On February 23 2022, the European Commission published a proposal of the Corporate Sustainability Due Diligence Directive (CSDD or the Directive), which would require both EU and non-EU companies operating within the EU to take responsibility for their environmental and social impact – as well as the impact of their suppliers.
If your organization operates within the EU, it will be subject to this Directive when the agreement is confirmed. Member States will have two years to transpose the CSDD into their national legislation. However, whether your organization operates within the EU or elsewhere, the CSDD offers useful guidelines on adapting to a more sustainable future.
What companies will the CSDD affect?
From the proposal’s details at the time of writing, the Directive is currently set to affect:
EU incorporated companies with
- 500+ employees average, with a net turnover of more than €150 million within the last financial year
- 250+ employees average, with a net turnover of more than €40 million in the last financial year – IF at least 50 percent of this was generated in a high-impact sector. Such high-risk sectors include textiles, clothing, mineral extraction, agriculture, forestry, fishing or metal manufacturing.
Non-European companies with
- A net turnover of more than €150 million generated within the EU in the last financial year
- A net turnover of more than €40 million (but not more than €150 million) generated within the EU – provided at least 50% of its net worldwide turnover was generated in one high-risk sector.
Organizations meeting these thresholds must perform human rights and environmental due diligence within their own operations, those of their subsidiaries, and any of the value chain entity operations they have established business relationships with.
These thresholds may be updated as part of the review process once the Directive comes into force. You can read the exact impacts the Directive will hold organizations accountable for in the Annex to the CSDD proposal.
What are the requirements of the CSDD?
Broadly, the requirements of the Directive cover five main areas of action. Affected organizations must:
Conduct due diligence
Organizations must conduct due diligence to identify and prevent environmental and human rights risks. This includes assessing the potential impact of their operations and their supply chains on the environment and human rights.
Mitigate risks
Organizations must take steps to mitigate any risks identified during due diligence. This may include developing and implementing policies and procedures to address identified risks, as well as engaging with suppliers to address any issues if they arise.
Report publicly
Organizations must be transparent about their due diligence processes and publicly report their efforts to address environmental and human rights risks. This may include publishing an annual sustainability report or making information available on their website.
Establish grievance mechanisms
Organizations must have functional reporting channels for workers and stakeholders to raise concerns, as well as processes to address and follow up. This may include setting up a hotline or email address to report, as well as a process for investigating and addressing those concerns.
What would due diligence around third parties involve?
Suppliers and third parties to your organization are often a huge source of risk, both internally and externally – which is why detailed screening and auditing processes are so important. Under the CSDD, organizations must conduct due diligence on their suppliers and business partners to identify and prevent environmental and human rights risks.
Due diligence procedures that meet the requirements of the CSDD should include:
- Conducting site visits to assess the supplier operations, environmental and social impact. For example, to check they are operating in line with anti-slavery and health and safety regulations.
- Reviewing supplier policies and procedures to check environmental and human rights risks are addressed in your third parties’ written processes – and in a way that can be reconciled with information collected in audits.
- Reviewing regulatory compliance to ensure the supplier is acting in line with regulatory requirement. This should review any past incidents that might fall under non-compliance with the CSDD as part of the due diligence process, understanding and confirming what actions were taken to fix any issues.
- Evaluating internal management and processes both from a regulatory and ethical perspective, and ensuring environmental and human rights risks are handled appropriately, and the business is equipped to deal with issues brought to its attention. This might include checking health and safety policies, policies around working conditions, and means for employees to report issues internally.
How should organizations prepare appropriate continuity plans?
The CSDD requires companies to take responsibility for the environmental and social impact of their suppliers. As a result, it’s critical to plan and manage business continuity in case of supply chain disruptions – whether these are due to a breach of contract, failures upholding ethical business processes, or disruption or delays to production or delivery.
To manage these risks, business continuity plans should:
- Identify key suppliers to assess the potential impact of supply chain disruptions on operations and investigate concerns in line with other due diligence duties.
- Develop contingency plans to identify alternative suppliers and develop plans and statements around managing inventory and resource gaps, especially across high-risk business areas. These plans should also cover communication protocols with suppliers.
- Regular review to ensure any continuity processes up-to-date and reflective of changes to operations, supply chain and social, political or economic risk.
What if an organization doesn’t meet the CSDD requirements?
The CSDD includes provisions for enforcement and penalties for non-compliance through fines and other sanctions. Failure to address environmental and human rights risks in operations and supply chains can result in legal action via national supervisory authorities, as well as reputational damage, loss of business and damage to brand value.
Another major risk is being excluded from public procurement processes or being subject to additional monitoring and reporting requirements to have access. Civil liability may be considered in instances where preventative measures could have avoided any damages.
What next?
The CSDD is closely interlinked with the Corporate Sustainability Reporting Directive (CSRD) proposed in April 2021, which outlines more detailed requirements for setting up processes and reporting around due diligence and sustainability. For example, the CSRD also covers the reporting requirements in the CSDD due diligence duties if an organization is affected by both pieces of legislation.
The details around the requirements outlined in the Directive continue to develop with feedback from the European Parliament. For example, on February 9, 2023, the environment committee of the European Parliament voted to reinforce current requirements for climate and environmental protections. On the same date, the committee also voted to include an obligation for organizations within particular sectors to assess risk in their value chains for additional environmental risks, including oil spills and pollution.
Overall, climate change and a tense geopolitical climate marking the first months of 2023 mean the next few years are likely to see tightening laws and regulations around corporate responsibilities. Whether or not your organization operates within the EU, it’s likely corporations across the globe are likely to feel pressure from customers, the press and their respective regulators and governments to take responsibility for their actions as a business.
Whether just getting started with an ESG program, or re-evaluating your third-party risk management processes, NAVEX has you covered. To learn more:
