you are being redirected

You will be redirected to the website of our parent company, Schönherr Rechtsanwälte GmbH :

20 March 2024

EU's Corporate Sustainability Due Diligence Directive is here to stay

Following heated debates among various political stakeholders and unprecedented back and forth, the EU Council ultimately endorsed a final compromise text on the Corporate Sustainability Due Diligence Directive (the "CSDDD") on 15 March 2024. Meaningful concessions were made to win the required majority of EU Member States. The EU Council's vote is a significant milestone in the legislative process. Today it is clear that the CSDDD is here to stay, and companies must adapt to the new obligations.

What is the CSDDD about?

The CSDDD is a proposed EU law requiring companies that are active in the EU to (i) conduct due diligence to identify and assess actual and potential environmental and human rights adverse impacts across their chain of activities, and (ii) prevent and mitigate them or bring them to an end.

What specifically constitutes an environmental or human rights adverse impact is based on various international conventions, listed in the Annex to the draft directive. The CSDDD thus covers a wide range of human rights and environmental issues, such as forced labour, child labour, deforestation, biodiversity loss and climate change. It also requires companies to adopt and put into effect a transition plan for climate change mitigation.

Which companies are targeted by the CSDDD? 

The CSDDD applies to large companies established in the EU or having significant operations in the EU, as well as to ultimate parent companies of groups of companies that meet certain thresholds. The thresholds have been significantly increased compared to the initial proposal and the CSDDD will no longer specifically target high-risk sectors.

According to the most recent text, the CSDDD specifically applies to EU companies that have more than 1,000 employees and a net worldwide turnover above EUR 450m. In terms of timing, the CSDDD provides for different transition periods for its application:

  • From 2027: companies with over 5,000 employees and EUR 1,500m turnover;
  • From 2028: companies with over 3,000 employees and EUR 900m turnover;
  • From 2029: companies with over 1,000 employees and EUR 450m turnover

Non-EU companies are affected if they generate a net turnover of at least EUR 450m in the EU in the previous financial year. The CSDDD also applies to companies that have (i) entered into franchising or licensing agreements in the EU in return for royalties amounting to more than EUR 22.5m in the EU, and (ii) a net turnover of more than EUR 80m. According to estimates, the new threshold will target more than 5,000 companies.

Notably, the CSDDD will also indirectly affect companies below these thresholds, since in-scope companies are likely to actively involve their (smaller) business partners in their due diligence assessments.

What are the obligations and sanctions under the CSDDD?

The CSDDD requires in-scope companies to conduct risk-based human rights and environmental due diligence. This includes the following: (i) integrating due diligence into their policies and risk management systems; (ii) identifying and assessing actual or potential adverse impacts; (iii) preventing and mitigating potential adverse impacts; (iv) remedying actual adverse impacts; (v) engaging with stakeholders; (vi) establishing and maintaining a notification mechanism and complaints procedure; (vii) monitoring the effectiveness of their due diligence measures; and (viii) communicating publicly on their due diligence.

The due diligence process covers the companies' own operations, those of their subsidiaries, and those of their direct and indirect business partners in their chains of activities (including up- and downstream).

The directive provides for two systems of control. First, Member States are required to designate a national supervisory authority (public enforcement). The authority will have investigative powers and the ability to impose penalties for infringements (up to 5 % of the company's global net turnover). Second, the CSDDD establishes a civil liability regime for damages caused by a breach of the due diligence obligations (private enforcement), which provides a right to full compensation.

What are the next steps? 

From a legislative perspective, the CSDDD needs to be approved by the European Parliament, which is expected in April 2024. If the European Parliament adopts the current version, the CSDDD will enter into force 20 days after its publication in the Official Journal of the EU. Member States will have two years to transpose it into their national laws.

The adoption of the CSDDD is a call to action for companies to (re-)assess their chains of activities and evaluate possible adjustments to their business practices. In-scope companies will have to implement a "CSDDD-proof" compliance management system. But even companies below the thresholds should be prepared how to deal with their in-scope business partners. Despite the added burdens, it is prudent for companies to promptly take necessary actions.

authors: Johannes Frank, Carina Fürnkranz, Stefan Holub