Corporate Sustainability Due Diligence Directive (CSDDD, CS3D, CSDD)

What is the CDDD/CS3D/CSDD?

In recent years, the focus on sustainability in business has increased significantly. There is a growing emphasis on the need for companies to be responsible not only for their own activities, but also for the damage they cause to people and the environment through their activities. The European Commission (EC) has therefore published a proposal for a ‘due diligence policy’. Companies will have to identify, prevent, mitigate or eliminate negative impacts on human rights and the environment related to their activities (and those of their subsidiaries) within their value chain. This is known as the due diligence process.

Reporting on the results of due diligence makes it easier to identify and address negative human rights and environmental impacts. It also provides stakeholders with insight into the company’s performance and progress in this area.

A potential game-changer for business, society, and planet

Effect of ‘appropriate due diligence’ not yet achieved

Several companies have already implemented due diligence processes to conduct business in a sustainable and socially responsible manner. However, the fragmentation of national due diligence regulations hinders the widespread adoption of these initiatives and delays the development of best practices for specific sectors. These voluntary standards have not led to widespread improvements. As a result, negative externalities from production and consumption persist in the EU.

In addition, different interpretations of the concept of ‘due diligence’ by Member States create ambiguity in the interpretation of due diligence obligations in business. This is further complicated by the complexity of value chains, market pressures and lack of information. As a result, the intended effect of ‘due diligence’ is currently not being achieved.

EU legislation on ‘appropriate diligence’ in business would promote human rights compliance and environmental protection, create equal competition conditions for businesses within the EU, enhance transparency for stakeholders, and counter fragmentation resulting from individual actions by member states. The CSDDD will promote sustainability transition and protect human rights in the EU and beyond. The implementation of appropriate diligence in business will be encouraged in the coming years by this development, contributing to the promotion of corporate social responsibility (CSR) by Dutch companies in international trade. The CSDDD aims to have a far-reaching impact on the social responsibility of businesses, the conception of this responsibility by their directors and commissioners, and their strategy.

Scope of the CSDDD

Through the trilogue negotiations, the scope has been limited to ‘very large’ enterprises. ‘Very large’ encompasses the threshold values mentioned in the table below. Due to the significant increase in threshold values, only 0.05% of European enterprises fall within scope. However, because the directive includes provisions on the chain of activities, indirectly, other enterprises not within scope still encounter information requests and measures from enterprises falling within the scope (if they are business partners).

CSDDD entry into force

Like the CSRD, the CSDDD has a phased entry into force, that applies from the moment the CSDDD comes into effect, which looks as follows:

Companies with more than 5000 employees and a turnover of €1500 millionCompanies with a turnover of more than €1500 million generated in the EU3 years after the CSDDD enters into force
Companies with more than 3000 employees and a turnover of €900 millionCompanies with a turnover of more than €900 million generated in the EU4 years after the CSDDD enters into force
Companies with more than 1000 employees and a turnover of €450 millionCompanies with a turnover of more than €450 million generated in the EU5 years after the CSDDD enters into force
Franchises receiving €22.5 million royalties worldwide and generating more than €80 million net turnover worldwideFranchises receiving €22.5 million royalties in the EU and generating more than €80 million net turnover in the EU5 years after the CSDDD enters into force
  • Companies with more than 5000 employees and a turnover of €1500 million will have 3 years to comply with the CSDDD.
  • Companies with more than 3000 employees and a turnover of €900 million will have 4 years to comply with the CSDDD.
  • Companies with more than 1000 employees and a turnover of €450 million will have 5 years to comply with the CSDDD.
  • Franchises will also have five years to comply with the CSDDD.

What does a due diligence policy entail?

The main objective of the CSDDD is to further clarify and strengthen due diligence in the value chain. It aims to (i) strengthen human rights safeguards, (ii) prevent or mitigate environmental harm, and (iii) take action to address global warming and climate change.

Companies must implement both human rights and environmental due diligence policies. Articles 5 to 11 apply to both.

The Due Diligence Policy consists of 6 (+1) steps:

1. Integration of due diligence into policies and risk management systems (Art. 5)

Companies are required to integrate due diligence into their corporate policies and to adopt and annually update a due diligence policy that describes the company’s approach to due diligence, includes a code of conduct setting out the company’s rules and principles and lists the processes implemented to carry out due diligence.

2. Identification of actual or potential adverse impacts (Art. 6)

Businesses should take reasonable steps to identify actual and potential adverse human rights impacts and adverse environmental impacts. To enable a thorough identification of adverse impacts, this identification should be based on both quantitative and qualitative information. As part of this identification process, companies should engage with stakeholders potentially affected by the company’s activities. The duty of due diligence extends to the company’s value chain. This includes both upstream and downstream activities of the company.

Subsidiaries and existing business relationships should also be included in the due diligence process. However, the value chain is limited to established relationships. These are relationships with a contractor, subcontractor or other legal entity. “Established” in this context means a direct or indirect business relationship that is, or is expected to be, sustainable because of its intensity or duration.

3. Prevent and reduce potential adverse impacts, and eliminate and minimise actual adverse impacts (Art. 7 and 8)

Companies must take appropriate measures to prevent or mitigate the identified potential adverse effects of its activities. Where appropriate, the following measures are required:

  • Develop and implement a Preventive Action Plan with reasonable and clearly defined timelines for action and qualitative and quantitative indicators;
  • Obtain contractual assurances from direct business partners (cascade agreement) to ensure compliance with the Code of Conduct and, where appropriate, a Preventive Action Plan;
  • Make necessary financial or non-financial investments, for example in management or production processes and infrastructure;
  • Provide targeted and proportionate assistance to a small or medium-sized enterprise (SME) that is a business partner of the enterprise, if compliance with the Code of Conduct or the Preventive Action Plan would jeopardise the viability of the SME;
  • Cooperate with other entities to, inter alia, enhance the capacity of companies to prevent or mitigate adverse impacts, particularly when no other action is effective.

