European Union: The new Corporate Sustainability Due Diligence Directive — what does it mean for companies?

In brief

The Corporate Sustainability Due Diligence Directive ("CSDDD") has been formally adopted, and was published in the EU Official Journal on 5 July 2024. Even before the CSDDD starts to apply, this new law will have significant impacts on many EU companies and non-EU companies active in the EU, as well as on their value chains throughout the world. In this first installment of our new "CSDDD Explainer Series", we answer the following four key questions: "Which companies are covered?," "What will be their new obligations?," "Why should they comply?" and "When will this start to apply?"


Contents

Contents

Introduction

  1. Which companies are within the scope of the CSDDD?
  2. What are the obligations imposed by the CSDDD?
    1. Due diligence
    2. Climate change mitigation
  3. What is the cost of noncompliance?
  4. When do these rules start applying to which companies?

 

Introduction

As part of the EU's European Green Deal, one of the areas of EU law that has developed most rapidly and profoundly relates to corporate sustainability governance. This area focuses on shaping companies' management of environmental, social and governance (ESG) matters. A number of EU laws in this area have already been adopted — most notably the Corporate Sustainability Reporting Directive ("CSRD")1 and the Taxonomy Regulation.2

The Corporate Sustainability Due Diligence Directive ("CSDDD") was provisionally agreed at a political level in December 2023 and confirmed by COREPER in a revised version in March 2024.3 The final text of the CSDDD must still be formally adopted by the European Parliament and the Council of Ministers before it enters into force.

Compared to the agreement reached in December, the revised compromise of March 2024 has been scaled back. Most notably, it will apply to fewer companies, and its application will be delayed. Despite this, it remains an ambitious new law that is bound to have a critical impact on many multinational companies active in the EU. This is why we are now launching the Baker McKenzie CSDDD Explainer Series. This series will highlight the most important aspects of CSDDD compliance following this initial overview, which will answer the four most important initial questions regarding the CSDDD:

  1. Which companies are covered? The CSDDD differentiates between different categories of in-scope EU and non-EU companies, as set out in detail in Section 1 below.
  2. What is required of covered companies?
  • They will need to adopt and implement effective due diligence policies for identifying, preventing, mitigating, and bringing to an end actual and potential human rights and environmental harms in their own operations and those of their subsidiaries and business partners, in relation to their "chain of activities" (i.e., specific parts of the value chain); see Section 2.1.
  • They will also be required to adopt and put into effect a transition plan for climate change mitigation aligned with the Paris Agreement's objective of limiting global warming to 1.5 °C; see Section 2.2.
  1. Why should companies comply? Significant administrative and financial penalties may be imposed, and companies will be subject to civil liability for damages caused by noncompliance. 
  2. When will this apply? The largest in-scope companies will have three years from the entry into force of the CSDDD, likely meaning until 2027, while others will have four or five years to comply.

1. Which companies are within the scope of the CSDDD?

The CSDDD covers both companies incorporated under the law of a member state ("EU companies") and companies incorporated under the laws of a third country ("non-EU companies") as per the table below.

  EU companies   Non-EU companies
  Group 1 — "Very large" companies that had the following in their last financial year:
  • More than 1,000 employees on average
  • More than EUR 450 million of net worldwide turnover
  Group 1a — "Very large" companies that generated a net turnover of more than EUR 450 million in the EU in the financial year preceding the last financial year.
       
  Group 2 — Ultimate parents of "very large" groups, i.e., companies, not falling under Group 1, that are the ultimate parent of a group reaching the thresholds outlined above for Group 1 on a consolidated basis in the last financial year   Group 2a — Ultimate parents of "very large" groups, i.e., companies, not falling under Group 1a, that are the ultimate parent of a group reaching the financial threshold outlined above for Group 1a on a consolidated basis in the last financial year 
       
  Group 3 — Companies with a franchising or licensing business model, i.e., companies that entered into — or are the ultimate parent company of a group that entered into — franchising/licensing agreements (ensuring a common identity and business concept) in the EU and that in the last financial year satisfied the following conditions:
  • These royalties amounted to more than EUR 22.5 million.
  • The company generated, individually or on a consolidated basis as the ultimate parent company of a group, a net worldwide turnover of more than EUR 80 million.
  Group 3a — Companies with a franchising or licensing business model, i.e., companies that entered into — or are the ultimate parent company of a group that entered into — franchising/licensing agreements (ensuring a common identity and business concept) in the EU and that in the financial year preceding the last  satisfied the following conditions:
  • These royalties amounted to more than EUR 22.5 million in the EU.
  • The company generated, individually or on a consolidated basis as the ultimate parent company of a group, a net turnover in the EU of more than EUR 80 million.


2. What are the obligations imposed by the CSDDD?

2.1. Due diligence

Under the CSDDD, in-scope companies are required to adopt and implement effective due diligence policies for identifying, preventing, mitigating and bringing to an end potential and actual adverse impacts on human rights and environmental matters in these companies' own operations, the operations of their subsidiaries and certain operations of their business partners.

