abusesaffiliationarrow-downarrow-leftarrow-rightarrow-upattack-typeburgerchevron-downchevron-leftchevron-rightchevron-upClock iconclosedeletedevelopment-povertydiscriminationdollardownloademailenvironmentexternal-linkfacebookfiltergenderglobegroupshealthC4067174-3DD9-4B9E-AD64-284FDAAE6338@1xinformation-outlineinformationinstagraminvestment-trade-globalisationissueslabourlanguagesShapeCombined Shapeline, chart, up, arrow, graphLinkedInlocationmap-pinminusnewsorganisationotheroverviewpluspreviewArtboard 185profilerefreshIconnewssearchsecurityPathStock downStock steadyStock uptagticktooltiptwitteruniversalityweb
Article

16 Sep 2024

Author:
EU Council & Parliament

Excerpts from CSDDD legal text: Risk-based approach, appropriate measures & other features ensuring quality over bureaucracy

The non-exhaustive examples below from the adopted text of the Corporate Sustainability Due Diligence Directive (CSDDD) illustrate how the directive has from the start addressed questions of effectiveness, current supply network/value chain complexity, and feasibility for companies. An earlier version of this compilation was released in February 2024 based on the Trilogue compromise agreement.

See also our compilation of CSDDD excerpts on protections & opportunities for SMEs from the Global South and North.


Risk-based approach - first focusing on most salient risks

  • Article 8 (2): As part of the obligation [to identify and assess actual and potential adverse impacts], taking into account relevant risk factors, companies shall take appropriate measures to: (a) map their own operations, those of their subsidiaries and, where related to their chains of activities, those of their business partners, in order to identify general areas where adverse impacts are most likely to occur and to be most severe; (b) based on the results of that mapping, carry out an in-depth assessment of the own operations, those of their subsidiaries and, where related to their chains of activities, those of their business partners, in the areas where adverse impacts were identified to be most likely to occur and most severe.
  • Article 9 (1): Member States shall ensure that, where it is not feasible to prevent, mitigate, bring to an end or minimise all identified adverse impacts at the same time to their full extent, companies prioritise adverse impacts identified pursuant to Article 8 [...].
  • Article 9: (2) The prioritisation shall be based on the severity and likelihood of the adverse impacts. (3) Once the most severe and most likely adverse impacts are addressed [...] in a reasonable time, the company shall address less severe and less likely adverse impacts.
  • Recital 41: [...] When identifying, and assessing the adverse impacts, the company should take into account, based on an overall assessment, possible relevant risk factors, including company-level risk factors, such as whether the business partner is not a company covered by this Directive; business operations risk factors; geographic and contextual risk factors, such as the level of law enforcement with respect to the type of adverse impacts; product and service risk factors; and sectoral risk factors. [...] With a view to limiting the burden on smaller companies created by requests for information [...], companies should exercise restraint with regard to business partners that do not themselves present risks of adverse impacts and privilege reaching out, where reasonable, directly for more detailed information to business partners at levels in the chain of activities where [...] potential or actual adverse impacts are most likely to occur. [...]
For how many levels down does a company have to go? [...] To me, that is the wrong question. [...] The degree of oversight required if you have to do it on a layer-by-layer basis in companies of this size may be beyond anyone’s capacity. My sense is that the answer should not be defined by layers in the supply chain. It should be driven by wherever a company’s due diligence identifies salient human rights risks, no matter where. If your human rights due diligence process turns up a risk, whether it is in the 12th layer or the 2nd layer, that is where you go.
The late Professor John Ruggie, founder of the UN Guiding Principles, in a keynote speech delivered on 23 February 2021

Taking relevant, proportionate, appropriate action - often there are more effective and practicable measures than just 'social auditing'

  • Article 3 (o): ‘appropriate measures’ means measures that are capable of achieving the objectives of due diligence by effectively addressing adverse impacts in a manner commensurate to the degree of severity and the likelihood of the adverse impact, and reasonably available to the company, taking into account the circumstances of the specific case [...].
  • Article 10 (1) / 11 (1): [...] To determine the appropriate measures [...], due account shall be taken of:
    • (a) whether the potential / actual adverse impact is caused only by the company; whether it is caused jointly by the company and its subsidiary or business partner [...]; or whether it is caused only by the company’s business partner [...]
    • (c) the ability of the company to influence the business partner [...].
  • Article 10 (2) / 11 (3): Companies shall be required to take the following appropriate measures [to prevent or mitigate potential harms (Article 10) / to bring to an end or minimise actual harms (Article 11)], where relevant:
    • - / (a) neutralise the [actual] adverse impact or minimise its extent; such measures shall be proportionate to the severity of the adverse impact and to the company’s implication in the adverse impact;
    • (a) / (b) where necessary [...] develop and implement a prevention / corrective action plan, with reasonable and clearly defined timelines for the implementation of appropriate measures [...]. [T]he prevention / corrective action plan shall be adapted to companies' operations and chain of activities;
    • (b) / (c) seek contractual assurances from a direct business partner [...]
    • (d) / (e) make necessary modifications of, or improvements to, the company’s own business plan, overall strategies and operations, including purchasing practices, design and distribution practices;
    • (e) / (f): provide targeted and proportionate support to an SME which is a business partner of the company, where necessary in light of the resources, knowledge and constraints of the SME [...]
  • Recital 50 / 57: In order to ensure that appropriate measures for the prevention and mitigation of potential adverse impacts / bringing to an end or minimising of actual adverse impacts are effective, companies should prioritise engagement with business partners in their chain of activities, instead of terminating the business relationship, as a last resort action after attempting to prevent and mitigate adverse potential impacts without success / to bring actual adverse impacts to an end or minimise their extent without success. [...]
  • Recital 46 / 54: [...] Contractual assurances should be designed to ensure that responsibilities are shared appropriately by the company and the business partners. [...]
  • Articl 12 (1): Member States shall ensure that, where a company has caused or jointly caused an actual adverse impact, the company provides remediation. [...]
  • Article 13 (1): Member States shall ensure that companies take appropriate measures to carry out effective engagement with stakeholders [...].
  • Recital 65: In order to conduct meaningful human rights and environmental due diligence, companies should take appropriate measures to carry out effective engagement with stakeholders, for the process of carrying out the due diligence actions. [...]
  • Article 14 (3): Member States shall ensure that companies establish a fair, publicly available, accessible, predictable and transparent procedure for dealing with [...] complaints [...].