Companies must take appropriate measures to stop the actual negative impacts or, if this is not possible, to minimise the extent of the impacts. In all cases, it is expected to pay damages or financial compensation to affected individuals and communities, and to develop a corrective action plan (in addition to the measures mentioned above) if the actual negative impacts cannot be immediately stopped.

Where a company has control and influence through contractual provisions, it must ensure that those provisions are effectively complied with. This may mean that the entity provides material support to the partner to comply with the terms of the contract, for example through financial resources, training and education of management and operational staff. Simply transferring risk to the partner is not an adequate means of mitigating or eliminating risk to the company.

4. Establish and maintain a complaints procedure (Art. 9)

Companies are required to establish an effective complaints procedure, accessible to persons affected by the company’s activities and other stakeholders. This enables them to file complaints when they have legitimate concerns about human rights violations and the company’s adverse impact on the environment.

5. Monitoring the effectiveness of due diligence policies and measures (Art. 10)

Companies should review at least annually the effectiveness of their policies and measures on the identification, prevention, mitigation, termination and mitigation of adverse effects.

Companies must update their due diligence policies in line with the results of the assessment. For regulated financial companies that only provide loans, credit and other financial services to their business partners, it is sufficient only to monitor the effectiveness of their periodic assessments of the due diligence process.

6. Disclosure of information on appropriate due diligence (Art. 11)

Companies will be required to publish annually on their website the due diligence process used and its results. EU companies subject to Directive 2013/34/EU must report in the annual report.

Communicating about business operations and the due diligence approach used is critical to maintaining credibility with the outside world (especially directly affected parties and stakeholders). Companies need to demonstrate that and how they carry out due diligence and what the results are.

+1 Combat against climate change (Art. 15)

Companies and non-EU companies operating in the EU must also prepare a plan to ensure that the business model and strategy are compatible with limiting global warming to 1.5°C. This plan should primarily describe the extent to which climate change poses a risk to, or has an impact on, business activities. If climate change is (or should have been) identified as a risk, the company should include greenhouse gas emission reduction targets in its plan.

CSDDD enforcement

The CSDDD combines administrative and civil enforcement to ensure compliance. Member States must designate a supervisory authority. The EC is also setting up a European network of supervisory authorities to promote cooperation and coordination.

The supervisory authorities have the power to request information and carry out investigations. In the event of a breach of the obligations laid down in the CSDD, administrative orders and sanctions may be imposed on the offender. Sanctions must be effective, dissuasive and based on net turnover.

Companies can also be held liable under civil law for damage resulting from a wilful breach of prescribed obligations or from a failure to (adequately) prevent, mitigate or terminate adverse effects. The civil liability regime must be mandatory and apply to the company’s own activities, its subsidiary and its business relations.

Consistency with other European sustainability legislation

Corporate Sustainability Reporting Directive (CSRD)

These two Directives are closely linked. The CSRD requires reporting on ESG issues. This requires the establishment of processes to identify positive and negative impacts. This is closely linked to the CSDD’s due diligence requirement to identify negative impacts. In addition, companies falling within the scope of both Directives have to report (CSRD) on their due diligence obligations (CSDDD). The CSDDD also requires Group 1 companies to prepare a plan to ensure that the business model and strategy are compatible with the transition to a sustainable economy and with limiting global warming to 1.5°C in line with the Paris Agreement. Companies within the scope of the CSRD are also required to report on this.

The Sustainable Finance Disclosure Regulation (SFDR)

Among other things, this regulation requires companies to publish a statement on their due diligence policy regarding the main adverse effects (PAI indicators) of their investment decisions on sustainability factors. Here, the “comply or explain” principle applies.

For companies with more than 500 employees, this declaration is already mandatory. The EC can set regulatory technical standards for the sustainability indicators related to the different types of negative impacts. The CSDDD thus clarifies the way in which companies must conduct research before reporting on it under the CSRD.

Impact of the CSDDD

The CSDDD imposes extensive obligations on enterprises within its scope. Therefore, it is important to become familiar with these obligations in a timely manner and to understand how they will impact your business operations. Non-compliance can result in high costs and serious damage to reputation. The CSDDD will not come into effect until 2027, but companies can begin preparing and considering how existing practices can be improved to align with the current text of the directive. It is certain, however, that due diligence by enterprises will play a more significant role in sustainability.

Establishing and implementing due diligence policies will entail significant costs for enterprises, including transition costs to change their own business operations and ensure respect for human rights and the environment in their value chains. Suppliers and buyers will need to scrutinize each other, which may lead to the revision or termination of existing contracts and negotiations for new contracts. New negotiations will also be necessary for contract drafting. Unilaterally changing agreements is often not possible. Therefore, it is advisable to engage in dialogue and work together to find solutions.

It is wise to start by (i) developing a human rights and environmental policy, (ii) conducting a risk analysis of the value chain, (iii) establishing a complaints mechanism, (iv) mapping management involvement in these topics, and (v) evaluating the role, expertise, and staffing of the legal and compliance departments. This is because they will play a crucial role in the implementation and demonstrable compliance with the CSDDD. Most aspects of the directive were already part of existing soft law initiatives. Therefore, it is prudent to address these issues in a timely and thorough manner.