Written by MARK HELMKAMP, SENIOR consultant at spark compliance
Follow MARK on LinkedIn
For a minute there, it appeared that the EU’s eagerly anticipated Corporate Sustainability Due Diligence Directive (CSDDD) was dead. The agreed-upon text was torpedoed, and the press declared the law kaput. But a deal was brokered, and last month, the CSDDD came roaring back to life. It’s a game-changer for compliance officers and companies alike. Here’s what you need to know.
What happened?
In February 2023, the European Commission adopted a proposal for a Directive on corporate sustainability due diligence. The stated goal of the CSDDD is to “foster sustainable and responsible corporate behaviour and to anchor human rights and environmental considerations in companies’ operations and corporate governance.”
Fast forward a year later, after much negotiation, in March 2024, the Council of the European Union voted to approve the CSDDD. It will require Member States to introduce rules requiring certain EU and non-EU companies to conduct environmental and human rights due diligence on their global operations and value chains. Otherwise known as a lot of important work for compliance officers!
What is the CSDDD?
The CSDDD sets obligations for companies to address actual and potential adverse impacts on human rights and the environment. Not only will large businesses be responsible for their impact on the world, the due diligence directive requires them to identify human rights abuses and environmental damage in their supply chains and subsidiaries. This means that EU-based companies, as well as non-EU companies that conduct a set level of business in the EU, could become liable for the actions of their suppliers.
Implications of CSDDD for businesses
The revised March 2024 agreement reduced CSDDD’s scope and extended the timeline for implementation.
Which businesses need to comply with CSDDD?
Approximately 5,400 companies are now directly subject to the directive including:
EU-based and parent companies with more than 1,000 employees and a net worldwide turnover exceeding €450 million.
Non-EU-based and parent companies with more than 1,000 employees with a net worldwide turnover of more than €450 million within the EU market per year.
Franchises with a turnover of more than €80 million if at least €22.5 million was generated by royalties.
Phased implementation
Obligations will be phased in between three to five years after the CSDDD’s entry into force which is expected this year:
Three years to comply – companies with over 5,000 employees and annual turnover exceeding €1.5 billion.
Four years to comply – companies with over 3,000 employees and annual turnover exceeding €900 million.
Five years to comply – companies with over 1,000 employees and annual turnover exceeding €450 million.
Due diligence requirements
The due diligence process set out in CSDDD will require companies to perform the six steps defined by OECD Due Diligence Guidelines for Responsible Business Conduct. This must include a review of adverse human rights and environmental impacts. Companies, including their subsidiaries and value chains, will be required to:
Step 1: Integrate due diligence into policies and management systems
Step 2: Identify and assess adverse human rights and environmental impacts
Step 3: Prevent, cease or mitigate adverse human rights and environmental impacts
Step 4: Monitor and assess the effectiveness of measures
Step 5: Communicate how impacts are addressed
Step 6: Provide remediation when appropriate.
According to the due diligence directive, “companies should publish on their website an annual statement in at least one of the official languages of the Union, within a reasonable period of time, but no later than 12 months after the balance sheet date of the financial year for which the statement is drawn up.”
Civil liability and fines
Member states will require a new regulatory body to monitor, investigate and impose penalties on companies that do not comply. Penalties will be significant – up to 5% of a company’s net worldwide turnover.
Companies that don’t comply with their CSDDD obligations will be liable and required to fully compensate their victims. Furthermore, they will have to adopt complaint mechanisms and engage with individuals and communities adversely affected by their actions.
What happens next?
The CSDDD is currently pending approval by the European Parliament. Once officially adopted, EU member states will have two years to implement the directive into national law. At the earliest, compliance deadlines will begin in 2027.
How to prepare now
In the meantime, there are practical steps companies can take to prepare for CSDDD such as:
Assess applicability. Assess whether EU entities, parent company and/or franchises will fall in scope of the CSDDD.
Develop roadmap. Develop a strategic roadmap for compliance based on the phased in implementation scope.
Assess current state of due diligence. Assess due diligence polices and processes to understand if there are gaps in the operations and value chains. For example, does the due diligence questionnaire include questions on modern slavery?
Bolster risk assessment. Add these key risk areas to the risk assessment and auditing and monitoring plans.
Update the Code of Conduct and Supplier Code. Add strongly worded provisions on preventing human rights abuses and preserving the environment including the company’s commitment, rationale and practical steps for employees and others doing business with the company to do the right thing.
Assess policies and procedures (P&P). Review the current state of P&P for these risk areas to ensure they are fit for purpose and directionally aligned with the due diligence directive.
If past is prologue, a proactive approach now will put companies in a strategic stance to respond to regulators in the not-so-distant future.