Who’s afraid of the EU Corporate Sustainability Due Diligence Directive?

On 14 December 2023, the European Parliament, Council (member states) and Commission reached a provisional deal on the EU Corporate Sustainability Due Diligence Directive (CS3D). The final draft will be published shortly and is expected to be adopted ahead of the European parliamentary elections in the Summer. Member States will then have two years to transpose the Directive into national law, meaning the group of companies covered by the first phase of the CS3D will need to comply with the law, including its reporting and disclosure standards, by 2027. In the latest draft, the financial sector was “temporarily” removed from the scope of the Directive, leaving the door open for further developments in the future.

Gareth Thomas, Senior Director at GoodCorporation, opened the debate suggesting that while the Directive undoubtedly poses some challenges, these lie not with the concept of managing an organisation’s adverse impacts on people and planet, but how to implement sustainable and meaningful measures to do so and incorporate these successfully into the business model.

Significant shifts in operations

The legislation brings with it a significant shift in emphasis relating to the way businesses have traditionally analysed risk and accounted for their impacts. The most notable change is the need for companies to embrace the concept of double materiality; to consider not only the financial risk of any potential impacts on the company, but also the potential external impact on people and planet resulting from their business activities. In addition, they will also need to decide how the analysis and management of these risks should be integrated into the business model.

CS3D also builds on the reporting obligations introduced by the Corporate Sustainability Reporting Directive (CSRD), shifting away from imposing reporting obligations and requiring some significant changes in operational practices. For many organisations, meeting the demands of the Directive is likely to require changes in both governance and organisational structures. In particular, there will be pressure for additional human and financial resources and a need for capacity building. Technology will also have a role to play, particularly where rigorous due diligence needs to be conducted at scale.

In addition, companies will need to go beyond mere statements of commitment and ensure their actions and systems can provide sufficient evidence to underpin any claims. Independent verification of practices and procedures is therefore likely to play a significant role in enabling organisations to demonstrate compliance with the new Directive and avoid accusations of greenwashing.

The way forward

While these shifts may require some significant changes, the Directive emphasises the need to take a proportional approach.  There is no expectation that all sustainability risks can or should be addressed simultaneously. Businesses will be expected to prioritise their salient risks based on severity and likelihood of impact.

While the concept of proportionality is embedded in the Directive, it was noted that there are likely to be substantial penalties for any breaches, including significant fines, exclusion from EU public procurement, potential civil liability claims and possible sanctions for company directors. Businesses will therefore need to have appropriate systems and plans in place to ensure their organisations are properly protected.

The debate

Participants were asked whether they were afraid, concerned or feeling prepared for CS3D. While companies expressed overall support for the proposals, they were conscious that fulfilling their obligations would be challenging. The debate explored the implications of the Directive’s requirements, what it will mean for business operations and the opportunities and concerns this raises.

Is CS3D to be welcomed or feared?

While there was general agreement that the Directive created a welcome focus on human rights and environmental issues, there was divergence on the level of preparedness for the proposed legislation. For many companies, these issues were already on the agenda, partly to comply with other emerging legislation, partly to meet growing societal expectations. The Directive was therefore seen by some as a welcome lever to obtain additional resources to strengthen existing systems, address operational gaps to help deliver sustainability objectives and keep these issues on the board agenda. It also creates an opportunity for companies to start considering environmental, social, and governance (ESG) issues holistically, breaking down silos and integrating conversations across all departments.

For others in the debate, the CS3D is a significant new challenge. It will require a material change in how due diligence is undertaken and a real mindset shift for colleagues.

Building effective due diligence

Although many companies have already been bound by legislation such as the French Loi sur le Devoir de Vigilance, German Supply Chain Transparency Act and the Norwegian Transparency Act to put human rights due diligence in place, there was some concern that these existing requirements are more of a tick-box exercise.

