Background: On April 24th, 2024, the European Parliament formally adopted the Corporate Sustainability Due Diligence Directive (CSDDD), setting into law obligations for large companies with significant activities in the EU to conduct human rights and environmental due diligence in their own operations and across their chains of activities.
The adoption of the CSDDD is a significant step in mandating companies to embed responsible business conduct into due diligence policies and procedures. After several years of legislative developments on due diligence regulation at national-level (e.g., Duty of Vigilance Act in France, Supply Chain Due Diligence Act in Germany) and at EU-level, such as for commodity or product-specific supply chains (e.g., EU Battery Regulation, EU Conflict Minerals Regulation), the CSDDD seeks to harmonize due diligence requirements across EU Member States and to level the playing field for companies active in the EU market.
Minimum due diligence standards across the EU: The CSDDD sets minimum requirements for what EU Member States are required to transpose into national law. At a minimum, Member States need to develop or update existing national laws to meet the CSDDD's objectives and scope but are allowed to go further by setting stricter due diligence requirements or by including into scope activities currently excluded from the Directive.
Requirements of the CSDDD
The CSDDD sets minimum requirements on companies to develop and implement appropriate measures to conduct due diligence, such that companies can effectively identify and address adverse human rights and environmental impacts. These steps include:
Source: CSDDD compromise 15 March 2024 (https://data.consilium.europa.eu/doc/document/ST-6145-2024-INIT/en/pdf)
Focus on company means to apply effective due diligence
The Directive focuses on measures in place and actions taken by companies to identify and address adverse impacts, rather than the results of these measures. Although companies are not expected to show how their value chains are free of impacts, they are required to demonstrate that they have taken all appropriate measures to effectively identify risks and prevent, cease, mitigate, address or remediate actual and potential adverse impacts.
Taking a risk-based approach
The Directive specifies that companies should embed a risk-based approach into their due diligence activities. This entails widely screening their chain of activities to identify areas where ‘hot spots’ are most likely, to prioritize actions in line with the level of severity and likelihood of potential and actual impacts and to develop measures that are appropriate, considering the level of impact and the extent to which the company can influence an outcome related to minimizing or preventing the impact.
Scope of the CSDDD
Source: CSDDD compromise 15 March 2024 (https://data.consilium.europa.eu/doc/document/ST-6145-2024-INIT/en/pdf)
Companies: The above thresholds apply if they are met by companies each year for two consecutive financial years. Obligations should be met by the ultimate parent company, or by a designated subsidiary in case the ultimate parent is a holding company which does not engage in management, financial or operational decisions for the group or individual companies within the group.
Activities: All EU and non-EU companies that fall under respective thresholds are required to conduct due diligence within their chains of activities, with a focus on own operations and upstream activities. A specific set of downstream activities are included, such as distribution, transportation and storage of a product.
Source: CSDDD compromise 15 March 2024 (https://data.consilium.europa.eu/doc/document/ST-6145-2024-INIT/en/pdf)
Implementation timeline
The Directive will come into force from the 20th day after it has been published in the Official Journal of the European Union (expected end of May 2024). Following this, the Directive will be implemented in phases, starting with a two-year transposition of the CSDDD into national law by Member States. Member States such as Germany, France, as well as Norway, that already have laws which include due diligence obligations will likely review and augment existing laws in light of CSDDD rather than institute new legislation.
Phased-in application: The CSDDD will be enforced with a phased-in approach based on company size and turnover, starting three years from entry into force, and grouped as follows:
- 3-year period for companies with over 5000 employees and EUR 1500 million turnover (from 2027)
- 4-year period for those with over 3000 employees EUR 900 million turnover (from 2028)
- 5-year period for companies with over 1000 employees and EUR 450 million turnover, and for companies having entered into franchising or licensing agreements with over EUR 80 million turnover in the EU and EUR 22.5 million in royalties (from 2029).
Transposing to national law: EU Members States have two years from the date of enforcement to transpose the Directive into national law. EU Member States are also required to set up supervisory authorities and take appropriate measures to implement the requirements of the CSDDD.
Financial institutions: The Directive requires the EU Commission to assess the needs for tailored due diligence requirements to be developed for companies that provide financial services and investment activities, considering existing legislative acts that apply to regulated financial undertakings. Results of this assessment will need to be reported by May 2026.
Enforcement and monitoring
National supervisory authorities will be expected to enforce the Directive through the following measures:
- Substantiated concerns can be submitted on companies’ failure to comply with this Directive through accessible channels set up by the supervisory authorities. Supervisory authorities will be required to investigate and respond to concerns within a reasonable timeframe.
- Supervisory authorities can initiate investigations and conduct inspections upon sufficient indication of company breaches related to this Directive.
- Administrative sanctions could be applied to companies who fail to comply, with penalties to be set at minimum 5% of the company’s net worldwide turnover in the previous financial year.
Monitoring: EU Commission will regularly review the implementation of the Directive, including related to:
- The impact on small and medium enterprises (SMEs), including effectiveness of support tools and measures
- Scoping and threshold elements, such as legal forms, business relationships with third companies, and turnover and employee thresholds, chain of activities, adverse impacts and international instruments
- Specific requirements relating to combatting climate change, including the design, adoption and implementation of a climate transition plan by companies
- The effectiveness of enforcement mechanisms implemented by Member States
- The level of harmonization resulting from national law transposition
Civil liability: Individuals, trade unions and civil society organizations will be able to submit civil liability claims for at least 5 years. Under these claims, they will have the right to full compensation where they have been adversely impacted by companies’ failure to meet specific requirements of this Directive.
Support to companies and stakeholders: The EU Commission will establish a helpdesk to provide information and guidance to companies on the implementation of the Directive, including tailored to national contexts. Dedicated websites, tools and platforms will also be developed by Member States, which should be available to companies as well as stakeholders and their representatives.
Interactions with other due diligence and sustainability legislation
The CSDDD is one of several legislative acts proposed or adopted by the European Union presented under the umbrella Green Deal to “transform the EU’s economy for a sustainable (and just) future”. With the Green Deal, the EU seeks to meet significant ambitions with regards to sustainability.
The CSDDD has clear synergies and connects deeply with several EU Directives and Regulations, including the Corporate Sustainability Reporting Directive (CSRD), EU Taxonomy Regulation, Sustainable Finance Disclosure Regulation (SFDR), specific regulations such as the EU Batteries Regulation, EU Deforestation Regulation (EUDR), EU Conflict Minerals Regulation, as well as upcoming legislation such as the EU Forced Labour Regulation and EU Packaging and Packaging Waste Regulation (EU PPWR).
The table below summarizes how the CSDDD compares to other sustainability and due diligence regulations currently or soon to be in effect in the European Union.
Source: ERM analysis.
Next steps for companies
Although companies will only need to comply starting in 2027, designing and carrying out due diligence is a complex process that takes time – even for companies that have already started with their implementation. Here are several key steps businesses should consider taking in preparation:
How ERM can help you
At ERM, sustainability is our business. We are the world’s largest advisory firm focused solely on sustainability. ERM brings unique expertise in every step of due diligence implementation, from our 'boots on the ground' approach to discussing human and environmental rights in the boardroom. We have been helping our clients for over 50 years navigating the ever-evolving landscape of sustainability. Our teams include environmental as well as human rights specialists that can support your company in its journey towards implementation of human rights and environmental due diligence, including the CSDDD. We set this out in four phases: