I. The Long Way Towards the CSDDD
During the decade after the adoption of the UNGPs, several European countries adopted legislation on mandatory due diligence as a way to ‘harden’ them.Footnote 2 France, Germany, Norway, the Netherlands and Switzerland have passed such laws, but with great differences in terms of scope, due diligence standards and enforcement mechanisms. The Directive on Corporate Sustainability Due Diligence (CSDDD) responds, therefore, to a need for legal certainty for companies and those impacted by corporate activities, but the process of harmonisation also ended with major political compromises.
In March 2021, the EU Parliament recommended a directive covering all large companies, all publicly listed companies, all high-risk small and medium-size companies and a strict corporate civil liability in case of harm.Footnote 3 In the European Commission’s proposal of February 2022, only very large companies (500 employees/EUR 150 million turnover) and other large companies (250 employees/EUR 40 million) in high-risk sectors were subject to due diligence obligations and could be held liable for harm based on fault liability.Footnote 4 This was still too far-reaching for some EU member states that obtained further concessions with respect to the size of the companies subject to due diligence obligations, the financial sector, climate obligations and conditions of liability. The next section explains this final compromise.
II. The EU CSDDD Explained
A. Personal scope: Very large companies
The Directive applies to very large EU companies employing more than 1,000 employees and generating a net worldwide annual turnover of EUR 450 million, regardless of the sector in which they operate. To avoid circumvention, these thresholds are calculated at the group level and smaller franchise owners receiving royalties in the EU are also covered. Remarkably, the Directive also applies to non-EU companies generating a net turnover of more than EUR 450 million in the EU.Footnote 5 The provision on the personal scope of the Directive was highly debated and subject to the most important limitations. Civil society organisations deplored that the current thresholds would cover only about 5,500 companies in the entire EUFootnote 6 and questions remain, particularly regarding the legal expectations and accountability of smaller companies in high-risk sectors.
B. Material scope: Human rights, the environment and climate
Companies covered by the CSDDD are expected to undertake due diligence with respect to their human rights and environmental impacts. The Directive defines ‘adverse human rights impact’ as the impact resulting from an abuse of selected human rights tailored for corporate conductFootnote 7 and other human rights enshrined in a list of international instruments.Footnote 8 These other rights derived from listed instruments, such as freedom of expression, are relevant under the conditions that they can be abused by a company, impair a legal interest and that the company could have reasonably foreseen that such right may be affected.Footnote 9 Similarly, an adverse environmental impact is defined as an impact resulting from the breach of a list of international environmental obligations described in the Annex. It also covers measurable environmental degradation when it affects specific human rights, such as the rights to food, water, health and land grabbing.
While the Annex at first glance appears relatively comprehensive, the decision to list only certain human rights and international human rights instruments (without the Universal Declaration of Human Rights) departs from the UNGPs.Footnote 10 Some rights, such as the rights to food or health, are also framed in quite novel ways to be tailored for corporate conduct that do not reflect the international human rights standard. Regarding environmental obligations, the CSDDD goes beyond the UNGPs. However, as with the human rights list, it is difficult to understand the rationale behind the inclusion of some obligations and the exclusion of others. Finally, the terminology of ‘abuse’ or ‘breach’ carries the connotation of a breach of duty by states under international human rights or environmental law and risks inadvertently raising the threshold for when an impact would be covered and be part of a company’s due diligence.
The CSDDD also contains climate obligations. Companies are expected to adopt and put into effect annual transition plans for climate change mitigation which aim to ensure, through best efforts, that their business model and strategy are compatible with the transition to a sustainable economy and with the limiting of global warming to 1.5 °C in line with the Paris Agreement.Footnote 11 While this is a welcome addition, national authorities must solely supervise the adoption and design of these plans, but not that they are effectively implemented. This raises questions on the ability of this provision to drive needed action on climate change and stop greenwashing, disinformation and fossil fuels expansion.
