abusesaffiliationarrow-downarrow-leftarrow-rightarrow-upattack-typeburgerchevron-downchevron-leftchevron-rightchevron-upClock iconclosedeletedevelopment-povertydiscriminationdollardownloademailenvironmentexternal-linkfacebookfiltergenderglobegroupshealthC4067174-3DD9-4B9E-AD64-284FDAAE6338@1xinformation-outlineinformationinstagraminvestment-trade-globalisationissueslabourlanguagesShapeCombined Shapeline, chart, up, arrow, graphLinkedInlocationmap-pinminusnewsorganisationotheroverviewpluspreviewArtboard 185profilerefreshIconnewssearchsecurityPathStock downStock steadyStock uptagticktooltiptwitteruniversalityweb

Diese Seite ist nicht auf Deutsch verfügbar und wird angezeigt auf English


27 Feb 2024

EU Commission, Council & Parliament in Trilogue

Excerpts from CSDDD legal text: Risk-based approach, appropriate measures & other features ensuring quality over bureaucracy

The non-exhaustive examples below from the final Trilogue compromise agreement illustrate how the Corporate Sustainability Due Diligence Directive (CSDDD) has from the start addressed questions of effectiveness, supply network and value chain complexity, and feasibility for companies.

See also our compilation of CSDDD excerpts on protections & opportunities for SMEs from the Global South and North.

Risk-based approach - first focusing on most salient risks

  • Article 6 (1b): As part of the obligation [to identify and assess adverse impacts], companies shall take appropriate measures to: (a) map their own operations, those of their subsidiaries and, where related to their chains of activities, those of their business partners, in order to identify general areas where adverse impacts are most likely to occur and to be most severe; (b) based on the results of that mapping, carry out an in-depth assessment of the own operations, those of their subsidiaries and, where related to their chains of activities, those of their business partners, in the areas where adverse impacts were identified to be most likely to occur and most severe.
  • Article 6a (1): Member States shall ensure that, where it is not feasible to prevent, mitigate, bring to an end or minimise all identified adverse impacts at the same time to their full extent, companies prioritise adverse impacts identified pursuant to Article 6 [...].
  • Article 6a (2): The prioritisation shall be based on the severity and likelihood of the adverse impacts. Once the most severe and most likely adverse impacts are addressed [...] in a reasonable time, the company shall address less severe and less likely adverse impacts.
  • Recital 30: [...] When identifying, and assessing the adverse impacts, the company should take into account, based on an overall assessment, possible relevant risk factors, including company-level risk factors, such as whether the business partner is not a company covered by this Directive; business operations risk factors; geographic and contextual risk factors, such as the level of law enforcement with respect to the type of adverse impacts; product and service risk factors; and sectoral risk factors. [...]

Taking relevant, proportionate, appropriate action - often there are more effective and practicable measures than just 'social auditing'

  • Article 3 (q): ‘appropriate measures’ means measures that are capable of achieving the objectives of due diligence by effectively addressing adverse impacts in a manner commensurate to the degree of severity and the likelihood of the adverse impact, and reasonably available to the company, taking into account the circumstances of the specific case [...].
  • Article 7 (1) / 8 (1): [...] To determine the appropriate measures [...], due account shall be taken of:
    • (a) whether the potential / actual adverse impact is caused only by the company; whether it is caused jointly by the company and its subsidiary or business partner [...]; or whether it is caused only by the company’s business partner [...]
    • (c) the ability of the company to influence the business partner [...].
  • Article 7 (2) / 8 (3): Companies shall be required to take the following appropriate measures [to prevent or mitigate potential harms (Article 7) / to bring to an end or minimise actual harms (Article 8)], where relevant:
    • - / (a) neutralise the [actual] adverse impact or minimise its extent. The action shall be proportionate to the severity of the adverse impact and to the company’s implication in the adverse impact;
    • (a) / (b) where necessary [...] develop and implement a prevention / corrective action plan, with reasonable and clearly defined timelines for the implementation of appropriate measures [...]. Companies may develop their action plans in cooperation with industry or multi-stakeholder initiatives. The prevention / corrective action plan shall be adapted to companies' operations and chain of activities;
    • (b) / (c) seek contractual assurances from a direct business partner [...]
    • (ca) / (da) make necessary modifications of, or improvements to, the company’s own business plan, overall strategies and operations, including purchasing practices, design and distribution practices;
    • (d) / (e): provide targeted and proportionate support for an SME which is a business partner of the company, where necessary in light of the resources, knowledge and constraints of the SME [...]
  • Recital 36 / 41: [...] In order to ensure that appropriate measures for the prevention and mitigation of potential adverse impacts / bringing to an end or minimising of actual adverse impacts are effective, companies should prioritize engagement with business partners in their chain of activities, instead of terminating the business relationship, as a last resort action after attempting at preventing and mitigating adverse potential impacts without success / to bring actual adverse impacts to an end or minimise their extent without success. [...]
For how many levels down does a company have to go? [...] To me, that is the wrong question. [...] The degree of oversight required if you have to do it on a layer-by-layer basis in companies of this size may be beyond anyone’s capacity. My sense is that the answer should not be defined by layers in the supply chain. It should be driven by wherever a company’s due diligence identifies salient human rights risks, no matter where. If your human rights due diligence process turns up a risk, whether it is in the 12th layer or the 2nd layer, that is where you go.
The late Professor John Ruggie, founder of the UN Guiding Principles, in a keynote speech delivered on 23 February 2021

Obligations of means, not result

  • Recital 15: [...] This Directive should not require companies to guarantee, in all circumstances, that adverse impacts will never occur or that they will be stopped. [...] Therefore, the main obligations in this Directive should be ‘obligations of means’. [...]
  • Recital 29: [...] If necessary information, including information that is deemed to be a trade secret, cannot be reasonably obtained due to factual or legal obstacles, for instance because a business partner refuses to provide information and there are no legal grounds to enforce this, such circumstances cannot be held against the company, but companies should be able to explain why this information could not be obtained and should take the necessary and reasonable steps to obtain it as soon as possible.
  • Recital 34 / 39: [...] Contractual assurances should be designed to ensure that responsibilities are shared appropriately by the company and the business partners. The contractual assurances should be accompanied by appropriate measures to verify compliance. However, the company should only be obliged to seek the contractual assurances, as obtaining them may depend on the circumstances. [...]

