The Corporate Sustainability Due Diligence Directive (“CS3D“) was provisionally agreed at a political level in December 2023. Once formally approved, this new law will have significant impacts on many EU companies and non-EU companies active in the EU, as well as on their value chains throughout the world. In this first installment of our new “CS3D Explainer Series”, we answer the following four key questions: “Which companies are covered?,” “What will be their new obligations?,” “Why should they comply?” and “When will this start to apply?”
Contents
Which companies are in scope of the CS3D?
What are the obligations imposed by the CS3D?
What is the cost of non-compliance?
When do these rules start applying to which companies?
As part of the European Union (EU)’s European Green Deal, one of the areas of EU law that has developed most rapidly and profoundly is that relating to corporate sustainability governance. This area focuses on shaping companies’ management of environmental, social, and governance (ESG) matters. A number of EU laws in this area have already been adopted – most notably the Corporate Sustainability Reporting Directive (CSRD)1 and the Taxonomy Regulation2. Most recently, the Corporate Sustainability Due Diligence Directive (“CS3D“), has been provisionally agreed at a political level in December 20233. The final text of the CS3D must still be formally adopted by the European Parliament and the Council of Ministers before it will enter into force, but this is typically only a formality at this stage.
Given the critical importance of this new law and the business impact it is bound to have for most multinational companies active in the EU, we are already now launching the Baker McKenzie “CS3D Explainer Series”. This Series will highlight the most important aspects of CS3D compliance following this initial overview of the CS3D that will answer the four most important initial CS3D questions:
Which companies are covered? The CS3D differentiates between different categories of in-scope EU and non-EU companies, as set out in detail in section 1 below.
What is required of covered companies?
They will need to adopt and implement effective due diligence policies for identifying, preventing, mitigating, and bringing to an end actual and potential human rights and environmental harms in their own operations, those of subsidiaries, and of their business partners relating to their ‘chain of activities’ (i.e., specific parts of the value chain), see section 2.1.
They will also be required to adopt and put into effect a transition plan for climate change mitigation aligned with the Paris Agreement’s objective of limiting global warming to 1.5 °C, see section 2.2.
Why should companies comply? Because, otherwise, very significant administrative and financial penalties may be imposed, and they will be subject to civil liability for damages caused by non-compliance.
When will this apply? The largest in-scope companies will have three years, likely meaning until 2027, from the entry into force of the CS3D to comply, others will have four or five years.
The CS3D covers both companies incorporated under the law of a Member State (“EU companies“) and companies incorporated under the laws of a third country (“non-EU companies“) as per the table below.
2.1. Due diligence
Under the CS3D, in-scope companies are required to adopt and implement effective due diligence policies for identifying, preventing, mitigating, and bringing to an end potential and actual so-called “adverse impacts” on human rights and environmental matters in these companies’ own operations, the operations of their subsidiaries, and certain operations of their business partners.
These “adverse impacts” are defined by reference to international treaties ratified by Member States.
Adverse environmental impacts include impacts resulting from, for example, pollution, deforestation, excessive water consumption, or damage to ecosystems.
Adverse human rights impacts are defined as impacts resulting from either (i) a breach of enumerated human rights in several listed international instruments, or (ii) an abuse of a human right not listed under a number of conditions meant to ensure legal certainty. Typical examples include child labour, slavery, and labour exploitation.
The interpretation of what will constitute an adverse impact, including the interpretation of the relevant international treaties, will clearly be one of the most sensitive legal issues of the CS3D, as this will determine the type of situation that companies are required to identify, prevent, mitigate, and bring to an end.
The policies to be adopted and implemented will have to go beyond the traditional scope of responsibility of companies. In addition to their own operations and operations of companies they control, these policies will have to cover impacts that arise, or could arise, also from the following:
The operations of direct and indirect business partners of the company, i.e., those partners with whom the company has:
A commercial agreement related to their operations, products, or services
No commercial agreement, but that still carries out business operations related to the company’s operations, products, or services of the company
relating to the following parts of the value chain:
The upstream value chain, i.e., the production of goods or the provision of services by the company, including the design, extraction, sourcing, manufacture, transport, storage, and supply of raw materials, products, or parts of the products and development of the product or the service.
Some of the downstream value chain, i.e., the distribution, transport, storage, and disposal of a product, including the dismantling, recycling, composting, or landfilling, where the business partners carry out those activities directly or indirectly for the company or on behalf of the company, excluding the disposal of a product by consumers, and distribution, transport, storage, and disposal of products subject to export control (e.g., weapons).
For identified (potential or actual) adverse impacts, the due diligence obligation includes the following aspects:
Integrating due diligence into policies and risk management systems
Identifying and assessing actual or potential adverse impacts and, where necessary, prioritizing potential and actual adverse impacts
Preventing and mitigating potential adverse impacts, as well as bringing actual adverse impacts to an end, and minimizing their extent
Providing remediation to actual adverse impacts, i.e., providing financial or non-financial compensation including restitution of the affected person or persons or environment
Carrying out meaningful engagement with stakeholders, including providing information to stakeholders and answering their reasoned requests for information
Establishing and maintaining a notification mechanism and complaints procedure, open to those affected by adverse impacts, and the legitimate representatives of such persons (NGOs, unions, etc.)
