Expert insights by Dr Rachel Widdis, Director EMEA, Article One and Adjunct Assistant Professor Business and Human Rights, School of Law, Trinity College Dublin.
In a watershed moment for future practice, the EU has signaled that it intends to lead with responsible business conduct. The EU Commission proposal for the Corporate Sustainability Due Diligence Directive was published on 23rd February 2022. The key takeaways are the arrival of obligations to conduct human rights and environmental due diligence, and the introduction of a duty of care for Directors acting in the interests of the company to take into account the human rights, climate and environmental consequences of their decisions through to the long term. Directors would be responsible for putting in place and overseeing a due diligence policy and related actions. The proposal is more ambitious than existing due diligence laws. It is not just about reporting and provides for mechanisms of corporate accountability for due diligence. In addition, large EU and non-EU companies coming within its scope need to have a plan in place to ensure that their business strategy is compatible with limiting global warming in line with 1.5 degrees Celsius in the Paris Agreement.
Preparatory negotiations have been intense, prompting public commitments of support by both large and smaller businesses and across industry sectors, as well as investors. Both citizen polls and the public consultation were overwhelmingly supportive. Equally, many companies have taken a view on how their business is best conducted, and have moved to adopt, or are adopting, robust due diligence policies. A recognized framework is also needed to avoid fragmented and differing rules across the EU, France, Germany and Norway have already passed due diligence style laws, and there are legislative developments in multiple European states.
"The proposed Directive is more ambitious than existing due diligence laws."
In short, supply chain due diligence is moving from soft ‘advised’ to hard ‘required’.
The proposal sets down a due diligence process for companies to adopt, and actions to take regarding identifying, preventing, mitigating, minimizing and bringing to an end potential or actual adverse impacts on listed rights and prohibitions contained in international human rights agreements, and violations of prohibitions and obligations in selected environmental conventions. Companies coming within scope would be required to integrate due diligence into all their corporate policies, have in place a due diligence policy in place, and to update this at least annually.
Around 9,400 EU companies, with over 500 employees and 150 million euro net worldwide turnover, will come within its scope according to the Commission. It is expected that about 2,600 non-EU companies with over 150 million euro net turnover generated in the EU would be included, which will be crucial to promote a level playing field. Two years after these companies in ‘Group 1’, the rules would extend to ‘Group 2’. This would include EU companies with over 250 employees and over 40 million euro net worldwide turnover, if at least 50% of this turnover was generated in one or more of three ‘high impact’ sectors including textiles, agri-food and extraction of minerals. Non-EU companies with a net turnover of more than 40 million euro generated in the EU are included, again if at least 50% of this EU-turnover is in these ‘high impact’ sectors. In Group 2, EU and non-EU companies would only be required to identify actual and potential severe adverse impacts relevant to the respective ‘high-impact’ sector. For both Groups, non-EU companies are not subject to the employee threshold. A further exception is introduced for financing and parts of the financial sector. Specifically, due diligence is limited to before financing is concluded and not, as it should, over the life of a facility, consistent with some existing practice and the UN Guiding Principles on Business and Human Rights (UNGPs).
This Proposal will not (directly) apply to micro companies and SMEs, which constitute the vast majority of companies in the EU. However, effects can be expected in practice because, where relevant, companies that are within scope should get contractual assurances from their direct suppliers that they will both abide by its code of conduct, and in turn cascade contractual assurances to business partners down the value chain. Although the company must verify compliance, this may be done via industry schemes or third parties. Contractual cascading is controversial. Acknowledging that due diligence will require company resources, the overarching aim is to prevent harm occurring in the first place, and to promote company policy and practice consistent with that aim. Sub-par verification has, and will have, real and tragic consequences.
