Spotlight on the EU Corporate Sustainability Due Diligence Directive (CSDDD)
After more than two years of intense negotiations, the EU Parliament approved the highly anticipated EU Corporate Sustainability Due Diligence Directive (CSDDD). It mandates companies operating within the EU to identify, prevent, mitigate, and account for adverse human rights and environmental impacts throughout their global chain of activities. It also reflects the EU's push for harmonized due diligence standards and aligns with the global implementation of the United Nations Guiding Principles on Business and Human Rights (UNGPs), which provide a framework for responsible business conduct.
While awaiting the finalization of the CSDDD, several EU member states, including France and Germany have initiated national legislation like the French Corporate Duty of Vigilance Law the German Supply Chain Act to address human rights and environmental due diligence in supply chains. These regulations must be amended to align with CSDDD requirements, while other countries must also adopt CSDDD into their local legislation.
# I. Who’s in scope?
- Small and medium enterprises (SMEs) are not included in the scope of application of the directive. However, they could be impacted by its provisions as contractors or subcontractors to the companies that are in the scope of application.
- Companies should identify general high-risk areas and conduct detailed assessments to determine where probable and severe impacts are most likely to occur.
- The financial sector is obligated to perform due diligence for the upstream portion of their value chain. However, the financial services and products they offer to downstream business partners are not subject to the directive. Also, alternative investment funds (AIFs) and undertakings for the collective investment in transferable securities (UCITS) that do not meet the employee and turnover threshold are fully excluded from the CSDDD.
- Finally, the application of the directive to institutions for occupational retirement provision is left to the discretion of individual EU member states.
- While CSDDD will no longer target high-risk sectors (agriculture, forestry, manufacturing, mineral extraction, etc.) on its initial enforcement, its final text outlined a phased-in approach for in-scope companies, offering the possibility to address high-risk sectors later.
# II. What are the requirements?
Companies are required to develop and implement human rights and environmental due diligence processes (HREDD) that cover their own activities, their subsidiaries’ activities, and the value-chain operations carried out by companies they have established business relationships with.
In summary, companies must adhere to the following requirements:
# 1. Companies are required to have a due diligence policy and it must include:
- A description of the company’s approach to due diligence;
- A code of conduct describing rules and principles to be followed by the company’s employees and subsidiaries; and
- A description of the processes put in place to implement due diligence.
# 2. Strategy and directors’ obligations include:
- Consider the consequences of their decisions on sustainability matters, including, where applicable, human rights, climate change, and environmental consequences when fulfilling duties in the company;
- Be responsible for putting in place and overseeing the due diligence actions including the due diligence policy;
- Report on these actions to the board of directors; and
- Take steps to adapt the corporate strategy, so it takes into account the actual and potential adverse impacts identified.
# 3. Companies must take appropriate measures to identify actual and potential adverse impacts:
- Including human rights and environmental impacts arising from their own operations and those of their subsidiaries as well as from their established business relationships.
# 4. Companies must take appropriate measures to prevent, mitigate, and remediate actual or potential adverse impacts:
- Develop and implement an impact prevention plan with reasonable and clearly defined timelines for action;
- Seek contractual assurances from a business partner that it will ensure compliance with, at least, the company’s code of conduct;
- Make necessary investments such as into management or production processes and infrastructure;
- Provide targeted and proportionate support for an SME with which the company has an established business relationship if compliance with the code of conduct or the impact prevention plan would jeopardize the viability of the SME;
- Collaborate with other entities to increase the company’s ability to bring the adverse impact to an end; and/or
- Pay damages to the affected persons and financial compensation to the affected communities.
# 4. Companies must take appropriate measures to prevent, mitigate, and remediate actual or potential adverse impacts:
- Persons who are affected or have reasonable grounds to believe that they might be affected by an adverse impact;
- Trade unions and other workers’ representatives representing individuals working in the value chain concerned; and
- Civil society organizations active in the areas related to the value chain concerned.
# 6. Companies must report on their implemented due diligence processes, and it must be included in the following documents:
- For companies subject to CSRD: in the mandatory non-financial report; or
- For all other companies: in an annual statement that must be published on their website by April 30 each year and in a language customary in the sphere of international business.
# 7. Companies must publish a climate change plan aligned with the Paris Agreement:
- The plan must include emission reduction objectives if climate change is identified as a principal risk or a principal impact of the company’s operations.
# III. What is a chain of activities?
The Corporate Sustainability Due Diligence Directive (CSDDD) introduces a new concept called the “chain of activities” to define the scope of obligations within a company’s value chain.
Concerning the upstream portion of a company’s value chain, due diligence obligations apply to the company’s operations, the operations of its subsidiaries, and the operations of its business partners involved in the production of goods or the provision of services.
In essence, the due diligence obligations encompass the entire upstream portion of the chain. This includes activities such as design, extraction, sourcing, manufacturing, transportation, storage, and supply of raw materials or components, as well as product or service development.
In the downstream portion of a company’s value chain, activities related to the transportation, distribution, and storage of the company’s product fall under the directive. This applies when these activities are conducted either by the company itself or by a business partner acting on behalf of the company.
Jurisdictions across all continents are increasingly catching up in regulating supply chain due diligence as they recognize the importance of ensuring responsible and ethical business practices throughout global supply chains. Many have developed mandatory measures, providing a clear framework for companies to follow and legal implications for non-compliance, creating a level playing field and ensuring that all businesses are held to the same standards.
How RepRisk can support compliance with CSDDD
Effectively managing business conduct and ESG risks across the value chain starts with their identification, which requires granular, consistent, material, and timely data. RepRisk supports this critical task by offering daily-updated business conduct and ESG risk data, Framework Templates for key regulations, and Due Diligence Scores. These resources aid stakeholders in their monitoring and compliance efforts. As the regulatory landscape continuously evolves, staying informed and compliant is more crucial than ever. RepRisk provides the necessary tools and insights to navigate these changes, ensuring robust business conduct risk management in supply chains.
Want to learn more about RepRisk solutions for CSDDD?
Contact your Account Manager or our Client Services Team (support@reprisk.com).
Copyright 2024 RepRisk AG. All rights reserved. RepRisk AG owns all intellectual property rights to this report. This information herein is given in summary form and RepRisk AG and/or the third party contributors to this report make no representation or warranty that any data or information supplied to or by it or them is complete or free from errors, omissions, or defects. Without limiting the foregoing, in no event shall RepRisk AG and/or the third party contributors to this report have any liability (whether in negligence or otherwise) to any person in connection with the information contained herein. Any reference to or distribution of this report must include a link to the content to provide sufficient context. The information provided in this presentation does not constitute an offer or quote for our services or a recommendation regarding any investment or other business decision, and is not intended to constitute or to be used as a substitute for legal, tax, accounting, or other professional advice. Please note that the information may have become outdated since its publication. Should you wish to obtain a quote for our services, please contact us.