The EU Corporate Sustainability Due Diligence Directive ("CSDDD") directly and indirectly affects all companies, regardless of their size or sector. Accordingly, there has been a great deal of interest in recent weeks in the question of whether or not the CSDDD actually is coming.
On 15 March 2024, the European Council gave the answer: Yes, the CSDDD is coming. And soon, if the EU Parliament and the EU Commission approve the changes.
We took a look at the details and what will happen next.
The mechanics of the final text are unchanged compared to the previous versions. This means the following:
- Companies must screen and manage their suppliers risk-based. If they identify a negative impact on the environment or human rights, they are obliged to take action. As a last resort, the suspension or even termination of contracts is mandatory.
- It is therefore crucial to determine what is meant by a negative impact on the environment or human rights.
- For negative impacts on human rights, there is a comprehensive reference to international conventions under international law, e.g. the International Convention on Economic, Social and Political Rights or core conventions of the International Labor Organization. On the other hand, there is a list of selected particularly important rights, e.g. unequal pay for equal work.
- Negative impacts on the environment include a variety of measurable negative environmental impacts. For example the obligation to prevent or minimize negative impacts on biodiversity or the illegal handling of waste.
- Anyone who violates the CSDDD risks administrative penalties with a minimum maximum penalty of 5 % of global consolidated turnover. In addition, civil law liability (damages), lawsuits from NGOs, lawsuits from competitors and - unregulated, but nevertheless particularly painful - reputational damage.
New in the final text are the higher thresholds:
- In order to be covered by the law, on a consolidated basis more than 1,000 employees must be employed and more than EUR 450 million in turnover must be generated.
- There are different transition periods for different company sizes: Starting at three years (>5000 employees/>EUR 1500 million turnover), over four years (>3000 employees/>EUR 900 million turnover) and up to five (>1000/>EUR 450 million turnover) years. Note: The period is calculated from the publication/entry into force of the CSDDD. And not from the publication of the national implementation law, which will come much later.
The definition of value chain or "chain of activities" is also new:
- The company's own suppliers ("upstream") continue to include direct and indirect partners. Thus, these are also entities with whom the company does not have a contract but is only indirectly connected.
- Insofar as the company is itself a supplier ("downstream"), only the activities "distribution, transport and storage" should be covered. And only the company's own contractual partners are to be controlled. However, the text is very ambiguous here. In our view, the details remain to be seen. Also, whether there will be any clarifications before a decision is made in Parliament. In any case, it is clear that downstream is to be severely restricted compared to upstream.
- According to the definition, financial service providers are completely excluded from "downstream" control. At the same time, the recitals state that the legislator nevertheless expects financial service providers to take negative effects into account and to exert their own leverage in order to influence companies for the better. Apparently, this is also a compromise solution that still needs to be clarified.
In summary, the CSDDD remains very "sharp". The simplifications compared to previous drafts mainly concern the thresholds and the definition of "chain of activities".
In our view, the practical effects of the simplifications are to be seen. Almost all companies will be contractually obliged to implement the due diligence obligations anyway. The increased thresholds will therefore probably have little significance in the medium term. The same applies to the definition of the value chain as long as only downstream is affected by the restriction and all indirect contractual partners continue to be included upstream.
As a result based on the final texxt, the following obligations can be distinguished:
- Establishment of a due diligence system for risk-based screening of suppliers.
- Identification and management of negative impacts on human rights and the environment.
- Implementation of a Climate Transition Plan.
- Publication of annual reports on progress.
Practically speaking, this means the following:
- First comes your own company/group. On a consolidated basis, an ESG policy is needed that determines which values the group adheres to, which values are expected from suppliers and which criteria - based on these values - are used to identify risky suppliers.
- The Climate Transition Plan can also be integrated into the ESG policy if it is not too complex. Two separate documents are recommended for larger groups.
- The Supplier Code of Conduct follows on from the ESG Policy. The values expected of suppliers in the ESG Policy are set out in writing there. It also states which civil law obligations are expected of suppliers. The most important are: Information rights, steering rights, compensation rights, termination rights.
- And then come the suppliers themselves. You start with those where it hurts. Where risks have been identified, a solid basis of information must be provided. If this information base reveals negative effects - actual or potential - action must be taken immediately.
In summary: Preparation for CSDDD is almost exclusively working and re-working contracts.
And the work starts now. The guidelines and model clauses are expected "at the latest" in 2026/2027. Thus, even if they come within the deadline, this will be too late for many. It should be noted, however, that in the past such deadlines for comparable ESG regulations have regularly been pushed back for years, meaning that 2026/2027 is by no means set in stone for the CSDDD either. And even the model clauses do not exempt from knowing your own company and supplier structure and accordingly integrating the model clauses provided by the EU into the own contracts.
A pragmatic, risk-based approach that takes market standards into account is key. At the same time, it is to be expected that the market standard will change massively in the coming months. There is currently still too much text and too little action. 30-page and 50-page supplier codes of conduct, which are not checked by anyone but are sent to all contractual partners, dominate the market in many industries. The CSDDD puts an end to this. It neither demands such an approach, nor does such an approach fulfill the obligations set forth by the CSDDD. Instead: Precise, pragmatic and yet effective implementation will be gold standard.