The EU institutions are progressing towards taking corporate responsibility for human rights and environmental protection to the next level. Faced with growing demand from civil society, companies have already been encouraged to consider the impact of their businesses and to comply with human rights standards. However, this trend is quickly moving into concrete and prescriptive legal obligations.
Several European countries have already imposed due diligence and reporting obligations on companies in an effort to prevent and remedy any adverse impact on human rights and the environment.
In 2015, the UK adopted the Modern Slavery Act which was the first substantive legislation in Europe to deal with corporate responsibility for human rights. However, the UK Act is limited as it only imposes an obligation to report on any steps taken to prevent modern slavery (including in the supply chain) but imposes no obligation to take such steps.
France was the first state to impose a human rights due diligence obligation with the enactment of the French Duty of Vigilance Law on 27 March 2017. Under this statute French corporations with over 5,000 employees in France and/or over 10,000 employees worldwide (including affiliates' employees) are required to set up, publish and implement a "vigilance plan". This vigilance plan is intended to identify, anticipate and prevent human rights violations that might result from the activities of the parent company, its subsidiaries and controlled affiliates, as well as suppliers and subcontractors along the value chain. There has already been some material case law (see our analysis of a recent decision here).
Other European countries have subsequently considered the adoption of legislations on expected human rights and environmental due diligence. Most recently and most significantly, Germany has joined the movement with the German Act on Corporate Due Diligence in Supply Chains of 16 July 2021 (the "SCDDA"), which entered into force on 1 January 2023 for companies domiciled in Germany and with 3,000 or more employees (from January 2024: 1,000). The SCDDA comprises a comprehensive set of due diligence obligations as part of a human rights risk management system including, inter alia, regular and ad hoc risk analyses and the implementation of preventive measures and remedial actions in case of (imminent) violations and reporting obligations. The competent authority has already started public enforcement by issuing formal requests for information. Moreover, an NGO has formally submitted the first complaint under the SCDDA to the competent authority which will now decide whether to investigate.
Progress of the CSDDD so far
The European Commission launched on 26 October 2020 a major consultation on corporate responsibility with regard to environment, social and human rights. Numerous stakeholders (including Hogan Lovells, as reported here) participated in the debate.
After being presented as a priority by the French Presidency of the Council of the European Union, the European Commission published, on 23 February 2022, a proposal for a Directive on Corporate Sustainability Due Diligence (the "CSDDD"), aiming to introduce a harmonised human rights due diligence requirement for large companies operating in the EU.
The Council of the EU then finalised its position on the Commission’s proposal on 30 November 2022. While the text amended some of the provisions of the proposed CSDDD, the substantive diligence obligations broadly remained the same.
On 25 April 2023, the Committee on Legal Affairs of the European Parliament (the "JURI Committee") took position on the proposed Directive with 19 votes in favour, 3 against and 3 abstentions.
Finally, on 1 June 2023, the European Parliament adopted its own version of the CSDDD which is the result of a political compromise and was reached after tough negotiation with 366 votes in favour, 225 against and 38 abstentions. It is now deemed "essential to establish a European framework for a responsible and sustainable approach to global value chains, given the importance of companies as a pillar in the construction of a sustainable society and economy" (Recital 4 of the CSDDD).
The European Parliament’s position will form the basis for negotiations when the "trilogue" phase of discussions between the EU institutions begins.
Scope of application
The European Parliament has significantly expanded the scope of application of the CSDDD in contrast to the Commission's and Council's proposal, which would cover:
EU-companies, with (i) more than 250 employees and EUR 40 million annual net turnover or (ii) parent companies with more than 500 employees and at least EUR 150 million net worldwide turnover; and
Non-EU companies, with (i) a net annual turnover higher than EUR 40 million within the EU or (ii) parent companies with more than 500 employees and a net worldwide turnover of more than 150 million and at least 40 million was generated in the Union (Article 2 of the CSDDD; Recitals 21 and 23).
These thresholds apply to all companies regardless of their sector (that is financial services will be included).
The new obligations laid down in the Directive would apply after three or four years depending on the company’s size, and, by exception, after five years for smaller companies (i.e. as part of a phase-in approach) (Article 30 of the CSDDD). Small and medium-sized enterprises (SMEs), including micro-companies, remain excluded at this stage from the scope of application.
Content of due diligence requirements
Established business relationships versus business partners – The concept of "established business relationships", proposed by the Commission, has been replaced by "business partners". The Council and the European Parliament have prioritised a risk-based approach to ensure feasibility for companies. It has introduced new provisions on risk mapping and prioritisation among adverse impacts. When companies are unable to address all the adverse impacts at the same time, they shall – like under the German SCDDA – prioritise depending on the degree of severity and likelihood, addressing the most significant adverse impacts before moving on to the less significant ones (Article 3 of the CSDDD).