C. Due diligence: What, where, how
The process of due diligence outlined in the CSDDD broadly aligns with expectations under the UNGPs and the OECD Guidelines for Multinational Enterprises (OECD Guidelines), with some points of departure. Under the CSDDD, member states are obliged to ensure that relevant companies conduct due diligence. Those companies must integrate due diligence into their policies; identify actual or potential adverse impacts; prevent and mitigate potential adverse impacts; bring actual adverse impacts to an end, minimise their extent and remediate; establish and maintain a notification and complaints procedure; monitor the effectiveness of their due diligence policy and measures; and publicly communicate on due diligence. The CSDDD also includes a cross-cutting obligation to conduct meaningful consultation with stakeholders at the different stages of the due diligence process.Footnote 12
The CSDDD requires that a company’s due diligence covers not only a company’s operations and the operations of its subsidiaries, but also that of its business partners in its so-called ‘chain of activities’. This new concept includes the activities of upstream business partners that relate to the products and services of the company in question, and activities of downstream business partners, but are limited to the distribution, transport, and storage of products provided that these activities are carried out for the company or on its behalf.Footnote 13 These limitations represent a departure from the UNGPs and OECD Guidelines,Footnote 14 which expect due diligence to be conducted along the full value chain.Footnote 15 This also has important implications for financial undertakings, such as banks. If they are subject to due diligence obligations, the Directive does not cover downstream business partners that are receiving their services and products.Footnote 16
Translating the normative expectations of soft law instruments into hard law obligations is challenging for any legislature. On the one hand, obligations must be sufficiently certain to enable companies to understand their obligations and other stakeholders to monitor the efforts of companies. On the other hand, prescribing a closed list of measures a company must take may stifle innovation and encourage ‘check-box compliance’ rather than a risk-based approach to due diligence.
The CSDDD uses several mechanisms to guard against this possibility. First, companies must take ‘appropriate measures’ and take into account specific factors when designing them. Appropriate measures are defined as measures ‘capable of achieving the objectives of due diligence by effectively addressing adverse impacts in a manner commensurate to the degree of severity and the likelihood of the adverse impact’.Footnote 17 Risk factors include geographic and contextual factors and factors specific to a product, service and business operations.Footnote 18 Introducing an effectiveness requirement for such measures should encourage targeted measures to address specific impacts, rather than being focused solely on compliance. Arguably, this requirement should also rule out mere contractual delegation of due diligence measures.
When determining the appropriate measures to prevent or end adverse impacts, companies should also take into account whether an impact is or may be caused by the company; caused jointly by the company and a subsidiary or business partner; or caused only by a business partner, and what influence the company has over the business partner.Footnote 19 This formulation departs from the language of the UNGPs concerning a company’s involvement in an impact: cause, contribute, and direct linkage, but these levels of involvement should be interpreted in line with the international framework.
Second, the CSDDD requires ‘meaningful’ engagement with stakeholders. Stakeholders are widely defined and include companies’ employees, employees of its subsidiaries, trade unions and workers’ representatives, consumers and other affected individuals, groups and communities but also national human rights and environmental institutions or civil society organisations whose purpose includes environmental protection.Footnote 20 Both this wide definition and specific obligations of meaningful engagement and consultation with stakeholders in all steps of the due diligence process were demanded by civil society and scholars and included relatively late in the negotiating process.Footnote 21
It remains to be seen if these design features will be sufficient to guard against the risk of checkbox compliance, and accordingly, it will be necessary for any forthcoming guidance on the implementation of the CSDDD to emphasise the need to interpret its requirements in line with the expectations of the UNGPs.
D. Enforcement and access to remedy
The CSDDD is the first mandatory due diligence instrument containing two complementary enforcement mechanisms. On the one hand, member states must designate a public supervisory authority to verify compliance. These national authorities are empowered to investigate on their motion or as a result of substantiated concerns communicated to them. They also have the power to order injunctions, such as order the cessation of an infringement or appropriate remediation, adopt interim measures and impose penalties, including pecuniary penalties of up to 5 per cent of the worldwide net turnover of the company.Footnote 22
Beyond the practical questions of resources and willingness to investigate very large companies paying tax in the country, another uncertainty relates to third-country companies. These companies will be supervised by the national authority of the country where they have a branch or where they generate most of their net turnover in the EU.Footnote 23 As public authorities cannot investigate beyond the territory of the EU, for example at the headquarters of a company registered in Switzerland, the US or China, it is questionable how a member state would sanction a company abroad and enforce a penalty in practice.
On the other hand, the CSDDD introduces a fault-based civil liability as a way to provide access to justice for victims of adverse impacts. It is the first mandatory due diligence legislation clarifying so precisely the conditions of parent and contracting company liability in the value chain.Footnote 24 These conditions of liability are quite restrictive: damage arising from an adverse impact ‘to a person’ (an addition aimed at excluding purely environmental damage), a negligent or intentional failure to comply with the obligation to prevent or end an adverse impact, and causation between this specific failure and the damage. Causation is further excluded if the damage is caused ‘only’ by the business partners.Footnote 25 All these elements must be proven by the claimant.
