Who supervises compliance with the CS3D?
The CS3D obliges Member States to designate one or more supervisory authorities tasked with supervising compliance with the obligations of the CS3D. The supervisory authorities will have the power to enforce both due diligence obligations (see a deep dive on those here) and climate change-related obligations (see a deep dive on those here). Those supervisory authorities will have the power to require companies to provide (further) information, and to conduct compliance investigations and inspections of the companies concerned. If a supervisory authority identifies a failure to comply with the CS3D, it can take several measures to remediate that infringement. It must also grant the company concerned an appropriate period of time to take remedial action.
When carrying out their task, supervisory authorities shall at least have the following powers:
- To order:
- The cessation of the infringement
- The abstention from repetition of the relevant conduct
- To provide proportionate remediation
- To impose penalties.
- To adopt interim measures in case of imminent risk of severe and irreparable harm.
What penalties can be imposed?
The (pecuniary) penalties which a supervisory authority can impose must be effective, proportionate, and dissuasive. Supervisory authorities must at least be able to impose pecuniary penalties and “naming and shaming” measures. The pecuniary penalty must be based on the company’s net worldwide turnover whereas the maximum penalty must be at least 5% of the net worldwide turnover for the financial year preceding the fining decision. Member States are allowed to set the maximum fines under their national law even higher than 5%.
For an EU or non-EU company that is the ultimate parent company of a group, penalties are calculated on their consolidated turnover, which can thus in principle lead to significant fines. Such sanctions can also damage the reputation of the companies concerned and their brands, because the decisions of the national supervisory authorities containing sanctions in connection with infringements of the national regulations adopted to implement the CS3D must be made publicly available for at least five years as part of the naming and shaming practice under the CS3D.
The following factors, among others, must be taken into account when deciding whether and to what extent penalties are to be imposed:
- The nature, gravity and duration of the infringement and the severity of its impact.
- Preventative, mitigative and remedial measures taken by the company concerned.
- Any relevant previous infringement by the company concerned.
- Any collaboration with other entities to address the impacts concerned.
- The financial benefits gained or losses avoided by the company due to the infringement.
How does the civil liability regime under the CS3D work?
A game changer in ESG legislation is that the CS3D also regulates the civil liability of companies for human rights or environmental violations in their supply chains and enables persons affected by such violations to seek compensation in civil proceedings.
The CS3D requires that Member States ensure that a company may be held liable under the CS3D for damage caused to a natural or legal person where:
- The company has intentionally or negligently failed to comply with the obligations to prevent potential adverse human rights and environment impacts or to bring actual adverse human rights and environment impacts to an end, where the human rights standards are aimed at protecting the natural or legal person.
- As a result of the breach referred to under a), damage has been caused to the “legal interests” of the natural or legal person protected under the applicable national law of a Member State.
Member States may define what constitutes the “legal interest” of a natural or legal person differently and therefore there may be differences on the type of damages that can be claimed. For instance, in some Member States there is no right to claim indirect damages. Therefore, the extent to which companies can be held liable will differ from Member State to Member State.
Companies that participated in industry or multi-stakeholder initiatives or used third-party verification, audit, or contractual clauses to support the implementation of due diligence obligations can still be held liable for damages under the CS3D. This means that companies cannot discharge their liability for damages under the CS3D by outsourcing their due diligence risk management for human rights and environmental violations under the CS3D to third parties.
The CS3D furthermore determines that a company and its subsidiary or its direct or indirect business partner are jointly and severally liable if the damage was caused jointly, without prejudice to national law on the conditions of joint and several liability and rights of recourse. A company cannot, however, be held liable if the damage was caused only by its business partners present in its chain of activities.
Furthermore, the CS3D requires Member States to ensure that the following standards are transposed into their national law in order to create a robust regime for those affected by human rights and environmental violations under the CS3D to effectively enforce their rights. National rules must:
- Provide for injunctive relief and for the discovery and preservation of evidence.
- Ensure that the limitation period shall be at least five years from the moment the infringement has ceased and the claimant knows or can reasonably be expected to know of the infringement, any harm cased and the identity of the infringer.
- Ensure that aggrieved persons may authorize a trade union or NGO to bring an action on behalf of those persons.
- Ensure that the CS3D overrides any non-EU law which would be applicable to a claim which otherwise would fall under the CS3D.
Note that the specific civil liability regime established by the CS3D does not explicitly cover violations of companies' climate-related obligations. However, such violations may still potentially be actionable under the laws of certain Member States.
How does the CS3D compare to existing national ESG-regulations and case law?
National legislation on the potential liability of companies for their value chain and which is similar in scope to the CS3D already exists in Germany and France.
With regard to civil liability, the CS3D exceeds the standards of the (Lieferkettensorgfaltspflichtengesetz (LkSG)), which “merely” contains a special procedural status clause that allows persons affected by human rights and environmental violations to enforce their rights in court by authorizing a domestic trade union or non-governmental organization to institute proceedings. These public proceedings on possible violations of German Supply Chain Act standards can lead to reputational damage for the company concerned and its brands.
In the context of administrative penalties for violations of the standards of the LkSG, the competent German authority (BAFA) can impose a fine of up to 2% of the global annual turnover on the company concerned, depending on the degree to which the company is deemed accountable for the violation of these human rights and environmental standards. The fine for infringements under the CS3D of 5% of the global net turnover is therefore significantly higher than the maximum fine of 2% of the global net turnover of the company concerned under the LkSG.
Since 2017, large French companies are required to effectively manage the human rights and environmental risks – both within the company itself, but also its subsidiaries and value chain. The French duty of vigilance is currently in the spotlight, with several non-profits and trade unions having sent more than 30 formal notices and filed a dozen legal actions against major French companies on this basis. The first ruling on the merits was handed down in December 2023 (see the La Poste judgement – currently before the Court of appeal). The Court ruled that the vigilance plan drawn up by La Poste was not sufficient and ordered the latter to adapt and complete its vigilance plan. An explanatory article on that judgment can be found here.
Litigation in this area increases every year, leading to financial and reputational exposure. Given the CS3D’s lowest thresholds, the implementation of the CS3D into French law will result in having more French companies subject to the due diligence obligations. Furthermore, CS3D is expected to provide more detail on the duty of vigilance requirements, which is lacking under the current French law.
Case law from the Netherlands provides another example of liability for ESG-infringements in a company’s value chain. In 2021, the District court of The Hague ordered Shell to reduce its CO2-emissions within the Shell-group on the basis that Shell had breached its duty of care flowing from Dutch tort law. This responsibility covered Shell's whole value chain, including not only subsidiaries but also business relations that supplied Shell entities with raw material, electricity and heat. This remains a unique case which is currently under appeal. The judgment can be read here.
Practical consequences of public and civil enforcement of the CS3D
It is as of yet uncertain how strict the supervisory authorities will be in supervising and enforcing compliance with the CS3D, and how they may impose remedial measures and penalties. However, based on the increasing importance supervisory authorities ascribe to compliance with existent ESG-related regulations, it can be assumed compliance with and enforcement of the CS3D will be a priority for Member States and their supervisory authorities.
Furthermore, the possibility of civil liability for non-compliance with the CS3D could lead to an increase in the number of claims for human rights and environmental violations and could also lead to reputational damage for companies as a result of their – even potential or alleged – human rights violations being litigated in public court proceedings. It is therefore crucial that companies carry out an effective human rights and environmental risk analysis in order to minimize both the risk of administrative enforcement and civil liability.
