Download the PDF
On 23rd February 2023the European Union (EU) Commission published a proposal for a Corporate Sustainability Due Diligence Directive (CSDDD).[1] The Commission’s proposal has prompted two additional proposals by the EU Council[2] and the EU Parliament,[3] which follow the CSDDD’s original structure but contest some of its details. The CSDDD’s main objective is to improve companies’ sustainability standards and prevent, or, where prevention is not possible, mitigate, their adverse impact on human rights and the environment. The CSDDD further aims to level the playing field by harmonising the legal framework in Europe.
1. Background and context
The legislation of the CSDDD is part of a broader, new regulatory trend.[4] The context in which this regulatory trend is materialising explains its popularity. In a nutshell, states are increasingly dissatisfied with the current dominant ‘soft law’ approach to the regulation of businesses and human rights.[5] High-profile disasters, such as the collapse of the Rana Plaza garment factory in Bangladesh, have led critics to claim that reliance on soft law guidelines and self-enforcement is not sufficiently effective.[6] The disillusionment with the ‘soft law’ approach has led to a process of normative ‘hardening’: the replacement of soft guidelines and ecommendations with binding and enforceable legal mechanisms.[7] This process of regulatory ‘hardening’ is reflected inter alia through the adoption of sustainability due diligence laws.[8]
Originally based on Principle 17 of the UN Guiding Principles on Business and Human Rights (UNGP), sustainability due diligence laws have evolved in several directions. Current examples range from the narrow regulation of very specific issues (e.g. the UK Modern Slavery Act, the Dutch Child Labour Due Diligence Act, the US Uyghur Forced Labor Prevention Act[9]), to much wider versions which address any ‘severe violations’ of human rights and environmental harms (e.g. the French Duty of Vigilance Law). Another notable variation concerns the size of covered companies. While some laws (e.g. the French and German laws) cover only ‘mega’ companies,[10] others (e.g. the proposed Dutch and Canadian laws) cast the net much wider to also cover smaller enterprises.[11] An additional variation is found in enforcement mechanisms. While some laws instruct the establishment of civil liability mechanisms (e.g. the French Duty of Vigilance Law) through which damages can be recovered, others exclude the civil liability route, relying on somewhat less biting grievance mechanisms (e.g. the German Supply Chain Act).
2. Commentary
The rise in popularity of sustainability due diligence regulation among European nations has prompted the EU to harmonise this area and adopt its own cross-European regulatory version – the CSDDD. The CSDDD’s main instruction (Art 4) prescribes that EU Member States must ensure that companies[12] carry out environmental and human rights due diligence. More specific details and conditions are set out in Articles 5-11 of the CSDDD.
2.1 Pillar 1: The duty to identify harms
Articles 5 and 6 of the CSDDD provide what can be described as the Directive’s first pillar and core instructions: the duty to prepare due diligence and identify harms. Article 5 specifies that covered companies will adopt due diligence policies. This Article does not include specific instructions as to what kind of content these policies should cover, except that they should include a code of conduct for companies (with no specific instructions as to what exactly this code should consist of), as well as a description of the processes to be relied on for the implementation of the obligation to conduct due diligence.
Article 6 of the CSDDD requires covered companies to identify ‘actual and potential adverse impacts’ that they, and their supply chain partners, may cause during their operation. This instruction is also drafted extremely vaguely, demanding Member States to ‘ensure that companies take appropriate measures to identify actual and potential adverse human rights impacts and adverse environmental impacts […].’[13] As for the type of ‘appropriate measures’ and methodologies to be used for the identification of such harms, Article 6(4) provides precious little assistance. It mentions in this respect the possibility of relying on ‘independent reports’ (a rather obvious and unhelpful instruction), ‘information gathered through the complaint procedure’ (which in most cases will concern damage that has already occurred, so arguably less helpful in the context of preventive, future-facing due diligence), and, ‘where relevant’, consultations with relevant stakeholders. The two additional versions of the proposed CSDDD are only marginally more elaborate. For instance, the European Council’s ‘General Approach’ document proposes, concerning the methodology, that ‘companies may map all areas of their own operations’.[14]
The instruction to rely on public engagement and consultation as part of the due diligence process deserves more discussion. This requirement is vital for the success of the due diligence process.[15] After all, stakeholders such as affected local communities are best positioned to identify prospective adverse impacts on their own environments and societies. Certain commentators and organisations have therefore observed that the Commission’s version is problematic, as it limits the instruction to engage with stakeholders to only ‘where relevant’.[16] Those commentators are concerned with the potentially narrow interpretation of this self-judging instruction, and as a consequence the exclusion of important voices and perspectives from the due diligence process. Indeed, the EU Parliament’s version of the CSDDD removes the term ‘where relevant’ in order to address these concerns.[17]
The vagueness that characterises the instructions in Article 6 is unhelpful. States, companies, and victims all need clarity as to how to comply with the law, and how to rely on it. At the same time, it could be that a certain ‘vagueness’ is not a bad thing in the context of a ‘framework regulation’, that is one that will provide the general principles and be followed by much more specific regulations that address specific sectors, regions/states, all with unique challenges. Not unlike the EU Waste Framework Directive, which provided general guidelines and was then followed with a line of specific regulations addressing specific types of waste. The EU has not implied that this is indeed its vision and strategy for the CSDDD. However, t the same time, there is nothing to prevent it from eventually moving in this direction.
