A comprehensive review of the Corporate Sustainability Due Diligence Directive (CSDDD)

A comprehensive review of the Corporate Sustainability Due Diligence Directive (CSDDD)

Thu 18 Apr 2024

Following years of negotiations among EU institutions and Member States, the EU parliament adopted the Corporate Sustainability Due Diligence Directive (CSDDD) on 24 April 2024. The directive now also needs to be formally endorsed by the Council, signed and published in the EU Official Journal. Member states will have two years to transpose the new rules into their national laws.

This directive obliges large companies to identify, mitigate and, where necessary, remedy human rights and environmental impacts in their global value chain. It mandates companies to establish due diligence processes for human rights and environmental issues, as well as a transition plan to ensure they make their business model compatible with the 1.5°C climate target. While the CSDDD will only target an estimated 0.5% of EU companies, it is an important complement to existing regulations, especially the Corporate Sustainability Reporting Directive (CSRD).

As stated in the directive’s purpose, companies could play a key role in promoting sustained, inclusive and sustainable economic growth, while avoiding the creation of imbalances in the internal market. This emphasises the importance of strengthening the resilience of companies to adverse scenarios related to their value chains, taking into account externalities as well as social, environmental and governance risks.

What does the CSDDD expect companies to do?

Companies in scope are required to:

  • Integrate value chain due diligence into their policies and enterprise risk management system.
  • Identify and assess actual or potential adverse human rights or environmental impacts and take measures to prevent, mitigate or end them.
  • Conduct meaningful stakeholder engagement to support the identification of actual and potential impacts, as well as to develop a due diligence policy.
  • Map operations, those of their subsidiaries and, where related to their chain of activities, those of their business partners. This will identify where adverse impacts are likely to occur and to be the most severe.
  • Establish and maintain a notification system and complaints procedures and provide remediation where actual impacts are identified.
  • Monitor the effectiveness of measures taken.
  • Ensure compatibility with the 1.5°C climate target and draw up a transition plan in line with EU emission reduction targets.

Which companies are in scope and when?

The CSDDD will apply to companies at different times depending on size and turnover, as well as ultimate parent companies of groups that, taken together, hit thresholds set.

  • In 2027 (3 years after adoption), the directive applies to companies exceeding 5,000 employees and €1.5bn turnover.
  • In 2028 (4 years after adoption), the directive applies to companies exceeding 3,000 employees and €900m turnover.
  • In 2029 (5 years after adoption), the directive applies to its full scope: companies exceeding 1,000 employees and €450m turnover.

In addition, franchise companies in the EU with royalties amounting to more than €22.5m and a net worldwide turnover of more than €80m are included in the directive’s scope. Certain non-EU companies with significant operations in the EU (exceeding €450m net turnover generated in the EU) are also included.

Which CSDDD monitoring and sanctioning mechanisms will apply?

Each member state will appoint a supervisory authority to monitor compliance with the CSDDD. A European Network of Supervisory Authorities will be established, including representatives of each supervisory authority. Infringements will be penalised by means of “naming and shaming” and fines.

Companies are also subject to civil liability and may be liable to pay compensation to those affected if they intentionally or negligently failed to comply with CSDDD obligations and, as a result of such failure to comply, cause damages to a natural or legal person.

What should companies do to prepare for the CSDDD?

Firstly, companies in scope should familiarise themselves with CSDDD requirements and understand them in the context of other non-financial due diligence and reporting obligations, paying particular attention to differences and similarities to the CSRD . Those companies already conducting due diligence in line with the United Nations Guiding Principles on Business and Human Rights, as well as the OECD Guidelines for Multinational Enterprises, will be well prepared. Companies not already applying these frameworks should take steps to embed them in their systems and processes.

The due diligence process set out in this directive should cover the six steps defined by the OECD Due Diligence Guidance for Responsible Business Conduct, which include due diligence measures for companies to identify and address adverse human rights and environmental impacts. The six steps are

  •  embed responsible business conduct into policies and management systems,
  •  identify and assess actual and potential adverse impacts,
  •  cease, prevent and mitigate adverse impacts,
  •  track implementation and results,
  •  communicate how impacts are addressed, and
  •  provide for or cooperate in remediation when appropriate.

The CSDDD explicitly recommends the UNGP Reporting Framework, co-authored by Mazars and Shift, as well as the UNGP Interpretative Guide as implementation guidance for companies.

Stakeholder engagement is an essential tool for conducting due diligence, both in identifying adverse impacts and developing actions to mitigate or provide remediation where impacts occur. As such, companies should review their current approach to such engagement in light of the directive.

Companies outside the CSDDD’s scope should prepare themselves to be able to respond in a structured manner to future requests for information by larger business partners regarding human rights and environmental impacts in their value chain. Preparations to assess these impacts in their value chain would benefit from following a risk-based approach and prioritising them based on severity and likelihood.

Next steps

Navigating the complexities of identifying and mitigating human rights and environmental impacts in the value chain that the CSDDD demands will require robust planning and support. It’s therefore essential to keep track of new developments regarding this regulation so that your company’s commitment and actions can help create a more sustainable and equitable future for all.


Insights into the regulatory process

After a preliminary agreement was reached between the Council of the EU and the European Parliament on the CSDDD in December 2023, the directive failed to gain final approval during the formal Council vote. After weeks of additional negotiations and several concessions to the directive’s critics, a new compromise text was eventually approved by the Council of the EU. On 24 April 2024, the EU Parliament formally adopted the CSDDD during its plenary session. Prior to this, representatives of the Council of the European Union had voted in favour of the CSDDD on 15 March 2024. After the directive is published in the Official Journal of the EU, the Member States will have to transpose the directive into national law within two years. It will be applicable to the first group of companies in 2027.

What has changed since December 2023? An overview of the compromises made:

  • The directive’s scope was reduced to companies exceeding 1,000 employees (instead of 500) and €450m turnover (instead of €150m).
  • The expanded scope regarding high-risk sectors was removed. However, the adjusted text includes a review clause, offering the possibility to address the high-risk approach at a later stage.
  • A phase-in approach was added:
  • 3 years after adoption, the directive applies to companies exceeding 5,000 employees and €1.5bn turnover.
  • 4 years after adoption, the directive applies to companies exceeding 3,000 employees and €900m turnover.
  • 5 years after adoption, the directive is applicable to its full scope (companies exceeding 1,000 employees and €450m turnover).
  • Certain downstream activities were removed from the material scope of the regulation. As a result, product disposal, dismantling and recycling, composting and landfill are no longer included in the due diligence requirements.
  • The requirement for companies to introduce financial incentives for their management linked to the implementation of climate transition plans was dropped. While companies still need to adopt a climate transition plan, they are no longer required to change their remuneration system.

The text regarding civil liability has been amended to allow Member States more flexibility in setting the boundaries. However, civil liability provisions are still included in the final text.