Legal Update

Jun 3, 2024

EU Corporate Sustainability Due Diligence Directive: Raising the Stakes on ESG Regulations

Click for PDF

Game changing Environmental, Social, and Governance (“ESG”) regulations via the Corporate Sustainability Due Diligence Directive (“CS3D”)[1] will require non-EU and EU companies to identify and prevent adverse environmental and human rights impacts within their business, and the supply chain operations carried out by their business partners. On May 24, 2024, the European Council adopted the CS3D proposal. EU Member states have two years from the date the CS3D is published in the European Union Official Journal (expected in June 2024) to transpose the CS3D into national law. The CS3D will be phased-in over three years, with the largest companies expected to achieve compliance by 2027.

The CS3D marks a historic shift in the ESG regulatory landscape. By establishing a corporate due diligence duty, the CS3D makes in-scope companies, including those based outside the EU, responsible for the negative environmental and adverse human rights impacts arising from their operations and their business partners. Adverse human rights are widely defined by international principles to include, among other rights, the right to a fair wage, just and favorable working conditions and an obligation to engage with trade unions and stakeholders at all stages of the due diligence process. CS3D also requires in-scope companies to adopt a climate transition plan in line with the Paris Agreement. Non-compliance can result in significant penalties, civil lawsuits, disbarment from public procurement contracts and reputational damage.

The European Commission estimates that approximately 6,000 large EU limited liability companies and partnerships with more than 1,000 employees and greater than €450 million net turnover worldwide will be impacted and approximately 900 large non-EU companies with more than €450 million net turnover in the EU will be directly impacted.[2] While small and medium enterprises and other non-EU companies are not covered, the ambit of the CS3D will have indirect implications for value chain business partners that will need to be cognizant of the CS3D obligations. 

Given the complexity and challenges of these new obligations, companies affected by these changes should start planning now to assess and adapt their processes accordingly.

While adopting a compliance mindset is a natural approach to a mandatory due diligence scheme, the European Commission has highlighted trust in business as one of the key aims and expected benefits of the CS3D. Other expected benefits include better risk management, resilience, increased attractiveness for talent and investment, and better protection of human rights and the environment.  

What companies are subject to the CS3D?

The CS3D applies to both EU and non-EU companies with activities in the EU that meet certain revenue turnover and, if applicable, employee thresholds*. The thresholds can apply to EU and non-EU companies on either a standalone or consolidated basis.

 

EU Companies

Non-EU Companies

EU Companies with EU franchising or licensing agreements

Non-EU Companies with EU franchising or licensing agreements

  • > 1,000 employees on average; and
  • net worldwide turnover > €450 million

Net turnover > €450 million in the EU

Net worldwide turnover > €80 million (with at least €22.5 million generated by royalties)

Net EU turnover > €80 million (with at least €22.5 million generated by royalties)

*For companies to be in scope they must meet the applicable criteria for two consecutive financial years before the EU CS3D applies to the organization.

How does CS3D impact companies?

The CS3D adopts the core standards found within the OECD Guidelines for Multinational Enterprises (“OECD Guidelines”) and the United Nations Guiding Principles on Business and Human Rights (the “UNGPs”). At a high-level, the CS3D requires in-scope EU and non-EU companies to:

  • Conduct due diligence to identify and assess adverse environmental and human rights impacts that arise from their business operations and across their “chain of activities,” which includes suppliers, subcontractors, and business partners;[3]
  • Once identified and assessed, implement “appropriate measures” to prevent, mitigate and remediate the identified adverse impacts; and
  • Implement, on a best efforts basis, a climate transition plan for their operations which is designed to limit global warming to net zero by 2050, aligned with the Paris Agreement and achieving climate neutrality under the European Climate Law.

Adverse environmental impacts and human rights violations include, among others, biodiversity loss, air and water pollution, labor exploitation including the right to just and favorable conditions of work including a fair wage and natural heritage destruction.[4]

Which business partners do companies need to consider?

Companies will need to address both direct and indirect activities in their due diligence obligations, which means understanding their chain of activity and engaging with their business partners. The CS3D refers to the company’s “chain of activities,” which includes upstream and downstream business partners.[5]

 

Business Partner [6]

  • Direct entity with which the company has a commercial agreement relating to the company's operations, products or services, or to which the company provides services, or
  • Indirect entity which is not a direct business partner but conducts business operations relating to the company's operations, products or services

Upstream Business Partners

Those related to the production of goods or the provision of services by the company (design, extraction, sourcing, manufacture, transport, storage and supply of raw materials, products or parts of the products and development of the product or the service)

Downstream Business Partners

Those related to the distribution, transport and storage of the product, where the business partners carry out those activities for or on behalf of the company (with exclusions for certain security risks and the export control relating to war materials and B2B or B2C customers)

 What due diligence will companies need to perform?