"Adverse impacts" are defined by reference to international treaties ratified by member states.

  • Adverse environmental impacts include, for example, impacts resulting from pollution, deforestation, excessive water consumption or damage to ecosystems.
  • Adverse human rights impacts are defined as impacts resulting from either (i) a breach of enumerated human rights in several listed international instruments or (ii) an abuse of a human right not listed under a number of conditions meant to ensure legal certainty. Typical examples include child labor, slavery and labor exploitation.

The interpretation of what will constitute an adverse impact, including the interpretation of the relevant international treaties, will clearly be one of the most sensitive legal issues of the CSDDD, as this will determine the type of situation that companies are required to identify, prevent, mitigate and bring to an end.

The policies to be adopted and implemented will have to go beyond the traditional scope of responsibility of companies. In addition to their own operations and the operations of companies they control, these policies will have to cover impacts that also arise, or could also arise, from the following:

  • The operations of direct and indirect business partners of the company, i.e., partners with whom the company has the following relationship:
    • A commercial agreement related to their operations, products or services
    • No commercial agreement, but that still carries out business operations related to the company's operations, products or services
  • In relation to the following parts of the value chain:
    • The upstream value chain, i.e., the production of goods or the provision of services by the company, including the design, extraction, sourcing, manufacture, transport, storage and supply of raw materials, products or parts of the products, and development of the product or the service
    • Some of the downstream value chain, i.e., the distribution, transport and storage of a product, where the business partners carry out those activities for the company or on behalf of the company, excluding the distribution, transport and storage of products subject to export control (e.g., weapons)

For identified (potential or actual) adverse impacts, the due diligence obligation includes the following aspects:

  • Integrating due diligence into policies and risk management systems.
  • Identifying and assessing actual or potential adverse impacts and, where necessary, prioritising potential and actual adverse impacts.
  • Preventing and mitigating potential adverse impacts, as well as bringing actual adverse impacts to an end and minimising their extent.
  • Providing remediation to actual adverse impacts, i.e., providing financial or nonfinancial compensation, including restitution of the affected person or persons or environment; carrying out meaningful engagement with stakeholders, including providing information to stakeholders and answering their reasoned requests for information; and establishing and maintaining a notification mechanism and complaints procedure open to those affected by adverse impacts and the legitimate representatives of such persons (NGOs, unions, etc.)
  • Monitoring the effectiveness of their due diligence policy and measures, and publicly communicating on due diligence issues (where applicable, directly in the company's CSRD report).

2.2. Climate change mitigation

Companies covered by the CSDDD will be required to "adopt and put into effect a transition plan for climate change mitigation" ("Climate Transition Plan"), which must have specific features:

  • The Climate Transition Plan must aim "to ensure, through best efforts, that the business model and strategy of the company are compatible with" the following:
    • The transition to a sustainable economy.
    • Limiting global warming to 1.5 °C, in line with the Paris Agreement.
    • The objective of achieving climate neutrality as established in the EU Climate Law, including its intermediate and 2050 targets.
    • Where relevant, the exposure of the undertaking to coal-, oil- and gas-related activities.
  • It must include the following company-specific climate targets, plans and other topics:
  Climate targets   Decarbonization levers   Transition funding   Leadership accountability
  Time-bound climate change targets every five years from 2030 to 2050, including, where appropriate, absolute emission reduction targets for Scope 1, Scope 2 and Scope 3 GHG emissions for each significant category   A description of identified decarbonization levers and key actions planned, including, where appropriate, changes to the company's products or services and its adoption of new technologies    An explanation and quantification of the investments and funding supporting the implementation of the transition plan   A description of the role of the administrative, management and supervisory bodies of the company with regard to the transition plan

 

  • The Climate Transition Plan must be updated every 12 months and must provide details of the progress made by the company toward achieving its targets.

The European Commission is required to publish practical guidelines on this Climate Transition Plan within 36 months of the entry into force of the CSDDD.

Companies that report a transition plan fully in accordance with the sustainability reporting standards adopted under the CSRD are automatically deemed to have complied with the obligation to adopt such a Climate Transition Plan. The CSDDD's climate-related obligation is thus directly linked to the CSRD. However, the CSDDD goes significantly beyond mere disclosure by requiring companies to: (i) adopt a detailed Climate Transition Plan; and (ii) actually implement the Climate Transition Plan on a best-efforts basis.

3. What is the cost of noncompliance?

The CSDDD obliges member states to adopt rules on penalties for violations of national provisions transposing the CSDDD and to take all measures necessary to ensure that these are implemented. Penalties provided must be effective, proportionate and dissuasive and must at least include pecuniary penalties and "naming and shaming" measures.

