Compliance & Risk Management | Unpacking the Corporate Sustainability Due Diligence Directive (CSDDD)
Companies that already comply with the Norwegian Transparency Act, (Nw. Åpenhetsloven) may find some solace that there are certain similarities between the requirements of the Transparency Act and the CSDDD. Our newsletter will first introduce the CSDDD, outlining its scope and requirements, followed by the next steps in its implementation, ending with a brief comparison between its obligations and the rules currently in place under the Transparency Act in Norway.
Companies that are subject to the Corporate Sustainability Reporting Directive “CSRD” (2022/2464/EU) are required to report on the matters covered by CSDDD as part of their sustainability reporting in their annual report. Other companies must publish a statement by 30 April each year covering the previous calendar year. The EU will adopt delegated acts outlining the content and criteria for such reporting.
Overview of the CSDDD
The CSDDD establishes a due diligence duty to identify, cease, prevent, mitigate, and account for adverse impacts on human rights and the environment in the companies’ own operations, their subsidiaries, and their business partners in the companies’ chains of activities. The CSDDD also determines that in-scope companies are obligated to adopt and implement a transition plan for climate change mitigation, aimed at making the company’s business model and strategy aligned with the Paris Agreement’s 1.5 °C climate threshold. The CSDDD requirements align with well-known international standards, such as the OECD Guidelines for Multinational Enterprises, the OECD Guidance on Responsible Business Conduct and the UN Guiding Principles on Business and Human Rights.
Scope of application
The Directive will apply to companies formed in accordance with the legislation of an EU Member State that meet any of the following criteria:
- A company that has an average of over 1,000 employees (this may include temporary agency workers in certain cases) and a global net turnover exceeding EUR 450 million.
- A company that does not reach the threshold of item (i) but is the ultimate parent company of a group that reaches the thresholds in the last financial year for which consolidated annual financial statements have been or should have been adopted.
- A company that has entered into or is the ultimate parent company of a group that has entered into a franchising or licensing agreements in the EU that generate over EUR 22.5 million in royalties, and the company or group also has a global net turnover exceeding EUR 80 million.
The Directive also affects companies which are formed in accordance with the legislation of a non-EU country if they:
- Have an EU net turnover greater than EUR 450 million.
- Are a company that does not reach the threshold of item (i) but is the ultimate parent company of a group that reaches the threshold in the last financial year for which consolidated annual financial statements have been or should have been adopted.
- Have franchising or licensing agreements in the EU that generate over EUR 22.5 million in royalties, and the company or group has an EU net turnover exceeding EUR 80 million.
For both EU and non-EU companies, these conditions must have been met for at least two consecutive financial years for the Directive to apply.
Obligations
Under the CSDDD, the required due diligence process should at least cover the six-step due diligence and supporting measures defined by the OECD guidelines. The six steps are to: (i) embed responsible business conduct (“RBC”) into corporate policies and management systems; (ii) identify actual or potential adverse impacts on RBC issues; (iii) cease, prevent and/or mitigate these issues; (iv) track implementation and results; (v) communicate how impacts are addressed; and (vi) provide for or cooperate in remediation when appropriate.
The Directive expands on the OECD’s guidelines, requiring companies to implement the following measures:
(a) Adopt and integrate human rights and environmental due diligence: Companies will be required to develop and integrate procedures for identifying, assessing, and mitigating actual or potential adverse impacts on human rights and the environment, both within their own operations and throughout their chains of activities.
(b) Develop and execute a Climate Transition Plan (CTP) consistent with the Paris Agreement: The CSDDD requires companies to create and annually update a CTP to target the 1.5°C climate threshold and achieve climate neutrality by 2050. The CSDDD outlines detailed requirements for what the CTP must include, such as yearly targets, detailed reduction strategies and investment plans.
(c) Provide remediation: When an enterprise is responsible for, or contributes to adverse impacts, it will be obligated to offer proportionate remediation where relevant.
