The Corporate Sustainability Due Diligence Directive is set to completely shake up the sustainability compliance landscape – but what will it mean for you and your business? Consumer products and services regulation expert, Dominic Watkins, Partner and Global Lead Consumer Sector at one of our legal partners DWF, explains all.

How well do you know the 'potential adverse impacts' that your business and supply chain has on people or the environment?

It feels like hardly a day goes by without a new sustainability regulation being proposed, whether here or in the EU.  The pace of change is electric and even though both the UK and EU parliament will have elections in the coming months, this pace shows no signs of abating.

While many people are familiar with the Corporate Sustainability Reporting Directive (CSRD) and its obligations, many seem to have missed its much bigger cousin that is the Corporate Sustainability Due Diligence Directive ('CS3D') that until recently has avoided much press.  If you are in that camp, do not worry, you are not alone.  This article will get you up to speed, introduce you to the concepts and what you need to know, and explain why you will need to know your business in a way like never before.

What CS3D?

The CS3D is a game-changing EU law that shifts the focus on sustainability compliance from words to tangible action on ensuring environmental sustainability and the actual and potential impacts on human rights.  Unlike the reporting variants this is not about accounting or listing some numbers in a report.  This is about a complete or holistic review of not only your supply chain but what until recently was referred to as your value chain, and then acting to remove harm.  It is about action and has the scale of GDPR or modern slavery implementation, but they are but two and this covers about 30 regimes set out in UN Treaties.

Who does it apply to?

This is EU law, so it is focused on big companies established in the EU with more than 500 employees and a net worldwide turnover of €150m.  It includes EU-based ultimate parent companies that don't meet that threshold, but their group does.  This may bring into scope all of those businesses with Luxembourg HQs but no material Luxembourg operations. 

It also includes companies that have at least 250 employees and €40m turnover including €20m in one of the high-risk sectors, which includes manufacture of textiles and footwear and associated products; agriculture and the manufacture of food products and beverages; extraction of mineral sources; and construction, amongst others.  Franchises with royalties over €7.5 million and an EU net turnover of over €40 million are now included. 

You may be thinking "Great! None of that applies to my business, I am established outside the EU."  Well, if you have a turnover of more than €150m in the EU then we have bad news, you are still in scope.  Similarly, if you supply to any EU business that is in scope then you are very likely to be asked to support with the compliance of those you supply. 

What will it do?

The directive is just that, a directive.  It will require local implementation in member states and therefore while the wording of the directive is set, the precise wording may change in the actual law in the specific member state you need to comply in.  The directive requires companies to take appropriate measures to scope out the impacts of their operations, subsidiaries and business relationships, enabling the identification and assessment of actual and potential adverse impacts.

This includes identifying where these impacts are most likely to occur, their severity, and subsequently conducting in-depth assessments of prioritised operations, subsidiaries and business relationships to determine their specific nature and extent.

This means that business will be mandated to:

• Integrate due diligence into their policies and risk management systems

• Identify and assess actual or potential adverse impacts in accordance with Article 6 and, where necessary, prioritise potential and actual adverse impacts

• Prevent and mitigate potential adverse impacts

• Bring to an end, minimise and remedy actual adverse impacts

• Carry out meaningful engagement with stakeholders

• Establish and maintain a notification mechanism and complaints procedure

• Monitor the effectiveness of their due diligence policy and measures

• Publicly communicate on due diligence.

The directive provides more details on how each of those duties are to be met.  For instance, it requires that due diligence policies be developed in prior consultation with the company’s employees and their representatives, and contain all of the following:

• A description of the company’s approach, including in the long term, to due diligence

• A code of conduct describing rules and principles to be followed throughout the company and its subsidiaries, and the company’s direct or indirect business partners

• A description of the processes put in place to integrate due diligence into the relevant policies and to implement due diligence, including the measures taken to verify compliance with the code of conduct and to extend its application to business partners.

This must be updated after any significant changes and updated at least every two years. Of itself it is a substantial piece of work. 

It however is tiny in comparison to the duty to assess actual or potential adverse human rights and actual environmental impacts arising from their own operations or those of their subsidiaries and, where related to their value chains, from their established business relationship partners.

