After a lengthy legislative process, the EU adopted the Corporate Sustainability Due Diligence Directive (also known as CSDDD or CS3D) this summer. CS3D imposes obligations on large corporations to implement human rights and environmental due diligence procedures across their operations and value chains and to adopt and put into effect climate transition plans.
CS3D did not come out of the blue. The accountability of transnational corporations has been a long-standing topic. International efforts to establish global human rights standards for corporations date back to the 1970s. In 1976, the OECD adopted the Guidelines for Multinational Enterprises, the first set of recommendations on responsible business conduct. The UN also adopted its own standards, the Guiding Principles on Business and Human Rights, but only in 2011. Both of these soft law instruments outline steps for companies to address human rights violations and environmental damage in their operations and supply chains. Recently, countries like Germany, France, and the Netherlands have gone further by enacting binding national laws requiring companies to conduct human rights due diligence.
Some argue that the CS3D is yet another regulatory burden on European corporations, potentially further hindering European competitiveness. Others believe it is high time to hold large corporations accountable for what happens in their supply chains, especially in developing countries of the Global South with limited law enforcement. Regardless of one’s stance on the debate, the CS3D is undeniably groundbreaking legislation in many respects.
Let’s take a closer look at what it entails.
The due diligence process required by the CS3D is comprehensive and multi-step. The focus is on preventing and remediating actual and potential human rights and environmental adverse impacts across companies' operations and value chains. Adverse impacts are defined with reference to rights, prohibitions, and obligations enshrined in international human rights and environmental treaties (an adverse impact is a violation or breach of a respective right, prohibition, or obligation). While these international treaties have been in place for years, they have traditionally been directly binding only on states – not on non-state actors, such as companies. In this respect, the CS3D is groundbreaking because it directly obliges companies to protect these rights.
The due diligence process includes the following steps:
1. Integrating due diligence into policies and risk management systems
2. Identifying and assessing adverse impacts
3. Preventing and mitigating potential adverse impacts
4. Remediating actual adverse impacts
5. Establishing a notification mechanism
6. Monitoring effectiveness
7. Publicly communicating on due diligence efforts
Additionally, companies should also engage with stakeholders throughout the DD process.
Since "due diligence" is highlighted in the directive's name, it naturally draws the most attention. However, the directive also introduces another significant obligation: adopting and actively implementing climate transition plans. These plans must ensure that a company’s business model and strategy align with a sustainable economy and the goal of limiting global warming to 1.5°C. Similar to the approach to adverse impacts, this represents a substantial shift. Previously, climate goals were set by the EU Climate Law (and internationally by the Paris Agreement), making them binding only for EU Member States – not corporations.
The companies subject to CS3D fall into three main categories:
It is notable that the CS3D has extraterritorial application and will also apply to non-EU companies. Moreover, the directive will impact many companies beyond those directly within its scope. Due diligence requirements will apply to the direct operations and subsidiaries of in-scope companies and extend further to their direct and indirect business partners.
As a directive, CS3D needs to be transposed into national laws to take effect, which will require some time. Obligations will then be phased in based on company size:
The enforcement of the CS3D will involve both administrative and civil liability mechanisms.
Each member state must establish a supervisory authority responsible for overseeing compliance with CS3D obligations. These national supervisory authorities will be coordinated through a European Network of Supervisory Authorities. The determination of penalties for breaching obligations will ultimately be up to the member states. The financial penalties can be expected to be substantial – up to 5% of the company’s net worldwide turnover.
In terms of civil liability, member states must ensure that companies are held liable for human rights or environmental adverse impacts they cause, granting affected individuals the right to full compensation under national laws.
The European Commission stresses that member states should implement the CS3D in a way that would allow enforcement in cases where damage occurs in a third country, in line with international private law. However, because the jurisdiction of the EU (or its member states) does not naturally extend beyond its borders, enforcing the CS3D against companies in third countries within the value chain will have inherent limitations.
CS3D complements other European regulations on corporate sustainability, such as the CSRD, EU Taxonomy, and SFDR. However, "complementary" may not be the most accurate term. The aim of these regulations is to increase transparency about activities of corporations and their impacts on the environment and society. The CS3D, however, goes one step further and aims to increase accountability of corporations for actions in their operations and value chains with respect to the environment and human rights.
Since a comparison of the regulations, especially the CSRD and CS3D, would be for a separate blog post (and likely will be), in short: due diligence (under the CS3D) is a source of information for the content of reporting (under the CSRD). Conducting due diligence on human rights and environmental risks under the CS3D will help companies identify key impacts, which are then disclosed in CSRD sustainability reports. This will ensure that sustainability reporting reflects actual risk-based actions and mitigations, thereby enhancing accountability and transparency.
And from a more practical perspective, both directives require a coordinated approach in terms of strategy, risk assessment, stakeholder engagement, and data management.
Without a doubt, the CS3D marks a significant advancement in corporate accountability and sustainability. Unlike previous regulations aimed at increasing transparency and enabling investors, end-users, and consumers to make informed decisions, the CS3D places direct accountability on companies.
In a way, it may seem there is a lot of time before the rules actually come into effect. However, the CSRD is coming into effect for large companies from 2025 and many of them will also fall under CS3D. Since the requirements of the two directives are somewhat intertwined, coordinating the implementation of both directives can be both time- and cost-efficient.