The CS3D risk based due diligence process mirrors the six steps outlined in the OECD Due Diligence Guidance for Responsible Business Conduct.[7] Companies must implement “appropriate measures” to address the adverse impacts identified in their own operations and where related to their chain of activities, those of their business partners.[8] Those steps are:

 

Integrate Responsible Business Conduct into Policies and Management Systems

Adopting responsible business conduct policies based on the OECD Guidelines for Multinational Enterprises and embedding them into management systems[9]

Identify and Assess Impacts

Identifying and assessing actual and potential adverse impacts associated with company activities [10], which may require in-depth scoping to understand and prioritize the most significant risks and responses[11]

Design and Implement Strategies to Address Impacts

Based on the risk assessment, developing strategies that prevent or mitigate adverse impacts, which involves:

  • integrating responsible business conduct into their policies, employee trainings, and business relationships;
  • bringing adverse impacts to an end;
  • remediating such impacts; and
  • engaging in meaningful stakeholder engagement[12].

Track Implementation and Results

Monitoring the implementation and effectiveness of strategies, conducting regular evaluations and updating strategies accordingly[13]

Communication

Appropriately publishing information and engaging with relevant stakeholders to promote collaboration and transparency[14]

Providing Remediation

Establishing grievance mechanisms such as a roadmap for remediation, standard timelines, and sufficient resources to resolve complaints[15]

What is a climate transition plan?

In-scope companies will be required to adopt an action plan which outlines how the organization will pivot, through best efforts, its existing assets and operations to be in alignment with the Paris Agreement’s goal of limiting global warming to 1.5°C. Companies may fulfill the obligation of creating a transition plan when complying with the CS3D, but will need to actually implement the plan and complete annual updates in order to fully comply with the CS3D.[16]

What are the practical implications for companies impacted by CS3D?

Although some EU states already have in force a soft version of this directive (Duty of Vigilance Act in France, Supply Chain Due Diligence Act in Germany), the CS3D is stricter. Further, the CS3D sets minimum standards allowing EU member states to implement more stringent provisions if they choose. The potential for differing CS3D standards across the EU will require companies to conduct legal risk assessments across the EU members states to ensure they are working to the highest standard.

Companies will have to undertake a “root and branch” review of their operations. This will require mapping, tracking and understanding their chain of activities to identify their business partners and suppliers through a more stringent lens and implement management systems for compliance. With all things ESG, we suggest approaching the CS3D with both a top-down and bottom-up perspective that is grounded in the company’s corporate purpose and values. 

In the human rights arena, many multinational enterprises have developed human rights programs aligned with the UNGPs’ pillar for businesses to respect human rights. These companies can use those programs as a baseline to assess the work needed for compliance with the CS3D by conducting a gap analysis of those programs against the CS3D. The UNGPs contain a similarly comprehensive scope of human rights, which like the CS3D, look to the ILO core conventions, including the ILO Declaration on Fundamental Principles and Rights at Work. 

We expect companies to refresh their contractual provisions with their relevant business partners to assess their ability to obtain, assess and monitor their business partners operational impact on the environment and human rights. Employing a consultative process with Member States and stakeholders, the European Commission will adopt model contractual clauses. It will be interesting to watch the nature of the clauses and whether it will signify a shift in the contracting approach from a transactional, liability shifting approach to one that reflects a shared responsibility. Observing the shift in the regulatory landscape, this is the approach the ABA has taken with respect to its model language for the protection of human rights in international supply chain contracts.[17]

As part of the impact identification process, we also expect that such agreements will be re-evaluated to assess whether the terms of those agreements as reflected in business practices could lead to any identified adverse impacts. For example, if a company engages with a supplier for the production of goods, a company should evaluate whether the production costs and schedule are structured in such a way that it could lead to fostering conditions that contribute to adverse human rights impacts (e.g., excessive working hours, wages below a living wage). 

Companies will more than likely need to invest in new resources and update governance and management reporting. As a corollary, business partners will find they are required to provide more detailed disclosure questionnaires. While the CS3D favors working with business partners towards compliance instead of terminating contracts, termination could be a real possibility for business partners who fail to upgrade their working practices to mirror those of the entity directly captured by the CS3D. In this regard, capacity building among business partners will be needed and required, particularly for a business partner that is a small and medium enterprise.

How does this relate with other European directives and regulations?

The CS3D will also operate alongside other recent directives and regulations. These include the EU Corporate Sustainability Reporting Directive (“CSRD”) and the EU Sustainable Finance Disclosure Regulation (“SFDR”).

  • The CSRD requires companies to disclose their human rights and environmental impacts using a double materiality standard. This standard requires companies to assess the material impacts of their business on the environment and human rights (the impact lens) as well as the material impacts of these matters on the business (the financial lens).  
  • The SFDR impacts investors on how they market and report on green and human rights friendly investments.

Together these laws complement each other and aim to advance the EU’s goals of transitioning the EU economy to a “sustainable and just future”. It also has synergies with the EU Deforestation Regulation, EU legislation to ban greenwashing as well as upcoming legislation including EU Forced Labor Regulation and EU Packaging and Packaging Waste Regulation. 