With CS3D going beyond current requirements, getting the right due diligence processes in place will be critical. Businesses will need confidence in the systems they build to be sure that the information they receive is accurate and reliable. It will also be imperative that the process is easy for suppliers and other related third parties and entities to complete, especially lower down the supply chain and/or in high-risk areas where operational issues already create significant burden on business partners. There was also some concern around duplication of effort and consistency, with wariness of potential fatigue as suppliers are repeatedly asked the same verification questions.

To get this right it will be important to evaluate what is already in place, what works and what is needed to ensure that due diligence is robust and reliable. Businesses should also reflect on what can realistically be checked through traditional due diligence tools such as questionnaires and audits (working hours or remuneration for example) and what requires different impact assessments and mitigation tools (widespread discrimination or child labour for example).

Most also agreed that the due diligence practices will need to evolve substantially to ensure that the quality and reliability of the data obtained improves. Companies will need to strike a balance between adopting a system that can be used at scale while ensuring it provides the opportunity for independent verification and goes beyond a tick-box exercise. This may involve technological solutions, but there will also be a clear need for intelligent consideration of due diligence results and how to respond to adverse findings.

Building a coalition of support

For many, there were concerns about the scale of the required response.

Aligning internal and external stakeholders with the initiatives needed to meet the requirements of CS3D was seen as a particular challenge. There are significant costs associated with identifying and managing adverse impacts and organisations will obviously need to think carefully about how to respond to adverse findings, how to resource this response and whether and when working with state authorities, civil society, competitors and partners in a sector may be needed.

Procurement teams, who in the past have had little to do with sustainability issues, will need to play a prominent role in the transformation of operational practices, integrating robust due diligence into their procurement processes. Equally, business development teams who traditionally have had little exposure to ESG topics, were also identified as critical players, in particular for organisations that are working in high-impact sectors like renewable energy, extractives and construction.

Developing the right approach

Taking a proportional approach will be key, and this will vary from entity to entity as risks will fluctuate across different functions, entities and sectors. Companies will need to show that efforts have been focussed on their greatest risks and that the steps being taken to drive improvements are effective, meaningful and verifiable. This, in turn, will demand a move away from output-based quarterly reporting in favour of a more long-term view which evidences the management of these salient issues.

External risks

With the corporate duty to manage environmental and human rights impacts high on the agenda, there is concern that the CS3D will make it easier for external stakeholders, such as NGOs or civil society organisations (CSOs), to launch campaigns and potentially bring companies to court. Such stakeholders may be less aware or understanding of the need for a proportionate approach or willing to accept a business’s need to balance competing impacts and to be financially sustainable.

While some fear that this may also apply to the ‘responsible exit’ debate, the United Nations Guiding Principles make it clear that this is not simple binary decision. The UNPGs recognise that there are many factors to consider before leaving a jurisdiction, including the benefits to communities of continued employment, the possibility of capacity building and the development of partnerships to drive improvement. As such companies will need to evaluate all the evidence before making any decision to avoid any unintended consequences from their actions.

Delivering operational changes consistently across multiple locations will also be challenging. Some regions will be happier to address the issues and embrace change more readily than others.

The GoodCorporation view

While the scale of the Directive may appear daunting, there is already some momentum behind the need to address and manage environmental and human rights impacts meaningfully. This, in turn, brings business benefits, helping to protect company reputations, enhance ESG credentials and ensure greater alignment with the UN’s Sustainable Development Goals.

Many companies have already taken steps to assess the impact of their activities on the environment and human rights, and as such will be well prepared for the shift in gear now needed to respond to the CS3D and integrate more rigorous systems and processes into their operations. Identifying actual and potential impacts is the place to start. From here, businesses will need to integrate human rights and environmental due diligence into their corporate policies and develop specific plans and roadmaps for improvement.

GoodCorporation is working with companies to evaluate these risks and prepare the plans needed to meet the obligations of CS3D. We have also been developing digital solutions aimed at enhancing supply chain due diligence, facilitating the verification of data, and applying these measures at scale.