Corporate Sustainability Due Diligence Directive (CS3D) – Summary of Scope and Requirements:
Purpose and Scope:
- Aim of the CS3D is to ensure companies prevent and mitigate adverse human rights and environmental impacts within their operations and throughout their supply chains.
- Applies to large EU-based companies (those with over 1,000 employees and annual global turnover exceeding €450M) and non-EU companies with “significant operations in EU” (those with annual turnover in the EU exceeding €450M)
Core Requirements:
- Due Diligence Framework: Companies must establish and maintain due diligence processes to monitor and address risks within their operations
- Policy Integration: Embedding due diligence into corporate strategies and governance should be carried out to ensure continuous evaluation of risk
- Public reporting: Obligations include publishing comprehensive reports on due diligence activities annually
Implementation Timelines:
EU member states must transpose the directive into national law within two years of its entry into force. Compliance with the Directive will be introduced in stages, as follows:
- By Mid-2027: Companies with over 5,000 employees and net global turnover exceeding €1.5B.
- Mid 2028: Companies with over 3,000 employees and net global turnover exceeding €900M.
- Mid 2029: Companies with over 1,000 employees and net global turnover exceeding €450M.
Enforcement and Liability
- Non-compliance can lead to investigations by both national and EU authorities which can lead to potential civil liability
- The Directive incorporates provisions to ensure victims of corporate abuses can seek remedies through legal aid.
Supporting Small and Medium Enterprises (SMEs)
- While SMEs are not directly obligated under the Directive, they may be affected indirectly through their roles in the supply chains of larger companies, which are required to assist them in compliance efforts.
The Directive represents a significant step in aligning corporate activities within sustainable and ethical practices, reinforcing the EU’s commitment to environmental and human rights standards.
On May 24, 2024, the Council of the EU approved the Directive on Corporate Sustainability Due Diligence (the “CS3D” or “Directive”). This was the final step in the decision-making procedure, after the European Parliament adopted the text on April 24, 2024.
The new Directive mandates that larger corporations operating within the EU market establish and implement comprehensive due diligence measures. These measures must cover not only their own operations but also extend to their subsidiaries and both direct and indirect business partners throughout their supply chains. The goal is to identify, prevent and mitigate adverse impacts on human rights and the environment. Failure to comply with the requirements may expose companies to civil liability.
The CS3D was initially presented in 2022 as part of the European Green Deal. Its adoption followed months of intensive debates and negotiations among EU institutions and EU Member States. The objective was to strike a balance between rigorous supply chain monitoring and minimizing regulatory burdens on small and medium-sized enterprises (SMEs). The Directive establishes a baseline for supply chain due diligence laws across the EU, building on pre-existing regulations in some Member States, such as France and Germany. Member States are expected to transpose the CS3D into national law by 2027.
Overall, the scope of application of CS3D reflects:
- The EU legislator’s intention to only capture companies for which due diligence in supply chains is absolutely necessary, i.e., the largest companies operating in the Union.
- The nature of the due diligence should not come as a surprise to these global companies as they are very much in line with existing legislation and international norms/standards.
- Any failure to engage in risk management exercises will be investigated by the national competent authority and may result in civil lability before the courts.
Impact of the CS3D
Applicable Companies:
The CS3D primarily targets the largest companies operating in the EU market. The Directive applies to different categories based on company size and geographic presence:
EU-Based Companies
- EU companies must comply with the CS3D if they have more than 1,000 employees and had a global turnover exceeding €450M in the last financial year.
- The parent company of a group that reaches the above thresholds is also subject to the Directive’s requirements.
- Companies (or ultimate parent companies of a group) which, in the last financial year, engaged in franchising or licensing in the EU with royalties exceeding €22.5M and a net global turnover exceeding €80m are also subject to the Directive.
Non-EU Companies
- Foreign companies (or ultimate parent companies of a group) fall under the CS3D if they (or the group) generated more than €450M in net turnover within the EU market in the last financial year, regardless of their global employee count.
Sector and SME considerations
- The CS3D does not include specific provisions for any industry, focusing solely on company size and turnover thresholds.
- While SMEs are generally exempt, they may still be indirectly affected as suppliers or partners of larger companies that must comply with the CS3D. In such cases, larger firms are expected to provide appropriate support to SMEs to help them meet compliance standards.
Addressing Abuses
The CS3D seeks to curb the adverse impacts that a company’s supply chains can have on human rights abuses and environmental abuses.
Human Rights Abuses
The Directive defines human rights abuses as those listed in its Annex or referenced in the 1966 International Covenants, the Convention on the Rights of the Child, and the Core conventions of the International Labour Organization (ILO).