Collaboration to increase leverage, in line with applicable law - the CSDDD requirement for collaboration (where relevant) also increases legal certainty under competition law

  • Article 10 (2) / Article 11 (3): Companies shall be required to take the following appropriate measures, where relevant: [...]
    • (f) / (g) in compliance with Union law, including competition law, collaborate with other entities, including, where relevant, in order to increase the company's ability to prevent or mitigate the adverse impact / to bring the adverse impact to an end or minimise the extent of such impact, in particular where no other measure is suitable or effective.
  • Recital 49: It is possible that prevention of potential adverse impacts requires collaboration with another company, for example, at the level of indirect business partner with a company, which has a direct contractual relationship with the indirect business partner in question. [...]. The company should collaborate with the entity which can most effectively prevent or mitigate potential adverse impacts solely or jointly with the company, or other legal entities, while respecting applicable law, in particular competition law.
  • Recital 52: As regards direct and indirect business partners, industry and multi-stakeholder initiatives can help create additional leverage to identify, mitigate, and prevent adverse impacts. Therefore it should be possible for companies to participate in such initiatives to support the implementation of obligations [...] to the extent that such initiatives are appropriate to support the[ir] fulfilment [...]
The EU’s initiative for a mandatory due diligence law has from its beginning taken into account the aspects of effectiveness, current value chain complexity, and feasibility for companies. During the process, negotiators managed to bring the draft more in line with the risk-based approach from the UN Guiding Principles and OECD Guidelines, to encourage companies to prioritise reasonable, proportionate measures where in the value chain it is most urgent, based on severity and likelihood of abuse. Due diligence is not about companies formalistically policing and ticking the box for each and every (sub)supplier, layer by layer, a presumption apparently held by some actors who then often push for a limitation to the first layer (and subsequently criticise the outcome as too buraucratic, as with the German law and its tier-1 peculiarity, instead of promoting its promising elements). The focus of due diligence is on quality and impact, not bureaucracy, and the CSDDD clearly embodies that. While different stakeholders hold diverging views on certain aspects of the EU directive, and some painful gaps for rightsholders remain due to political and lobby pressure throughout the process, there is overwhelming consensus including among companies that the law is both effective and practicable in improving human rights and environmental protection in business. The CSDDD offers a historic opportunity that cannot be missed.
Johannes Blankenbach, Senior EU/Western Europe Researcher & Representative, BHRRC

No duplication of reporting obligations

  • Recital 62: [...] Directive 2013/34/EU [Non-Financial Reporting Directive / Corporate Sustainability Due Diligence Directive, via amendments] sets out relevant reporting obligations for the companies covered by this directive [...] In order to avoid duplicating reporting obligations, this Directive should therefore not introduce any new reporting obligations in addition to those under Directive 2013/34/EU for the companies covered by [that] Directive as well as the reporting standards that should be developed under it. [...]

Official guidance for companies to support practical implementation

  • Article 19 (1): In order to provide support to companies or to Member State authorities on how companies should fulfil their due diligence obligations in a practical manner, and to provide support to stakeholders, the Commission, in consultation with Member States and stakeholders [...] shall issue guidelines [...].
  • Article 19 (2): These guidelines [...] shall include:
    • (a) guidance and best practices on how to conduct due diligence [...], particularly, the identification process pursuant to Article 8, the prioritisation of impacts pursuant to Articles 9, appropriate measures to adapt purchasing practices pursuant to Articles 10(2) and 11(3), responsible disengagement pursuant to Articles 10(6) and 11(7), appropriate measures for remediation pursuant to Article 12, and on how to identify and engage with stakeholders [stakeholder engagement constituting a particularly effective and 'non-bureacucratic' way to improve due diligence incl. risk identification/assessment]; (b) practical guidance on the [climate] transition plan as referred to Article 22; (c) sector specific guidance; (d) guidance on the assessment of [...] sectoral risk factors, including those associated with conflict-affected and high-risk areas; (e) references to data and information sources available for the compliance with the obligations provided for in this Directive, and to digital tools and technologies that could facilitate and support compliance; (f) information on how to share resources and information among companies and other legal entities [...].

Accompanying public support measures for businesses

  • Article 20 (1): Member States shall, in order to provide information and support to companies and their business partners and stakeholders, set up and operate individually or jointly dedicated websites, platforms or portals. Specific consideration shall be given, in that respect, to the SMEs that are present in the chains of activities of companies. [...]
  • Article 20 (2): Without prejudice to State aid rules, Member States may financially support SMEs. Member States may also provide support to stakeholders for the purpose of facilitating the exercise of rights laid down in this Directive.
  • Article 20 (3): The Commission may complement Member State support measures, building on existing Union action to support due diligence in the Union and in third countries and may devise new measures, including facilitation of industry or multi-stakeholder initiatives to help companies fulfil their obligations [...].
  • Article 21 (1): The Commission shall establish a single helpdesk through which companies may seek information, guidance and support [...].

Timeline