of damages.

The limitation period for bringing actions for damages under the directive shall be at least 5 years and, in any case, not shorter than the limitation period laid down under national rules on general civil liability.

Complaints procedure and notification mechanism

The directive contains comprehensive rules on a complaints procedure and a notification mechanism which EU Member States must ensure companies adhere to.

Complaint submission

Member States shall ensure that companies provide the opportunity for persons and organisations to submit complaints if they have legitimate concerns about potential or actual adverse impacts related to the companies’ operations, their subsidiaries’ operations, or their business partners’ operations in the companies’ chains of activities.

Eligibility to submit complaints

Member States shall ensure that complaints against companies may be submitted by the following:

• Natural or legal persons who are affected or believe they might be affected by an adverse impact, and their legitimate representatives, such as civil society organisations and human rights defenders.
• Trade unions and other workers’ representatives representing individuals working in the chain of activities concerned.
• Civil society organisations active and experienced in the areas related to the environmental adverse impact that is the subject matter of the complaint.

Complaints procedure

Member States shall ensure that companies establish a fair, publicly available, accessible, predictable and transparent procedure for dealing with complaints. This includes a procedure for cases where the company considers the complaint to be unfounded.

Companies must take reasonably available measures to prevent any form of retaliation by ensuring the confidentiality of the identity of the person or organisation submitting the complaint.

If the complaint is well-founded, the adverse impact which is the subject matter of the complaint is deemed to be identified, and the company shall take appropriate measures.

Rights of complainants

Member States shall ensure that complainants are entitled to the following:

• To request appropriate follow-up on the complaint from the company with which they have filed a complaint.
• To meet with the company’s representatives at an appropriate level to discuss potential or actual severe adverse impacts that are the subject matter of the complaint, and potential remediation.
• To be provided with the reasoning as to whether a complaint has been considered founded or unfounded and, where founded, to be provided with information on the steps and actions taken or to be taken.

Notification mechanism

Member States shall ensure that companies establish an accessible mechanism for the submission of notifications by persons and organisations where they have information or concerns regarding actual or potential adverse impacts.

The mechanism shall ensure that notifications can be made either anonymously or confidentially.

Companies shall take reasonably available measures to prevent any form of retaliation by ensuring the confidentiality of the identity of the person or organisation submitting the notification.

Collaborative complaints’ procedures and notification mechanisms

Member States shall ensure that companies are allowed to fulfil the obligations states above by participation in collaborative complaints’ procedures and notification mechanisms, including those established jointly by companies, through industry associations.

Generally on complaints procedure and notification mechanism

The rules and obligations mentioned above emphasise the importance of transparency, accountability and collaboration in addressing potential or actual adverse impacts related to company operations.

They also emphasise the importance of protecting the rights and safety of those who raise concerns in relation to such potential or actual adverse impacts related to company operations.

Public support, public procurement and public concessions

Member States shall ensure that compliance with obligations resulting from national rules and measures made under the directive, or from their voluntary implementation, qualifies as an environmental or social aspect that contracting authorities may take into account. Both as part of the award criteria for public and concession contracts, and as an environmental or social condition that contracting authorities may lay down in relation to the performance of public and concession contracts.

Penalties for infringements of rules

EU Member States shall set rules on penalties, including pecuniary penalties, applicable to infringements of national rules adopted pursuant to the directive.

The penalties provided for shall be effective, proportionate and dissuasive.

When pecuniary penalties are imposed, they shall be based on the company's net worldwide turnover. The maximum limit of pecuniary penalties shall be no less than 5% of the net worldwide turnover of the company.

You are welcome to contact us

You are welcome to contact us if you would like to discuss the proposed directive and its possible future effects for your business or your work with sustainability and related matters.

We will be happy to discuss any matter with you and to provide advice and assistance, including in relation to your work with preparation for compliance with the directive (CSDDD) and compliance with the Corporate Sustainability Reporting Directive (CSRD) and the Sustainable Finance Disclosure Regulation (SFDR).