The EU’s Corporate Sustainability Due Diligence Directive (CSDDD) in Practice

In a significant step to further the European Green Deal and enhance corporate Environmental, Social and Governance (ESG) standards, the Council of the European Union (EU) approved the Corporate Sustainability Due Diligence Directive (CSDDD) on 24 May 2024, after over two years in the legislative process. The CSDDD has far reaching consequences for businesses well beyond the EU’s own borders.  

This new directive complements the Corporate Sustainability Reporting Directive (CSRD) which came into force in January 2024 for larger companies. Fortunately, organisations may be able to leverage their CSRD compliance efforts in their preparation for the CSDDD’s application in 2027.

What is the CSDDD?

The CSDDD sets the legal requirements and establishes accountability for companies to integrate human rights and environmental due diligence into their corporate strategy, operations and chain of activities. In practice, the CSDDD obliges organisations to actively manage and mitigate adverse environmental and human rights impacts across their value chain. Furthermore, it requires a company’s strategy to be compatible with the Paris Agreement’s goal of limiting global warming to 1.5°C by the end of the century and its targets for climate neutrality in 2030 and 2050¹.  

Specifically, article five of the CSDDD sets out eight requirements that companies must follow to be compliant:  

1. Integrate this due diligence into corporate policies and risk management systems;
2. Identify and assess actual or potential adverse impacts and, where necessary, prioritise these impacts;
3. Prevent and mitigate potential adverse impacts, and bring actual adverse impacts to an end or minimise their extent;
4. Provide remediation to actual adverse impacts;
5. Conduct meaningful stakeholder engagement;
6. Establish and maintain a notification mechanism and complaints procedure;
7. Monitor the effectiveness of due diligence policy and measures; and
8. Publicly communicate on due diligence.

While the above steps may appear burdensome, they represent an opportunity for companies to enhance their risk management processes and improve stakeholder engagement and trust. The CSDDD also levels the playing field and harmonises national frameworks across the continent – meaning companies across 27 EU member states will need to comply with a single baseline text. Furthermore, as with previous EU directives, the CSDDD will likely become a benchmark for non-EU countries which envisage similar legislation, allowing CSDDD compliant organisations a head start in other jurisdictions.

Is my organisation affected by the CSDDD?

As with the CSRD, larger companies are set to fall within CSDDD’s scope first, with smaller businesses following suit over a three-year implementation period:

• From 2027 – EU companies with at least 5,000 employees and global turnover above €1,500 million, and non-EU companies with an EU turnover over €1,500 million.

• From 2028 – EU companies with at least 3,000 employees and global turnover above €900 million, and non-EU companies with an EU turnover over €900 million.

• From 2029 – EU companies with at least 1,000 employees and global turnover above €450 million, and non-EU companies with an EU turnover over €450 million.

Furthermore, it is expected that the CSDDD will indirectly impact many companies outside the above scope, whether based in the EU or outside of its borders. For instance, suppliers working with CSDDD regulated companies will be required by their business partners to provide extensive contractual assurance and allow for audits to confirm compliance with the directive. In essence, requiring their suppliers’ compliance with CSDDD directive.  

It is also expected that compliance with the CSDDD’s standards may become an eligibility criterion for the award of public contracts within the EU in the future.  

What are the consequences for non-compliance?

As part of their transposition of the CSDDD into their respective national law between now and 2026, member states will have to designate independent supervisory authorities to ensure enforcement at the national level and impose penalties to companies in breach of CSDDD requirements. Penalties will include:

• Compliance orders and imposition of remedial actions;

• Pecuniary fines of up to 5% of the company’s net worldwide turnover; and

• Exclusion from public tenders and contracts.

The CSDDD also allows the “naming and shaming” of offenders. A supervisory authority’s decisions on penalties will be published, publicly available for five years and included in the European Network of Supervisory Authorities for cross-border cooperation.

Additionally, the company may be liable to civil liability for damages caused to a natural or legal person where the company intentionally or negligently failed to comply with the CSDDD’s requirements.

What is the difference between CSDDD and CSRD?

The CSDDD and CSRD can be easily conflated. However, while both enhance ESG practices, they have different purposes. The CSDDD focuses on ESG due diligence and requires companies to quantify and mitigate their environmental and social impact. On the other hand, the CSRD aims to create transparency and consistency on how corporates report their ESG efforts, making is easier for stakeholders to understand and act upon this information.  

Effectively, the CSRD obligations cover requirement 8 of the CSDDD - Publicly communicate on due diligence. Article 73 of the CSDDD states that companies that report under CSRD meet the CSDDD’s communication obligation and do not need to produce additional reports. This is positive news for corporations that fall under both directives.  

What should my organisation do?

Like the CSRD, CSDDD will have a major impact on companies. It will require directors to significantly step up their efforts to embed ESG, not only in their corporate strategies, but across all levels of the organisation and its chain of activities.  

First, companies should understand the directive’s key obligations. Subsequently, they should perform a critical review of their current due diligence, risk management, monitoring and reporting processes to identify where they fall short of such obligations, and develop an action plan to address these shortcomings. Furthermore, companies should engage with their value chain stakeholders as soon as possible to set expectations and plan potential changes to their supply chain.

While 2027 may seem far away, we recommend companies take active steps now to identify synergies with current policies and systems and anticipate hurdles to compliance with the upcoming CSDDD requirements.