The Corporate Sustainability Due Diligence Directive (CSDDD) is an integral piece of EU legislation that requires both EU and non-EU companies to uphold high standards of human rights and environmental due diligence across their supply chains.
Negotiations for the specific verbiage of the CSDDD regulation framework have developed over the past year. In February 2022, the first legislative proposal draft was released, but it has since gone through edits to appease voting parties. The most recent draft of the CSDDD was agreed on March 15, with the aim being to pass the text before the EU elections in 2024.
Commenting on the progression of CSDDD drafts, Greta Koch, Technical Negotiator for the EPP of the CSDDD, states that there were significant changes to the scope, causing several member states to shift from abstaining to voting in favour. This led to the adoption of the text at the council’s technical level. In parliament, the text was approved by the Legal Affairs Committee with a large majority. She added that another vote is scheduled for April 24th in a plenary session in Strasbourg. “We expect that this vote, too, should go through with a large majority”, Koch reaffirms.
The CSDDD will impact companies large companies across the globe that aim to operate in Europe. Based on our recent webinar that explores an in-depth look behind the final CSDDD agreement, we’ll break down the most important changes, potential company liabilities, and steps to navigate corporate sustainability in 2024 and beyond.
Exploring the Evolving Scope and Civil Liability Provisions of the CSDDD
After a draft of the CSDDD was rejected by larger member states earlier this year, the new, revised proposal has revised its scope to accommodate the wishes of countries like France and Germany. These large scope changes have caused these parties to change their vote from an abstention to a positive one.
The specific modifications to the scope of the proposal relate to the number of employees and business turnover. Higher turnovers and a larger number of employees bring CSDDD into force in earlier years. The bands are as follows:
- Phase 1, 2027 – Companies with over 5000 employees and €1500 million+ in turnover.
- Phase 2, 2028 – Companies with over 3000 employees and €900 million+ in turnover.
- Phase 3, 2029 – Companies with over 1000 employees and €450 million+ in turnover.
This scope is much more narrow than previous drafts, accommodating the reasons that major parties previously turned down the proposal. Previously, the January draft would have covered 15,000 companies in Europe, while this newest draft would only cover 5,300 companies in total.
To questions about potential future changes to the draft, Greta Koch says, “It is impossible to change the text now. However, it could be rejected by the new parliament or the council, although I believe the risk of that happening is currently low… At this moment, I would say that while there may be delays, no further tax changes are anticipated.”
Expectations and Parent Company Attribution
Parent companies are covered by CSDDD as soon as they reach any of the previously established thresholds on a consolidated level. When a parent company or the sum of all the companies under its umbrella reach the threshold of 1,000 employees and €450 million in turnover, they are automatically covered.
A parent company is directly responsible for all of their subsidiaries.
One expectation, which will likely only impact McDonald’s and has therefore been called the McDonald’s case, relates to franchising business models. Companies like McDonald’s generate turnover through royalties in vertical agreements. These structures are also included in the agreement but not directly included in the previously documented numbers of companies impacted.
Therefore, the total number of 5,300 impacted companies does not yet include any companies and franchises that fall under this expectation. These final numbers will receive an update once that data becomes available.
Applicability to Non-EU Companies
Non-EU companies may be covered by the CSDDD whether or not they are in Europe. The distinction lies in a company’s total turnover inside the EU. If a company generates more than €450 million, then they are covered and must comply.
At present, the exact number of companies that are included in this non-EU compliance figure is unknown.
Removal of High-Risk Sector Approach
Previous drafts of the CSDD have included a high-risk sector approach, which applied to areas like the construction industry. In these earlier drafts, the thresholds for high-risk sectors were even lower.
However, some parties were dissatisfied with this on political terms and this has since been removed from CSDDD. There is now no high-risk sector approach in the current draft – this is highly unlikely to change going forward.
Parent Company Attribution and Comparison with German Law
The German Supply Chain Act and CSDDD use similar structures for parent company attribution. Similarly to this act, if certain prerequisites are met, the parent company will implement the CSDDD for all of its subsidiaries. The parent company will be responsible for providing guidance to all of its subsidiaries during the implementation process.
However, unlike the German Supply Chain Act, CSDDD requires a company to exceed the employee count and turnover threshold. In the former, only the turnover threshold is considered. Applying this new additional requirement will alter the total number of covered companies in the CSDDD.
Understanding the Civil Liability Provisions of the CSDDD
Civil liability in the CSDD will fall on the party that caused the damage. Due to the variance and subjectivity of causality, individual state law will determine the exact definition in a case. For example, if a German company was involved, then the German civil code would prevail.
The one major clause that businesses should pay attention to is the fact that if someone else caused the damage, then a company cannot be held liable. Yet, within this distinction, the specific understanding of causality in a member’s state law could find a company either partly liable or jointly liable.
For example, suppose a business hasn’t created effective policies with a contractual partner or has failed to conduct audits or another form of preventative measure. In that case, they may have particle causation, which leads to liability.
Another difference is that this will include a limitation period of at least five years, which differs from German law of three years.
In the first court cases, examining how they are judicially interpreted will likely inform these decisions going forward.
Trade bans and labour regulation
Another important deletion from this version of the CSDDD is the removal of trade bans. These removals are a result of forced labour regulations entering into force over a transformation period of three years. Any products associated with forced labour will not enter the European market.
