Is Your Global Value Chain Sustainable? Europe’s Rules Herald New Era of Corporate Sustainability Due Diligence (CSDDD)

1. The CSDDD (apart from a mouthful) sets out mandatory duties due to come into force circa 2025

The Corporate Sustainability Due Diligence Directive (CSDDD) was adopted by the European Commission back in February 2022. The landmark legislative proposal introduces mandatory due diligence duties on companies in relation to human rights and environmental impacts. On 1 June 2023, the European Parliament approved and adopted its position on the CSDDD. The CSDDD in its current form will apply to large EU companies that meet criteria.

It will apply to some non-EU companies, too – more on that below. SMEs that fall short of the thresholds are safe (for now).

The CSDDD is now in the trialogue stage (negotiations between the European Parliament, the Council of the European Union, and the European Commission). The usual timeline for directives would see it come into force two years after its adoption – that is, 2025 at the earliest.

2. It is not a drill! CSDDD will be mandatory

The European Parliament, Council and Commission are settling the final wording of the CSDDD, but in its current form the obligation is mandatory for companies covered.

3. Outside of the EU? CSDDD may still apply if you have ‘significant operations’ in the EU

If you think the CSDDD will not apply to you since you are a non-EU company, think again. The CSDDD also applies to non-EU companies and parent companies that meet the turnover criteria within the EU - more specifically:

Non-EU companies with net global turnover of EUR150mn, at least EUR40mn of which was generated in the EU, in the financial year preceding the last (including third party company turnover, where there’s a vertical agreement in return for royalties)
Non-EU ultimate parent companies of a group with 500+ employees and net global turnover of EUR150mn+, at least EUR40mn+ of which was generated in the EU (including third party company turnover and the employee count and turnover of branches)

4. Not just the business’s operations… but those across the value chain

The CSDDD doesn’t just apply to a business’s own operations. In-scope companies will have to carry out due diligence on their own operations, those of their subsidiaries, and on the direct and indirect business relationships in their value chain.

A business relationship is a direct or indirect relationship of a company with a contractor, subcontractor or other entities in its value chain:

with whom the company has a commercial agreement,
to whom the company provides financial services, or
that performs activities related to the products or services of the company.

Value chain means activities related to, and entities involved in, the:

development of a product or service,
production, design, sourcing, extraction, manufacture, transport, storage or supply of raw materials or products,
sale, distribution, transport, storage or waste management of a company’s products, and
provision of a service.

5. Ongoing, proactive requirements (removed from the kind of due diligence seen in M&A)

Due diligence under the CSDDD is not a passive duty. It’s entirely different to the kind of due diligence performed on a potential M&A target - and it’s time to act.

Your business may have to provide targeted and proportionate financial and administrative support for an SME with which you have a business relationship (for example, access to capacity-building, guidance). Or even to temporarily suspend or terminate business relationships.

The scope of the due diligence duty involves a wide range of actions. From integrating due diligence into relevant corporate policies to carrying out impact assessments on potential and actual adverse human rights and environmental impacts. Companies are also required to take preventive and mitigative measures, and to bring adverse impacts to an end.

Due diligence is not a one-off duty. Companies are required to continuously review their due diligence policy, monitor and verify the implementation, adequacy and effectiveness of due diligence actions, as well as communicate publicly.

6. Regulated financial undertakings cast a wide net over activities (beware asset managers)

Institutional investors and asset managers are required to take appropriate measures to induce investee companies to bring actual adverse impacts to an end that have been (or should have been) identified.

For regulated financial undertakings, the value chain includes the activities of:

clients directly receiving the financial services provided by the financial undertakings, and
other companies belonging to the same group whose activities are linked to the contract in question.

Wait, but that is potentially very broad, would it catch mum and dad investors? No – the value chain definition does not cover households and natural persons or SMEs.

7. EU companies' directors are potentially caught, too

Directors of EU companies have a corporate sustainability due diligence duty. They must take into account the consequences of their decisions on sustainability matters. Companies with more than 1000 employees must have a relevant and effective policy in place to ensure that a part of any variable remuneration for directors is linked to the company’s transition plan for combating climate change.

8. Non-compliance could trigger civil liabilities and sanctions

Non-compliance of the CSDDD could result in civil liabilities (damages). A key recent change in the European Parliament’s amendments is the addition of a non-compliance sanction of up to at least 5% of net worldwide turnover in the year before the decision to impose a fine. The rules can also lead to an order that a company ceases conduct or suspends products from free circulation or export.