(d) Monitor and assess effectiveness: Companies must routinely assess the effectiveness of due diligence policy and measures. These evaluations should be performed yearly, after major changes, or when new risks arise.
(e) Communicate compliance publicly: Due diligence reports are required to be published yearly.
(f) Establish and sustain complaint mechanisms: Companies must provide and sustain accessible ways for reporting concerns regarding adverse impacts. Moreover, companies must actively implement safeguards to protect those who submit complaints.
(g) Effectively engage with stakeholders. Communicate actively with stakeholders by means of consultations throughout the due diligence process.
All large companies wishing to continue commercial relationships within the EU will be expected to embed these practices into their core business strategies, ensuring that due diligence becomes an integral part of their decision-making processes.
Next steps on the CSDDD’s implementation
The EU Council must now officially adopt the Directive, after which it will become effective on the 20th day after it is published in the EU Official Journal. This publication is anticipated to take place still in the first half of 2024. When the Directive enters into force, Member States will be obligated to incorporate it into their legislation within a two-year timeframe, which is anticipated to be by the middle of 2026. Companies will be granted a period ranging from three to five years from the time the Directive becomes effective to comply with its stipulations, with the specific duration determined by the size of the company.
The CSDDD and the Norwegian Transparency Act
The CSDDD introduces new elements to the due diligence process and requirements covered by the Norwegian Transparency Act (“NTA”), a national regulation imposing due diligence for large companies concerning human rights and labor standards (More on the NTA in our four part newsletter: Part 1, Part 2, Part 3 and Part 4). Companies that are already compliant with the NTA may experience a smoother transition to the CSDDD than those in jurisdictions without similar legislation, as they should be familiar with the OECD due diligence process that should be followed. Nevertheless, the CSDDD imposes requirements exceeding those of the NTA, requiring large Norwegian companies to make corresponding adjustments.
The CSDDD’s structure differs from that of the NTA. Although both are grounded in international principles such as the OECD’s guidelines, the CSDDD defines more detailed responsibilities throughout the due diligence process. For example, the CSDDD mandates the establishment and maintenance of complaint-handling mechanisms. Further, the Directive extends its scope beyond that of the NTA as it encompasses environmental impacts, in addition to the NTA covered human rights and decent working conditions. This could be a significant shift for many businesses, as environmental risks are diverse and sometimes less apparent. The Directive also sets a higher bar for applicability, targeting a narrower range of companies compared to the NTA, which today applies to large companies based in or taxable in Norway.
Both the NTA and the CSDDD emphasize the company’s responsibility for considering their own operations and those of their business relationships. However, while the NTA is considered to apply to those directly linked to the companies’ operations through supply chains or business partners, the CSDDD encompasses the entire chain of activities. This includes upstream partners involved in the creation and supply of goods or services, such as design, extraction, manufacturing, and logistics, and downstream partners handling distribution, transport, and storage of products for or on behalf of the company. Furthermore, the CSDDD outlines specific conditions under which companies can be held liable for failing to conduct adequate due diligence, an aspect not addressed in the same detail by the NTA.
Moving forward
EU Member States must now revise or introduce legislation to meet the baseline requirements set by the CSDDD. It is important for all in-scope companies to acknowledge that it is both complex and time-consuming to develop thorough due diligence procedures and incorporating them into the company’s daily practices. Early planning is therefore strongly advised. This would include, for example, mapping out business relationships and potential risks throughout the value chain, by reaching out to first tier suppliers and asking how they handle issues related to human rights and the environment in their own supply chain.
By being proactive, companies can anticipate potential challenges, allocate resources effectively, and establish comprehensive routines that may facilitate a seamless adaptation to the new regulatory requirements when they officially come into force.
Should you have any questions or require assistance in preparing for these changes, please do not hesitate to contact us. Our team is ready to offer strategic advice and support to ensure your company navigates this transition smoothly.