EU adopts Corporate Sustainability Due Diligence Directive (CS3D)
29 April 2024
29 April 2024
This article explains:
The CS3D establishes a corporate environmental and human rights due diligence duty for in-scope companies operating in the EU. It places obligations on EU and non-EU companies alike to identify, prevent, end or mitigate adverse environmental and human rights impacts from their operations or those of their subsidiaries and certain business partners in their chain of activities. Nevertheless, it will have a global impact and reflects the growing regulatory focus on sustainability reporting, data and disclosure impacting companies' global supply chains.1 Non-EU countries may follow the EU's example and introduce similar obligations.
The CS3D applies to the following in-scope companies:
(1) EU companies or their ultimate parent
(2) Non-EU companies or their ultimate parent
An ultimate parent company may apply for an exemption from its CS3D obligations, provided that (i) it does not engage in taking management, operational or financial decisions affecting the group or its operational subsidiaries; and (ii) one of its EU subsidiaries is designated to comply with the CS3D requirements on its behalf. Parent and subsidiary will be jointly liable for compliance.
As the definition of "chain of activities" under the CS3D excludes the activities of a company's downstream business partners related to the services of the company (see below), due diligence by in-scope financial undertakings applies only to the upstream part of their business, but not the downstream activities of business partners that receive their services and products.
Within two years of the CS3D entering into force, the Commission is to review and report on the need for additional rules for regulated financial undertakings with respect to financial services and investment activities.
Alternative investment funds (AIFs) and undertakings for collective investment in transferable securities (UCITS) are excluded from the scope of the CS3D.
The due diligence obligations under the CS3D apply to the "chain of activities" of in-scope companies.
This was a controversial area of the Directive as the definition of value chain in the Commission's original proposal included the use of a product or service by downstream business partners. This would have required regulated financial undertakings to include activities of clients receiving financial services in their due diligence. The changes made during the legislative process have narrowed the definition of value chain to focus predominantly on direct business partners, although indirect business partners, performing business operations related to the operations, products or services of in-scope companies, are also to be considered.
The definition of "chain of activities" under the CS3D covers activities of a company's:
The table below sets out the types activities for upstream and downstream business partners that are subject to due diligence.
In-scope activities of upstream business partners | In-scope activities of downstream business partners |
Design, extraction, sourcing, manufacture, transport, storage and supply of:
Development of the company's products or services |
of the company's products but only where carried out by the business partners for or on behalf of the company |
Service providers, including companies providing financial services, do not have any obligations in relation to downstream activities.
The disposal of products and the distribution, transport and storage of a product that is subject to export controls is also out of scope.
Member States must transpose the CS3D within two years after it enters into force. The Directive provides for a staggered timeline for the due diligence obligations of the different categories of in-scope companies to take effect. These are summarised in the table below. The thresholds to determine when a company will have to comply with CS3D are significantly higher than the qualification criteria This means the obligations apply initially only to the largest companies in terms of turnover and headcount.
In-scope company | Time for compliance |
EU companies and EU ultimate parent companies with more than 5,000 employees and a net worldwide turnover of more than €1,500 million Non-EU companies and ultimate parent companies with a net EU turnover of €1,500 million | Three years of CS3D's entry into force (i.e. from 2027)
|
EU companies and EU ultimate parent companies with more than 3,000 employees and a net worldwide turnover of more than €900 million Non- EU companies and ultimate parent companies with a net EU turnover of €900 million | Four years of CS3D's entry into force (i.e. from 2028)
|
All other in-scope companies | Five years of CS3D's entry into force(i.e. from 2029) |
The key due diligence obligations for in-scope companies are to:
The final text of the Directive expands the due diligence obligations to better reflect the OECD Guidelines for Multinational Enterprises on Responsible Business Conduct.
In addition, to the due diligence obligations, in-scope companies must adopt and put into effect a climate Transition Plan (TP) with the aim of ensuring, through best efforts, that the company's business model and strategy are compatible with the transition to a sustainable economy, the Paris Agreement 1.5 degrees goal and the EU's climate neutrality goal including intermediate and 2050 targets. Companies that report a TP under the CSRD will be deemed to have complied with this obligation under CS3D.
The original proposal to expand a director's duty of care to act in the best interests of the company to take into account, where applicable, human rights, climate change and environmental consequences was removed from the December version of the Directive, and has not been included in the final version. Similarly, the proposal to make directors responsible for setting up and overseeing the due diligence obligations under the Directive was not retained.
The CS3D requires companies that have caused, or jointly caused actual adverse impacts to provide remediation. Remediation, which can be through financial or non-financial compensation, means restoring the affected person(s), communities or environment to a situation equivalent, or as close as possible, to the situation they would have been in had the adverse impact not occurred. The remediation should be proportionate to the company's contribution to the adverse impact. It can also include reimbursement of costs incurred by public authorities for any necessary remedial measures they have put in place.
Where adverse impacts have been caused by its business partners, the company may volunteer to provide remediation and may use its influence with the relevant business partner to provide remediation. Member States must ensure that:
These powers are without prejudice to penalties imposed for infringement of national law provisions adopted under the Directive and to civil liability sought before a national court.
Member States are required to appoint supervisory authorities to enforce national laws which implement certain requirements of the CS3D. The relevant supervisory authority will be:
The authorities will need to be given sufficient powers and resources, including in relation to requesting information and carrying out investigations, taking enforcement action, and the supervision of the adoption and design of TPs.
Member States will also need to set out rules on penalties for breaching the requirements of national laws which implement the CS3D. The factors that should be considered when deciding whether to impose a penalty and the nature and level of such penalties include the nature of the breach and severity of the impact, whether any remediation has been undertaken, financial gain and relevant previous infringements.
Member States are to lay down the rules on penalties, including pecuniary penalties, and must at least include:
Affected persons may bring a claim for compensation or seek an injunction where they have suffered damage to their protected legal interests under national laws implementing the international human rights and environmental obligations listed in the Annex to the CS3D where that damage is caused by a company's intentional or negligent failure to prevent, mitigate or end the adverse impacts identified by their due diligence. Affected persons should have at least five years to bring a claim and that time should not be shorter than the limitation periods in national civil liability regimes.
The final text provides that Member States must specify reasonable conditions that allow an affected person to authorise trade unions, or human rights, environmental or other NGOs to bring a claim to enforce their rights, subject to national rules of civil procedure.
Under the CS3D, a company can only be liable for the damage it causes itself, not for damage caused by its business partners.
The CS3D also requires Member States to ensure contracting authorities may consider compliance with the CS3D as a factor in awarding public and concession contracts and may specify CS3D compliance as an environmental or social condition for the performance of those contracts.
The information provided is not intended to be a comprehensive review of all developments in the law and practice, or to cover all aspects of those referred to.
Readers should take legal advice before applying it to specific issues or transactions.
Sign-up to select your areas of interest
Sign-up