Key aspects of the proposed legislation
Extensive binding due diligence obligations covering three key areas
The directive proposed by the European Parliament would introduce mandatory supply chain due diligence obligations, which would require every business within its scope to “carry out effective due diligence with respect to potential or actual adverse impacts on human rights, the environment and good governance in their operations and business relationships.”
Businesses would first be required to identify and assess, by means of a risk based monitoring methodology, any aspect of their own operations (including their business relationships and investment chains) or those of their supply chains (together, their "value chain") that:
- could cause or contribute to any actual or potential human rights violation (including, for example, breach of social, trade union or labour rights); or
- could cause or contribute to any actual or potential environmental harm (such as by contributing to climate change or deforestation); or
- are or could be contrary to good governance (such as corruption or bribery)
(collectively defined as "adverse impacts").
Second, businesses would be required to establish and effectively implement an on-going due diligence strategy to specify the "severity, likelihood and urgency" of any potential or actual adverse impacts in their value chain, and adopt proportionate policies and measures to cease, prevent or mitigate them. When establishing and implementing their strategy, they would be required to engage in meaningful and effective consultation with a wide range of stakeholders (including trade unions). In addition, they would have to map their entire value chain, as well as disclose certain non-confidential information regarding both their due diligence strategy and their value chain.
A business would only be exempt from these onerous obligations if it could publish a statement concluding that, based on its due diligence inspection, it does not cause, contribute to, or have a direct link to any potential or actual adverse impacts.
Every business subject to the legislation would also be required to ensure that:
- all business relationships throughout its value chain (namely, all subsidiaries, suppliers and sub-contractors which are directly linked to its business operations, products or services) put in place and carry out human rights, environmental and good governance policies that are in line with its own due diligence strategy, for example by means of framework agreements, contractual clauses, codes of conduct or audits; and
- its purchasing policies do not cause or contribute to any potential or actual adverse impacts.
Under the new legislation, businesses would be required to provide a grievance mechanism to allow stakeholders to raise concerns about any actual or potential adverse impacts. This mechanism, which must take into account the views of stakeholders, would work both as an early warning mechanism to highlight risks and as a system for the negotiation and oversight of remediation.
The grievance mechanism must be "legitimate, accessible, predictable, safe, equitable, transparent, rights-compatible, and adaptable" and allow for anonymous reporting, as well as timely and effective responses to stakeholder concerns and warnings. In addition, it must not prevent victims from seeking redress through the courts.
Enforcement and remedies
Member States would be required to designate one or more national authorities to implement and enforce the directive. Businesses would be required to remedy (or cooperate with the remedy of) any adverse impact they have caused or to which they have contributed. Such remedy could entail financial or non-financial compensation, reinstatement, public apologies, restitution, rehabilitation or a contribution to an investigation. A business may also be required to guarantee that the harm in question will not be repeated. Any particular remedy must be determined in consultation with affected stakeholders and must not prevent such stakeholders from bringing civil proceedings in accordance with national law.
Sanctions for non-compliance
Member States would be required to adopt sanctions mechanisms for businesses that fail to comply with their obligations under the directive or fail to take any necessary remedial action within the time specified. Such sanctions could include administrative fines based on turnover and/or exclusion from public procurement, state aid and other public support schemes. They could also include a temporary suspension of activities, and even a ban on importing goods into the EU where such failure could lead to irreparable harm (for example, where the activity is linked to severe human rights violations such as forced or child labour).
Member States would also be required to adopt civil liability regimes to ensure that businesses are held liable for any harm arising out of potential or actual adverse impacts that they, or undertakings under their control, have caused or contributed to, whether by their actions or omissions. In addition to these very broad grounds for an action, the proposed legislation would also impose a stringent burden of proof on businesses. Compliance with the due diligence requirements would not itself operate as a defence to a civil action; to avoid liability a business would have to prove that it had taken all due care in line with the directive to avoid the harm in question, or that the harm would have occurred even if all due care had been taken.
The European Parliament has recommended that the new due diligence and accountability obligations apply to all large undertakings governed by the laws of an EU Member State or established within the European Union, regardless of sector, as well as to all publicly listed SMEs and SMEs operating in a high-risk sector.
It has further recommended that the directive apply to all equivalent categories of businesses that are established outside of the EU if they sell or supply goods or services within the European single market. Failure to do so, it asserts, would allow companies established in countries that provide lower protection standards to have an unfair competitive advantage over companies established within the EU.
The proposed legislation would extend significantly the due diligence and accountability obligations of a wide range of businesses, including those established outside of the EU. Any business that is established in a non-EU country (such as in the UK) would have to prove that it complies with these new stringent obligations in order to be able access the European single market.
In October last year, the European Commission consulted on its own initiative to introduce legislation on sustainable corporate governance. The consultation, which closed in February 2021, is reported to have attracted thousands of responses.
These legislative initiatives come at a time of increased pressure on businesses and regulators to address environmental, social and corporate governance concerns, pressure that has already lead a number of countries to introduce or consider introducing their own mandatory laws on corporate supply chain duties of care. In Germany, for example, the draft law on Corporate Duties of Care in Supply Chains (commonly known as the Supply Chain Act) was passed by the federal cabinet on 3 March 2021 and is expected to come into force on 1 January 2023.
Given the scope of the obligations proposed by the European Parliament, businesses will await with interest the European Commission's formal legislative proposal, which is expected to be tabled in June, not only to see the extent to which it has been influenced by the European Parliament's proposal but also how it will interact with the various national laws.
Sign up to our email digest