Value Chain versus chain of activities – The term "value chain" proposed by the Commission was initially replaced in the Council proposal by the notion of "chain of activities", deemed more neutral. Member States were in favour of limiting the scope of application to the "supply chain" (relevant under German law). The European Parliament has preferred the broader term "value chain" which includes both upstream and downstream activities without any limitations, i.e. all activities related to and entities involved in the production and development of a company’s products or services, and in the sale, distribution, transport, storage and waste management of a company’s products and services (Article 3 point (g) of the CSDDD; Recital 18).
Financial undertakings – The Council had initially clarified the definition of regulated financial undertakings, leaving financial products out of the scope, notably because of their "specificities" (i.e. alternative investment funds (AIFs) and undertakings for collective investment in transferable securities (UCITS)). The European Parliament has however voted in favour of including financial undertakings within the scope of the directive. One can expect heated debates in this respect and the discussion could lead to differentiating among various types of financial services companies, some falling within the scope while others would remain out (Recital 19).
Plan to fight climate change
As requested by Member States, the European Parliament has upheld the Council’s general position. The European Parliament has however added that companies will have to implement a transition plan, in consultation with stakeholders, providing for a mandatory "genuine interaction" and dialogue with those affected by their actions, such as human rights and environmental activists. With respect to the alignment of the business model and strategy of the company with the transition to a sustainable economy and with the limiting of global warming to 1.5°C in line with the Paris Agreement, the proposed wording of the CSDDD remains the same. This being said, the objective of achieving climate neutrality by 2050 as established in Regulation (EU) 2021/1119 and the 2030 climate target has been explicitly added (Article 15 of the CSDDD; Recitals 68 and 69).
The JURI Committee had also suggested that company executives with more than 1,000 employees be directly responsible for these measures, which would in turn affect the variable parts of their remuneration, such as bonuses. Crucially, this suggestion has been included in the Parliament’s compromise text (Article 15 (3) of the CSDDD).
According to the Parliament’s compromise, non-compliant companies will be liable for damages and sanctioned by national supervisory bodies. Sanctions will include fines up to at least 5% of the net worldwide turnover (depending on implementation of the CSDDD in Member States’ national law). They will also include measures such as "naming and shaming" through public statements from authorities indicating a company is non-compliant, taking a company’s products off the market and injunctive relief. As for non-compliant non-EU companies, sanctions incurred will include a ban from public procurement in the EU (Article 20 of the CSDDD).
Provisions on civil liability have been significantly amended to ensure better clarity and legal certainty for businesses and avoid unreasonable interference with the Member States' civil liability law systems.
The revised text specifies that companies can be held liable if they failed to comply with the obligations laid down in the CSDDD, including for failing to prevent, develop and implement a prevention action plan or bring adverse impacts to an end, in situations where such failures lead to damage caused to an individual or a legal entity. Such liability may arise from adverse impacts that should have been "identified, prioritised, prevented, mitigated, brought to an end, remediated, or its extent minimised through the appropriate measures" in respect of the company’s operations, its subsidiaries, and of the company’s direct and indirect business partners (Article 22 of the CSDDD; Recital 56).
It also provides a limitation period for bringing actions for damages of at least 10 years, specifying that when setting the starting point of such limitation period, Member States will have to consider the moment the impact causing the damage has ceased and when the victim concerned knew or could have been reasonably expected to know that the damage suffered was caused by the adverse impact. Member States will also have to ensure that costs of the proceedings are not prohibitively expensive for claimants to seek justice (Article 22 of the CSDDD).
Some of the changes made by the Council and the Parliament will certainly lead to controversial opinions and discussions. The first "trilogue" will begin today – 8 June 2023. These negotiations between the Parliament and the Council are likely to lead to further changes before the text of the Directive is finalised with a phase-in approach for entry into force.
Until then, the national legislations currently in force and which are already leading to enforcement actions and litigation (e.g. the French Duty of Vigilance and the German SCDDA), show that multinational companies need to implement human rights risk management systems now and should look at the CSDDD as proposed when considered the scope and breadth of compliance systems. In order to "steer the course" in this complex and constantly evolving regulatory environment and minimize the many compliance risks, companies should implement effective risk management or compliance processes and measures.
Please get in touch with a member of Hogan Lovells’ Business and Human Rights group or your usual Hogan Lovells contact if you wish to discuss this development. We stand ready to assist companies from all industry sectors to assess how to assess and adjust their processes and operations and associated litigation risks in this context.
Authored by Christelle Coslin, Liam Naidoo, Christian Ritz, Kevin O'Connor, Margaux Renard and Felix Werner