Progress on the EU Corporate Sustainability Due Diligence Directive

February 2024

In December 2023, the European Parliament and European Council reached provisional agreement on the Corporate Sustainability Due Diligence Directive (CSDDD) that was proposed by the European Commission in February 2022. Although this represented significant progress, some political obstacles need to be overcome to finalise the package. Given the burdens the new directive would introduce, and concerns over whether it would meet its goals, some EU member states have indicated they may abstain from a vote in the Council. This could mean that the adoption of the Directive is delayed, or ultimately does not pass into law. 

Assuming political agreement in the Council and Parliament can be found, the CSDDD will set obligations for companies to identify, assess, mitigate and remedy negative impacts on human rights and the environment across their chains of activity. These obligations will include formal analysis of the risks and associated controls relating to child labour, slavery, pollution, deforestation, excessive water consumption and damage to ecosystems. In-scope companies will need to integrate due diligence into their policies and risk management systems, across approaches, processes and codes of conduct. They will also need to develop and disclose climate transition plans that demonstrate how they will bring their activities in line with the Paris Agreement's 1.5 degree Celsius target. The plan should include time-bound targets for 2030, five-year targets up to 2050, and be updated every 12 months to assess progress toward achieving the targets. 

The latest compromise text brought welcome clarity for financial services companies in the EU and UK on the potential extent of their obligations under the CSDDD, as well as minor adjustments to thresholds and definitions. Although the Directive must still pass final votes in the European Parliament and Council, and would not come into force until at least 2026, there are actions that companies can take now to prepare for the requirements. 

The full application of CSDDD would require analysis and contractual assurances for upstream¹ and downstream² partners in companies' chains of activity, introducing potential challenges around how to conduct due diligence for operations over which they have no direct control. 

The compromise text provisionally agreed between the Council and Parliament confirms that CSDDD requirements will not apply in full to regulated financial undertakings, with 'only the upstream but not the downstream part of their chain of activities' covered by the Directive. 

This offers a reprieve for financial services firms, although it may only be temporary. Downstream activities for financial services firms may be captured by the CSDDD in future — within two years of the Directive coming into force, and following an impact assessment, the European Commission will 'lay down additional sustainability due diligence requirements tailored to regulated financial undertakings with respect to the provision of financial services and investment activities'. 

The general approach to scoping is retained under the provisional agreement and compromise text. Companies will come into scope either two or three years after the Directive enters into force. 

Two years:

• EU companies with more than 500 employees and a net worldwide turnover of more than EUR 150 million. 
• Non-EU companies that generate a net turnover of more than EUR 150 million in the EU.

Three years:

• EU companies with more than 250 employees and a net worldwide turnover of more than EUR 40 million, provided at least 50% of this turnover is generated in 'high impact³' sectors. 
• Non-EU companies that generate a net turnover of more than EUR 40 million in the EU, provided at least 50% of worldwide turnover was generated in high impact sectors. No employee threshold. 

The scoping criteria will be applied based on the extent to which companies meet the thresholds at subsidiary or consolidated level and the number of consecutive years during which they have done so. 

Each EU country will have a designated supervisory authority with the power to impose penalties for non-compliance with the CSDDD, including 'naming and shaming' and fines of up to five per cent of net worldwide turnover. There will also be a civil liability regime for damages, under which victims can claim compensation from companies for up to five years. 

To motivate companies to comply with the CSDDD, public sector bodies will be able to use CSDDD compliance as part of the criteria when awarding contracts. 

Companies with over 1,000 employees should have policies in place to promote implementation of climate transition plans, such as financial incentives to members of the administrative or management bodies. 

The implementation of CSDDD, whether in full or in part for financial services firms, will require significant effort and resources. However, there are some similarities and overlap between elements of the Directive and existing requirements, which may enable companies to leverage work already done: 

• Companies with a presence in Germany must already comply with the German Supply Chain Due Diligence Act. The Act places human rights and environmental due diligence obligations on companies with 1,000 or more employees, irrespective of sector or revenue. It focuses on activities in the supply chain (rather than upstream and downstream activities in the chain of activity), and non-compliance fines can be as much as two per cent of a company's average global annual turnover. The legislation's extra-territorial reach is similar to that of the CSDDD, capturing companies with a presence in Germany regardless of where they are headquartered. 
• UK and some third-country companies will already have experience in conducting and reporting on due diligence from the requirements in the UK Modern Slavery Act. This requires companies with UK turnover of more than £36 million to disclose the extent to which they exercise due diligence to prevent slavery and human trafficking in their business and supply chain. 
• The EU Corporate Sustainability Reporting Directive (CSRD) requires adoption and disclosure of climate transition plans. Companies will not face duplicated requirements under the CSDDD but will be expected to put their plan into effect and update it every 12 months to assess progress towards targets. Similarly, the FCA already has climate transition planning requirements for some UK companies, with more are expected to be captured in due course. 
• The UK Corporate Governance Code requires firms to explain how they have considered wider stakeholder needs, implicitly including environmental and social issues. Under the code, directors have a criminal liability for non-compliance — companies can draw on their existing practices to prepare for future CSDDD requirements. 

The draft rules require further formal approval by the European Parliament and European Council. If endorsed and adopted by both institutions, Member States will have two years to implement the Directive, meaning it is unlikely to come into force until at least 2026. 

In the meantime, there is work that all companies, including FS firms, can do to prepare for due diligence compliance on a 'no regrets' basis, even if the CSDDD is not ultimately introduced. This includes assessing their operations, upstream relationships and climate transition plans to determine how closely they comply with the potential requirements of the CSDDD, before addressing any gaps in a sensible and risk-based order of priority. 

KPMG in the UK can help you improve governance and due diligence arrangements and prepare for a potential CSDDD implementation. We have extensive experience in due diligence (including human rights), development of transition plans and the management of climate and environment-related risks. Please get in touch to discuss.