23/07/2024
Briefing

The Corporate Sustainability Due Diligence Directive (CSDDD) applies to certain large EU companies and non-EU companies operating within the EU.

In-scope companies will be subject to due diligence obligations related to adverse environmental and human rights impacts with respect to companies’ own operations, those of their subsidiaries and their chains of activities.

In-scope companies will also be required to adopt and implement a climate transition plan.

Companies in Scope

The following companies fall within scope of the CSDDD:

EU Companies:

  • with more than 1,000 employees on average and a net worldwide turnover of more than EUR450 million in the last financial year; or
  • that are the ultimate parent company of a group that reached the above thresholds on a consolidated basis in the last financial year; or
  • with (or that are the ultimate parent company of a group with) franchising or licensing agreements in the EU where royalties amounted to more than EUR22.5 million in the last financial year, with a net worldwide turnover of more than EUR80 million in the last financial year.

Non-EU Companies:

  • with a net turnover of more than EUR450 million in the EU in the financial year preceding the last financial year (there is no employee threshold for non-EU companies); or
  • that are the ultimate parent company of a group that reached the above threshold on a consolidated basis in the financial year preceding the last financial year; or
  • with (or that are the ultimate parent company of a group with) franchising or licensing agreements in the EU where royalties amounted to more than EUR22.5 million in the EU in the financial year preceding the last financial year, with a net turnover of more than EUR80 million in the EU in the financial year preceding the last financial year.

Companies must meet the turnover/employee/franchising/licensing requirements (as applicable) in two consecutive financial years.

Timeframes

Member States must transpose the CSDDD into national law by 26 July 2026.  The CSDDD provides for phased application based on company size:

Applies FromEU CompaniesNon-EU Companies
26 July 2027More than:
5,000 employees; and
EUR1,500 million net worldwide turnover
More than EUR1,500 million net EU turnover
26 July 2028More than:
3,000 employees; and
EUR900 million net worldwide turnover
More than EUR900 million net EU turnover  
26 July 2029All other in-scope companies

Exemption for Non-Operational Ultimate Parent Companies

Ultimate parent companies that do not engage in taking management, operational or financial decisions affecting the group or one or more of their subsidiaries may be exempted from the obligations under the CSDDD if one of the ultimate parent company’s subsidiaries established in the EU is designated to fulfil the CSDDD obligations.

Broad Definition of Company

“Company” is broadly defined and includes (in relation to Ireland) public companies limited by shares or by guarantee, private companies limited by shares or by guarantee, partnerships, limited partnerships, unlimited companies and certain regulated financial undertakings.

Impact on SMEs

SMEs do not fall within scope of the CSDDD but are likely to be impacted as part of the “chain of activities” of in-scope companies.

Due Diligence

In-scope companies will be required to take appropriate measures with respect to the identification, prevention, mitigation, bringing to an end and minimisation of adverse human rights and environmental impacts arising from their own operations, the operations of their subsidiaries and the operations of their business partners in their chains of activities.

chain of activities:

– activities of upstream business partners related to the production of goods or the provision of services by that company, including the design, extraction, sourcing, manufacture, transport, storage and supply of raw materials, products or parts of products and the development of the product or the service; and

– activities of the downstream business partners related to the distribution, transport and storage of a product of that company, where the business partners carry out those activities for the company or on behalf of the company.

A business partner is an entity:

– with which the company has a commercial agreement related to the operations, products or services of the company or to which the company provides services (direct business partner); or

– which is not a direct business partner but which performs business operations related to the operations, products or services of the company (indirect business partner).

Financial Sector

Regulated financial undertakings will be subject to the CSDDD’s due diligence requirements, but only in respect of their own operations, those of their subsidiaries and their upstream chains of activities.  Their downstream chains of activities vis-à-vis customers who avail of their products or services are out of scope for the time being.  

The CSDDD includes a review clause under which the Commission must, no later than 26 July 2026, submit a report to the European Parliament and Council on whether additional sustainability due diligence requirements for regulated financial undertakings are needed – this is where the downstream provision of financial services and investment activities could be brought into CSDDD’s scope at a later date. 

Due Diligence Process for Companies

1. Integrate due diligence into company policies and risk management systems.

2. Identify, assess and prioritise actual or potential adverse impacts. 

3. Prevent and mitigate potential adverse impacts and end/minimise actual adverse impacts.

4. Provide remediation for actual adverse impacts. 

5. Carry out meaningful engagement with stakeholders.

6. Establish and maintain a notification mechanism and a complaints procedure. 

7. Monitor the effectiveness of due diligence policy and measures. 

8. Publicly communicate on due diligence.

Due Diligence Policy

Companies are required to integrate due diligence into all relevant policies and risk management systems and to have in place a due diligence policy (developed in consultation with company employees and their representatives) that ensures risk-based due diligence.

The due diligence policy must outline the company’s approach to due diligence, its code of conduct (describing the rules and principles to be followed by the company, its subsidiaries and its direct or indirect business partners) and a description of the processes put in place to integrate due diligence into the company’s policies and to implement due diligence.

