Update on the EU Sustainability Due Diligence Directive (CSDDD)
Locations
In Germany, the Supply Chain Due Diligence Act (Lieferkettensorgfaltspflichtengesetz - LkSG) has regulated corporate responsibility for compliance with human rights and certain environmental standards in supply chains since 2023. After a long struggle and numerous amendments, the Corporate Sustainability Due Diligence Directive (CSDDD), is now in place.
The CSDDD was adopted in the in the plenary session of the European Parliament on 24 April 2024, after the Permanent Representatives Committee of the Council of the European Union approved a new comprise text on 15 March 2024, which differs significantly from the provisional political agreement reached in December 2023. Once it enters into force, the EU Member States must transpose the CSDDD into their national laws.
1. Scope of Application
The obligations of the CSDDD apply to
- EU companies and parent companies with more than 1,000 employees and a global net annual turnover of at least EUR 450 million in the last financial year and
- Non-EU companies and parent companies with a net turnover generated in the EU/EEA of at least EUR 450 million in the last financial year, regardless of the number of employees.
Obligations under the CSDDD will be phased in gradually during a transition phase: Companies with more than 5,000 employees and a net turnover of more than EUR 1.5 billion will be obliged three years after it comes into force, i.e. sometime in 2027, while the Directive will not apply to companies with more than 3,000 employees and more than EUR 900 million net turnover until 2028. Ultimately – presumably in 2029 - the CSDDD will apply to EU companies with more than 1,000 employees and more than EUR 450 million net turnover.
The Directive may also apply to companies that have concluded franchise or license agreements (thresholds based on the value of royalties) in the EU. The originally discussed extended scope of application for so-called high-risk sectors has been abandoned.
2. Obligations along Chain of Activities
The CSDDD covers the so-called activity chain: due diligence obligations apply along the upstream supply chain for activities in connection with the manufacture of goods or provision of services (upstream), but also for downstream activities in connection with distribution, transport and storage (downstream) provided that these down-stream activities are carried out by direct business partners. Activities of consumers as customers of the obligated companies are not covered. The Directive contains obligations for companies to identify, prevent, remedy and minimize potential or actual negative impacts of their own business activities, the business activities of their subsidiaries, and the business activities of their business partners within the entire chain of activities on human rights and the environment.
In this respect, companies are obliged to carry out and report on risk-based due diligence measures. This includes the following obligations:
- Integration of sustainability due diligence into the company's internal principles and risk management systems,
- Identification, assessment and, if necessary, prioritization of actual or potential negative impacts,
- Avoidance and mitigation of potential adverse effects and cessation of adverse effects that have already occurred,
- Establishment of a reporting mechanism and complaints procedure,
- Monitoring the effectiveness of the measures,
- Public reporting on the implementation of due diligence obligations.
Preventive measures include, for example, obtaining contractual assurances from business partners, making necessary investments, changing company's own business practices, and supporting business partners in complying with their obligations. The specific measures required depend, among other things, on the severity of the negative impact and must be determined on a case-by-case basis. The directive therefore follows a risk-based approach.
The obliged companies must also define a climate plan to align the company's business model and strategy with the achievement of the 1.5 °C target. This obligation can be fulfilled together with the reporting obligations of the existing Corporate Sustainability Reporting Directive ("CSRD").
3. Consequences of Breaches of Duty
In the event of breaches of obligations, the competent national supervisory authorities can impose fines of at least up to 5% of the company's worldwide turnover. The EU Member States are to regulate the details. In addition, offenses can be made public (naming and shaming).
The CSDDD also provides for civil liability in the event of violations. For example, locally injured parties can sue the parent companies at the end of the activity chain in the EU for damages.
4. Comparison with the German Supply Chain Act (LkSG)
In Germany, the LkSG already regulates certain due diligence obligations for companies in the supply chain, but these differ from the CSDDD in key respects. The CSDDD is expected to be implemented by amending the LkSG, which only came into force on 1 January 2023, or by passing a new law.
The lowered thresholds in the compromise text have significantly harmonized the scope of application of the CSDDD and the LkSG. The regulations apply to companies with 1,000 employees or more. The CSDDD additionally requires a minimum turnover of EUR 450 million in the last financial year.
The CSDDD also provides for due diligence obligations with regard to downstream supply chain, whereas the LkSG only imposes obligations for a company's own business area and towards suppliers (i.e. the upstream supply chain). The civil law liability provided for in the CSDDD in the event of breaches of duty is also foreign to the LkSG. In addition, compliance with the obligations under the LkSG can serve as a criterion for the award of public contracts and as a sanction, companies can be excluded from participating in tender procedures.
5. Outlook
The obligations of the CSDDD do not apply immediately but must be transposed into national law within two years. Nevertheless, companies should already consider the requirements of the CSDDD now and review the extent to which a revision of compliance and risk management systems as well as contractual documentation is necessary. It can also avoid duplication of effort if the CSDDD is already taken into account when implementing the LkSG.