Informa Markets

Author Bio ▼

Safety and Health Practitioner (SHP) is first for independent health and safety news.
January 16, 2025

sustainability

Preparing for and implementing the Corporate Sustainability Due Diligence Directive

Writing for RoSPA, Dominic Watkins, Partner and Global Lead Consumer Sector, and Nadine Robinson, ESG and Sustainability Director, both of DWF, explain how the Corporate Sustainability Due Diligence Directive will affect businesses.

Alongside the current trend of increasing ESG regulation and the move from voluntary initiatives to mandatory, we are now seeing the nature of the regulation differ from what we have previously experienced.  A case in point is the new EU Corporate Sustainability Due Diligence Directive (CS3D), which entered into force on 25 July 2024.

Its wide-reaching and prescriptive obligations cut across both a full spectrum of ESG-related topics and global value chains and intersect with other pieces of environment and human rights legal instruments. The CS3D has implications for an organisation’s multiple business areas and requires a holistic, cross-functional approach and team to prepare for and implement its diverse and complex legal requirements.

Will this affect my business?

Credit: Alamy Stock 

CS3D is estimated by the European Commission to directly affect 6,000 companies based in Europe and 900 from outside Europe.  Its main threshold relates to net turnover of €450m worldwide for companies established in the EU with over 1000 employees on average.

It also catches non-EU companies with turnover in the EU over €450m and those with certain franchising and licensing agreements in the EU with royalties in excess of €22.5m combined with a net worldwide turnover within the EU of €80m.  However, these figures mask the true extra-territorial scope of the CS3D.

The Directive aims to “foster sustainable and responsible corporate behaviour in companies’ operations and across their global value chains”.  Given the focus on global value chains, companies should note that this means the law’s impact will extend well beyond those in direct scope.  It will include those companies which form part of the global value chain of those companies directly affected. Therefore, if you are a business partner and part of the chain of activities of these companies, you will likely be affected in some way.

Those within scope are responsible for preventing, addressing, mitigating and ceasing adverse harm to people and planet across their global value chains.

To ensure they meet their obligations and are accountable for their impacts from their operations, those of their subsidiaries and in the ‘chain of activities’ of their business partners, companies in direct scope will be looking to cascade these obligations across the global value chain. This could be through a number of different mechanisms from agreeing to code of conducts and adding contractual clauses.

All companies should be asking – does our business fall within the ‘chain of activities’ of one of these companies in direct scope? The Directive introduces the concept of ‘chain of activities’ and differentiates between upstream and downstream activities.

Upstream business partners’ activities relate to producing goods or providing services by the company including: design; extraction; sourcing; manufacture; transport; storage and supply of raw materials, products or product parts; and developing a product or service.  Downstream business partners’ activities relate to distribution, transport and storage of the product, where the business partner carries out those activities for and on behalf of the company.


Further reading: Introduction to the Corporate Sustainability Reporting Directive


What is the subject matter covered by the Directive?

The focus of the CS3D is on action in relation to two subject matters of environmental and human rights, with a dozen international human rights conventions included in the Annex to the Directive alongside a further dozen environmental instruments.

The interface of human rights and the environment is also made explicit with mention of additional prohibitions including but not limited to environmental degradation, substantially impairing the natural basis for food production, denying access to safe and clean water or sanitary facilities, harming a person’s health and safety and substantially adversely affecting ecosystem services essential for human well-being.  It firmly connects human rights and environmental degradation with the recognised right to a clean and healthy environment.

CS3D cross-refers to and embraces a wide range of legal instruments related to human rights and the environment. This requires legal analysis of the extent to which the subtopics addressed by these legal instruments are material to your business – and whilst the Directive specifies that companies should consider impacts in relation to the likelihood and severity, it makes clear that is only a starting point for prioritisation and once they have been addressed then lesser impacts should be considered and addressed accordingly.

Crucially in terms of meeting obligations, it is not just what impacts your business have prioritised but what impacts you should have prioritised.

What is required of my business?

What a business needs to do to comply is significant given the vast legal requirements and the practical implications of realising these requirements across complex global value chains in multiple geographies whilst engaging with a wide range of stakeholders throughout the due diligence process.

riskAlthough necessary it is no longer sufficient to focus on Tier 1 suppliers – CS3D compels companies to further afield.  Prioritising only Tier 1 suppliers could leave your business exposed, particularly where the most significant impacts may be found elsewhere in the value chain, including in the chain of activities of direct and indirect business partners. This new geographical frame of reference will have practical implications.