Pecuniary sanctions must be based on the company's global net turnover, and the maximum sanction must be at least 5% of the net worldwide turnover of the company in the financial year preceding the fining decision. Member states are free to set their maximums even higher. For an EU or non-EU company that is the ultimate parent company of a group, penalties are calculated on their consolidated turnover. Non-confidential versions of the fining decisions will be published and will remain publicly available for at least five years, including to enable third parties to engage the company's civil liability (see below).

The civil liability of a company will be engaged where it intentionally or negligently violates some of the CSDDD obligations outlined in Section 2, where the violated obligation was aimed at protecting natural or legal persons and the violation has caused damage to such a person. Damage must be fully compensated under national law but must not be overcompensated (e.g., by means of punitive damages). A company cannot be held liable if the damage was only caused by one of its business partners; however, when the damage was caused jointly by the company and its subsidiary or direct or indirect business partners, they shall be liable jointly and severally.

The CSDDD also provides obligations for member states to ensure that there exists national legal recourse to damages, including with respect to standing, injunctive relief and the beginning and duration of the limitation period for bringing damages claims (at least five years), as well as with respect to the discovery of evidence and for the preservation of evidence. Member states remain free to adopt more stringent national provisions.

4. When do these rules start applying to which companies?

The CSDDD will start to apply to in-scope companies as follows:

  • Three years after the entry into force of the CSDDD, likely in 2027:
    • EU companies that fall within Groups 1 or 2 and had more than 5,000 employees on average and generated a net worldwide turnover of more than EUR 1,500 million in the last financial year preceding the three-year anniversary of the entry into force of the CSDDD
    • Non-EU companies that fall within Groups 1a or 2a and generated a net turnover of more than EUR 1,500 million in the EU in the financial year before the last financial year preceding the three-year anniversary of the entry into force of the CSDDD
  • Four years after the entry into force of the CSDDD, likely in 2028:
    • EU companies that fall within Groups 1 or 2 and had more than 3,000 employees on average and generated a net worldwide turnover of more than EUR 900 million in the last financial year preceding the four-year anniversary of the entry into force of the CSDDD
    • Non-EU companies that fall within Groups 1a or 2a and generated a net turnover of more than EUR 900 million in the EU in the financial year before the last financial year preceding the four-year anniversary of the entry into force of the CSDDD
  • Five years after the entry into force of the CSDDD, likely in 2029: All other EU and non-EU companies covered by the CSDDD

1 Directive (EU) 2022/2464 of the European Parliament and of the Council of 14 December 2022 amending Regulation (EU) No. 537/2014, Directive 2004/109/EC, Directive 2006/43/EC and Directive 2013/34/EU, as regards corporate sustainability reporting.

2 Regulation (EU) 2020/852 of the European Parliament and of the Council of 18 June 2020 on the establishment of a framework to facilitate sustainable investment and amending Regulation (EU) 2019/2088.

3 This article is based on the provisional agreement reached in December 2023 and amendments to it that were introduced by the Belgian Presidency of the Council of the European Union, following the vote of 28 February by COREPER when not enough member states supported the text of the provisional agreement reached in December.


Copyright © 2024 Baker & McKenzie. All rights reserved. Ownership: This documentation and content (Content) is a proprietary resource owned exclusively by Baker McKenzie (meaning Baker & McKenzie International and its member firms). The Content is protected under international copyright conventions. Use of this Content does not of itself create a contractual relationship, nor any attorney/client relationship, between Baker McKenzie and any person. Non-reliance and exclusion: All Content is for informational purposes only and may not reflect the most current legal and regulatory developments. All summaries of the laws, regulations and practice are subject to change. The Content is not offered as legal or professional advice for any specific matter. It is not intended to be a substitute for reference to (and compliance with) the detailed provisions of applicable laws, rules, regulations or forms. Legal advice should always be sought before taking any action or refraining from taking any action based on any Content. Baker McKenzie and the editors and the contributing authors do not guarantee the accuracy of the Content and expressly disclaim any and all liability to any person in respect of the consequences of anything done or permitted to be done or omitted to be done wholly or partly in reliance upon the whole or any part of the Content. The Content may contain links to external websites and external websites may link to the Content. Baker McKenzie is not responsible for the content or operation of any such external sites and disclaims all liability, howsoever occurring, in respect of the content or operation of any such external websites. Attorney Advertising: This Content may qualify as “Attorney Advertising” requiring notice in some jurisdictions. To the extent that this Content may qualify as Attorney Advertising, PRIOR RESULTS DO NOT GUARANTEE A SIMILAR OUTCOME. Reproduction: Reproduction of reasonable portions of the Content is permitted provided that (i) such reproductions are made available free of charge and for non-commercial purposes, (ii) such reproductions are properly attributed to Baker McKenzie, (iii) the portion of the Content being reproduced is not altered or made available in a manner that modifies the Content or presents the Content being reproduced in a false light and (iv) notice is made to the disclaimers included on the Content. The permission to re-copy does not allow for incorporation of any substantial portion of the Content in any work or publication, whether in hard copy, electronic or any other form or for commercial purposes.