The CSDDD establishes mandatory due diligence requirements for large undertakings active across the EU with the aim of mitigating adverse impacts on the environment and human rights throughout their value chain(s).
Context
The Corporate Sustainability Due Diligence Directive (the “CSDDD/CS3D” for short and here the “Directive”) was published in the Official Journal of the EU on 5 July 2024, and comes into effect on 25 July 2024. According to the EU Commission, “the aim of this Directive is to foster sustainable and responsible corporate behaviour in companies’ operations and across their global value chains. The new rules will ensure that companies in scope identify and address adverse human rights and environmental impacts of their actions inside and outside Europe”[1]. Member States now have two years to implement the Directive into national law.
Key points
The Directive’s scope of application has been the object of much discussion between the EU Commission and the Member States. In its final form, the CSDDD mainly affects large EU-based companies and third country undertakings active in the EU. The scope of the Directive can be summarised as follows:
EU companies
Net worldwide turnover exceeding EUR 450M and/or more than 1000 employees for two consecutive
financial years. These thresholds can also be reached at the group level by ultimate parent companies. |
Non-EU companies
Net turnover exceeding EUR 450M in the EU for two consecutive financial years. This threshold can also be reached at the group level by ultimate parent companies.
Franchises
Companies which have entered into franchising or licensing agreements in the EU are in scope of the Directive if, for two consecutive financial years, their royalties from the agreements exceed EUR 22.5M and their net turnover (worldwide for EU companies/in the EU for non-EU companies) exceeds EUR 80M.
Exclusions
- An ultimate parent company may be exempt from the obligations of the Directive, provided that: 1) it acts exclusively as a holding company, and 2) the obligations of the Directive are fulfilled by one of its subsidiaries at the group level.
- For the time being, the Directive does not apply to the downstream activities (products and services) of regulated financial undertakings.
- The Directive does not apply to pension institutions operating social security systems.
Timeline for application of the Directive
The scope described above concerns the final application of the Directive. However, larger companies will come within scope sooner, via a staggered timeline. Specifically:
- 26 July 2027 – The Directive applies to EU companies with net worldwide turnover exceeding EUR 1500M and more than 5000 employees, as well as non-EU companies with net EU turnover of more than EUR 1500M.
- 26 July 2028 – The Directive applies to EU companies with net worldwide turnover exceeding EUR 900M and more than 3000 employees, as well as non-EU companies with net EU turnover of more than EUR 900M.
- 26 July 2029 – The Directive applies in full, as per the scope set out above.
Requirements
As stated, the aim of the Directive is to foster sustainable and responsible corporate behaviour in the operation of companies and across their value chains. As part of this framework, companies are expected to mitigate the adverse impacts of their value chains on the environment and on human rights. To achieve this, requirements are imposed in the areas of due diligence, minimisation of adverse impacts and reporting. Specifically:
Due diligence | The Directive introduces the concept of “chain of activities“, which clarifies the scope that the due diligence process must cover, in addition to a company’s own operations. These are split into upstream and downstream activities:
Upstream activities are the activities of a company’s business partners involved in the production and development of the company’s goods or services, e.g. design or supply of raw materials, products or parts thereof.
Downstream activities are the activities involved in the distribution, transport, and storage of a company’s products, to the extent that these are provided by business partners of a company.
Companies are expected to integrate due diligence into all relevant policies and risk management systems. The due diligence policy must be updated after each significant change and reviewed (and updated if necessary) at least every 24 months. A significant change should be understood as a change to the status quo of the company’s own operations, operations of its subsidiaries or business partners, the legal or business environment or any other substantial shift from the situation of the company or its operating context. [2]
Adverse impacts:
Identification and assessment | Companies must take appropriate measures to identify and assess actual and potential adverse impacts.
Adverse impacts:
Prevention | Companies must take appropriate measures to prevent, or where prevention is not possible, adequately mitigate potential adverse impacts.
Additional requirements | Additional requirements imposed on companies include:
– Set up a notification mechanism and a complaints procedure.
– Ensure regular monitoring of the adequacy and effectiveness of the identification, prevention, mitigation, ending and minimisation of adverse impacts.
– Publish an annual statement on their website no later than 12 months after the publication of their annual report, to affirm compliance with the requirements of the Directive.
– Ensure, by 2029, that this annual statement is also accessible via the European Single Access Point (ESAP).
– Adopt a transition plan compatible with the transition to a sustainable economy and with limiting global warming to 1.5°C.
– Appoint an authorised representative for matters relating to the Directive.
Liability, sanctions, and supervision
Companies are civilly liable for damage caused due to breaches of their obligations in relation to adverse impacts, while national supervising authorities (administrative and/or monetary) may also impose fines.
Additional provisions
The EU Commission will assist companies in their efforts to comply with the requirements of the Directive by doing the following:
- Establishing a single helpdesk from which companies can seek information, guidance, and support to fulfil their obligations.
- Issuing specific guidelines, including voluntary model contractual clauses.
- Coordinating supervisory efforts by creating a European network of supervisory authorities.
- Enabling Member States to financially support SMEs [3] and possibly providing further support itself (not necessarily monetary in nature).
Access the Corporate Sustainability Due Diligence Directive here
Author: Georgios Georgiadis
[1] Source: Corporate sustainability due diligence – European Commission (europa.eu)
[2] Recital 41 of the Directive.
[3] While SMEs might not be in scope of the Directive directly due to not meeting the relevant thresholds, they may still be affected to a degree as part of the value chain of larger companies which are in scope.