Some of the notable provisions of CS3D are outlined here:

  1. Article 7 requires the company to integrate human rights and environmental due diligence into its company policies and risk management systems, and calls for a due diligence policy, a code of conduct as well as a description of the due diligence processes established and implemented.
  2. Article 8 requires companies to take ‘appropriate measures’ to identify and assess impacts through both impact mapping and in-depth assessments.
  3. Article 9 requires companies to prioritise impacts by severity and impact.
  4. Article 10 requires companies to take ‘appropriate measures’ to prevent potential adverse impacts, and includes a specific requirement to develop a prevention action plan.
  5. Article 11 requires companies to bring adverse impacts identified to an end.
  6. Article 12 requires companies to provide remediation where causing or jointly causing adverse impacts, and to design and implement a corrective action plan.
  7. Article 13 calls for meaningful stakeholder engagement and consultation through all stages of the human rights and environmental due diligence process, including the design of the process itself.
  8. Article 14 requires a company to take appropriate measures where a compliant is well-founded.
  9. Article 15 requires companies to undertake periodic assessments based on both qualitative and quantitative information and Article 16 contains the requirement to prepare an annual statement on their website.
  10. Article 22 requires companies to design and implement a Paris-Agreement aligned climate transition plan.

Many of these obligations are underpinned by the concept of taking ‘appropriate measures’.  This is defined in the CS3D as “measures capable of achieving the objectives of due diligence by effectively addressing adverse impacts in a manner commensurate with the degree of severity and the likelihood of the adverse impact, and reasonably available to the company, taking into account the circumstances of the particular case, including the nature and extent of the adverse impact and relevant risk factor“.

With this in mind, CS3D should be at the forefront of every Chief Risk Officer.

Why act now?

Credit: Mikolaj/Unsplash

With the tsunami of sustainability and ESG-related regulation, it is only natural to prioritise efforts on the immediate and pressing legal requirements and to consider parking those pieces of regulation likely to bite in the medium-term (three to five years).  However, companies who do this will do so at their peril.

This extends beyond compliance and is about business transformation and issuing in a new era of corporate responsibility, accountability and transparency.

The CS3D’s phased approach to implementation is important with compliance being required by the largest companies (based on annual turnover and number of employees) applicable from 2027 and then final phase by 2029 for companies with over 1000 employees and those with licensing agreements or franchises.

The litigation risk (i.e. up to 5% of net turnover) and penalties for non-compliance (e.g. compliance can be used as a criteria in public procurement) are eye-watering and need to be seen in the context of a rising tide of ligation around ESG-related matters and green claims.  Here it is firmly about not only what you have done and disclosed but also what actions you should have taken (e.g. appropriate measures).

The CS3D also requires the establishment of a notification mechanism for raising concerns regarding adverse human rights and environmental impacts.

And as part of CS3D, a network of national supervisory bodies will be established in EU Member States which will be focused on enforcement of the obligations by companies and Member States under the Directive.

Thus, there is a strong focus on ensuring compliance with these wide-ranging obligations and holding both Member States and companies to account.

“The direction of travel is clear and human rights and environmental due diligence is likely to become mandatory in other global jurisdictions.”

The clock is already ticking and Member States have less than two years to transpose the Directive into their national laws. Each Member State will then decide the means for implementation within their respective countries. DWF True Diligence research also revealed that 72% of C-Suite Leaders in the UK and Europe believe that the CS3D will spark similar pieces of across the global. The direction of travel is clear and human rights and environmental due diligence is likely to become mandatory in other global jurisdictions.

Given the broad range of legal instruments to which the CS3D refers to and that intersect with the Directive, coupled with its close interface with the Corporate Sustainability Reporting Directive and sister European Sustainability Reporting Standards, those companies that consider these legal requirements and their practical implications in implementation together will be better prepared to meet the CS3D obligations.

What to do right now?

How can you prepare for issuing in this new era of corporate responsibility without delay?  We see there are seven essential steps for effective CS3D implementation required a progressive planned strategic approach with a cross-disciplinary team effort:

  1. Use a resource such as the complimentary DWF CS3D self-assessment tool Home Client Login (dwfgroup.com) to find out your current state of play and readiness, enabling you to understand your strengths, weaknesses, opportunities and threats and target your efforts. In the short term.
  2. Create a taskforce of your key internal stakeholder and allocate budget and resource for implementation – this really is a team sport. According to the True Diligence research, C-suite leaders estimate that 9% of their revenue will be required to achieve a full CS3D compliance on average.
  3. Map your value chain with your subsidiaries and business partners highlight the environmental impact and social value impact and engage your stakeholders from the onset (i.e. before you commence due diligence).
  4. Identify what you are already doing and not doing through a gap assessment, including assessing how well you meet the requirements of the OECD Guidelines for Multinational Enterprises for responsible business conduct.
  5. Design and implement a climate mitigation transition plan building on your existing approach to managing climate-related risks and opportunities (including in relation to the TCFD).
  6. Undertake materiality assessments to help you meet the requirement for in-depth assessments for the most severe and likely of impacts.
  7. Develop and implement a targeted prevention action plan, and a corrective action plan to address actual adverse harms and monitor the results of both.

CS3D should not be viewed as a one-off compliance or reporting exercise but should be aimed at bringing together a cross-functional team to consider legal obligations in addressing potential and actual adverse harm to the environment and human rights, and how policies, risk management systems and performance can address both elements as a business imperative.

Related Topics