New EU Sustainbility Due Diligence Directive

• Compliance/Data Protection/ESG
• SME

This article was written by Sandra Klemm, Partner at AMATIN AG Attorneys at Law and Franz Saladin, Saladin Public Affairs. Both are long-standing experts in the field of sustainability and support and advise companies on sustainability issues.

The new EU Corporate Sustainability Due Diligence Directive (CSDDD), which obliges companies to integrate sustainability aspects into their business activities and corporate governance, will come into force in the next few days. The goal is to create binding EU-wide regulations on the obligations of companies to prevent or minimise actual and potential negative impacts on human rights and the environment in the course of their business activities. Furthermore, liability rules are provided for in the event of breaches of the above-mentioned obligations.

The following article shows which companies, including Swiss companies, are directly or indirectly affected by the Directive and how they can prepare for the implementation of the CSDDD.

Meaning and aim of the guideline

In recent years, more and more legal frameworks and initiatives have emerged in the EU Member States and Switzerland regarding companies’ obligations in relation to sustainability aspects. These initiatives and regulations reflect the growing desire to support companies in their efforts to conduct due diligence in their value chains and to promote business conduct that respects human rights, working conditions and the environment.

The CSDDD was formally adopted by the European Council on 24 May 2024 and the CSDDD will enter into force in the next few days. Member States have 2 years to transpose the provisions of the Directive into national law.

Scope of the Directive

EU companies with more than 1000 employees and a worldwide net turnover of EUR 450 million are covered by the scope of the CSDDD, whereby the obligations of the Directive come into force in a staggered approach depending on the size of the company and its worldwide net turnover:

• from 2027 for companies with 5000 employees and a global net turnover of EUR 1.5 billion
• from 2028 for companies with 3000 employees and a global net turnover of EUR 900 million
• from 2029 for companies with more than 1000 employees and a global net turnover of EUR 450 million

Non-EU companies are affected if they generate an annual turnover of at least EUR 450 million in the EU. EU and non-EU franchisors and licensors are also subject to the CSDDD if they generate royalties of more than EUR 22.5 million and more than EUR 80 million net turnover in the EU. Small companies that do not primarily fall under the scope of the CSDDD may be indirectly affected as part of the value chain, as large companies will pass on the requirements to their partners and will also expect and check compliance with the CSDDD among their partners. This means that small companies will also have to review their processes and risks and provide systems for collecting data on ESG criteria. This entails costs on the one hand and risks on the other if small companies do not fulfil the expectations of large companies and the business relationship may be terminated.

Defining and monitoring the implementation of due diligence and reporting

The risk-based due diligence required by the Directive covers all business practices of company’s upstream and partially downstream business partners. The CSDDD also requires the reasonable involvement of relevant stakeholders (“stakeholder management”) and the provision of grievance mechanisms. Whistleblowers must also be protected.

Members of the company management are responsible for defining and monitoring the implementation of risk-based due diligence as part of the corporate strategy. Management members must take measures to adjust business plans, the corporate strategy and business activities by taking into account actual and potential adverse effects. This strategy must include a concept, a code of conduct and due diligence procedures. Management shall report to the Board of Directors in this regard. Furthermore, it must draw up a climate transition plan for mitigating climate change with the aim to keep global warming within 1.5 °C degrees. Finally, the company management is responsible for terminating business relationships if adverse effects are not prevented or ended by the business partner.

The CSDDD contains an extensive list of violations in its annexes. It comprises violations in the areas of labour law, human rights and international environmental regulations.

Civil liability & public enforcement

According to the Directive, a company can be held liable under civil law if it intentionally or negligently causes damage to a natural or legal person due to a breach of due diligence obligations to prevent or stop such risks. However, as per the CSDDD, a company cannot be held liable if the damage was caused only by its business partners in its chain of activities. The Directive also contains provisions for facilitated access to justice and evidence (even if no reversal of the burden of proof is granted).

In order to ensure the implementation of the Directive, the CSDDD also states that the member states should appoint one or more national supervisory authorities that can carry out investigations and impose sanctions. The CSDDD provides for substantial fines of up to 5% of the company’s net turnover. Finally, the “public” denunciation in the event of a known breach and the associated potential reputational damage should not be underestimated.

Our recommendations for companies:

Here you will find our recommendations for action to prepare for the CSDDD:

• Prepare yourself for the fact that as a supplier you will be subject to increased due diligence and audits by larger business partners.
• Make the topic of ESG and due diligence part of your corporate strategy and communicate this from management.
• Develop and implement measures for yourself and in cooperation with business partners to recognise, mitigate or end negative impacts on human rights and on the environment and report on them.
• Review existing due diligence processes and carry out a “risk-based” due diligence of new and existing business partners and subsequent audits (using existing or updated due diligence tools).
• Review existing risk analyses in your company, expand them if necessary and operate meaningful stakeholder management.
• Review your (IT) systems for collecting data on ESG aspects.
• Be prepared for contractual obligations and contractual penalties in the event of non-compliance with ESG obligations.
• Integrate contractual obligations and contractual penalties into your contracts with business partners. In this context, obtain contractual assurances and regular reassurances from business partners.
• Take appropriate measures and sanctions in the event of breach or failure to mitigate (including contract cancellation and, if necessary, assertion of further legal claims).