Global menu

Our global pages


EU Corporate Sustainability Due Diligence law would apply to non-EU companies

  • Europe
  • United Kingdom
  • Commercial and IT
  • Employment law
  • ESG
  • Consumer
  • Food and drink
  • Retail


Corporate sustainability practices are under increasing scrutiny as pressures grow on businesses to address environmental and human rights risks in their operations and supply chains, wherever they conduct their business in the world.

Allegations of sweatshop factories, dangerous working conditions, slave labour, deforestation, pollution and environmental degradation have been made across many sectors, including food, manufacturing, energy and construction. Becoming embroiled in a human rights or environmental controversy risks, as a minimum, damage to corporate reputations, sales and share values, reflecting rising expectations from customers, investors and other stakeholders.

Yet, how to respond remains an ongoing challenge for global businesses. Voluntary UN and OECD standards have not had broad traction beyond a minority of best practice employers. As a result, some jurisdictions, including the European Union (EU), are seeking to enact legally-binding due diligence and directors' duties in relation to the environment and human rights - duties that apply to some non-EU companies and not just those formed in the EU. Due diligence duties may require companies to pro-actively identify, prevent, remedy and report on risks across their global business operations and relationships.

We consider below the detail of the EU's newly proposed Corporate Sustainability Due Diligence draft Directive (the directive) which, if adopted this year or next, would be implemented in 2024 or 2025. This may seem like a distant date. However, the extensive due diligence duties anticipated, for those companies in scope, would necessitate leadership, training, resourcing, investment, procurement changes and capability-building. As a minimum, the directive seeks to curtail the practice of adding contractual assurances in value chain contracts without further action, such as verification, support, investment and sector collaboration, and it seeks to increase corporate liability.

Which businesses are in-scope?

-     SMEs are excluded. About 13000 EU companies and 4000 non-EU companies are included.

The directive applies:

-         to companies formed in an EU Member States (MS) with more than 500 employees and a net worldwide turnover of more than EUR 150 million;

-         to companies formed in an EU MS with more than 250 employees and a net worldwide turnover of more than EUR 40 million where at least 50% was generated in higher risk sectors as defined (these include manufacturing and trade in textiles, clothing, footwear, food and agriculture and energy and mineral extraction). A two year delayed implementation and amended due diligence obligation is proposed for companies falling in this category; and

-         to companies formed outside the EU which either generate a net turnover of more than EUR 150 million in the EU, or, generate a net turnover of more than EUR 40 million but not more than EUR 150 million in the EU provided that at least 50% of net worldwide turnover was generated in one or more of the high risk sectors identified above.

Due diligence obligation: in overview

MS must ensure that in-scope companies conduct human rights and environmental due diligence, by carrying out the following actions:

-         integrate due diligence into their policies, including having a due diligence policy and code of conduct which are updated annually;

-         take appropriate measures to identify, prevent, mitigate, bring to an end or minimise actual or potential adverse impacts (including by the payment of damages) arising from their own operations, their subsidiaries and, where related to their value chains, from their established business relationships (see 'practical implications' below). However, for those smaller in-scope EU and non-EU companies in higher risk sectors (above), they are only required to identify actual and potential severe adverse impacts relevant to the respective sector;

-         establish and maintain a complaints procedure;

-         monitor the effectiveness of their due diligence policy and measures at least annually; and

-         publicly communicate on due diligence, including publishing an annual statement on their website by 30 April each year (if they are not already required to report under EU annual accounting rules).

-     The scope of human rights and environmental protections are defined and reflect internationally recognised standards, such as the Universal Declaration of Human Rights.

-     The due diligence obligations are amended for the financial sector.

Due diligence obligation: practical implications

The due diligence obligation is limited to the company's own operations and subsidiaries, and, importantly, their established business relationships where related to their value chains. Both are defined:

-         a business relationship is drawn widely and will include commercial agreements with contractors, sub-contractors and those performing business operations related to the products or services of the company for or on behalf of the company. An established business relationship is one that is lasting and more than a negligible or merely ancillary part of the value chain.

-         value chain means activities related to the production of goods or the provision of services by a company, including the development, use and disposal of the product, as well as the related activities of upstream and downstream established business relationships of the company.

As such, the due diligence duty is broad and is not, for example, limited to tier one suppliers.

Against the context of this wide canvas of business relationships, the directive limits company actions to the taking of "appropriate measures" (e.g. a company must take appropriate measures to identify and address adverse impacts). This is key to assessing the practical impact of due diligence on companies. Whilst there is an element of proportionality built into the description of what constitutes appropriate measures, the requirements are high and require an informed decision in the individual circumstances, based on a range of factors including the severity and likelihood of the adverse impact and the company's influence. Appropriate measures may include:

-         implementing a prevention action plan (to prevent or mitigate potential impacts)

-         seeking contractual assurances from business partners with whom a company has a direct business relationship that they will ensure compliance with the company's code of conduct and any prevention action plan and will flow these contractual assurances down the value chain, accompanied by the company taking appropriate measures to verify compliance (which may include third-party verification)

-         where the above contractual assurances and prevention plan are insufficient, the company may seek to enter into a contract with a partner with whom it has an indirect relationship in order to achieve compliance with the company's code of conduct or plan

-         making necessary investments (e.g. in management processes)

-         supporting SMEs: where an established business partner is an SME protections apply, effectively meaning that the company may have to bear proportionate costs, or provide other support, if compliance would jeopardise the SME's viability. In addition, where contractual assurances are obtained from an SME, the terms must be fair reasonable and non-discriminatory and the cost of verification by third parties must be met by the company not the SME

-         collaborating with other companies to raise standards (subject to competition law)

-         where adverse impacts identified cannot be brought to an end by the company, it is expected to minimise its extent, including paying proportionate compensation (reflecting scale and contribution), instituting a corrective action plan, compliance with which being cascaded down the affected value chain as appropriate.

