On February 23, 2022, the European Commission published its long-awaited proposal—first announced in April 2020—for a Directive that is expected to require a significant number of EU and non-EU companies to conduct human rights and environmental due diligence across their operations and value chains.

The Commission’s Proposal for a Directive on corporate sustainability due diligence (the “Proposal”) is robust and signals that companies will need to make meaningful investments in effective due diligence programs. The Proposal also contemplates a significant expansion of directors’ duties, which would require directors of EU companies subject to the law to oversee the implementation of sustainability due diligence programs and take into account sustainability matters—including human rights, climate change, and environmental consequences—in the discharge of their duty to act in the best interest of the company.

The Proposal follows calls from the European Council (in December 2020) and the European Parliament (in January 2021) for a mandatory corporate due diligence and accountability law and extensive public consultation. It will now go through the EU’s legislative procedure, which requires agreement on the final text among the Commission, Parliament, and Council. Once passed, the law will represent a significant addition to the global legal landscape on business and human rights.

This alert summarizes key takeaways for companies established or doing business in the EU.

Which Companies Will Be Subject To The Law?

The Proposal sets forth application thresholds for EU and non-EU companies, with staggered implementation dates based on employee and turnover thresholds.

The proposed Directive’s due diligence obligations would initially apply (two years from the date it enters into force) to:

  • EU companies with an average of more than 500 employees and net worldwide turnover exceeding EUR 150 million; and
  • Non-EU companies with net turnover in the EU exceeding EUR 150 million in the financial year preceding the last financial year.

The law would subsequently apply (four years from the date it enters into force) to certain companies that do not meet the above thresholds but operate in higher-risk sectors, including:

  • EU companies with more than 250 employees on average and net worldwide turnover exceeding EUR 40 million, provided that at least 50% of their net turnover was generated in one or more of the following sectors:
    • the manufacture or wholesale of textiles, leather, clothing, and footwear;
    • agriculture, forestry, fisheries (including aquaculture), the manufacture of food products, or the wholesale trade of agricultural raw materials, live animals, wood, food, or beverages;
    • the extraction of mineral resources (g., crude petroleum, natural gas, coal, metals, and metal ores), the manufacture of basic metal products (except machinery and equipment), and the wholesale trade of mineral resources, and basic and intermediate mineral products.
  • Non-EU companies with net turnover in the EU of between EUR 40 million and EUR 150, of which at least 50% was generated in one or more of the foregoing sectors.

The Proposal defines the term “company” broadly and explicitly clarifies that it includes a broad range of regulated financial undertakings, regardless of their legal form.

Micro companies and small and medium enterprises (“SMEs”) will not be subject to direct compliance obligations under the law. The Proposal acknowledges, however, that SMEs will be indirectly affected through their business relationships with companies subject to the law and incorporates protections to avoid larger companies pushing compliance burdens down to SMEs in a way that may jeopardize their viability. For example, the proposed Directive includes requirements for larger companies to provide support to SMEs in certain circumstances, ensure contractual compliance obligations imposed on SMEs are “fair, reasonable, and non-discriminatory,” and to bear certain compliance costs (e.g., those associated with independent third party verifications).

When Will the Law Apply?

Once the Directive is agreed and enters into force, it will need to be transposed into national law by each of the EU’s 27 Member States. The Proposal sets a two-year timeline for implementation, with staggered implementation dates for companies with lower employee numbers and turnover, as set forth above. While the precise timing will depend on the date on which the final text is agreed and may vary across Member States, the law’s requirements would likely begin to apply in late 2024 or 2025.

As we have previously reported, several EU Member States have already implemented human rights and environmental due diligence laws or are in the process of doing so. It is possible that those countries may move more quickly to implement the Directive’s requirements by making any necessary adjustments to existing laws or proposals.

What Compliance Obligations Will the Law Create?

The Proposal sets forth a range of obligations on companies to identify, prevent, and mitigate adverse human rights and environmental impacts in their operations and value chains.

Adverse human rights and environmental impacts are broadly defined by reference to a list of key international conventions set forth in an Annex to the Proposal. Relevant areas of focus for human rights due diligence include, among others, child and forced labor, human trafficking, fair wages and decent living, freedom of thought and religion, access to adequate housing, freedom of association, and workplace health and safety. Adverse environmental impacts under the Proposal include those related to the use of biological resources and biodiversity, trade in endangered species of flora and fauna, mercury, persistent organic pollutants, hazardous waste, greenhouse gas emissions, pollution, biodiversity loss, and ecosystem degradation.