Environmental Abuses
Environmental abuses mean breaches of prohibitions and obligations outlined in the Directive. Unlike human rights abuses, the evaluation of environmental abuses also requires consideration of related national laws and regulations that implement international environmental agreements.
The CS3D provides for a detailed enumeration of covered human rights and environmental abuses, enhancing legal clarity and restricting broad judicial interpretation. This specificity addresses previous criticisms of vagueness in national supply chain laws and ensures companies clearly understand their due diligence responsibilities.
Compliance with CS3D: Steps for In-Scope Companies
Implement international business and human rights standards
The CS3D requires companies to adopt a risk-based approach to human rights and environmental due diligence. This means identifying, assessing, preventing, and mitigating both actual and potential adverse impacts within their supply chains.
Companies should integrate established international standards such as the UN Guiding Principles on Business and Human Rights and the OECD Guidelines for Multinational Enterprises into their operations. These guidelines provide a robust framework that aligns with the Directive and can streamline compliance efforts without the need to develop new standards from scratch.
To support such due diligence, companies will also need to engage with stakeholders (including employees, affected communities and civil society organizations) and establish internal grievance mechanisms. Companies must also monitor the effectiveness of their due diligence and measures to mitigate human rights and environmental impacts, and publicly report on their due diligence policies.
Establishing a Risk Management System
To comply with the CS3D, companies must implement a comprehensive risk management system. This system will underpin their due diligence policy and provide a structured approach to addressing potential adverse impacts.
Key steps include:
- Defining the Due Diligence framework: Develop a clear due diligence policy and code of conduct that applies across the entire supply chain.
- Integration and Enforcement: Ensure that the due diligence policy is incorporated into all relevant company policies and that the code of conduct is enforced throughout operations.
- Mapping and Assessing Risks: Conduct detailed assessments of the company’s activities, its subsidiaries, and business partners, focusing on areas where the risk of adverse impacts is highest.
- Prioritizing and Addressing Risks: Concentrate on the most severe risks, taking steps to prevent or mitigate potential adverse impacts. For actual adverse impacts, companies are required to take appropriate measures to bring these impacts to an end or minimize their severity, with a commitment to providing remediation if the company is responsible.
Developing a Transition Plan
Companies must also adopt and implement a “transition plan” to align their business strategies with EU climate goals. This plan should outline how the company will contribute to limiting global warming to 1.5°C and achieving climate neutrality by 2050, including interim targets.
The transition plan should include:
- Time- bound targets: Set clear emission reduction targets for 2030 and every five years up to 2050.
- Emission Categories: Define reduction goals for scope 1, scope 2 and relevant scope 3 GHG emissions.
- Decarbonization Strategies: Identify key actions and investments required to meet the targets.
- Governance and Oversight: Detail the role of the company’s leadership in overseeing the implementation of the transition plan.
Companies already reporting under the Directive 2013/34/EU on sustainability disclosures, or their subsidiaries included in such reports, may already meet some of these transition plan requirements.
Consequences of Non-Compliance with the CS3D
In-scope companies must ensure compliance with the CS3D by reporting to the relevant national supervisory authorities. These authorities have the power to request information and conduct investigations into a company’s adherence to its CS3D obligations, including the implementation of its transition plan. Investigations can be initiated either by the authorities themselves or in response to credible allegations from third parties regarding potential breaches.
Failure to comply with the CS3D may result in several consequences:
- Remedial Actions: Companies may be required to undertake corrective measures within a specified timeframe, either voluntarily or as directed by the supervisory authority.
- Penalties: Non-compliance can lead to financial penalties of up to 5% of the company’s net worldwide turnover.
- Civil Liability: Companies may face civil liability if they intentionally or negligently fail to prevent or address adverse impacts. This liability applies if the breach causes damage to individuals or entities protected under national law
The CS3D framework favors administrative enforcement by national supervisory authorities, similar to the approach under the German Law. This ensures a standardized and consistent application across the EU through the coordination of the European Network of Supervisory Authorities. Courts, on the other hand, will handle tort cases based on CS3D violations.
Regarding civil liability, companies can be held responsible for damages if they:
- Negligently or Intentionally Breached Obligations: The company must have failed to prevent or stop potential adverse impacts when such impacts concern rights or obligations are protected under the CS3D.
- Caused Legal Damage: The breach must directly result in damage to the legal interests of the affected party, as protected by national law.
Notably a company is not liable if the damage was solely caused by its business partners within the supply chain, rather than by the company’s own actions.
The comprehensive approach aims to balance immediate regulatory oversight with the necessity for legal redress, ensuring robust enforcement and legal certainty across the EU.
For further information, please contact:
Vassilis Akritidis, Partner, Crowell & Moring
vakritidis@crowell.com