The EU Corporate Sustainability Due Diligence Directive (CS3D) adopted in June 2024 is a major step in the development of global ESG policy. It is the first major piece of legislation that places requirements on companies moving to the transition phase of the Green Deal.

The CS3D requires in-scope companies to investigate, identify, and assess actual and potential risk of contravening EU human rights and climate policy standards. It places obligations on companies to consider and positively amend their own business strategy, practices, and arrangements. Importantly, it imposes responsibility on individual in-scope EU and non-EU companies for their business partners and supply chain on a global level.

New strict liability regime

Until now, global brands manufacturing and providing services on an outsourced basis have been able to rely on third party supplier undertakings on compliance with broad and high-level international human rights and governance standards. CS3D imposes the responsibility on the firm to ensure the third parties have taken steps to ensure compliance.

The regulation places responsibility on in-scope companies for adhering to EU standards and to obligations on international human rights and climate policy. Broadly speaking, relevant aspects of the EU human rights standards and climate policy are set out in the legislation, while higher level climate policy also explicitly includes transition to meet Paris 1.5agenda, as well as EU net zero targets.

Who does regime capture?

The regime captures in-scope large EU companies with over one thousand employees, and a net worldwide turnover of more than €450m ($482m), or who have generated royalties in the EU of over €22.5m ($24.1m) and net worldwide turnover of more than €80m ($86m). It also includes large companies not incorporated in the EU that have turnover of more than €450m ($482m) generated in the EU. EU-incorporated companies that have generated royalties in the EU of more than €22.5m ($24.1m) and net turnover of more than €80m ($86m) are also in scope.

While application is set to be phased in from the next three years, global companies are expected to begin implementing standards and compliance functions almost immediately. This is partly due to the directive being risk based, and so market practice in relation to compliance are yet to be determined, and also the importance for brand protection as consumers and civil society groups home in practices. In some jurisdictions, market practice is already developing. France this year has seen the first spate of high-profile litigation in relation to corporate strategies and alignment to Paris 1.5 Celsius obligations.

Companies will be responsible for ensuring their activities and those of their group, as well as their global business partners and supply chain up and down stream, are compliant with EU standards as set out in the Directive.

CS3D therefore poses compliance and commercial risk for all companies, suppliers and manufacturers, dealing with in-scope firms.  

The EU directive presents important compliance challenges for in-scope and non-scope firms, globally. The responsibility imposed on firms caught by the directive implies potentially significant business model questions, challenges, and opportunities. We expect these implications to run through supply chains affecting non-scope firms and companies on an international level. CS3D therefore poses compliance and commercial risk for all companies, suppliers and manufacturers, dealing with in-scope firms.  

The combination of the scope and the risk-based approach to capturing the global supply chain means the EU is meaningfully exporting its ESG standards internationally. Non-scope firms that are two, three, or four steps away from in-scope firms in the supply chain can realistically expect to face client pressure to align their business models and practices to be compliant with EU standards.

Lithium and textiles

Lithium supply security has become an important priority for nations, companies, and investors. To supply battery production, companies have entered into supply agreements including taking on equity stakes in supply. Lithium production controversies involve the environment and human rights. Corruption is also a concern and country of origin issues present due diligence risk. In terms of environmental risks, water is a high-risk concern since, depending on the form of extraction, producing a ton of lithium consumes over two million litres of water. Brine mines can have a detrimental impact on fresh water supplies, raising concerns about the impact on indigenous populations.

The MSCI Industrial Materiality Map rates textiles (apparel and home furnishings) as posing the highest material impact on environmental issues, through factors including raw material sourcing and carbon emissions footprint. The textiles sector also scores high in terms of risk of adverse social impacts, especially on labour management, supply chain labour standards and chemical safety. The sector is rated among the highest risk for general governance, including business ethics practiced, ownership and control and pay, indicating implications for employee and management relations.

Companies operating in large and fast-growing textiles sectors of Bangladesh will need to consider various aspects of their ESG obligations under the directive. Textiles products manufacturing destination companies are likely to come under extreme scrutiny due to the risk-based approach. The European Commission sites Bangladesh regularly in regulatory updates, and references to Rana Plaza appeared frequently when justifying onerous requirements. Therefore, activities in high-risk jurisdictions are likely to attract supervisory scrutiny, as well as consumer and civil society group focus.

Risk management

The Directive poses potentially significant strategic and business model questions. It also presents clear risks. Some risks are common to regulatory regimes due to the legislative and oversight approach. Other risks are peculiar to due diligence requirements designed under the regime, and more so due to the nature of high-risk sectors and activities.

The main risks identified arise from compliance challenges in remote jurisdictions, embedding new operational compliance functions, but also risks associated with uncertainty, with litigation and enforcement risk posing the highest cost. Sustainability based litigation is one of the fastest growing and highest cost areas of litigation with potentially high levels of damages and awards as many cases involve large classes of claimants. The directive is expected to push the number of actions and the size of claims higher, as well as broaden out to human rights and labour-related claims.

Compliance approach

The approach to compliance in relation to all aspects of the Directive requirements is yet to be determined. The Commission is anticipated to provide specific guidance in some areas, anticipated to involve delegated and regulatory technical standards. There is a high prospect authorities will not provide guidance in relation to broad areas of the regime, leaving companies and industry sectors to determine approaches.

Companies are expected to discharge the obligations and meet requirements on a risk-based means rather than outcomes basis with the onus being on continual efforts to eradicate poor and harmful practices. This approach is anticipated to flow through the global supply chains of global brands, so having an impact on the ongoing practices of suppliers, manufacturers, logistics companies, and providers of BPO (business process outsourcing) services. The following are key features of a compliance function:

• Embedding responsibility Policy and regulatory teams working with legal and compliance to develop proportionate policies, processes, and procedures. Engaging and working with National Competent Authorities and relevant EU sector agencies, as well as business partners and sector peers, to develop process practices, including pro-forma questionnaires and protocols.
• Identifying and assessing risk An investigation function based on OSINT (open source intelligence) and On-The-Ground intelligence services to identify and assess specific activities and operational risks to own group companies and business partners. Third party investigation partners are effective for objective assessment and assurance framework.
• Risk-mapping A risk-based approach identifying and determining the nature and extent of risk.
• Mitigate, prevent, or cease activity Working with teams on the ground alongside enforcement authorities, relevant official agencies, and industry. Developing processes and procedures to assist and guide internal teams and business partners managing risks – including identifying risks and taking appropriate actions, including reporting. Continual and on-going monitoring and reporting based on intelligence, investigation and reporting for internal teams and escalation.