Due diligence obligations cover companies’ own operations, subsidiaries, and ‘established’ direct and indirect business relationships across their value chain. Here, value chain covers activities related to production of goods and services, as well as the related activities of upstream and downstream established business relationships of the company. The introduction of the concept of ‘established’ business relationships promises to be tricky. These are defined as direct or indirect business relationships ‘which are expected to be lasting in view of their intensity or duration’. The key is ’lasting’, even if it’s not a direct contractual relationship. On the face of it, it would exclude significant but short-term business relationships.
The Annex sets down the scope of adverse human rights and environmental impacts, listing violations and prohibitions contained in international human rights agreements and ILO Conventions, such as labour rights, civil rights and the rights of the child. Separately, violations of internationally recognised objectives and prohibitions included in selected, limited, environmental conventions are listed, some of which form part of the German Act.
Directors’ Duty of Care
For EU companies within scope (Group 1 and Group 2), a Director’s Duty of Care is introduced. Directors acting in the interests of the company would have to consider the human rights, climate and environmental consequences of their decisions through to the long term. Member States are to ensure that their laws, regulations and administrative provisions providing for a breach of directors’ duties also apply to this provision. For these companies, directors would be responsible for putting in place and overseeing the implementation of a due diligence policy and actions ‘with due consideration for relevant input from stakeholders and civil society organisations’, and report to the board on it. If the company links directors’ variable remuneration to their contribution to long-term sustainability, it should take into account fulfilling their corporate climate change plan. Notably, the directors’ aspects are reduced relative to prior discussions.
Broadly, the proposal aligns with UNGP concepts and OECD Guidance for high-risk sectors, with some notable gaps outlined below. Companies will have to monitor the effectiveness of their due diligence process, update it based on that assessment, and publicly report at least annually. They will also have to maintain a complaints mechanism for those potentially affected by an adverse impact on human rights or the environment, and trade unions and civil society organisations connected to the value chain.
Amongst aspects which should, and may, be more prominent in the final version, is increasing engagement with stakeholders. While it is threaded into the proposal, such as when companies are identifying risks and developing prevention and corrective action plans, stakeholder engagement lacks the breadth and weight in the UNGPs and EU Parliament recommendations. The proposal includes detailed provisions concerning actions companies should take regarding adverse impacts, such as implementing these preventive or corrective action plans. Surprisingly, it does not track the UNGPs emphasis on ‘severity’ of risks to others, companies’ connection to a harm, using leverage with business partners linked to an adverse impact, and terminating business relationships as a last resort. Administrative sanctions are provided. Fines are linked to turnover, but levels are unspecified, raising the risk of different regimes in different states.
Provisions for enforcement by competent national authorities are potentially robust, if actually implemented. Overall, the design aims to make it difficult to plead lack of awareness, as the requirements are based upon adverse impacts which have been, or should have been, identified in line with a company’s obligations under the Directive. The proposal obliges states to provide for civil claims if a company fails to comply with due diligence obligations and, as a result, an adverse impact leads to damage. It is in turn linked to actions taken on contractual cascading and verifying compliance, and their reasonableness in the specific circumstances, to prevent, mitigate, minimise or end the harm. Including civil liability is crucial and was hard won, but in practice for those negatively impacted by business to overcome existing barriers and access remedy, more supports are required.
"The design aims to make it difficult to plead lack of awareness, as the requirements are based upon adverse impacts which have been, or should have been, identified in line with a company’s obligations under the Directive."
Finally, this is not the end of the journey. Now, the proposed Directive advances through the EU law- making process. We don’t know how long an agreed final version will take, but there is significant impetus behind getting there. Once finalised, Member States will have two years to enact legislation to give effect to the Directive in national law. Soundings indicate laws in force at national level by 2026 for larger companies and extending to the second group of companies in ‘high risk’ sectors by 2028. Its final span could be greater in two ways. Firstly, the EU Parliament presses for more comprehensive provisions akin to its recommendations. Secondly, the EU Directive will provide a framework, which is a ‘floor’, but individual Member States can go further when enacting national law.