Collaboration to increase leverage, in line with applicable law - a CSDDD requirement for collaboration (where relevant) should also increase legal certainty under competition law

  • Article 7 (2) / Article 8 (3): Companies shall be required to take the following appropriate measures, where relevant: [...]
    • (e) / (f) in compliance with Union law, including competition law, collaborate with other entities, including, where relevant, to increase the company’s ability to prevent or mitigate the adverse impact / to bring the adverse impact to an end or minimise the extent of such impact, in particular where no other measure is suitable or effective.
  • Recital 35a: It is possible that prevention of potential adverse impacts requires collaboration with another company, for example, at the level of indirect business partner with a company, which has a direct contractual relationship with the indirect business partner in question. [...]. The company should collaborate with the entity which can most effectively prevent or mitigate potential adverse impacts solely or jointly with the company, or other legal entities, while respecting applicable law, in particular competition law.
  • Recital 37: As regards direct and indirect business partners, industry and multi-stakeholder initiatives can help create additional leverage to identify, mitigate, and prevent adverse impacts. Therefore it should be possible for companies to participate in such initiatives to support the implementation of obligations [...] to the extent that such schemes and initiatives are appropriate to support the[ir] fulfilment [...]
The EU’s initiative for a mandatory due diligence law has from its very beginning taken into account the aspects of value chain complexity and feasibility for companies, and strongly so. During the process, negotiators managed to bring the draft more in line with the risk-based approach from the UN Guiding Principles and OECD Guidelines, to encourage companies to prioritise reasonable, proportionate measures where in the value chain it is most urgent, based on severity and likelihood of abuse. Due diligence is not about companies formalistically policing and ticking the box for each and every (sub)supplier, layer by layer, a presumption apparently held by some actors who then often push for a limitation to the first layer (and subsequently criticise the outcome as too buraucratic, as with the German law and its tier-1 peculiarity, instead of promoting its promising elements). The focus of due diligence is on quality and impact, not bureaucracy, and the CSDDD clearly embodies that. While different stakeholders hold diverging views on certain aspects of the EU directive, and some painful gaps for rightsholders remain due to political pressure throughout the process, there is overwhelming consensus including among companies that the Trilogue compromise is both effective and practicable in improving human rights and environmental protection in business. The CSDDD offers a historic opportunity that cannot be missed.
Johannes Blankenbach, Senior EU/Western Europe Researcher & Representative, BHRRC

No duplication of reporting obligations (one reason for extended reporting under e.g. the German Supply Chain Act being the lack of a civil liability mechanism)

  • Recital 44: Directive 2013/34/EU [Non-Financial Reporting Directive / Corporate Sustainability Due Diligence Directive, via amendments] sets out relevant reporting obligations for the companies covered by this directive [...] In order to avoid duplicating reporting obligations, this Directive should therefore not introduce any new reporting obligations in addition to those under Directive 2013/34/EU for the companies covered by that Directive as well as the reporting standards that should be developed under it. [...]

Official guidance for companies to support practical implementation

  • Article 14 (1): In order to provide support to companies or to Member State authorities on how companies should fulfil their due diligence obligations in a practical manner, and to provide support to stakeholders, the Commission, in consultation with Member States and stakeholders [...] shall issue guidelines [...].
  • Article 14 (1a): These guidelines shall include:
    • (a) guidance and best practices on how to conduct due diligence [...], particularly, the identification process pursuant to Article 6, the prioritisation of impacts pursuant to Articles 6a, appropriate measures to adapt purchasing practices pursuant to Articles 7(2) and 8(3), responsible disengagement pursuant to Articles 7(5) and 8(6), appropriate measures for remediation pursuant to Article 8c, and on how to identify and engage with stakeholders [stakeholder engagement constituting a particularly effective and 'non-bureacucratic' way to improve due diligence incl. risk identification/assessment]; (b) practical guidance on [climate transition] plans pursuant to Article 15; (c) sector specific guidance [...]; (d) guidance on the assessment of [...] risk factors, including those associated with conflict-affected and high-risk areas; (e) references to data and information sources available for the compliance with the obligations in this Directive, and to digital tools and technologies that could facilitate and support compliance; (f) information on how to share resources and information among companies and other legal entities [...].

Accompanying public support measures for businesses

  • Article 14 (1): Member States shall, in order to provide information and support to companies, their business partners and stakeholders, set up and operate individually or jointly dedicated websites, platforms or portals. Specific consideration shall be given, in that respect, to the SMEs that are present in the chains of activities of companies. [...]
  • Article 14 (2): Without prejudice to applicable State aid rules, Member States may financially support SMEs. Member States may also provide support to stakeholders for the purpose of facilitating the exercise of the rights laid down in this Directive.
  • Article 14 (3): The Commission may complement Member States’ support measures building on existing Union action to support due diligence in the Union and in third countries and may devise new measures, including facilitation of joint stakeholder initiatives [...].
  • Article 14a (1): The Commission shall establish a single helpdesk through which companies may seek information, guidance and support [...].