EU has officially adopted the CSDDD

Following extensive deliberations and revisions, the EU has officially adopted the Corporate Sustainability Due Diligence Directive (CSDDD), also referred to as CS3D or the EU supply chain act. The Directive was published in the EU Official Journal on 5 July, and places a significant compliance challenge on businesses that fall under its scope, with ripple effects on micro, small, and medium-sized enterprises (MSMEs) that are integrated into global value chains. The CSDDD will enter force on 25 July 2024.

Over the next two years, EU Member States must transpose this Directive into national law. However, the implications will be felt far sooner, requiring companies to swiftly enhance their operational frameworks to meet these rigorous standards.

The Directive has an impact on both EU-based and non-EU-based entities, establishing clear thresholds for employee numbers and net turnover to determine which companies must comply.

Within the European Union, companies employing over 1,000 individuals on average and generating a net worldwide turnover exceeding EUR 450 million are required to comply with the requirements of the Directive. This also applies to companies engaged in franchising or licensing agreements in the EU, where royalties exceed EUR 22.5 million, and the company has a net worldwide turnover of over EUR 80 million. The ultimate parent companies of groups meeting these criteria must ensure compliance, either directly or through an operational subsidiary in the EU.

For companies situated outside the European Union, the Directive also imposes significant requirements. Any third-country company with an annual net turnover of more than EUR 450 million within the EU falls under its scope. This includes the ultimate parent companies of corporate groups meeting this threshold and businesses operating in the EU under franchise or license agreements.

Companies are now tasked with a broader scope of responsibilities that extend beyond traditional compliance. They will need to conduct risk-based human rights and environmental due diligence, encompassing a series of comprehensive actions.

1. Integration of due diligence into Policies and Risk Management Systems: Companies should develop and regularly update a due diligence policy and integrate due diligence into their risk management practices and other applicable policies, at all relevant levels of operations. This policy, created with input from employees, should outline the company's approach to identifying and managing risks while adhering to a defined code of conduct.
2. Identification and assessment of actual and potential adverse impacts: Businesses are required to systematically identify and evaluate both actual and potential adverse impacts arising from their activities, including those of subsidiaries and business partners. Priority should be given to areas with the highest likelihood and severity of adverse impacts, ensuring a proactive approach to risk assessment.
3. Prevention, mitigation, and remediation of adverse impacts: Once risks are identified, companies must implement measures to prevent or mitigate these impacts effectively. This involves considering the nature of the impact, the company’s influence, and the necessity for action plans, contractual assurances, investments, and collaborations. Companies are also required to address and remediate actual adverse impacts, with the option to suspend or terminate business relationships as a last resort if issues cannot be resolved.
4. Establishment and maintenance of a notification mechanism and complaints procedure: To ensure transparency and accountability, companies must establish accessible complaint mechanisms. These should allow individuals and organizations to report legitimate concerns in relation to impacts directly to the company. Protections for the confidentiality of complainants and measures to prevent retaliation are essential components of this system.
5. Monitoring the effectiveness of due diligence policies and measures: Companies need to carry out regular assessments to monitor and evaluate the effectiveness of their due diligence processes. These evaluations should occur at least annually and be used to update due diligence policies as necessary.
6. Public communication on due diligence efforts: Transparency is crucial; consequently, companies should publicly report on their due diligence activities. This can be achieved through a Corporate Sustainability Reporting Directive (CSRD) report, or an annual statement published on the company’s website. The report should cover due diligence processes, as well as outlining the identified potential and actual adverse impacts, and the actions taken to address them.

Additionally, companies that fall under the scope of the Directive must create and implement transition plans to address climate change mitigation to align the company's strategy and business model with the Paris Agreement's 1.5°C global warming limit as well as the EU's intermediate and 2050 carbon neutrality goals.

EU Member States are required to transpose the Directive into national legislation within two years from its effective date of 25 July 2024. The implementation will follow a phased approach, taking into account company size and turnover. The largest companies will be the first to have to comply, with reporting requirements commencing three years after the Directive's enforcement.

Companies exceeding thresholds of 5,000 employees on average and EUR 1,500 million in net worldwide turnover will be required to comply starting in 2027. Those with more than 3,000 employees on average and EUR 900 million in net worldwide turnover will follow in 2028. By 2029, all other companies covered by the Directive, including those operating under franchising agreements, will also be required to comply.

This staggered rollout ensures that companies of different scales have adequate time to adjust and meet the new requirements. Early preparation is essential for all companies, as the initial phase requires comprehensive changes to align with the new standards and ensure a smooth transition.

CSDDD is designed to work in tandem with CSRD, creating a comprehensive framework for corporate responsibility. While the CSDDD mandates the implementation of due diligence measures to identify, prevent, and mitigate actual and potential adverse human rights and environmental impacts, the CSRD focuses on the detailed reporting of these measures, along with broader sustainability-related impacts, risks, and opportunities.

Both Directives are grounded in internationally recognized frameworks, such as the OECD Guidelines for Multinational Enterprises and the UN Guiding Principles on Business and Human Rights, ensuring a consistent and globally relevant approach to corporate sustainability.

Importantly, the CSDDD includes specific disclosure requirements. However, companies already subject to the CSRD’s reporting requirements will be exempt from duplicative reporting under the CSDDD. Additionally, companies that have already submitted a climate transition plan under the CSRD will automatically meet the CSDDD’s transition plan requirements, streamlining compliance and reducing redundancy.

To effectively navigate the new regulatory landscape, companies should adopt a pragmatic and scalable approach from the outset. Strengthening data management capabilities is crucial, ensuring that accurate and comprehensive information is available for compliance and strategic decision-making. Additionally, leveraging global, cross-functional collaboration across legal, procurement, and sustainability areas will be vital for the seamless integration of due diligence measures.

For MSMEs, adopting new tools and strategies is essential. Implementing advanced supply chain transparency solutions and enhancing risk management frameworks will help meet the Directive's requirements. This proactive approach is crucial not just for compliance but also for building resilience and promoting sustainability in a globally interconnected market.

The path to full compliance may be complex, but it presents an unprecedented opportunity for companies to lead in sustainable innovation as CSDDD is not merely about meeting regulatory mandates. By embracing these changes, companies can secure their place in a future-focused value chain, driving both business success and positive environmental and social impact.

Begin your compliance journey now by revising existing policies, identifying, and addressing gaps, taking proactive responsibility, and engaging with stakeholders.

Even if your company is not directly targeted by CSDDD, it is essential to assess your value chain to identify whether you work with companies that fall within the scope. This proactive approach ensures that you are prepared for potential audits and can effectively manage compliance risks.

Understanding this broader impact will prevent any complacency and encourage companies to stay vigilant and proactive in their compliance efforts.