The CSDDD represented a major change in the way businesses could operate in the EU, with a focus on sustainability in a company’s operations and throughout the supply chain. But Naomi Grossman, Learning and Content Manager at compliance e-learning specialist, VinciWorks, questions why the final directive was watered down to cover fewer companies.
The EU’s Corporate Sustainability Due Diligence Directive (CSDDD) is one of the first laws of its kind to require sustainability due diligence at the corporate level. Its groundbreaking concept is that it requires companies to consider the social and environmental impact of their operations by promoting transparency and encouraging companies to be more proactive in identifying and mitigating sustainability risks and human rights violations. The reporting requirements are designed to get companies to protect the environment, maintain social justice and promote a stronger, sustainable economy.
But the directive as it was originally conceived lost some of its bite in passage, with a watered-down version finally approved by the European Parliament in April. The question is, did Europe sell out its green agenda to private interests?
The CSDDD represented a major change in the way businesses could operate in the EU and essentially built on another recent EU directive, the Corporate Sustainability Reporting Directive (CSRD). Both directives focus on increasing transparency in a company’s operations and throughout the supply chain and they both reflect the EU’s focus on sustainability with its goal of the European Green Deal to become a climate-neutral society by 2050.
But while CSRD focuses on disclosures and operations and requires companies to look at their carbon footprint and impact on human rights and labour laws, the CSDDD was developed to ensure that EU and non-EU companies take responsibility for the adverse impacts of their activities. Its mission was to create an EU standard and to emphasise due diligence strategies for companies to implement on human rights and environmental issues.
So, what happened?
The legislation began its mission in 2020 with studies by the EC on sustainable corporate governance and due diligence requirements in the supply chain. This led to the commission’s proposed CSDDD draft in February 2022.
The plan was to require companies to implement certain processes throughout their value chains in line with ESG (environmental, social, governance) criteria. The European Parliament and the EU Council reviewed the CSDDD Proposal. The companies in scope of the CSDDD would be required to conduct human rights and environmental due diligence by carrying out certain actions developed in line with prior OECD Guidance. These involved:
● integrating due diligence into company policies
● identifying actual or potential adverse impacts
● preventing and mitigating potential adverse impacts and ending actual adverse impacts or minimising their extent
● establishing and maintaining a complaints procedure
● monitoring the effectiveness of their due diligence policy and measures
● publicly communicating on due diligence
A significant element of the directive was that the due diligence obligations did not just pertain to the company itself, but also to its subsidiaries and their operations and to operations carried out in the value chain.
The council adopted its position on the directive in late 2022 and reached a provisional agreement on the CSDDD with parliament in December 2023. By all appearances, the directive was set to be approved.
And then Germany happened. Or more accurately, Germany threatened not to support the legislation. This is an unusual move in the EU once a provisional agreement has been reached but it was done as support for the German government had been waning.
The move caught the parliament off guard. Germany has a similar national law, the Act on Corporate Due Diligence Obligations in Supply Chains, and had been a supporter of the legislation. But Germany’s pro-business Free Democratic Party (FDP), which is part of the ruling coalition and was trailing in national polls at the time, suddenly came out in opposition to the CSDDD. Business and industry associations had been calling on the government to oppose the directive.
FDP said this directive went much further than the German supply chain law and they were concerned that the bureaucratic and potential legal impact would be too burdensome for companies. Members of the party said that the provisional agreement met many of their demands, but fell short of what they wanted.
Without Germany, the council postponed the vote on CSDDD’s approval. Then Italy also pulled its support. Then France, in what supporters of the legislation saw as a real betrayal, proposed significantly scaling back the scope of the new rules to only the largest companies in the EU. These are three countries with strong voting power – and they knew it. The directive still didn’t pass.
In the next few weeks, the Belgian presidency of the council scrambled to reach a compromise. Finally, in March there was sufficient member state support to advance the new law. But this did not happen without pretty significant changes.
What changed?
As I said, a lot. The biggest change was what France had wanted, that fewer companies are in scope of the new law. The threshold of companies covered under the legislation was increased to 1,000 employees, up from 500, and to those with revenue over €450 million, up from €150 million. This slashed the number of companies in the scope of the CSDDD by almost two thirds, meaning that only around 5,400 EU companies will have to comply and improve their due diligence in their business. A phased approach was also taken and companies with 1,000-3,000 employees won’t even come into scope until 2029. In fact, in general, the legislation’s phasing in was extended. It will only be fully implemented for all in-scope companies five years after coming into force.
Also, lower thresholds that had been in place for high-risk sectors were removed. (This could be reconsidered at a later date.) Supply chain definition was narrowed to only requiring due diligence on businesses with a direct relationship. ‘Indirect’ relationships do not require due diligence. Product disposal activities were removed from the scope of the law and the requirement for companies to promote the implementation of climate transition plans through financial incentives was removed.
The fact that the CSDDD’s passage was surprisingly complicated and ultimately led to the initially proposed and provisionally passed directive being watered down before it could be finally approved is a disappointment to its supporters and a point of deep contention for those hoping for more comprehensive legislation. The directive was a clear signal of the EU’s commitment to sustainability and responsible development. But its complicated road to passage did reflect a shifting of attitudes towards the increasingly regulatory environment in the EU. (Think the General Data Protection Regulation (GDPR) and the upcoming AI Act.)
Nevertheless, the CSDDD passed, which is something that would have been unlikely, even in its current watered-down form, just a decade ago. This is a testament to how far Europe has come in terms of corporate sustainability and human rights.
And as the business community in Germany rightfully feared, the CSDDD still has a large influence on the supply chain and protected rights, mostly because it applies to the entire value chain. Due diligence obligations apply to the companies’ own business activities, the activities of subsidiaries, direct suppliers, indirect suppliers and the distribution, transport and storage of products. This means the legislation will still reach smaller companies in a larger company’s supply chain. Large companies will have to make sure those smaller companies provide the same level of transparency around human rights. It will be a number of years until those smaller companies fall into the directive’s scope, but it could be that the larger companies start implementing the requirements earlier.
It also means that companies will start to develop systems and protocols to identify, manage and mitigate their negative impacts on sustainability and human rights and will have to work closely with their suppliers on this.
What does this mean for UK companies?
The UK government did state that it currently has no plans to replicate the CSDDD in UK law, but the CSDDD’s reach around the world is still a fairly significant feature of the directive. The CSDDD will have implications for UK companies doing business in the EU if they are generating significant turnover there. If a UK company’s own activities have a net turnover within the EU of above €450 million, the directive applies to it.
And there’s more. If the non-EU company is part of the value chain of a company subject to the CSDDD, it would have to comply with the standards established by the directive, even if it is not required in their country. This applies to companies of any size, as long as they do business with, or are otherwise involved in the value chain of, in scope EU companies. This means a manufacturer of auto parts in the UK that sells its products to an EU car company would be obligated.
Finally, if the European subsidiaries of a UK parent company are in scope of the directive, the UK parent would be affected as well, The UK parent would not only have to monitor its CSDDD subsidiary’s compliance but it would also likely have to comply itself if it qualifies as having a business relationship in the subsidiary’s value chain.
This is incredibly significant because penalties for CSDDD violation can be steep: up to 5% of the company’s net turnover. UK companies doing business with large EU companies might face a choice: either stop doing business with those companies or make sure to adapt their own work practices and policies to the EU standards. That is a victory of sorts for sustainability and human rights advocates, at least for now.