Navigating ESG: What is corporate sustainability due diligence?

The long-awaited EU Directive on corporate sustainability due diligence (“CS3D”) was published in the EU Official Journal on July 5, 2024. It is the result of long-running and often heated debate.[1]

The EU Commission submitted a preliminary CS3D proposal to the EU Parliament and Council on February 23, 2022. Since that time, EU institutions have engaged in prolonged back and forth on the CS3D and have made several amendments regarding scope, obligations, duties, tools, and safeguards, as well as establishing definitions for specific terms.

Approval of the CS3D is a significant milestone in the transition to a sustainable economy. The CS3D is part of the EU Green Deal, and it is designed to help companies mitigate extant and potential negative impact on the environment and human rights (e.g., child labor, slavery, pollution, and damage to ecosystems). To achieve this goal, companies must conduct appropriate corporate sustainability due diligence over their entire value chains and adopt measures that put their business models in line with the Paris Agreement.[2]

The CS3D will enter into force on July 25, 2024, and EU Member States then will have two years to transpose it into national law. In the meantime, the EU Commission will issue guidelines and accompanying measures to help companies better understand their obligations and conduct corporate sustainability due diligence.

What is the scope of application of the CS3D?

The CS3D will apply to:

  1. EU and non-EU companies that meet employee and turnover thresholds;[3]
  2. ultimate parent companies of groups with the same characteristics in the last financial year;
  3. companies and parent companies of groups with turnover of more than EUR 80,000,000 that entered into franchising or licensing agreements in the EU with independent third-party companies, provided that (i) those agreements ensure common identity, common business concept, and application of uniform business methods and (ii) royalties in the last financial year were above EUR 22,500,000.[4]

Micro/small and medium-sized companies (“SMEs”) will not fall directly under the CS3D.

What does corporate sustainability due diligence mean?

The CS3D is designed to monitor, identify, prevent, address, and remediate adverse human rights and environmental impact of business and transactions of a company and its subsidiaries and business partners across the entire value chain (from upstream production of goods/provision of services to downstream distribution, transport, and storage).

According to the CS3D, conducting adequate corporate sustainability due diligence includes the following:

  1. Implementation of a comprehensive system of control that includes the adoption of (a) specific policies[5] describing a company’s approach to environmental and human rights activities; (b) a code of conduct enshrining human rights and environmental rules and principles that also applies to subsidiaries and business partners; and (c) a description of the processes and measures taken to assess CS3D compliance and extend its application to business partners.[6]

 

  1. Identification of actual or potential adverse impact of company, subsidiary, and business partner operations. Specifically, a company should (i) map the relevant operations, and then (ii) conduct an assessment in areas identified as “at risk of adverse impact.[7]

 

  1. Prevention, mitigation, ending, and minimization of adverse impact. This means a business partner must contractually pledge to a company that it is in compliance with the company’s code of conduct, and, if necessary, that it is working to adopt prevention and corrective action plans related to sustainability matters.[8] The EU Commission will consult Member States and stakeholders and then issue guidance regarding voluntary model contractual clauses by January 26, 2027. Where it is not feasible to prevent, mitigate, end, or minimize all adverse impact at once, a company can prioritize actions to be taken on the basis of the severity and likelihood of adverse impact.[9]

 

  1. Establishment and maintenance within a company of a notification system and complaint procedures to handle concerns from employees, companies, trade unions, and trade organizations on adverse human rights or environmental impact.[10] The CS3D states that this procedure is separate and independent from the one provided by EU Directive No. 2019/1937 (known as the “Whistleblowing Directive”).[11]

 

  1. Monitoring effectiveness of due diligence measures of a company, any subsidiaries, and any business partners when related to the value chain via periodic assessments.[12]

 

  1. Regular communication on due diligence in the form of an annual statement published on the company website.[13]

What are the consequences for failing to comply with the CS3D?

Companies that fail to comply with CS3D obligations shall be civilly liable for damages. However, companies will not be considered liable for damages caused only by business partners in the chain of business.[14]

Furthermore, each Member State must establish specific effective, proportionate, and dissuasive sanctions applicable in case of violation.[15]

Finally, the CS3D requires each Member State to designate an authority to supervise and enforce company compliance with the CS3D, including by imposing fines and issuing injunctive orders. Those supervisory authorities in the aggregate will form the European Network of Supervisory Authorities. The group will facilitate coordination and alignment of practices and information sharing.

A supervisory authority will collect and manage reports submitted by natural and legal persons who have reason to believe that a company is failing to comply with the provisions of national laws adopted pursuant to the CS3D.

How will the CS3D impact SMEs?

Although SMEs do not directly fall under the scope of application of the CS3D, as business partners in value chains (e.g., contractors, subcontractors, and suppliers) they will feel its effects indirectly.

It is therefore recommended that SMEs start to update, change, adapt, and implement appropriate compliance systems as soon as possible so they will be prepared when the CS3D enters into force. Implementing a CS3D-compliant oversight system will be no easy task, in part because SMEs tend to have more limited resources and expertise than larger companies. To offset this, the CS3D includes supportive measures (including the obligation for Member State to provide SMEs with financial support to implement systems) to help SMEs mitigate the associated financial and administrative burden.

Still, a call to action is needed to drive concrete change. In recent months, authorities in various countries have paid increased attention to company ESG compliance (including issues such as slavery, human rights, health, and labor exploitation) throughout the entire value chain independent of enactment of the CS3D. In Italy, recent cases have involved fashion and logistics companies being subject to preventive monitorship[16] when it was determined that they had not adopted effective oversight systems for choosing and managing suppliers and sub-suppliers, resulting in negligence that facilitated unlawful exploitation of workers (known in Italian as “caporalato”).


[1] The full text of the CS3D is available at the following link: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202401760.

[2] The Paris Agreement is a legally binding international treaty on climate change signed on December 12, 2015 by 196 parties. It entered into force on November 4, 2016. Its main goals are to hold “the increase in the global average temperature to well below 2°C above pre-industrial levels” and pursue efforts “to limit the temperature increase to 1.5°C above pre-industrial levels.

[3] Specifically, (i) EU companies with more than 1,000 employees on average and with a net worldwide turnover of more than EUR 450,000,000 in the last financial year and (ii) non-EU companies with net worldwide turnover of more than EUR 450,000,000 in the EU in the last financial year.

[4] For non-EU companies, the relevant amount of turnover and royalties must be generated in the EU.

[5] To be reviewed at least every two years.

[6] See Art. 7 of the CS3D.

[7] See Art. 8 of the CS3D.

[8] See Art. 10 and Art. 11 of the CS3D.

[9] See Art. 9 of the CS3D.

[10] See Art. 14 of the CS3D.

[11] Furthermore, the CS3D states that if the report falls under both the CS3D and the Whistleblowing Directive and the person making the report also falls under the Whistleblowing Directive, that person may use both procedures.

[12] See Art. 15 of the CS3D.

[13] See Art. 16 of the CS3D.

[14] See Art. 29 of the CS3D.

[15] Art. 27 of the CS3D states, “Member States shall provide for at least the following penalties: (a) pecuniary penalties; (b) if a company fails to comply with a decision imposing a pecuniary penalty within the applicable time limit, a public statement indicating the company responsible for the infringement and the nature of the infringement.

[16] Preventive monitorship is covered under Art. 34 of Legislative Decree No. 159/2011 (known as the “Anti-mafia Regulation”). In preventive monitorship, a court-appointed monitor takes over business activity or is assigned specific tasks while day-to-day business activity remains under control of company management. It is usually applied for one year and then may be extended for an additional year.

Back
Follow us on