2.2 Pillar 2: The duty to prevent and mitigate harm
Articles 7 and 8 add what can be regarded as the second pillar of the CSDDD, i.e. post-due diligence instructions. In other words, these articles instruct what should be done with the results of the due diligence assessments. Here, Articles 7 and 8 instruct that companies will prevent identified risks, or, where prevention is not possible, mitigate their impact. The CSDDD provides a long list of preventive and mitigative measures. These include the preparation of a prevention/corrective plan; the making of ‘necessary investments’ for enabling prevention; the payment of compensation to affected communities, and even the severing of business relationships where supply chain partners are not adequately cooperative.
Articles 7 and 8 require covered companies to ensure that their direct business partners comply with their codes of conduct and contribute to a company’s efforts to prevent and mitigate harms. Business partners’ compliance with a company’s code of conduct is to be secured through contractual assurances,[18] and, should the company choose, verified by independent third parties.[19]
The reliance on contractual assurances and third-parties verification has been the subject of criticism. It is claimed that these mechanisms could limit a company’s responsibility to prevent and mitigate harm ‘to a mere box-ticking exercise’ and result in the ‘shifting [of] responsibility from the lead company onto its business partners’[20] and the third party verification bodies. These instructions, it is claimed, will encourage a passive approach to prevention, rather than investment in active steps in the form of direct engagement with all relevant stakeholders.[21] Others have also warned against the ‘contractual assurances’ clause becoming an effective legal defence, de facto eliminating the usefulness of Article 22 (civil liability).[22]
The criticism expressed regarding the said enforcement mechanisms is concerning. At the same time, one must acknowledge that the alternative to contractual assurances and third-party verifications could set the bar high, perhaps even too high, in the context of today’s global economy. As commented elsewhere: ‘The alternative of demanding full knowledge and monitoring of all supply chain business partner operations seems very demanding in an ever more globalised business environment.’[23] Furthermore, it should be remembered that contractual assurances will not absolve a company from the obligation to mitigate the damage once it has occurred (despite assurances) and it was made aware of it.[24]
2.3 Pillar 3: The duty to provide access to justice and remedy
The third pillar of the CSDDD concerns dispute settlement and access to justice and remedies. Here, the CSDDD presents victims of environmental and human rights-related harms with two options. Firstly, Article 9 prescribes that companies will set up complaint mechanisms, allowing victims, potential victims, trade unions and certain civil society organisations,[25] to submit complaints directly to a company regarding actual or potential harms. Once a complaint is deemed well-founded, the harm in question will be addressed as identified within the meaning of Article 6 (i.e.it will be prevented or mitigated, as required by Articles 7 and 8, discussed above).
The second, and perhaps more novel and meaningful mechanism, is found in Article 22, entitled ‘Civil Liability’. This Article instructs that companies will be liable for damages resulting from their failures to prevent and mitigate identified harms or, importantly, harms that should have been identified. The inclusion of a civil liability provision in the CSDDD should not be taken for granted. Indeed, certain notable earlier sustainability due diligence laws (remarkably, the German Supply Chain Act) do not include a similar provision. As argued elsewhere,[26] this inclusion reflects a wider progress for the entire area of transnational civil litigation relating to transnational human rights and environmental violations. It facilitates access to justice and removes litigation barriers such as those pertaining to corporate transnational liability.
