Skip to main content

How to get ready for the new EU sustainability due diligence law

The European Union finally passed the Corporate Sustainability Due Diligence Directive. Here’s an early look at how CSDDD will affect corporate supply chains.

Flags of the European Union in front of the European Parliament building

Source: Shutterstock/rarrarorro

After four years of negotiations, the European Union passed the Corporate Sustainability Due Diligence Directive (CSDDD) on Friday. The legislation aims to harmonize the requirements and processes for companies to assess and mitigate the human rights and environmental impacts of their operations and supply chains. After several European countries, including France and Germany, passed their own supply chain regulations in recent years, CSDDD now aims to level the playing field across countries. 

The ambitious directive represents the most robust attempt to date to manage the risks and impacts of corporate value chains across all supplier tiers. "This feels like a sizable shift from how 99 percent of corporate sustainability teams are operating," said Diana Wilkinson, global lead for supply chain at BSR, a sustainability consultancy. 

This holds even as the final scope of the regulation is much smaller than policymakers had conceived it at the beginning of the process. While some sectors with further advanced due diligence programs — such as cocoa, minerals and electronics — actively supported the law, more conservative industries such as finance and automobile were lobbying against it, said Catarina Vieira, EU policy adviser at Solidaridad Network. 

In its final version, CSDDD will apply to European companies with at least 1,000 employees and $489 million in turnover, which, according to estimates from the Dutch nonprofit SOMO, includes about 5,400 companies. It also covers businesses based outside of the EU that generate at least $489 million in sales in the European market. The directive will become effective two years after its likely publication date this fall. It will be phased in between 2027 and 2029, starting with the largest companies with more than 5,000 employees and giving smaller ones more time to comply. 

Here are five significant changes companies should be ready to make in response:

1. Break down silos between human rights and environmental teams

Companies tend to have fairly separate programs and processes to handle human rights and environmental impacts. CSDDD will likely incentivize teams to collaborate more closely and conduct holistic assessments. "It recognizes the interconnection between human rights and the environment and really focuses on the fact that a company's impact on the environment cannot and should not lead to human rights harms," said Paloma Muñoz, director for human rights standards at BSR. One result could be the addition of human rights considerations to climate transition plans. 

2. Reorient risk assessments from companies to communities

When conducting social and environmental risk assessments, the standard practice has been for companies to put themselves at the center by asking which issues are most material to them. CSDDD will require companies to adopt a different lens and consider which risks are the most severe and likely to affect the communities and ecosystems in which they operate. 

Muñoz pointed out that companies will need to develop new forms of technical analysis and long-term relationship-building with communities in their supply chains to identify and address risks according to severity. With this requirement, CSDDD may further scrutinize the effectiveness of multi-stakeholder initiatives such as the Roundtable on Sustainable Palm Oil to understand whether these partnerships sufficiently fulfill companies' due diligence responsibilities. 

3. Connect the dots between disclosure and action 

As sustainability reporting and disclosure requirements have increased over the past years, sustainability teams have become increasingly frustrated with the outsized resources they need to dedicate to reporting rather than on-the-ground projects. CSDDD aims to counter this dynamic, changing the equation in favor of action. 

"This legislation is very focused on impact mitigation and strategic forward-looking vision, which is pretty cool to see," said Wilkinson. The directive requires companies to proactively put an end to issues such as child labor, plastic pollution and biodiversity loss, prevent them from happening again and remediate harms that have already occurred. 

4. Engage the entire supply chain even when risks arise

Most companies will need to mitigate and remediate impacts across their entire supply chains, including during the process of getting materials to manufacturers, and from there to customers. This is a significant shift from prior due diligence legislation. Businesses won’t be allowed to simply stop working with a supplier when problems arise. "You're allowed to have risks in your supply chain, but you have a legal obligation to do the best reasonable effort to mitigate them," said Richard Gardiner, EU public policy lead at the World Benchmarking Alliance.

This process aims to prevent companies from disengaging from problematic areas, which could lead to even worse outcomes, for example, by aggravating poverty in a community when a factory closes due to child labor violations. "To ensure this happens is going to take a lot of peer-to-peer learning, oversight from regulators and listening to small-scale producers and suppliers outside of Europe," Gardiner added. 

Solidaridad Network’s Vieira clarified that cutting a supplier will remain a last-resort option if risks continue after repeated attempts to fix them and when disengagement won’t cause worse impacts.

5. Be ready for harsh financial penalties and civil liability if you don’t comply

Two consequences await companies that don’t comply. Regulators can impose a fine of up to 5 percent of the company’s net global sales in the financial year before the fine. In addition, a European civil court could hold a company liable for its actions, and people who suffered damages can receive compensation for impacts that could have been prevented by adequate due diligence measures. "Civil liability being attached to it is tremendous. It's a very significant piece of the puzzle," said Muñoz. 

Because the directive now covers a smaller number of companies than anticipated in earlier versions, it will be easier for European governments to monitor them and ensure adequate enforcement.

More on this topic