As a part of this, companies have the obligation to: “a) map their own operations, those of their subsidiaries and, where related to their chains of activities, those of their business partners, in order to identify general areas where adverse impacts are most likely to occur and be most severe and b) based on the results of that mapping, carry out an in-depth assessment of their own operations, those of their subsidiaries and, where related to their chains of activities, those of their business partners, in the areas where adverse impacts were identified to be most likely to occur and most severe.”

This is not a doom-saying lawyer exaggerating, this is the actual text of the actual law. It really gives a flavour of the breadth of activity required for compliance here.  This will not be a quick tick box exercise. This will require considerable time, planning, skills and involvement from all over your business and your partners in your supply chain.  

But it does not stop there. The idea is that once mapped and identified, the business will then prevent those adverse effects, and where that is not possible, mitigate the potential adverse effects. This is easy to write, far harder to actually do in any meaningful way.

What are the areas covered?

In terms of ESG subject matter coverage, the due diligence requirements relate to human rights and the environment.  Human rights adverse impacts are presently defined in relation to those rights and prohibitions included in international human rights agreements.  The Annex gives colour to various social factors.  These include, but are not limited to, anti-bribery, anti-corruption, the right to a living wage, forced labour and the rights of the child, and indigenous peoples' rights.

Adverse environmental impacts are currently defined in the proposed text as relating to impacts caused by failing to comply with relevant provisions of environmental laws (as listed in the Annex).  This includes causing environmental degradation that impairs the natural bases for the preservation of food and feed.

Other adverse environmental impacts relate to:

• Climate change

• Biodiversity loss

• Air, water and soil pollution

• Land, marine and freshwater ecosystems degradation

• Deforestation

• Overconsumption of material, water, energy and other natural resources

• Harmful generation and mismanagement of waste, including hazardous substances.

In addition, there is the requirement to not only develop, but also implement a climate transition plan in line with the reporting requirements in the CSRD. This climate transition plan must state:

• The resilience of the company's business model and strategy to climate-related risks

• Climate-related opportunities

• How the company takes account of the interests of its affected stakeholders and the impacts of the company on climate change in its business model and strategy

• How the company is implementing its strategy in regard to climate change, including financial and investment plans; and contain

• Science-based time-bound targets for scope 1 and 2, and (where relevant) scope 3 emissions for 2030, and in subsequent five-year intervals to 2050 with a description of progress made in meeting these.

There is a lot of work to do!

Why should you care?

If you get it wrong, or not mitigate the adverse effects, it will have consequences.  In addition to the brand concerns and fines of five per cent of turnover, there will be the right for consumers to bring claims for five years in relation to the adverse effects, though thankfully not those of business partners in the supply chain.  This, when combined with the implementation of the class actions directive, means that there is a real risk that the current ESG claims are just the tip of the iceberg.

When will it come into force?

In late January the EU wrapped up the trilogue process and locked in the final text which now just needs votes in order to become law.  The timetable intends that on February 13 it will be voted on in the JURI committee.  Then a final vote in plenary will follow, which the MEP responsible for the law suggests is most likely in April.  Despite having cleared nearly all hurdles, objects from Germany and Italy meant that this timetable may slip slightly.

What should you do now?

Start to prepare!  From the date that the CS3D becomes law, which on the current timetable will be before summer, member states have just two years to create their local laws with the expectation that businesses must comply on a staggered basis, starting with the biggest businesses three years after it becomes law. 

That may sound like a long time, but with so much to do that time will fly by.  Due diligence policies and processes will need to be revisited, or in some cases established, to ensure that appropriate measures are put in place to identify, prevent, mitigate, manage and where appropriate cease activities that cause or have the potential to cause adverse impacts to the environment and human rights.

Now is an opportune time to undertake materiality assessments across your value chain and to consider the CS3D in the wider context of your business model, strategy and overall approach to managing ESG risks and opportunities. 

Do get in touch if you would like to discuss how you should be preparing or would like to trial our online CS3D confidence assessment tool. https://dwfgroup.com

 

Dominic Watkins is a Partner and Head of the Consumer Sector at global integrated legal and business services provider, DWF. He is an experienced regulatory lawyer focusing on regulatory compliance and defence, particularly in the food, retail and hospitality sectors.