To attenuate the onerous burden of proof for claimants, domestic courts must be able to order the disclosure of evidence that lies in the control of the company ‘in accordance with national procedural law’.Footnote 26 This should be read as requiring the member states to introduce or adapt a mechanism of disclosure in accordance with their existing laws, otherwise, it would be meaningless. By contrast, for mechanisms of collective redress, the CSDDD expressly clarifies that member states can, but are not expected to, expand their representative claims.Footnote 27
III. Implications of the Directive Beyond Europe
A. Impact on companies along the value chain
The CSDDD will have extraterritorial implications, including prompting changes in the policies and practises of companies along value chains. To keep and further develop their business relationships with companies falling within the scope of the Directive, foreign companies will have to adapt to the new human rights and environmental standards. This phenomenon of adaptation, which Anu Bradford labeled the ‘de facto Brussels effect’, has occurred in the past in relation to other key pieces of EU legislation, for example in the area of consumer health and safety.Footnote 28
The extraterritorial reach of the CSDDD is only implied, but evident from the very first paragraph of the Directive’s preamble. This paragraph talks about how EU values and the universality of human rights ‘should guide the Union’s action on the international scene’, which includes ‘fostering the sustainable economic, social and environmental development of developing countries.’ This value-exporting approach has attracted criticism, and some have characterised corporate human rights due diligence laws as neo-colonial in nature.Footnote 29 With different arguments, the Chinese Chamber of Commerce also criticised the CSDDD on the grounds of the alleged increased bureaucracy it will foster.Footnote 30
Irrespective of one’s position on this matter, it is clear that the Directive will impact companies outside the EU, those directly covered and those of all sizes and sectors in supply chains, both in high- and low-income countries. This is arguably one of the greatest implications of the text, and it may even lead to legislative changes in third countries, a point we turn to below.
B. New legislation in third countries
Alongside the de facto Brussels effect, Bradford has also theorised and documented the ‘de jure Brussels effect’, whereby third countries adopt their legislation in response to EU laws with extraterritorial implications.Footnote 31 Third countries do so to level the playing field in their jurisdiction between companies who have to follow EU law, and companies who only operate domestically. The adoption of the CSDDD may lead third countries to pass their own sustainability due diligence laws, as already discussed in South Korea or Switzerland.Footnote 32 Seeing several countries adopting due diligence laws also reduces the fear of loosing international competitiveness, which is an important barrier to the adoption of corporate human rights and environmental obligations. This should therefore encourage legal developments at least in countries that already set clear expectations, but not yet enforceable obligations, for companies to conduct due diligence in their value chain, like the US.Footnote 33
C. Implications for the Business and human rights treaty negotiation
As a matter of principle, the adoption of the CSDDD shows that it is possible to turn aspects of existing soft law instruments into actual binding legislation, albeit with important compromises in terms of scope and content. This should give hope to supporters of the business and human rights treaty negotiation under way since 2014 which also aims to create binding obligations in this area. Moreover, it will be interesting to see whether the adoption of the Directive leads to changes in the EU’s lack of engagement in the treaty negotiation, which presumably was because the EU wanted to focus on its text first. Many have instead been pointing to the complementarity between the CSDDD and the treaty and to the necessity for the EU to fully engage in both processes.Footnote 34 In parallel, the adoption of the CSDDD should facilitate the inclusion of more specific due diligence obligations for foreign investors in its future international investment agreements.
IV. The Way Forward
Member states are expected to implement the Directive in progressive stages, reaching the objective of covering all companies employing more than 1,000 employees and a net turnover of EUR 450 million only by 2029. The Commission will periodically assess these thresholds and the need to cover high-risk sectors and will also submit a report on due diligence requirements tailored for financial undertakings.Footnote 35
Sometimes considered European-made, facing the critique that it has monopolised the political agenda or that it does not address the roots of corporate abuses,Footnote 36 the Directive is, at its core, a ‘do no harm’ instrument inspired by the UNGPs. Its impact on human rights, the environment and climate will greatly depend on how member states implement it, how the Commission reviews it, how civil society engages with it, and whether there are sufficient drivers for companies to engage meaningfully with the process, rather than adopting a compliance-driven approach. The UNGPs will continue to be a reference point to ensure that the CSDDD is adhered to not just in accordance with the letter of the law, but also in the spirit of the UNGPs.
Financial support
There is no funding to declare for this piece.
Competing interest
The authors declare none.