The recent adoption of CSDDD signifies a significant shift in corporate responsibility, requiring thousands of companies to integrate sustainability into their enterprise risk management systems and establish robust due diligence practices to mitigate adverse impacts on human rights and the environment
In May, the Council of the European Union adopted the Corporate Sustainability Due Diligence Directive (CSDDD), after the scope of the law was reduced in March to cover fewer companies, when Germany and Italy signaled they would abstain during the adoption process and the Council failed to endorse the agreed-upon text. The final law also left out previous provisions targeted at environmentally high-risk industrial sectors, including textiles, agriculture, mineral, and metals.
Still, adoption of the CSDDD represents a major legislative advancement for the EU after concerns that the legislation would fail to make the finish line prior to the EU elections in June. Once in force and transposed into national laws, the CSDDD will require companies falling within the scope of the law to perform risk-based due diligence, in order to identify and address any adverse impacts on human rights and the environment in their own operations, those of their subsidiaries, and their direct and indirect business partners.
For service providers (including financial institutions), this will be limited to upstream activities, but for all other companies, downstream activities, such as those conducted throughout their supply chain, are encompassed in the due diligence requirements as well. Most in-scope companies will have several years to prepare, as the CSDDD specifies a phased-in timeline from 2027 to 2029, starting with the largest companies first.
Companies that use the CSDDD as an opportunity to truly integrate sustainability into their core strategy could potentially open up new avenues to foster innovation and productivity and mitigate the risk of significant disruptions from future supply limitations.
The CSDDD will expand the scope of responsibilities for chief risk and compliance officers, given the requirement to integrate sustainability due diligence practices into companies’ policy and risk frameworks and move companies closer to embedding sustainability into their enterprise risk management systems. Due diligence also encompasses requirements to address and remediate adverse impacts, conduct meaningful stakeholder engagement, maintain adequate records, establish ongoing monitoring, complaints, and notification systems, and disclose CSDDD matters annually.
In addition, companies are required to create and implement a transition plan for the mitigation of climate change. The company strategy and operating model must be in line with how the EU defines a sustainable economy, adhere to global warming temperature increase limits of 1.5 degrees Celsius, and outline decarbonization actions and targets. Companies already required to publish a transition plan under the EU Corporate Sustainability Reporting Directive will be deemed to comply.
To enforce the CSDDD, member states are required to designate a supervisory authority to investigate potential violations and, if appropriate, impose penalties. It will also be possible for victims of regulatory breaches to issue civil claims for compensation.
Actions for in-house compliance teams and legal counsel
As the CSDDD makes its way through member states’ legislative processes to become legally binding, it is not too early for companies and their legal and compliance teams to get ready for compliance. Here are some recommended actions:
Develop and implement a due diligence policy — A policy on human rights and environmental due diligence that also encompasses a code of conduct should be cascaded through subsidiaries and business partners in the supply chain, with training to support implementation.
Identify and assess potential risks and impacts — Mapping potential human rights and environmental impacts now will help companies understand their risk profile and tackle potential problems in good time before the law takes effect.
Set up systems for managing risks — Establish processes to mitigate identified risks and prevent harm to people and the environment as a vital component for compliance.
Monitor and report progress — Systems that facilitate effective monitoring and reporting should incorporate appropriate metrics and enable reporting in a format that is compatible with publication on the European Single Access Point.
Companies that use the CSDDD as an opportunity to truly integrate sustainability into their core strategy could potentially open up new avenues to foster innovation and productivity and mitigate the risk of significant disruptions from future supply limitations.
However, those companies that push the costs off on their supply chain and treat the law as a tick-the-box compliance exercise are not likely to gain anything positive, according to The Harvard Law School Forum on Corporate Governance; and in fact, treatment of the law in this way could impair global supply chains. “There must be a balance between meeting the needs of those worried about the end of the month with those worried about the end of the world, both of which need a healthy, sustainable business environment.”