Moreover, as stated above, Article 22 also covers harms ‘that should have been identified’. On the face of it, this choice of words seems very claimant-friendly. As stated elsewhere, ‘it is hard to think of entirely unexpected significant environmental damage, such that could not have been predicted or prevented when relying on meaningful due diligence. Such is the nature of hindsight analyses.’[27] Indeed, the EU Council removed the words ‘could have been identified’ from its version, and added intent or negligence as further pre-conditions. It remains to be seen which version will prevail.[28]
3. Conclusion
The CSDDD represents a compromise between different models, ambitions, and interests. It is far from a perfect legal instrument: some of its instructions are lacking in detail; it is not as progressive as one may have expected it to be; some parts are lacking in ambition,[29] and other features could even be regarded as unsensible.[30] As argued elsewhere, the CSDDD could also lead to unwarranted and unexpected outcomes, such as the imposition of new technical barriers on trade between the EU and least-developed countries.[31]
Regardless of the above, the CSDDD, warts and all, is a necessary and positive evolutionary step for the EU. The standard in this respect has been set by countries such as France, Germany, and others. For the EU to maintain its position at the forefront of human rights and environmental regulation, it must follow suit. In some ways, and notably with its civil liability mechanism, the CSDDD even raises the bar higher.
A final issue to note – one that will put this entire piece in the right perspective – is that at the time of writing, the ground is still very much moving. Differences between the EU’s institutions’ drafts are still significant and the final shape of the CSDDD is not yet known. Outside of the EU framework, new and ambitious legislative drafts are being discussed and these too are expected to shape future developments. When discussing the rapidly developing nature of due diligence regulation, it is essential to remember that lawmakers are also mostly operating in the dark. There is very little regulatory experience in this area of law, and laws such as the CSDDD are being designed primarily based on law-makers’ ‘intuitions’, rather than established experience and clear knowledge of what works and what does not. In short, this is a fast-moving process where all stakeholders (regulators, companies and victims of environmental and human rights harms) are all still learning, and some level of trial and error is inevitable. Researchers will therefore have to follow this evolutionary process, which is very far from its conclusion.
[1] European Commission, ‘Proposal for a Directive of the European Parliament and of the Council on Corporate Sustainability Due Diligence and amending Directive (EU) 2019/1937,’ (23.2.2022) 71 final 2022/0051 (COD).
[2] Council of the European Union, ‘Proposal for a Directive of The European Parliament and of the Council on Corporate Sustainability Due Diligence and amending Directive (EU) 2019/1937 – General Approach’ (30 November 2022) 15024/1/22 REV 1.
[3] European Parliament, ‘Amendments adopted by the European Parliament on 1 June 2023 on the proposal for a directive of the European Parliament and of the Council on Corporate Sustainability Due Diligence and amending Directive (EU) 2019/1937’ (01.06.2023) https://www.europarl.europa.eu/doceo/document/TA-9-2023-0209_EN.html.
[4] Different versions of sustainability due diligence laws have been enacted, or are in the process of being enacted, inter alia in Norway, Netherlands, the UK, Germany, France, US, Canada, Austria, Belgium Japan, and elsewhere. See review at Worldfavor, ‘The ultimate guide to human rights due diligence: whose affected and how to comply’ (April 2023) https://blog.worldfavor.com/the-complete-list-of-national-human-rights-due-diligence-laws-whos-affected-and-how-to-comply ; and tradebeyond, ‘The list of global supply chain due diligence laws keeps growing’ (14/06/2023) https://tradebeyond.com/blog/list-of-global-supply-chain-due-diligence-laws/.
[5] Barnali Choudhury, ‘Hardening soft law initiatives in business and human rights’, in Jean J. du Plessis & Chee Keong Low (Eds) Corporate governance codes for the 21st Century (Springer 2018).
[6] Claire Bright, ‘Creating a legislative level playing field in business and human rights at the European level: is the French law on the duty of vigilance the way forward?’ (2018) EUI Working Paper MWP 2020/01 https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3262787; Christophe Clerc, ‘The French ‘Duty of Vigilance’ Law: Lessons for an EU directive on due diligence in multinational supply chains’ (2021) ETUI Policy Brief N°1/2021; Markus Krajewski & Shuvra Dey, ‘Effective human rights due diligence ten years after Rana Plazal?’ (10 May 2023) Verfassungblog https://verfassungsblog.de/effective-human-rights-due-diligence-ten-years-after-rana-plaza/.