When will the CS3D be implemented?

Assuming the CS3D is published in the European Union Official Journal in 2024, the CS3D will be phased in over a three year period based on certain thresholds:

 

 

2027

2028

2029

EU Companies

  • Companies with > 5,000 employees; and
  • Net worldwide turnover > €1.5 billion 
  • Companies with > 3,000 employees; and
  • Net worldwide turnover > €900 million
  • Companies with > 1,000 employees; and
  • Net worldwide turnover > €450 million

Non-EU Companies

Net EU turnover > €1.5 billion

Net EU turnover > €900 million

Net EU turnover > €450 million

Companies with EU franchising or licensing agreements

N/A

N/A

Applicable net turnover > €80 million (with at least €22.5 million generated by royalties)

What are the consequences for non-compliance?

The CS3D defers to the Member States to establish or assign a regulatory body, supported by the European Network of Supervisory Authorities, that will be responsible for investigating and enforcing penalties. Breaches of the CS3D could result in fines, civil liability and reputational harm.

 

Fines

  • A maximum fine, established by a Member State, of up to 5% of the company’s net worldwide turnover in the financial year preceding the fining decision[18]
  • Companies with appropriate due diligence measures and controls can avoid enforcement action if they have implemented “appropriate measures” to address the relevant adverse impacts

Civil Liability

  • Civil liability for damages the company “intentionally or negligently” failed to comply with their CS3D obligations and, as a result of the failure, caused damage to a natural or legal person’s legal interest protected under national law[19]
  • The CS3D creates a private right of action for those adversely affected and allows trade unions and NGOs to act on their behalf in bringing such actions
  • Note: Companies are not liable for actions caused solely by business partners in its chain of activities

Reputational Harm

Penalties will be made publicly available for at least 5 years and sent to the European Network of Supervisory Authorities[20]

Looking Ahead

In our past ESG alerts, our team has described ESG as reflecting the business paradigm shifting from transactional to relational. Cutting through the noise that surrounds the use of the term ESG, we offer that ESG is a framework for assessing an organization’s practices and governance on relevant ESG matters that span the human rights and environmental arenas against stakeholder-centric factors in furtherance of a sustainable and resilient business. ESG matters influence “how” an organization conducts business and the practices it engages in to be profitable.  

The CS3D fully embodies and reflects this shift.

Because organizations – both private and public – are assessing compliance with a broad swath of ESG regulations that are already in effect or will be within the next few years, we offer organizations to approach this labyrinth of ESG regulations by:

  1. Understanding your organization’s current ESG strategy, goals and efforts;
  2. Learning who in the organization are the key drivers of the strategy and their vision;
  3. Becoming familiar with current reports and which reporting frameworks, if any, your organization may use;
  4. Assessing whether the company is directly or indirectly subject to a given regulation which may cover similar topics;
  5. Centralizing ESG data through the use of software systems that can give a single source of authority for assessing credibility of data;
  6. Understanding the materiality standards, if any, and any materiality assessments that have been conducted and for what purpose;
  7. Working with counsel to consider applying privilege protocols and oversight of materiality assessments conducted pursuant to regulatory requirements;
  8. Working with procurement and the ESG teams to learn the business partners who may be directly subject to a regulation whereby your company may be asked to change practices or provide information; and
  9. Assessing the company’s human rights and environmental practices and programs against the highest or most comprehensive standard.

If you have questions, please reach out to the authors and the Seyfarth Impact & Sustainability team for assistance.


[1] European Parliament legislative resolution of 24 April 2024 on the proposal for a directive of the European Parliament and of the Council on Corporate Sustainability Due Diligence and amending Directive (EU) 2019/1937 (COM(2022)0071 – C9-0050/2022 – 2022/0051(COD)) (the “CS3D”). The Directive is also commonly referred to as “EU CSDDD.”

[2] European Commission website: Corporate Sustainability Due Diligence

[3] The Commission in consultation with the EU will issue due diligence guidance and climate transition plans by 2027.

[4] European Parliament, Press Release, April 24, 2024, “Due diligence: MEPs adopt rules for firms on human rights and environment

[5] CS3D Article 3(1)(g)

[6] CS3D Article 3(1)(f)

[7] CS3D (20) and Article 5

[8] CS3D Article 5

[9] CS3D Article 7

[10] CS3D Article 8

[11] CS3D Article 9

[12] CS3D Articles 10-13

[13] CS3D Article 15

[14] CS3D Article 16

[15] CS3D Article 14

[16] CS3D Article 22

[17] See, e.g., Model Contract Clauses to Protect Workers in International Supply Chains, Version 2.0 by the Working Group to Draft Model Contract Clauses to Protect Human Rights in International Supply Chains, ABA Business Law Section.

[18] CS3D Article 27(4)

[19] CS3D Article 29; this liability is subject to a five-year limitation period and excludes damage caused solely by a company’s business partners

[20]CS3D Article 27(5)