The EU’s Corporate Sustainability Due Diligence Directive

Click here to read about Progress on the EU Corporate Sustainability Due Diligence Directive.

'Sustainability' goes beyond just climate, and the role that businesses can play in protecting both the environment and supporting broader issues such as human rights has caught the attention of politicians, investors, consumers, and other stakeholders. The European Commission, via its proposed Corporate Sustainability Due Diligence Directive (CSDDD), has put forward a legislative framework to oblige companies — including those in financial services — to demonstrate what action they are taking to protect the environment and human rights.

If adopted, the CSDDD would introduce requirements for companies to identify and prevent, bring to an end, or mitigate the actual and potential impacts of their activities on the environment and on human rights abuses. It would oblige them to conduct due diligence not just on their own operations, but also on the activities of their subsidiaries and other entities in their value chains with which they have direct and indirect established business relationships. They would need to develop and implement ‘prevention action plans’, obtain contractual assurances from their direct business partners that they will comply with the plans, and subsequently verify compliance.

The proposal would capture the following companies:

• Group one: EU companies with more than 500 employees and a net worldwide turnover of more than EUR 150 million in the last financial year.
• Group two: EU companies with more than 250 employees and a net worldwide turnover of more than EUR 40 million, provided at least 50% of this turnover was generated in a high-impact sector. (`High-impact' is defined by the Commission as manufacturing textiles, engaging in various agricultural activities, and the extraction of mineral resources. See the footnote for more detail¹).
• Group three: non-EU companies that generate a net turnover of more than EUR 150 million in the EU in the last financial year.
• Group four: non-EU companies that generate a net turnover of more than EUR 40 million in the EU, provided at least 50% of worldwide turnover was generated in a high-impact sector.

SMEs would not be directly in scope, but they could be affected in their capacity as contractors or subcontractors to any of the above companies.

As part of its aim to help the EU transition toward a more climate-neutral and green economy, the CSDDD would oblige some companies (those in groups one and three identified above) to ensure their business models and strategies are compatible with the Paris Agreement. Additionally, companies that identify climate change as “a principal risk for, or a principal impact of,” their operations would have to include emissions reduction objectives in their business plans.

For human rights due diligence, the CSDDD would align with existing international standards. These include the UN's Guiding Principles on Business and Human Rights, the OECD Guidelines for Multinational Enterprises, and the OECD Due Diligence Guidance for Responsible Business Conduct.

The proposed directive would be enforced at Member State-level, and two enforcement levers in particular will be of interest to in-scope companies:

• Directors' duty of care: Directors of EU companies would be responsible for overseeing due diligence requirements — and the proposed climate change requirements would be reflected in their variable remuneration. Member States would therefore amend their laws and regulations on directors' duties, adding consideration of “human rights, climate change and environmental consequences” to their existing fiduciary duties. This accountability aspect of the proposal bears similarity with aspects of the UK's Senior Managers and Certification Regime (SM&CR). Firms operating in the UK will be familiar with the kind of individual accountability requirements proposed under the CSDDD. The PRA's supervisory statement (PDF 880 KB) (SS3/19) set the expectation for firms to allocate responsibility for identifying and managing the financial risks of climate change to relevant Senior Management Functions (SMFs). The expansion of directors' duties in the EU may similarly give EU authorities more scope to make individual directors accountable for their companies' operations. The details of the EU's regime are still to be negotiated, but it is clear that the EU is aiming to achieve senior-level responsibility, akin to the SM&CR, either via supervisory enforcement action or the use of soft supervisory powers.
  
• Civil liability: companies would be liable for damages if they fail to comply with obligations to prevent, bring to an end, or mitigate any potential adverse impacts — including where any failure subsequently leads to an adverse impact that could have been avoided. Sustainability-related litigation is already a growing concern for many companies, and the CSDDD could add to this burden.

The CSDDD was proposed by the European Commission in February 2022 and is moving through the European Union legislative process. In December 2022, the European Council finalised its position (PDF 827 KB), materially amending the scope of the Commission's proposal and suggesting a less punitive approach to the enforcement measures:

• Scope: the Council made amendments to add a three-year phase-in period and narrowed the scope, to capture only:
  • EU companies with more than 1,000 employees and EUR 300m net worldwide turnover (both criteria being met for two consecutive financial years), and
  •  non-EU companies with EUR 300m net turnover generated in the EU.
• Directors' duty of care: the Council deleted the original proposal from the Commission on due diligence falling under directors' duty of care. It notes the "inappropriate interference with national provisions regarding directors' duty of care" and the potential to undermine their "duty to act in the best interest of the company". Instead, the Council proposes that due diligence processes be incorporated into risk management systems and company policies. Additionally, it deleted the original proposal to base variable remuneration on directors' contributions to sustainability. The Council noted that "directors' remuneration are matters primarily falling within the competence of the company and its relevant bodies or shareholders".
• Civil liability: the Council clarified the four conditions that must be met for a company to be held liable:
  •  Damage caused to a natural or legal person
  • Breach of the duty
  •  A causal link between the damage and the breach of the duty
  • A fault (intention or negligence)

The European Parliament is expected to vote on its formal position later in 2023, then legislative negotiations can begin. Based on recent votes by the Parliament's Economic and Monetary Affairs Committee (ECON) and Environment Committee (ENVI), it is likely that MEPs will vote to expand, rather than narrow, the scope of the CSDDD. There may also be moves to add financial services as a “high-impact” sector. 

It is also worth noting that, since the Commission first published its proposal, the Taskforce for Nature-related Financial Disclosures has been developing its framework and the Kunming-Montreal Global Biodiversity Framework was agreed at the UN's COP15 conference. Amendments from the European Parliament could therefore include nature and biodiversity as well as climate-related objectives, if MEPs are inclined to expand the scope to cover broader environmental issues.

The CSDDD may be subject to negotiations in a number of areas, but it is clear that the Commission, Council and Parliament all agree that corporate due diligence has an important role to play in sustainability. The Directive is unlikely to come into force until 2025 at the earliest, but given the political moves to make progress in this area, FS firms may find it helpful to pre-empt any mandatory actions and consider how some of their existing practices could be improved to align with the overall trajectory of the CSDDD. Examples could include:

• Reviewing how director-level responsibilities are currently prescribed, and if there is any room for clarity in their governance maps when it comes to `sustainability' ownership; and
• Identifying any existing business practices that could be improved to demonstrate due diligence. General insurers in particular should take note and review their exposure management across multiple sectors, given their role in underwriting liability risks. Asset managers may wish to consider how their existing due diligence over investee companies could need to be enhanced.