Monitoring the effectiveness of their due diligence policy and measures, and publicly communicating on due diligence issues (where applicable, directly in the company’s CSRD report)
2.2. Climate change mitigation
A subset of the companies covered by the CS3D, likely4 including all of the ‘very large’ EU and non-EU companies and groups in scope, i.e., Groups 1, 1a, 2, and 2a (see section 1), will be required to “adopt and put into effect a transition plan for climate change mitigation” (the “Climate Plan”), which must have specific features:
The Climate Plan must aim “to ensure, through best efforts, that the business model and strategy of the company are compatible with”:
The transition to a sustainable economy
Limiting global warming to 1.5 °C in line with the Paris Agreement
The objective of achieving climate neutrality as established in the EU Climate Law, including its intermediate and 2050 targets
Where relevant, the exposure of the undertaking to coal-, oil- and gas-related activities
It must include the following company-specific climate targets, plans, and other topics
The Climate Plan must be updated every 12 months and must provide details of the progress made by the company towards achieving its targets.
The European Commission is required to publish practical guidelines on this Climate Plan within 36 months of the entry into force of the CS3D.
Companies that report a transition plan fully in accordance with the sustainability reporting standards adopted under the CSRD are automatically deemed to have complied with the obligation to adopt such a Climate Plan. The CS3D’s climate-related obligation is thus directly linked to the CSRD. However, the CS3D goes significantly beyond mere disclosure by requiring companies to: (i) adopt a detailed Climate Plan, and (ii) actually implement the Climate Plan on a best-efforts basis.
Lastly, the CS3D also includes a “culture shift through financial benefits” provision, which requires in-scope companies with over 1000 employees to implement policies to promote the transition plan, including (but not limited to) financial incentives to senior management.
The CS3D obliges Member States to adopt rules on penalties for violations of national provisions transposing the CS3D and to take all measures necessary to ensure that these are implemented. Penalties provided must be effective, proportionate, and dissuasive, and must at least include pecuniary penalties and ‘naming and shaming’ measures.
Pecuniary sanctions must be based on the company’s global net turnover, and the maximum sanction must be at least 5% of the net worldwide turnover of the company in the financial year preceding the fining decision. Member States are free to set their maximums even higher. For an EU or non-EU company that is the ultimate parent company of a group, penalties are calculated on their consolidated turnover. Non-confidential versions of the fining decisions will be published and will remain publicly available for at least 5 years, including to enable third parties to engage the company’s civil liability (see below).
The civil liability of a company will be engaged where it intentionally or negligently violates some of the CS3D obligations outlined in Section 2, where the violated obligation was aimed at protecting natural or legal persons and the violation has caused damage to such a person. Damage must be fully compensated under national law but must not be overcompensated (e.g., by means of punitive damages). A company cannot be held liable if the damage was only caused by one of its business partners, however, when the damage was caused jointly by the company and its subsidiary, direct or indirect business partners, they shall be liable jointly and severally.
The CS3D also provides obligations for Member States to ensure that there exists national legal recourse to damages, including with respect to standing, injunctive relief, and the beginning and duration of the limitation period for bringing damages claims (at least 5 years), as well as with respect to the discovery of evidence and for the preservation of evidence. Member States remain free to adopt more stringent national provisions.
CS3D will start to apply to in-scope companies as follows:
Three years after the entry into force of the CS3D, likely in 2027, to:
‘Very large’ EU companies that fall within Groups 1 or 2 and had at least 1000 employees on average and generated a net worldwide turnover of more than EUR 300 million in the last financial year preceding the 3-year anniversary of the entry into force of the CS3D
‘Very large’ non-EU companies that fall within Groups 1a or 2a and generated a net turnover of more than EUR 150 million in the EU in the financial year preceding the last financial year preceding the 3-year anniversary of the entry into force of the CS3D
Four years after the entry into force of the CS3D, likely in 2028, to:
Other ‘very large’ EU and non-EU companies falling within Groups 1, 2, 1a, or 2a
EU and non-EU companies with franchising or licensing business models
Five years after the entry into force of the CS3D, likely in 2029, to:
Smaller EU companies in high-impact sectors falling within Group 4
Smaller non-EU companies in high-impact sectors falling within Group 4a
1 Directive (EU) 2022/2464 of the European Parliament and of the Council of 14 December 2022 amending Regulation (EU) No 537/2014, Directive 2004/109/EC, Directive 2006/43/EC and Directive 2013/34/EU, as regards corporate sustainability reporting
2 Regulation (EU) 2020/852 of the European Parliament and of the Council of 18 June 2020 on the establishment of a framework to facilitate sustainable investment, and amending Regulation (EU) 2019/2088
3 This article is based on the European Parliament and Council’s press releases (see here, and here), as well as on a preliminary version of the provisional agreement that we have been able to obtain (the official version of the provisional agreement has not yet been released publicly).
4 The scope of this obligation is not fully clear from the version of the provisional agreement we have obtained.