The proposed Directive would require covered companies to:

  • Implement a due diligence policy and integrate due diligence into all corporate policies.
  • Implement appropriate measures to identify actual and potential adverse human rights and environmental impacts arising from the company’s own operations, including those of its subsidiaries, and from established business relationships across its value chains.
    • The “value chain” concept encompasses all upstream and downstream activities related to the production of goods or provision of services, including the development of products and services, and the use and disposal of products.
    • An “established business relationship” is defined as “a business relationship, whether direct or indirect, which is, or which is expected to be lasting, in view of its intensity or duration and which does not represent a negligible or merely ancillary part of the value chain.”
    • Narrower obligations would apply to companies subject to the law only because of operation in higher-risk sectors (which would be required only to identify severe potential or actual adverse impacts related to the relevant high-risk sector(s)).
  • Take appropriate measures to prevent or adequately mitigate potential adverse impacts, including by developing and implementing a prevention action plan; seeking contractual compliance assurances from business partners and taking measures to verify compliance (and, in appropriate cases, terminating contracts); making necessary investments to support prevention and mitigation plans; and, where appropriate and in compliance with EU competition law, collaborating with other entities to bring adverse impacts to an end.
  • Take appropriate measures to bring actual adverse impacts to an end or minimize their extent, which may include paying compensation to affected parties; implementing corrective action plans; seeking contractual assurances from business partners; making necessary investments; collaborating with other entities; or terminating contracts.
  • Establish a complaints procedure to enable affected persons, trade unions and other workers’ representatives, and civil society organizations to submit complaints regarding actual or potential adverse human rights or environmental impacts in the company’s operations or value chains. Companies would also be required to establish processes for dealing with complaints.
  • Conduct annual assessments to monitor the effectiveness of the foregoing measures. Assessments would need to be based on “qualitative and quantitative indicators” and carried out at least annually, or more frequently where there are reasonable grounds to believe that significant new risks of adverse impacts may arise.
  • Publish a statement describing the company’s due diligence efforts. Companies not subject to reporting requirements under the EU Non-Financial Reporting Directive (“NFRD”) (or, once adopted, the proposed Corporate Sustainability Reporting Directive (“CSRD”)) would be required under the Directive to publish annual reports on their due diligence programs on their websites. This is most likely to be relevant to non-EU companies subject to the law.
  • Adopt a climate change plan consistent with the transition to a sustainable economy and the limiting of global warming to 1.5°C in line with the Paris Agreement. This obligation will apply only to companies that meet the higher turnover and employee thresholds set forth in the Directive (e., 500 employees and more than EUR 150 million in turnover for EU companies or more than EUR 150 million in EU turnover for non-EU companies). Companies for which climate change is a principal risk or impact of the company’s operations must additionally include emission reduction objectives in their plans and factor the fulfilment of climate and emissions targets into director remuneration.

How Will the Directive Be Enforced?

The Proposal features administrative enforcement by designated supervisory authorities in EU Member States and a civil liability mechanism.

The proposed Directive provides that Member States must designate supervisory authorities to oversee compliance with the Directive’s obligations, and that such authorities must have the power to request information, carry out investigations, order companies to take remedial actions, and impose turnover-based fines. Supervisory authorities would be required under the Directive to make sanctions decisions public, thereby heightening the reputational risks associated with enforcement. A European Network of Supervisory Authorities would be established to facilitate cooperation among authorities.

The proposed Directive also includes a civil liability mechanism that would allow private parties to sue a company for damages where the company failed to comply with its obligations under the Directive and the failure caused an adverse impact that led to damage. In the case of impacts caused by indirect business relationships, having taken reasonable steps to comply with the Directive’s requirements would serve as a safe harbor.

How Would the Proposed Directive Expand Directors’ Duties?

The proposed Directive includes provisions that would expand directors’ duties to encompass sustainability considerations. It provides that directors of large EU companies, in fulfilling their duty to act in the best interest of the company, would be required to take into account the consequences of their decisions on sustainability matters—including human rights, climate change, and environmental consequences—in the short, medium, and long term.

Directors of large EU companies would also be responsible for establishing and overseeing the implementation of the due diligence processes contemplated in the proposed Directive and adapting corporate strategy to account for adverse human rights and environmental impacts.

*           *           *