The Corporate Sustainability Due Diligence Directive (CSDDD) was finally adopted in May 2024 after years in development and a bumpy final stretch. As with any EU directive, the EU’s member states now have two years to transpose it into national legislation, free to be more ambitious when doing so. Here are purposefully brief answers to a range of questions on the CSDDD:
What is the CSDDD?
The Corporate Sustainability Due Diligence Directive is a European law adopted in May 2024. It is part of a broader development towards legally establishing non-financial responsibilities of businesses regarding social and environmental ends. It is in many ways a companion piece of legislation to the Corporate Sustainability Reporting Directive (CSRD).
What is the purpose of the CSDDD?
The purpose of the CSDDD is to reduce the negative impacts of business operations on people and the environment. The directive spells out how businesses should get there by exercising due diligence. Due diligence includes several steps, among them the identification of potential and actual impacts, the prevention of potential ones, and the mitigation of actual ones. If impacts have already occurred, businesses also have to provide access to remedy for impacted stakeholders.
What is the difference between CSRD and CSDDD?
Whereas the Corporate Sustainability Reporting Directive (CSRD) is mostly concerned with reporting – in other words, communicating and disclosing data, – the CSDDD establishes instructions for how businesses exercise due diligence. Due diligence includes a range of actions of which communication is merely one. In that sense, the CSDDD’s provisions are much more complex and multi-faceted when compared to those of the CSRD.
Who does the CSDDD apply to?
The CSDDD applies to two groups of large businesses. Firstly, it applies to EU companies with more than 1.000 employees and more than EUR 450 million net worldwide turnover. However, this maximum scope is only reached after a five-year transition period. To begin with, three years after entering into force, the CSDDD will apply to EU companies with more than 5.000 employees and EUR 1.500 million net worldwide turnover. A year later, i.e., four years after entering into force, it will apply to EU companies with more than 3.000 employees and EUR 900 million net worldwide turnover. Yet another year later, i.e., after five years, the scope will eventually expand to the final thresholds of 1.000 employees and EUR 450 million net worldwide turnover cited above.
Secondly, The CSDDD applies to non-EU companies making more than EUR 450 million turnover in the EU. The first group encompasses around 6.000 different companies while the second one includes around 900 companies.
What will companies need to do?
Companies covered by the CSDDD will have to exercise due diligence in their operations. That means they must establish processes that let them identify actual and adverse impacts on people, their human rights and the environment, prevent and mitigate those impacts as well as provide access to remedy for individuals who have already been negatively impacted.
Although non-financial due diligence originates from the 2011 UN Guiding Principles on Business and Human Rights, due diligence in the CSDDD indeed goes far beyond human rights issues. It includes, e.g., slavery, child labour, and labour exploitation, but also environmental issues such as biodiversity loss, pollution, and destruction of natural heritage. The CSDDD also requires in-scope companies to create and follow a transition plan that will make their business model compatible with the global warming threshold of 1,5 °C established by the 2015 Paris Agreement.
How does the CSDDD address small and medium-sized enterprises (SMEs)?
Due to the large scope of the CSDDD, it covers only certain, very large companies directly. However, it addresses small and medium-sized enterprises indirectly. This is because the large companies in scope of the CSDDD are required to exercise due diligence in their own core operations and throughout parts of their value chain. The value chain very likely includes SMEs which are then not facing legal obligations but information requests and other demands from large companies implementing due diligence.
What are the penalties for non-compliance with the CSDDD?
The CSDDD contains elements of civil liability for businesses that fail to prevent damages because they did not act with due diligence. In these cases, such companies will have to cover damages and compensate victims.
While this seems like a fairly radical aspect introduced by the CSDDD, it is a long shot from provisions initially contained in earlier versions of the directive. These would have contained the possibility to fine liable companies up to 5 % of their net worldwide turnover.
It is important to emphasise that a company is not automatically liable for any negative impact in its value chain. If a company can prove that it acted with due diligence, but a negative impact occurred regardless, it may be exempt from liability. This decision obviously depends on the exact circumstances of a given case.
What are the key elements that must be included in the due diligence reports?
The CSDDD obliges companies to communicate about their due diligence process. The process includes all aspects from identifying negative impacts, via preventing and mitigating them, to remedying their consequences. On this reporting aspect of due diligence, the CSDDD closely connects to the CSRD. Due to the latter’s wider scope, all companies covered by the CSRD are necessarily covered by the CSDDD as well. Consequently, companies’ due diligence process can and should inform their double materiality assessment as part of the CSRD and companies can integrate their due diligence communications into their CSRD reporting.
It is important to stress that reporting and communications is but one part of due diligence. Acting with due diligence in all aspects of business operations really is the core.
How can companies ensure the accuracy and reliability of the information disclosed?
The most crucial step to ensuring accurate and reliable information is establishing an appropriately thorough due diligence process. As communicating and reporting is but one aspect of due diligence, doing all other parts right will increase the quality of information disclosed.
Beyond that, a fundamental aspect of ensuring well-informed due diligence (and related communications) is having high-quality stakeholder engagement processes. This means engaging with all kinds of actors. Engaging with the people directly impacted is ideal but may not always be possible. In such cases, e.g., experts, NGOs and local organisations can be very helpful. What certainly does not fall under good stakeholder engagement is sending surveys to an overly broad audience with little connection to the subject matter in question.
It is important to stress that reporting and communications is but one part of due diligence. Acting with due diligence in all aspects of business operations really is the core.