These changes will lead to due diligence obligations for companies that work or intend to have an active presence in Europe, as they must regulate partners to prevent forced labour. These changes will have a broader implication for corporate accountability in the coming years.
Continued Obligations
Alongside changes to previous drafts, there are numerous continued obligations. Over time, as other regulatory changes, these will align with CSDDD and further push companies to uphold a high standard of human labour and sustainability protection.
Reporting and Public Communication
In terms of due diligence obligation, nothing has changed, with the overall obligation of corporate responsibility remaining fundamental. However, Article 11 of CSDDD emphasises the significance of reporting and communication in the CSDDD framework. The CSRD (Directive on Corporate Sustainability Reporting) acts as the reporting mechanism for these CSDDD obligations.
This connection facilitates transparency and accountability in corporate sustainability practices. Discussing the importance of transparency in the supply chain, Salary Partner at TaylorWessing, Sebastian Rünz, LL.M, states,
“After assessing the scope of application, one crucial task is to perform the scoping exercise of the CS3D. It is vital to determine if you have high-risk supply chains which you should initially make transparent. This is because, to implement any measures in your deeper supply chain, knowing who is involved in that chain is paramount.”
Adaptations to ESRS Standards
Potential adaptations to European Sustainability Reporting Standards (ESRS) standards still remain to be seen. Typically, the development of ESRS standards is slow, with their present focus being on sector-specific guidance.
However, considering how the due diligence directive will impact how we define the supply chain, it is likely that the ESRS will see some form of adaptation. However, the exact adaptations regarding the adaptation of standards and alignment are not yet clear.
Uncertainties Surrounding Adoption
While stakeholders are eager to understand how the changing regulatory landscape will impact their businesses, the best course of action at this time is to be patient and await further guidance. There may be unexpected changes down the line or modifications for clarity, necessitating waiting before taking action.
Navigating Corporate Sustainability: Key Steps for CSDDD Compliance
In order to effectively prepare for corporate sustainability, businesses can begin to plan out potential steps that they may need to take.
While regulation is still evolving, businesses will be able to prepare ahead of time by considering the following:
- Assess the Scope of CSDDD Application – The CSDDD uses a cascading system of compliance, with different employee counts and turnovers impacting implementation. The first step for any company is to determine where they fall under the scope of CSDDD. It’s important to remember that there are different thresholds for the Germany Supply Chain Act, so they must first determine whether they have obligations under that before moving to assess CSDDD compliance.
- Perform a Scoping Exercise – The first step toward identifying potential high-risk suppliers is to gain more extensive insight into connected suppliers. Assess whether tier-end suppliers offer full transparency and use this to then determine whether they have high-risk supply chains. If they do, they will need further scrutiny to determine the feasibility of working with them.
- Conduct Risk Assessments – To minimise the risk of potential liability, businesses should aim to conduct risk assessments for both tier-one and tier-end suppliers. By employing a 360-degree scoring approach that combines media screenings, country and risk assessments, maturity ratings, and capability, they can identify high-risk suppliers. Once identified, businesses can take action to reduce their reliance on these suppliers.
- Enable Prioritisation – After conducting risk assessments, businesses should prioritise high-risk suppliers based on their involvement with each company. Depending on the nature of their involvement and the extent of the risks, businesses should endeavor to prepare mitigative strategies where possible. These steps may involve substituting suppliers for ones with lower risk ratings or helping a supplier to improve their sustainability practices.
- Determine Implementation Timeline – These baseline steps will vary in complexity and scope in relation with the overall size of a business. Larger companies may have more risk exposure, making it vital to start as early as possible to identify, mitigate, and aim to eliminate potential risks.
- Seek Support Services – To streamline the process of risk assessment and management, businesses may use third-party services and systems. Risk assessment, scoping, and identifying useful due diligence measures are all simplified when working with a service provider that specialises in these aspects.
Determining the scope of risk is a vital step toward compliance. Commenting on this, Harald Nitschinger, Co-Founder and CEO of Prewave, states,
“The scoping is entirely based on risk, without considering spend or any other additional criteria, as dictated by the CSDDD. It adopts a purely risk-based approach, prioritizing according to the likelihood of risks. The risks under consideration, detailed in the annex of the CSDDD, include human rights and environmental risks. It encompasses a broad range, rooted in ILO conventions and various other human rights treaties, addressing issues such as child labor, forced labor, biodiversity, deforestation, and more.”
Understanding the altered scope of the CSDDD regulation and conducting effective risk assessments in line with these new obligations is vital for the prolonged success of a supply chain. Addressing risks proactively will help mitigate major overhead and protect your business in the long run.
Final Thoughts: Toward Full CSDDD Compliance
In order to remain compliant with future CSDDD regulations, businesses must begin to take preventative measures to limit risk and improve implementation timelines. Focusing on transparency by determining the overall level of risk that a company has, combined with the level of application, will provide the context needed for a precise and smooth implementation.
Proactive measures will help companies to understand their potential responsibilities under the latest draft of the CSDDD. Once identified, they can then take steps to reduce risk as early as possible, limiting the potential for urgent and brash changes in thef ace of impending regulatory requirements.
Businesses can turn to third-party solutions like Prewave for complete insight into supply chain risk and compliance. Providing a comprehensive level of insight into potential risk, current compliance obligations, and corporate sustainability due diligence, Prewave allows businesses to uphold sustainability standards in their operations and decrease supply chain risk.