[7] Sarah Jones and Joanna Kyriakakis, ‘From Soft Law to Hard Law in Business and Human Rights and the Challenge of Corporate Power’ (2023)36(2) Leiden Journal of International Law 335; Chloe Bailey, Cannelle Lavite, Clara Alibert & Guillaume Torres, From Rights to Reality: Ensuring Rights-Centred Application of the French Duty of Vigilance Law (2023 ECCHR); Patrick Miller & Kabir Dugal, ‘Evolution of Business and Human Rights Obligations – From Soft Law to Voluntary Initiatives to Emerging Standards and National Regulations’ (2023) Harvard Journal of International Law (online).
[8] Chiara Macchi & Claire Bright ‘Hardening soft law: the implementation of human rights due diligence requirements in domestic legislation’ in M. Buscemi, N. Lazzerini and L. Magi (eds), Legal Sources in Business and Human Rights – Evolving Dynamics in International and European Law (Brill, 2020).
[9] More specific examples include the EU’s own reliance on sustainability due diligence in specific sectors, see for example the EU Timber Regulation, the EU Conflict Minerals Regulation, and more (see more examples in Boris Verbrugge, ‘Overview of legislative developments in the field of sustainability due diligence’ (2022) https://lirias.kuleuven.be/retrieve/694257).
[10] The French Duty of Vigilance Law covers companies with 5,000 employees and above in France, and 10,000 employees or above globally. The German Supply Chain Act covers companies with 3,000 employees and above.
[11] These two laws rely on similar criteria (albeit with different currency) and require that two out the three minimum thresholds are met: (1) $/€20 million in assets, (2) $/€40 million in revenue (3) 250 employees.
[12] The CSDDD proposes to cover companies with 500 employees and above and a turnover of more than EUR 150 million in the last financial year, or, in the case of specified high-impact sectors, 250 employees and above and turnover of more than EUR 40 million. In the case of non-EU companies, the CSDDD requires a turnover of EUR 150 million or above in the Union, or, EUR 40 million and above in the case of high-impact sectors. See Article 2, CSDDD (n 1).
[13] CSDDD (n 1) Article 6(1).
[14] EU Council, Proposal for a Directive of the EP and the Council on Corporate Sustainability Due Diligence and amending Directive (EU) 2019/1937 – General Approach, Doc. 15024/1/22 REV 1, Brussels, 30 November 2022, Article 6(1a).
[15] Yenkong Ngangjoh-Hodu et al. The proposed EU Corporate Sustainability Due Diligence Directive and its Impact on LDCs (Ministry for Foreign Affairs of Finland, 2023) 49.
[16] European Coalition for Corporate Justice, ‘European Commission’s proposal for a directive on Corporate Sustainability Due Diligence A comprehensive analysis’ Legal Brief (April 2022), 14; 8; SHIFT, ‘The EU Commission’s Proposal for a Corporate Sustainability Due Diligence Directive: Shift’s analysis’ (March 2022); Ngangjoh-Hodu et al (n 15) 49.
[17] The EU Council on the other hand, did not remove this term and it remains to be seen which version will, eventually, prevail.
[18] CSDDD (n 1) Articles 7(2), 7(4), 8(3), 8(5).
[19] CSDDD (n 1) Articles 7(4), 8(5).
[20] Gabrielle Holly et al. Legislating for impact: Analysis of the proposed EU Corporate Sustainability Due Diligence Directive (Danish Institute for Human Rights 2022) 19; European Coalition for Corporate Justice (n 16), 11; SHIFT (n 16) 5.
[21] Gabrielle Holly et al. (n 20) 19; European Coalition for Corporate Justice (n 16) 11.
[22] Youseph Farah et al. ‘Civil liability under sustainability due diligence regulation: a quiet revolution?’ (forthcoming 2023) King’s Law Journal.
[23] Ngangjoh-Hodu et al (n 15) 56.
[24] Ngangjoh-Hodu et al (n 15) 56.
[25] Only those active ‘in the areas related to the value chain concerned’. CSDDD (n 1) Article 9(2).
[26] Farah et al (n 22).
[27] Ngangjoh-Hodu et al (n 15) 53.
[28] Somewhat expectedly, the EU Parliament’s version includes the term ‘should have been identified’.
[29] See criticism regarding public engagement, above, and also the short list of environmental treaties covered by the Annex, defining the scope of harms covered in the due diligence process, or the potential of adding more topics such as technology transfer and corruption (Ngangjoh-Hodu et al (n 15) 46-47, 62-74).
[30] See discussion in Ngangjoh-Hodu et al regarding Article 15 (climate change) which requires individual companies to prepare plans that will be compatible with a global 1.5 °C reduction target. Ngangjoh-Hodu et al (n 15) 48.
[31] Ngangjoh-Hodu et al (n 15) 18-31.