Getting Ready Series: Corporate Sustainability Due Diligence Directive

Download PDF
What?

The Corporate Sustainability Due Diligence Directive ("CS3D" or the "Directive"), which has now been formally adopted by both the European Parliament and the European Council, is expected to enter into force in July. The CS3D will introduce new and extensive obligations on how companies engage on human rights and the environment, with knock-on effects on their business partners.

The CS3D imposes obligations on in-scope companies to take measures to address potential and actual adverse environmental and human rights impacts (“adverse impacts”) within their operations, their subsidiaries' operations, and across their entire “chain of activities”. This chain of activities extends beyond tier 1 suppliers to include direct and indirect business relationships, both upstream (suppliers that contribute to a company's production of goods or provision of services, such as the supply of raw materials or manufacturing services) and downstream (the distribution, transport and storage of a product) of the in-scope company. Regulated financial undertakings will benefit from an exemption for their downstream value chain, subject to a review by the European Commission in two years.

Adverse human rights impacts are defined by reference to the rights enshrined in various international instruments, which are listed in the Annex to the Directive. This broad approach contrasts with the definition of environmental impacts, which excludes climate impacts. The EU Commission is required to review whether the Annex needs to be modified or extended to cover additional adverse impacts, and whether the Directive’s provisions on combatting climate change need to be revised, by 2030.

Due diligence and remedial obligations

The CS3D introduces due diligence and remedial obligations across a company’s chain of activities, in respect of which in-scope companies are to take “appropriate measures”, taking into account the severity and likelihood of the impact, as well as the sector and geographical area in which a company’s business partners operate and its power to influence them.

The CS3D requires companies to integrate human rights and environmental due diligence into internal policies and risk management systems and to identify and assess adverse impacts, including mapping by likelihood and severity. These diligence processes are to be supported by notification and complaints procedures and effectiveness monitoring. Companies are also expected to carry out meaningful engagement with stakeholders and to publish information regarding their due diligence efforts on their website (with an exemption for companies reporting under the Corporate Sustainability Reporting Directive (“CSRD”)).

The Directive also introduces obligations to prevent, mitigate and remedy adverse impacts, depending on the company’s proximity to the actual or potential adverse impact:

  • where the company causes or jointly causes an adverse impact, it must provide remedy; whereas,
  • where the impact is caused by a business partner, companies may provide voluntary remediation themselves, and may also look to influence their business partners to provide a remedy, but are not obligated to do so.

Transition plans

The Directive requires in-scope companies to adopt a climate transition plan setting out their Paris Agreement-aligned climate transition strategy. This differs from the CSRD and climate reporting and listing regimes outside the EU, which generally only require certain companies to disclose transition plans if they have them.

When?

The CS3D is expected to enter into force in July this year. Member States will have two years (until July 2026) to transpose the CS3D into national legislation which will apply to companies on a phased basis (as set out in ‘Who?’ below). When a company comes into scope of the legislation, it will immediately be subject to the substantive due diligence and remedial obligations set out above, and will then be required to report on its activities in the following financial year.

Who?

The CS3D applies to EU companies and non-EU companies with an EU nexus, in each case if they meet the relevant thresholds for turnover and, in the case of EU companies, employee numbers, for two consecutive financial years. Based on the expected date for entry into force, the CS3D will apply to companies in the following three waves:

From July 2027
EU Companies >€1.5bn net turnover and >5,000 employees
Non-EU companies >€1.5bn net turnover; no employee threshold
From July 2028
EU Companies >€900mn net turnover and >3,000 employees
Non-EU companies >€900mn net turnover; no employee threshold
From July 2029
EU Companies >€450mn net worldwide turnover and >1,000 employees
Non-EU companies >€450mn net turnover; no employee threshold
EU Companies >€80mn net turnover operating a franchising or licensing model generating >€22.5mn in royalties;
no employee threshold
Non-EU companies >€80mn turnover in the EU operating a franchising or licensing model generating >€22.5mn in royalties;
no employee threshold


Ultimate group parent companies, whether EU or non-EU based, which meet the criteria above based on their consolidated accounts, will be in scope of CS3D. There is however an exception for holding companies which do not engage in taking management, operational or financial decisions affecting the group or one or more of its subsidiaries and which designate an EU-based subsidiary to fulfil its CS3D obligations on their behalf.

Why?

The objective of the CS3D is to ensure that companies that do business in the EU tackle adverse impacts within their own operations, those of their subsidiaries and those in their “chain of activities.” It also aims to address fragmentation arising from the adoption of national rules on supply chain due diligence within the EU. Member States such as Germany and France have already set national due diligence standards which may need revision to comply with the CS3D.

For many companies, the CS3D will mark a step change in their legal obligations and associated risks, bringing many recommendations from international, voluntary guidance into Member State laws. In addition to any reputational risk, failure to comply with the CS3D poses significant financial risk. The maximum sanction is 5% of net worldwide turnover of the relevant company or group while, under a civil liability provision, an affected natural or legal person has a "right to full compensation" in accordance with national law for the damage caused by a company's intentional or negligent failure to comply with the obligations to prevent potential adverse impacts and bring an end to actual adverse impacts. 

GETTING READY

Understanding and mapping your value chain, engaging with stakeholders and reviewing contracts. A major challenge will be accessing sufficient information on the company’s chain of activities to map and assess potential and actual adverse impacts. Suggested early actions for businesses include establishing robust processes relating to data collection, reviewing their design and distribution processes, carrying out meaningful engagement with stakeholders and undertaking a review of procurement policies and practices. Existing contracts should also be reviewed and updated to reflect these changes, and proportionate support should be provided to SMEs to help them meet any new obligations placed on them. Commission guidance is expected in due course on best practice as to how to conduct due diligence (Q4 2026), the use of model contractual clauses (Q1 2027) and identifying and engaging with stakeholders (Q2 2027).

Reviewing governance structures. Previous iterations of the CS3D articulated an explicit “duty of care” for directors of EU companies that would make them responsible for overseeing due diligence requirements, and linked directors’ variable remuneration to sustainability contributions. Although the measures have been removed, the CS3D still requires that the adverse impacts stemming from the environmental and human rights issues listed in the Directive be considered and assessed at Board level. There will likely need to be a review of policies and processes to check that the new obligations are fully integrated, and the Board should have oversight of and accountability for this work programme. Boards will also need to consider how to best align the new obligations with their duties under domestic law, such as s.172 of the UK’s Companies Act 2006.

Take stock and map out your reporting obligations, to identify synergies and avoid duplication. In responding to the new reporting requirements under the CS3D, a first step could be to map out existing voluntary and mandatory reporting and consider what further data, processes and policies are needed to fill any gaps. Fortunately for entities subject to both the CSRD and CS3D, where the directives cover similar ground in relation to publicly communicating on due diligence and publishing transition plans, the CS3D recognises a degree of equivalence. As such, companies which report or are exempted from reporting in accordance with the CSRD are not required to publish the annual website statements otherwise required under the CS3D. Companies that report a transition plan for climate change mitigation in accordance with the reporting obligation brought in by the CSRD will be deemed to have complied with the obligation to adopt a transition plan in the CS3D. In taking advantage of these equivalence provisions, businesses can look to align their group reporting under the CSRD with their approach to CS3D compliance.

Consider how the CS3D interacts with transition planning. The CS3D makes it mandatory for some companies to produce a transition plan, and an important step will be to ensure any transition plans being drafted are able to meet the CS3D’s requirements alongside the features and requirements of other frameworks and rules, such as the Transition Plan Taskforce Disclosure Framework.

 

Key contacts