The due diligence policy must be updated without undue delay after a significant change occurs and reviewed, and where necessary updated, at least every 24 months.

Monitoring

Companies must carry out periodic assessments of their own and their subsidiaries’ and business partners’ operations and measures to assess the implementation and to monitor the adequacy and effectiveness of the identification, prevention, mitigation, bringing to an end and minimisation of the extent of adverse impacts.  The assessments must be carried out without undue delay after a significant change occurs, but at least every 12 months and whenever there are reasonable grounds to believe that new risks of the occurrence of those adverse impacts may arise.

Complaints Procedure

Companies are required to establish a complaints procedure to address complaints from natural or legal persons affected by, or who have reasonable grounds to believe that they may be affected by, an adverse impact arising from companies’ own operations, the operations of their subsidiaries or the operations of their business partners in their chains of activities, as well as other stakeholders such as trade unions and civil society organisations.

Annual Reporting Requirements

In-scope companies which are not subject to reporting requirements under the Corporate Sustainability Reporting Directive (CSRD) will be required to publish an annual statement on their website reporting on the matters covered by the CSDDD. 

Climate Transition Plan

In-scope companies are required to adopt and put into effect a transition plan for climate change mitigation which aims to ensure, through best efforts, compatibility of the business model and strategy of the company with the transition to a sustainable economy and with the limiting of global warming to 1.5°C. 

The transition plan must contain:

  • time-bound targets related to climate change for 2030 and in five-year steps up to 2050 along with absolute greenhouse gas emission reduction targets;
  • a description of decarbonisation levers identified and key actions planned to reach the targets set out above;
  • an explanation and quantification of their investments and funding that supports implementation of the plan; and
  • a description of the role of the administrative, management and supervisory bodies regarding the plan.

The transition plan must be updated every 12 months and must contain a description of the progress made by the company in achieving the targets set out in the transition plan. 

Companies that report a (or are included in their parent undertaking’s) transition plan for climate change mitigation under the CSRD will be deemed to have complied with the obligation to adopt a transition plan under the CSDDD.

Group Companies

In-scope parent companies may fulfil due diligence and climate transition plan obligations on behalf of their in-scope subsidiaries, subject to certain conditions.

Compliance & Enforcement

Authorised Representative

Non-EU companies will be required to appoint a legal or natural person as an authorised representative in the EU to act as a point of contact for the relevant supervisory authority and to receive communications regarding compliance with and enforcement of the CSDDD.

Supervisory Authority

Member States will designate one or more supervisory authorities with adequate powers and resources to supervise compliance with the obligations laid down by the CSDDD, as transposed into national law.  All natural persons will be entitled to submit substantiated concerns to the supervisory authority where they believe that a company is failing to comply with the CSDDD, as transposed into national law, based on which the supervisory authority may initiate an investigation (and can also do so on its own initiative).  

Penalties

Member States will be obliged to provide for penalties for infringements of the CSDDD, as transposed into national law.  These must include pecuniary penalties (the maximum limit of which must not be less than 5% of the company’s net worldwide turnover (calculated on a consolidated basis where appropriate)) with a public statement issued regarding the company’s infringement where the company fails to comply with a decision imposing a pecuniary penalty.

Member States must also provide for the civil liability of companies where they cause damage to a natural or legal person by intentionally or negligently failing to comply with their obligation to prevent potential, or bring to an end actual, adverse impacts.

Commission Guidelines

By 2027, the Commission is required to issue guidelines to support companies and stakeholders in fulfilling their obligations under the CSDDD including on: how to conduct due diligence; climate transition plans (discussed above); specific sectors; and the assessment of risk factors and guidance on voluntary model contractual clauses.

Interaction with CSRD and other EU Legislation

CSRD

While the CSRD and CSDDD are both components of the European Green Deal, complement each other by focusing on sustainability matters, in particular across the value chain, and, in some aspects, are expressly inter-linked, they are separate pieces of legislation.  The CSRD is a reporting directive, focused on enhancing corporate transparency by requiring annual disclosure on environmental, social, human rights and governance matters in accordance with mandatory reporting standards.  By contrast, the CSDDD imposes positive behavioural obligations on companies in relation to their impacts on human rights and the environment.

There are also distinctions between the CSRD and CSDDD in terms of scope, meaning that while many companies will fall within scope of both regimes, others may be subject to one but not the other.  However, the focus on the value chain required under both the CSRD and CSDDD means that few companies will avoid being impacted by these developments, even where they are not directly within scope.

Other EU Legislation

The CSDDD applies to in-scope companies in addition to other EU legislation which imposes more extensive or specific due diligence obligations such as the EU Deforestation Regulation, Conflicts Minerals Regulation and the Batteries Regulation.  The CSDDD will complement the proposed Forced Labour Regulation which will prohibit the placing of products made with the use of forced labour on the EU market.