The EU Corporate Sustainability Due Diligence Directive: The countdown to compliance has begun


Two years after the proposal was first introduced to the European Parliament, the EU Corporate Sustainability Due Diligence Directive (CSDDD) was adopted as law this week. The Directive aims to make companies that operate within (or do business with) the EU more responsible for their supply chains' environmental, sustainability and human rights impacts and will require significant work to ensure compliance over the next four years. 

The legislation is concerned not with corporate structures, but with ameliorating impacts where your business is just a part of the supply chain having direct or indirect impacts. The Directive aims to address adverse human rights and environmental impacts of a companies' operations, its subsidiaries, and value chains (meaning, in this context, the activities relating to the production of goods or provision of services by the company).

The Directive requires companies to implement a robust due diligence process that addresses key environmental and human rights risks throughout their supply chains. This includes identifying and assessing the impact of their operations on people and the environment, acting to prevent and mitigate negative effects, and taking steps to address any adverse consequences. 

In order to comply with the Directive companies will need to:

  1. Implement and integrate due diligence processes: Companies will need to integrate due diligence into their corporate strategy, taking into account the human rights, climate, and environmental consequences of their decisions.
  2. Develop a due diligence policy: The policy, which should be updated annually, will need to include a description of the company's approach to due diligence, a code of conduct for the company's employees and subsidiaries, and a description of the processes in place to implement due diligence. 
  3. Identify and assess adverse human rights and environmental impacts: Prioritise (where necessary) these adverse impacts based on their severity and likelihood.
  4. Seek (and verify) contractual assurances from business partners: Companies should take steps to extend compliance with the code of conduct to established business relationships in their supply chains. Where companies identify severe, non-preventable adverse impacts within their business relationships, they should take steps to terminate the business relationship. Mere contractual assurances will no longer be the, 'get out of gaol free' card that they once were!
  5. Prevent or mitigate impacts: Companies will be expected to implement measures to prevent potential adverse impacts or, where that is not possible, to mitigate impacts.
  6. Identify and assess risks: The Directive expands the scope of operations covered by the due diligence requirements to include risk identification and assessment, with new provisions for a risk-based approach to due diligence.
  7. Adopt and put into effect a climate transition plan: This should set targets and actions for a transition to a lower carbon economy, including reducing greenhouse gas emissions.  
  8. Engage meaningfully with stakeholders: Companies should be engaging with those affected by their actions, ensuring there are effective lines of communication. This is likely to include introducing a complaints mechanism, communicating due diligence policies, and monitoring their effectiveness.

The CSDDD applies to all companies that want to do business in the EU, regardless of their size or sector. 

Companies that don't comply with the Directive will face financial and legal sanctions. 

The law now needs to be transposed into national legislation by EU member states, and full compliance is expected within two to four years from the date of implementation. 

That said, companies need to start developing and implementing the procedures and processes they will require to have in place to comply.  In our experience, it will take up to a year to develop, implement and train staff on the new systems and processes and an additional year to conduct a meaningful self-assessment, refine the processes and embed learnings before 'going live'.

In 2011, the United Nations Human Rights Council unanimously endorsed the UN Guiding Principles on Business and Human Rights (UNGPs). The UNGPs are the world’s most authoritative, normative framework guiding responsible business conduct and addressing human rights abuses in business operations and global supply chains. Howard Kennedy has been advising businesses and undertaking compliance and assessments in this area since 2011. Contact us for more information on how we can help.

You can find more information about the CSDDD along with other recent EU ESG regulation and legislation in our article: ESG - A European Response.

featured image