On July 25, 2024, the long-anticipated Corporate Sustainability Due Diligence Directive (CSDDD) entered into force. This landmark piece of legislation will introduce significant obligations for in-scope companies to conduct environmental and human rights due diligence on their global operations and value chains.
The CSDDD requires the EU’s 27 Member States as well as the three European Economic Area states (Liechtenstein, Norway, and Iceland) to introduce national laws that implement the CSDDD’s rules by July 26, 2026.
As companies prepare to comply with this new regime, Covington is kicking off its “CSDDD Deep Dive” series. We will provide periodic blog posts on key CSDDD issues, addressing common issues arising in our daily ESG practice. This first post will provide an overview of the key facets of the CSDDD including which companies it applies to, due diligence obligations, and enforcement risk.
CSDDD phase-in application
Company obligations under the CSDDD will be phased in between July 2027 and July 2029. The phase-in dates and thresholds for both EU-based companies and non-EU companies are described in the table below. The CSDDD’s application to many companies based outside of the EU is a significant feature.
Date | Companies that will come into scope of CSDDD | |
EU/EEA Companies | Non-EU/EEA Companies | |
July 26, 2027 | EU/EEA companies (or ultimate parent companies of a group) with more than 5,000 employees on average and a net worldwide turnover of more than €1.5 billion. ($1.64 billion) | Non-EU Companies (or ultimate parent companies of a group) with a net turnover of more than €1.5 billion ($1.64 billion) in the EU/EEA. |
July 26, 2028 | EU/EEA companies (or ultimate parent companies of a group) with more than 3,000 employees on average and a net worldwide turnover of more than €900m ($982m). | Non-EU/EEA companies (or ultimate parent companies of a group) with a net turnover of more than €900m ($982m) in the EU/EEA. |
July 26, 2029 | EU/EEA companies (or ultimate parent companies of a group) with more than 1,000 employees on average and a net worldwide turnover of more than €450m ($491m). | Non-EU/EEA companies (or ultimate parent companies of a group) with a net turnover of more than €450m ($491m) in the EU/EEA. |
EU/EEA companies (or ultimate parent companies of a group) that have entered into franchising or licensing agreements in the EU/EEA in return for royalties amounting to over €22.5m ($24.6m) in the EU/EEA and have generated a net worldwide turnover of more than €80m ($87m). | Non-EU/EEA companies (or ultimate parent companies of a group) that have entered into franchising or licensing agreements in the EU/EEA in return for royalties amounting to over €22.5m ($24.6m) in the EU/EEA and have generated a net turnover of more than €80m ($87m) in the EU/EEA. |
CSDDD due diligence obligations
The CSDDD will require companies to take steps to identify, assess, prevent, mitigate, and remediate adverse human rights and environmental impacts in their value chains. Companies will also be required to implement policies and risk management systems, engage with stakeholders, and establish complaints procedures.
Many of these concepts are based on well recognized international standards such as the UN Guiding Principles on Business and Human Rights and the OECD Guidelines for Multinational Enterprises on Responsible Business Conduct.
Due diligence obligations will apply both with respect to a company’s own operations (including its subsidiaries’ operations) and also to “business partners” within the company’s “chain of activities.” A company’s chain of activities is defined to include the activities of (i) upstream business partners – including direct and indirect suppliers – and (ii) certain downstream business partners carrying out activities for or on behalf of the company.
Obligations for companies in the financial sector were a subject of negotiation prior to the finalization of the text. The final position is that provision of financial services is out of scope of due diligence obligations. This is captured in the definition of the “chain of activities” and also an express note in the recitals that financial services companies’ investment activities are out of scope.
It will be important to track how Member States transpose CSDDD obligations for financial services particularly on this point. The CSDDD requires the European Commission to publish a report by July 26, 2026, on whether additional sustainability due diligence requirements for the sector are necessary.
We will cover the specifics of the human rights and environmental due diligence measures in more detail in upcoming CSDDD blog posts.
To summarize, CSDDD obligations are wide-ranging, and companies will need to ensure they have robust due diligence measures in place to identify and address human rights and environmental impacts in their operations and value chains. Existing due diligence measures should be mapped against requirements of the CSDDD, and companies should consider a cross-functional approach that incorporates responsibilities under long-standing regulations (for example, the Nagoya Protocol Compliance Regulation) and other new sustainability regulations (for example, the EU’s Forced Labour Regulation, Deforestation Regulation, and Corporate Sustainability Reporting Directive).
Climate change transition plan
The CSDDD will also require companies to “adopt and put in into effect” a “transition plan for climate change mitigation.” The plan should “aim to ensure, through best efforts”, compatibility of a company’s business model and strategy with the transition to a sustainable economy and with the goal of limiting global warming to 1.5 degrees Celsius.
This requirement will demand continuous engagement from companies given that the plan must be updated annually and contain a description of progress made towards time-bound targets.
Enforcement and liability
Enforcement
Each Member State must designate a supervisory authority to monitor compliance with CSDDD due diligence obligations. Supervisory authorities will be able to receive “substantiated concerns” from members of the public and will have the right to launch inspections and investigations.
Furthermore, the CSDDD obliges Member States to implement “effective, proportionate, and dissuasive” penalties for non-compliance, including maximum fines not less than 5% of a company’s worldwide net turnover.
Civil Liability
Member States are required to establish a cause of action ensuring that a company can be held liable for damage provided: (i) the company intentionally or negligently failed to comply with its CSDDD due diligence obligations affecting one of the rights/prohibitions/obligations (listed in the legislation) aiming to protect that person; and (ii) as a result, damage was caused to a natural or legal person’s rights.
The civil liability regime is significant and will augment the recent climate of ESG “activist litigation”. The new cause of action under the CSDDD will provide claimants and NGOs with greater abilities to bring claims against companies for human rights and environmental impacts. Taking steps to align with due diligence expectations ahead of the date of application is therefore a critical legal risk mitigation step.
Developments to watch
Companies should continue to track the CSDDD as it unfolds over the next three years. Opportunities for public sector engagement will arise as: (i) Member States transpose the Directive into their national legislation; and (ii) the European Commission develops guidance on a number of key issues, including the due diligence expectations and model contract clauses as well as sector-specific guidance.
Our CSDDD series
The CSDDD comes into effect amidst a rapidly evolving business and human rights and ESG landscape and introduces a multitude of new considerations for companies. Our blog series will provide insight into key questions that companies are grappling with as the CSDDD takes effect.
Upcoming topics include: Understanding the intersection between the CSRD and CSDDD; Lessons learned from the German Supply Chain Act; Understanding the intersection between the Nagoya Protocol Compliance Regulation and CSDDD; Due diligence in practice; and What companies need to know about CSDDD enforcement.
If you have any questions concerning the material discussed in this client alert, please contact the members of Covington’s Business and Human Rights (BHR) and Environmental, Social, and Governance (ESG) practices:
Zoé Bertrand, Sarah Bishop, Hannah Edmonds-Camara, Daniel F. Feldman, Seán Finan, Cándido García Molyneux, Emanuel Ghebregergis, Paul Mertenskötter, Tom Plotkin, Donald J. Ridings Jr., Emma Sawatzky, Bart Van Vooren.