A first look on the proposal of Directive on Corporate Sustainability Due Diligence


On February 23, 2022, the EU Commission published a proposal for a directive on corporate sustainability due diligence (the “Draft Directive”).[1] The Draft Directive aims to promote sustainable and responsible corporate behavior for businesses, since they play a key role in the development of a sustainable economy and society.

Back in October 2020, the EU Commissioner for Justice Didier Reynders announced that the EU planned to propose a directive on mandatory Human Rights Due Diligence (“HRDD”), as well as the environment. The decision was supported by many reports from studies carried out by the British Institute of International and Comparative Law, Civic Consulting, the Directorate General for Justice and Consumers, and the London School of Economics.

The proposal for the Draft Directive came on the 10th anniversary of the issuance of the UN Guiding Principles on Business and Human Rights[2] (the “UNGPs”). That framework, under the banner “Protect, Respect and Remedy” and developed by Professor John Ruggie, helped make companies increasingly aware of their impact on our society. However, these principles risked remaining empty words without national and supranational support.

The duty to guard against human rights abuses requires Member States to take “appropriate steps to prevent, investigate, punish and redress such abuse through effective policies, legislation, regulations and adjudication.”[3] Transparency and HRDD legislation is just one of several tools that Member States can use to achieve and implement the first pillar of the UNGPs – i.e., “To Protect”.

Corporate Sustainability: The existing EU landscape

In recent years, many EU Member States, as well as the EU itself, at a central level, started adopting ad hoc legislation with specific due diligence and transparency purposes. Various legal regimes have been established at both the national and EU levels that imposing different legal obligations, having different scopes, using a variety of means of enforcement, and covering a wide range of sectors and targets.

The first generation of this new legal approach (“Transparency and Disclosure Legislation”) focused on human-rights related information. All it demanded of companies was compliance with reporting obligations.

Second-generation laws attempted to take a further step by establishing a new form of responsibility, i.e., a duty of care/vigilance, according to different national legal frameworks. The Draft Directive is part of these second-generation laws.

(i)          EU Landscape

With respect to Transparency and Disclosure Legislation, in 2014 the EU itself introduced a directive on non-financial disclosure (“Non-Financial Reporting DirectiveNFRD”)[4], concerning the obligation of certain large companies to disclose non-financial and diversity information (e.g., environmental and social matters and treatment of employees).

However, the NFRD presents a number of critical issues: first of all, it is based on a “comply or explain” principle, which means that companies can avoid non-financial reporting obligations, by providing a motivation for non-disclosure; and, secondly, it has been implemented differently by each Member State.

On April 21, 2021, the EU Commission adopted a proposal for a Corporate Sustainability Reporting Directive (“CSRD”) with the purpose of amending the existing reporting requirements of the NFRD by (i) expanding the scope; (ii) requiring the audit of reported information; (iii) introducing more detailed reporting requirements; and (iv) requiring companies to digitally tag reported information. Currently, this proposal is still only a draft; therefore, the NFRD is still the applicable legislation at the EU level with respect to first-generation laws. The Draft Directive represents the first proposal at the EU level with respect to second-generation laws.

(ii)         EU Member States

The United Kingdom was the first to enact legislation in the context of Transparency and Disclosure Legislation with what is known as the “UK Modern Slavery Act,[5] in 2015, addressed to specific companies. The regulation requires such companies to publish an annual “modern slavery statement” within six months of the close of the fiscal year. This statement provides details on how the company is preventing the occurrence of modern slavery, or if it is not doing so.

So far, the French Law on the Duty of Vigilance[6] is the most significant development in HRDD in general and the second-generation category in particular. It merges French tort law and the UNGPs’ due diligence, making France the first country to implement a civil liability regime in due diligence legislation.[7]

Along the lines of the French legislation, many other European countries attempted and are attempting to introduce new regulations establishing stringent liability criteria.

Swiss legislation does not include a due diligence requirement in all risk areas, only a generic reporting requirement on policies for minerals from conflict zones and child labor. An additional form of non-financial reporting on environmental matters has been envisaged for companies with at least 500 employees. In the event of noncompliance, administrative sanctions are foreseen.

Moreover, Germany adopted the supply chain due diligence act, introducing a new standard for compliance duties. The law does not create any new civil liability but increase the risk of litigation under the existing civil liability regime by allowing trade unions and NGOs to bring actions on behalf of potential tort victims[8].

Finally, the Dutch proposal of Bill on Responsible and Sustainable International Business Conduct imposes on companies a duty of care to address both human rights violations and environmental damage, and it implements due diligence measures in line with OECD guidelines. In addition to financial sanctions, third parties would be able to go before civil courts to hold businesses accountable.

The Italian landscape

Though Italy has started to adapt its regulatory and institutional framework, it has not yet developed its own specific national legislation on human rights and environmental due diligence.

The most important actions taken by Italy in this area are:

(i) the implementation of the NFRD, by means of Legislative Decree No. 254/2016; and

(ii) the launch in 2016 of the National Action Plan for Business and Human Rights, a tool aimed at meeting the new needs involving interaction between human rights and economics, as prescribed by the UNGPs.[9] The plan assesses the extent of the objectives and application of Legislative Decree No. 231/2001, which introduced into the Italian legal system corporate criminal liability for crimes committed by specific subjects in the interest or to the advantage of a legal entity.

Directive on corporate sustainability due diligence: main features

(i)         Scope

The Draft Directive aims to (i) improve corporate governance practices; (ii) avoid fragmentation of due diligence requirements and create legal certainty for businesses and stakeholders; (iii) increase corporate accountability for adverse impact; (iv) improve access to remedy for those affected by adverse corporate human rights and environmental impact; and (v) complement other measures in force or proposed within the EU through an overarching horizontal framework.

