Following the announcement of the Corporate Sustainability Due Diligence Directive (CSDDD) adoption by the EU Council on 15th March 2024, the European Coalition for Corporate Justice immediately responded with the headline: “CSDD endorsement brings us 0.05% closer to corporate justice”, a summation referencing the “devastating and deplorable last-minute concessions” and “undemocratic manoeuvres by member states who have once again betrayed those they should protect from corporate harm”. In other words, whereas the European Commission’s previous CSDDD proposals would have captured 1% of all EU companies (approximately 16000 companies), the final Directive is now likely to apply to only 0.05% (a mere, 5,500).
Of course, these are very reasonable complaints to highlight. The reduction of the personal scope of the provision – raising the threshold from 500 to 1000 employees and from a turnover of 150 million to 450 million – is significant. Likewise, the dropping of lower thresholds for sectors that are notoriously tainted by atrocious human rights abuses– such as textile, mining, and the agricultural sector – and the limiting of downstream activities that fall within the Directive’s scope (to exclude transportation, storage and distribution when not conducted on behalf of the company), are, to say the least, a missed opportunity.
But, as an international human rights lawyer, I am more upbeat. I think we will look back at the enactment of the CSDDD as the time when due diligence for business began to be accepted as the minimum and the norm and when the expectations of responsible business practices began to be clarified and harmonised. It will drive the codification of the detail of due diligence and related decisions, expectations and standards that will, in due course, serve as clear, reasoned, hard law guidance on how businesses should meet their obligations. The CSDDD is not merely an inflection point; it is a truly transformative piece of law. It will be a springboard for global responsible business practices.
Of course, this grinding work has already begun. Most of the CSDDD’s provisions and/or expectations are already enshrined in existing soft or national hard law and/or operationalised in a plethora of multi-stakeholder initiatives. No wonder corporate heads are turning with the proliferation of soft law standards such as the UN Guiding Principles on Business and Human Rights (the UNGPs), and the OECD Guidelines for Multinational Enterprises (the OECD Guidelines), , as well as the emerging national hard(er) law reporting and due diligence frameworks, including the California Supply Chains Act, the UK Modern Slavery Act, the Australia Modern Slavery Act, the Canadian Forced Labour Law (2023), the French Duty of Vigilance Law, the EU Deforestation Regulation and many others besides.
As such, the CSDDD’s core risk-based, due diligence (products, services and sectoral) requirements, including independent third-party verification (rather than what the Directive refers to as “ineffective audits”), transparent stakeholder engagement, prevention, corrective and climate transition plans, grievance mechanisms, and remediation of adverse human rights and environmental impacts, are not new, or in any way unforeseen.
However, where the CSDDD moves the dial forward is in its expansive enforcement provisions that will be the levers that level, harmonise and, most crucially, clarify, this fragmenting due diligence and reporting playing field. Pursuant to Article 9, member states must create an independent Supervisory Authority (SA) with extensive investigative, adjudicative, and regulatory authority over the companies within the scope of the Directive. Their role includes supervising all aspects of the compliance with the domestic laws implementing the Directive. Critically, they are expected to engage proactively with corporations in relation to complaints, due diligence, harm, and remediation.
Of course, how Member States elect to resource and empower these SAs will determine their precise function and utility, but the plain terms of the Directive anticipate extensive authority. They will be able to adjudicate on claims (“substantiated concerns” by “natural or legal persons”) and order pecuniary penalties, where the Company has (solely or jointly) been found to have caused harm. Those penalties shall be commensurate with the nature, gravity, and duration of the harm and be “effective, proportionate and dissuasive”. The maximum limit of pecuniary penalties shall not be less than 5% of the net worldwide turnover of the company. The SAs will have a range of ancillary “due process” powers, including the authority to investigate, as well as order: disclosure of company records if required to support a claim; interim injunctive measures in case of imminent risk of severe and irreparable harm; and cessation of the violations. Moreover, Member States will have to provide claimants with access to a court or other independent and impartial public body competent to review the exercise of authority by the SA. Member States should also ensure a civil cause of action to enable effective redress for intentional or negligent failure to comply with the CSDD obligations.
In other words, not only will companies in the purview of the Directive be facing SAs with far reaching powers, but those standards will necessarily cascade down the supply chain to impact those companies and SMEs not directly included within the scope of CSDDD. The Supervising Authorities will be forced to act and act decisively and transparently or face their own process review. The civil courts will be confronted with associated claims. This adjudicative activity will be challenging and even confrontational. But clarity, harmonisation and eventually codification of the detail of the standards will surely emerge and be of real benefit to companies and communities.
Of course, it is wise not to be too starry eyed. Some of this will be smooth and straightforward but much will be contested and challenging to all concerned. As with all emerging international legal discourses, a shift to hard law – accompanied by investigations, adjudication, and penalties – will invite a period of uncertainty and even, at least initially, further conflict and fragmentation. This is how international legal codification and standard setting works. Take international criminal law (ICL) that thirty years on from the creation of the first of the modern day international criminal tribunals, now has hundreds of claims, complaints, decisions, judgments and academic discussion codifying and harmonising our understanding of many diverse elements of the law and prohibited conduct, including gender based and sexual violence, forced labour, children’s rights and many other international crimes based on (substantive and procedural) standards that are globally accepted and (often) enforced.
And so it will be with the CSDDD and standards of responsible business conduct, especially if companies act, anticipated complaints proliferate and if supervisory authorities work effectively and collaboratively with business. The creation of an effective Network of SAs (see Article 21) to facilitate the cooperation, coordination and alignment of their regulatory, investigative, sanctioning, and supervisory practices should turbo-charge this standard setting and harmonisation. Companies should seize the moment and get ahead of this adjudicative activity; reviewing their governance frameworks, assessing their due diligence processes, and ensuring that they are drivers and not passengers of this process of standard setting and codification. A challenge indeed, but a worthwhile one.