The Corporate Sustainability Due Diligence Directive (CS3D) is coming – Overview and Timeline

When representatives of the European Parliament (EP) and the Council of the European Union (Council) agreed on a binding version of the Corporate Sustainability Due Diligence Directive (CS3D or CSDDD), on the morning of December 14, 2023, everyone assumed that the formal adoption would be just a formality. However, on January 15, 2024, the German Free Democratic Party (FDP) passed a presidential resolution to "stop the EU Supply Chain Directive and prevent bureaucratic burnout".^[1] As a result of the FDP's rejection, the German government abstained in the Committee of Permanent Representatives of the Council (COREPER) because it could not agree on a joint vote internally. As a result, the Belgian Council Presidency postponed the vote scheduled for February 9 because France also had reservations and a majority for the Supply Chain Directive was in doubt.

When the COREPER meeting on February 28 also failed to produce a majority for the project, the Belgian Council Presidency brokered a version of the CS3D among the Member States willing to approve it in order to achieve the necessary qualified majority, i.e. approval by at least 15 EU countries representing at least 65% of the EU population, which was then achieved at the meeting on March 15. On March 19, 2024, the draft was also approved by the EU Parliament's Legal Affairs Committee, and Parliament adopted the final text on April 24, 2024. The main changes in comparison to earlier versions were the deletion of the review clause for the subsequent inclusion of downstream activities in the financial sector and a reduction in the number of companies falling within the scope of application.

Scope of application and implementation

Compared to the agreement on December 14, 2023, the thresholds for companies have been raised and the so-called high-risk areas have been removed. According to unofficial estimates by Somo[2] , the Centre for Research on Multinational Corporations, the number of affected companies has thus been reduced by 67%. With the criteria agreed in December, 16,389 companies would have fallen within the scope of application. By contrast, with the final criteria only 5,421 companies will be directly affected by the CS3D, i.e. 0.005% of all EU companies.

Details can be found in the following table:

Activity chain versus supply chain and value chain

The scope of the Supply Chain Directive has also been limited. Originally, the EU Commission's draft envisaged due diligence obligations along the entire value chain, i.e. from the "cradle to the grave" of a product. Now, the so-called activity chain for downstream activities only extends as far as the customer, without the customer being included. For upstream activities, not only direct suppliers are covered, but companies also have due diligence obligations towards Tier 2 to Tier N suppliers, with a focus on the most serious risks and those with the highest probability of occurrence (Art. 6 para. 1a).

Due diligence and implementation

Affected companies will need to set up a due diligence approach that takes into account the following points:

• Due diligence obligations must be integrated into policies and risk management systems and companies must have their own due diligence policy (Art. 5 para. 1).
• The policy on due diligence obligations must be developed in consultation with the employees (Art. 5 para. 1a) and revised at least every two years or as required (Art. 5 para. 2).
• Part of the policy is a Code of Conduct that describes the implementation of preventive and remedial measures (Art. 5 para. 1b).
• Due diligence obligations can be performed by group parent companies for the entire group (Art. 4a)
• Companies will be required to conduct a risk analysis (Art. 6) and prioritize the risks (Art. 6a).
• Independent auditors can be used to verify preventive measures; preventive measures can also be implemented through participation in multi-stakeholder initiatives (Art. 7).
• Remedial measures must bring actual adverse impacts to an end (Art. 8).
• Stakeholders must be involved in the analysis and prioritization, prevention and remediation measures as well as in the development of qualitative and quantitative KPIs (Art. 8d).
• Complaint procedures must be publicly accessible (Art. 9).
• Due diligence obligations must be monitored with regard to their appropriateness and effectiveness (Art. 10).
• Reporting on the implementation of due diligence obligations can be omitted if the companies report in accordance with the CSRD requirements [3]

Applicable Conventions and Prohibitions for affected companies

Part I of the Annex lists the specific rights and prohibitions that are considered to have a negative impact on human rights if they are disregarded or violated, and Part II lists the environmental impacts covered by the Directive.

In addition, the catalog of human rights obligations of companies is expanded to include further rights and prohibitions, such as the prohibition of arbitrary or unlawful interference with private life (Art. 17 UN Civil Covenant), the right to freedom of thought, conscience and religion (Art. 18 UN Civil Covenant) or the prohibition of restrictions on access to adequate housing for workers. The canon of prohibitions on measurable environmental damage is extended by a further seven international conventions, such as the Convention on Biological Diversity (CBD) of 1992, the Washington Convention on International Trade in Endangered Species of Wild Fauna and Flora (CITES) of 1973 and the Montreal Protocol of 1987 on substances that deplete the ozone layer.

Climate change mitigation and internal company implementation

In addition to the extended list of prohibitions to protect the environment, companies must define and implement an annually updated transition plan in accordance with the requirements of the CSRD, with which they ensure ("through best efforts") that their business model and strategy are compatible with the transition to a sustainable economy and the limitation of global warming to 1.5° Celsius in accordance with the Paris Agreement. The CS3D assumes that companies that submit a transition plan for climate protection in accordance with Articles 19a, 29a or 40a of Directive (EU) 2013/34 have fulfilled their obligation (Art. 15).

The provision linking the transition plan to the remuneration of the members of the Executive Board has been deleted.

Civil liability for the breach of duties of care

Article 22 of the CS3D provides for the civil liability of companies if they intentionally or negligently breach their duty to take preventive and remedial measures. Affected parties who have been affected by the breach of duty can demand compensation for the damage caused by the breach of duty within five years. This does not apply if the damage was caused by a business partner in the chain of activities. NGOs can claim the damage on behalf of the affected party. The member states should ensure that legal costs do not constitute a barrier. Provided that a plaintiff plausibly demonstrates their claim, the court can order the company to disclose evidence that is under its control.

Outlook and transposition into national law

The Directive must be transposed into national law within two years of its publication in accordance with Art. 30 (1). The application will happen in stages, depending on size and annual turnover. Details can be found in the following table:

^[1] Resolution of the Presidium of the FDP, Berlin, January 15, 2024, available at https://www.fdp.de/sites/default/files/2024-01/2024_01_15_praesidium_eu-lieferkettenrichtlinie-stoppen-buerokratie-burnout-verhindern_1.pdf (accessed on March 18, 2024).

^[2] SOMO, the Centre for Research on Multinationals, available at https://www.somo.nl/ (accessed on 18.03.2024).

^[3] Directive (EU) 2022/2464 of December 14, 2022 amending Regulation (EU) No. 537/2014 and Directives 2004/109/EC, 2006/43/EC and 2013/34/EU with regard to corporate sustainability reporting.