The Draft Directive will apply to:

  • large European companies with more than 500 employees on average and a worldwide net turnover exceeding EUR150 million in the most recently completed financial year;
  • non-European companies that generate a net turnover of more than EUR150 million. The relevant turnover must have been generated in the EU to create “a territorial connection between the third-country companies and the EU territory by the effects that the activities of these companies may have on the EU internal market.[10] This would certainly lead to the establishment of a single transnational regime.

Furthermore, within the next two years, the Draft Directive will also apply to (i) mid-cap EU companies (i.e., those companies with more than 250 employees on average and a net turnover of over EUR40 million); and (ii) companies involved in particularly high-risk sectors, such as agriculture, textiles, and clothing.

(ii)         Due Diligence Obligations

Companies should carry out human rights and environmental due diligence by (i) integrating due diligence into their own policies, to identify actual or potential adverse impact; (ii) preventing potential adverse impact, in order to bring extant adverse impact to an end or mitigate it; (iii) establishing and maintaining a complaint procedure; (iv) monitoring the effectiveness of the due diligence policy and measures; and (v) offering public communications on due diligence.

Companies are expected to take all reasonable appropriate steps to prevent and mitigate adverse impact and are assumed to know the consequences of their actions and that they cannot simply escape liability. Whenever companies are not able to prevent, minimize, or mitigate adverse impact connected to a business partner, they are invited to “refrain from entering into new or extending existing relations” with the relevant partner.[11]

Companies should carry out due diligence obligations not only regarding their own operations but also regarding value chain operations carried out by entities with which said companies have an “established relationship,” i.e., a “business relationship, whether direct or indirect, which is, or which is expected to be lasting, in view of its intensity or duration and which does not represent a negligible or merely ancillary part of the value chain.[12] Therefore, pursuant to the Draft Directive, it will be necessary to assess at least every 12 months, whether a business relationship can be viewed as “established.”

In the case of non-compliance, the supervisory authorities must impose effective, proportionate and dissuasive sanctions, including fines and compliance orders. The Draft Directive does not provide for criminal liability but EU Member States are free to provide for stricter measures in their transposing acts.

Finally, the Draft Directive requires companies to ensure that their business models and corporate strategies are in line with the Paris Agreement[13] on addressing and fighting climate change. However, no sanctions are currently foreseen in case of noncompliance with this provision.

(iii)        Enforcement

As suggested by the parliamentary resolution, the Draft Directive combines a public enforcement mechanism with a civil liability regime.

When dealing with corporate liability, it is important to establish a standard of care rather than creating a mere checklist. Due diligence, as a standard of care, represents a basic tort law principle that states that “a person should take reasonable care not to cause harm to another person.” It is about assessing which steps the company has taken to identify, prevent, and address possible risks. In case of harm, companies will be questioned to determine whether those steps were reasonable and adequate, and a company will be released from liability only if it can demonstrate enhanced proactivity.

(iv)        Term for Implementation

The Directive will take effect 20 days after publication in the Office Journal of the European Union, and Member States will be required to adopt incorporating legislation within two years. The Directive will be reviewed in seven years.


The Draft Directive represents a further pivotal development in corporate sustainability. However, there are lingering doubts about its enforceability (e.g., a climatic duty for companies is envisaged, but no consequences have been established in case of violation).

Furthermore, it only applies to large companies, and therefore (i) its scope of application covers only 0.02 % of European companies; and (ii) it does not take into account the most serious abuses that occur at lower levels of the supply chain, in countries with weaker/less effective levels of governance and control.

The proposal will now be negotiated by the European Parliament and the Council. Many organizations have asked them to strengthen the text and fill in the gaps to meet the urgent need to protect people and the planet. We will see, then, how Member States will implement it.

[1] https://ec.europa.eu/info/publications/proposal-directive-corporate-sustainable-due-diligence-and-annex_en.

[2] The UNGPs were under a UN Human Rights Council resolution in June 2011; they were the first guidelines for Member States and companies to prevent and address human rights abuses committed in business operations.

[3] Guiding Principle 1 | National Action Plans on Business and Human Rights https://globalnaps.org/ungp/guiding-principle-1/

[4]EU Directive of the Parliament and Council, no. 95 of October 22, 2014, on disclosure of non-financial and diversity information by certain large undertakings and groups.”

[5] Modern Slavery Act (2015 c. 30) of March 26, 2015.

[6] Law No. 399 of March 27, 2017relative au devoir de vigilance des sociétés mères et des entreprises donneuses d’ordre.

[7] Indeed, after the Rana Plaza disaster, civic organizations, trade unions, academics, lawyers, and members of the French Parliament felt it urgent to strengthen companies’ accountability regarding human rights risks and pushed for this law.

[8] Please see our article on this topic: https://portolano.it/newsletter/portolano-cavallo-inform-compliance/a-first-look-at-the-new-german-supply-chain-due-diligence-act.

[9] https://pcnitalia.mise.gov.it/index.php/it/198-notizie-stampa/2036060-piano-di-azione-nazionale-su-impresa-e-diritti-umani-2021-2026.

[10] Preamble, para. 24 of the Draft Directive.

[11] Article 8(6) of the Draft Directive.

[12] Article 3, letter f), of the Draft Directive.

[13] Paris Agreement to the United Nations Framework Convention on Climate Change, adopted on December 12, 2015.

Follow us on