The EU Corporate Sustainability Due Diligence Directive (CSDDD): 3 year countdown to compliance begins

After a protracted 2.5-year legislative process, the Corporate Sustainability Due Diligence Directive (CSDDD) was finally published in the EU’s Official Journal (OJEU) on the 5th July 2024 - this week marks exactly 3 years until the first wave of companies will have to comply.

Whilst 3 years may seem plenty of time, it is important to remember that many organisations have significant work to do ahead of that time in order to be prepared. Organisations may also wish to do some soul-searching; is minimum compliance the only thing that matters or really want to live and breathe what it means to be a truly sustainable business?

What is the CSDDD?

The CSDDD aim is to “foster sustainable and responsible corporate behaviour in companies’ operations across their value chains.” In short, companies meeting certain revenue and employee thresholds will be responsible for performing due diligence to identify and address adverse human rights and environmental risks in their own operations, subsidiaries and their business partners.

Who is in scope for the CSDDD?

From its original form, the CSDDD has been significantly diluted in terms of which companies are in scope however c. 6,000 companies in the EU alone will be impacted by this Directive.

+/- 6,000 companies - >1000 employees and >EUR 450 million turnover (net) worldwide.

+/- 900 companies - >EUR 450 million turnover (net) in EU.

The Directive contains provisions to facilitate compliance and limit the burden on companies, both in scope and in the value chain.

Micro companies and SMEs are not covered by the proposed rules. However, the Directive provides supporting and protective measures for SMEs, which could be indirectly affected as business partners in value chains.

The CSDDD will only be applicable if the relevant conditions (turnover and employee count) are met for 2 consecutive financial years. 

What are the timeframes for the CSDDD?

What are the CSDDD obligations?

1. Integrate human rights and environmental due diligence into all relevant policies and risk management systems and have a standalone due diligence policy which is updated at least every two years
2. Identify and assess adverse human rights and environmental risks and impacts in their business operations and supply chains by mapping their supply chains to identify general areas of risk, and then conducting a more in-depth assessment of the highest risk areas based on the severity and likelihood of the impact 
3. Take “appropriate measures” to prevent, mitigate or end the adverse risks and impacts identified (prioritising the highest risks areas). 
4. Provide remediation for adverse human rights and environmental impacts they have caused 
5. Set up fair and accessible notification mechanisms and complaints procedures to enable individuals and representative bodies to raise concerns about human rights and environmental risks and impacts
6. Carry out annual assessments of the measures above to monitor their effectiveness 
7. Publicly report on their due diligence procedures.

What are the CSDDD penalties?

The penalties will be determined by the Member States but these should be “effective, proportionate and dissuasive” - the level of penalty imposed will depend on 1) the nature, gravity and duration of the infringement; 2) any previous infringements from the company; 3) any remedial actions taken by the company. 

Despite the Member State discretion, the maximum penalty should be at least 5% of the relevant company’s net global turnover from the previous financial year. This showcases that there can be severe financial consequences (as well as potential reputational) should an organisation not fulfil its CSDDD obligations. Companies who do not meet their CSDDD obligations may also find that they do not qualify for public contracts.

There is also a civil liability scheme related to the CSDDD - under Article 22, companies may be liable for intentional or negligent infliction of adverse impacts on individuals or other legal persons. 

Thinking ahead

Organisations will need to think about investment in the area of due diligence - people, process, systems, data and governance are all important areas of consideration. In scope businesses who are willing to think proactively about CSDDD will be best placed to respond and reduce their risk of non-compliance. 

More ambitiously, is there an opportunity to use CSDDD response as a driver for embedding sustainability culture and capabilities within the business? Here are some other questions for organisations to ponder ahead of the CSDDD:

• What are the ambitions of the sponsors in responding to the CSDDD?
• Who is responsible within the organisation for responding to ESG obligations?
• What processes and documents need to change?
• How will due diligence of the organisation’s value chain be performed?
• What would a functional complaints mechanism and procedure look like?
• How will you gather the necessary inputs required for reporting obligations?
• What governance structure is needed to ensure ongoing compliance with CSDDD? 

The CSDDD and other legislation can create complex compliance challenges. We help organisations navigate these, ensuring they not only meet requirements but also leverage them as opportunities for growth. Contact us if you have any questions you would like to discuss with the team.