These requirements are aimed at ensuring that the company takes proactive steps to prevent and to end adverse environmental and human rights impacts. The intention is to produce tangible results rather than for compliance to be a tick-box exercise: merely including obligations in commercial contracts will not suffice and actual oversight, understanding of risks and compliance verification in the value chain, and seeking to bring non-compliant practices to an end, will be required. It should be noted that state enforcement of the directive, and a new civil liability regime, incentivises companies to take appropriate measures outlined above, with potentially reduced or no sanctions/liability where they have acted.

In keeping with this principle of accountability, ending relations with a non-compliant business in the value chain will be very much a measure of last resort after all else has failed, with the directive requiring that where appropriate measures have failed the company must refrain from extending or entering into new relations with the relevant partner and, where the law allows, must either suspend commercial relations with them while continuing with efforts to deal with the situation or terminate the relationship if the adverse impact is severe
What does the proposed directive mean for directors?

What does the proposed directive mean for directors?

Strategy and remuneration - climate change

The proposed directive requires MS to ensure that the larger EU and non-EU companies in scope adopt a plan to ensure that the business model and strategy of the company are compatible with the transition to a sustainable economy and with the limiting of global warming to 1.5 °C in line with the Paris Agreement. Such plan shall identify the extent to which climate change is a risk for, or has an impact of, the company's operations. Where climate change is considered to be a principal risk for the company's operations, the company shall include emission reduction objectives in its plan.

Further, it states that MS shall ensure that companies duly take into account the fulfilment of these obligations when setting variable remuneration, if variable remuneration is linked to the contribution of a director to the company's business strategy and long-term interests and sustainability.

It will be down to individual EU MS to implement the directive. However, this provision appears on the face of it to apply to companies formed in non-EU countries such as the UK that will be subject to the requirements of the directive. It is unclear how this could be applied meaningfully, certainly to directors of non-EU companies. The UK, for example, currently has no legal requirements for directors' variable remuneration (e.g. annual bonusses and other types of incentives) to be linked to the company's ESG and sustainability strategy. For listed companies, there is some guidance set by investor guidelines to encourage this, but these guidelines are only relevant to listed companies in the UK as they inform institutional shareholder voting at AGMs. In the UK, we are perhaps starting to see an emerging trend towards linking directors' remuneration to ESG performance, but it is still early days for non-listed companies.

Directors' duties

The proposed directive requires MS to ensure that, when fulfilling their duty to act in the best interest of the company, directors of in scope EU (not non-EU) companies take into account the consequences of their decisions for sustainability matters, including, where applicable, human rights, climate change and environmental consequences, including in the short, medium and long term.

Directors of EU companies in scope will also be responsible for putting in place and overseeing the actions to be implemented pursuant to the directive, and will be required to report to the board of directors, and also to adapt the corporate strategy to take into account adverse impacts identified and measures taken pursuant to the requirements of the directive.

Again, individual MS will have to implement these provisions through their national companies legislation. Compared to the UK position for example (although these provisions will not apply to directors of UK companies), this does go further that the current duty in section 172 of the Companies Act 2006, which requires directors to take into account certain factors in promoting the success of the company, including the impact of operations on the community and the environment. There does now seem to be a trend to widen directors' duties to encompass wider ESG-related matters. In the UK and US, we have seen a growing number of companies obtaining voluntary 'B Corp' status, which requires them to commit to public transparency and considering the interests of all stakeholders (not just shareholders). There have also been proposals in the UK for a Better Business Act, which would extend UK directors' duties to wider society and the environment, for example. However, directors' duties can, in practice, be difficult to enforce. The duties are owed to the company, so generally speaking, it is for the company to enforce them and not third parties.

Enforcement and civil liability

MSs will be required to supervise compliance with the due diligence, climate change and directors' duties, with national authorities empowered to investigate and impose sanctions. It will be for each MS to fix the level of sanctions. However, financial sanctions must be based on the company's turnover.

To incentivise companies to comply with its due diligence duties, when deciding sanctions MSs must take into account the extent to which the company took appropriate measures outlined above, including investment, SME support and collaboration.

In addition to state enforcement, the directive proposes a new civil liability for damages arising from the due diligence duties - for environmental or human rights impacts that could have been prevented, mitigated or ended by appropriate measures. However, companies which ensure the cascading of contractual assurances, and verify compliance, will not be liable for damages caused by indirect business relationships (unless it was unreasonable in the circumstances to rely on such assurances/verification). The company's actions in relation to appropriate measures taken in the circumstances will also serve as potentially mitigating factors.

Next Steps

At an EU level, the proposed directive will need to be presented to the European Parliament and the Council for approval. Once adopted, Member States will have two years to transpose into national law. EU countries which have already adopted national laws in this area will have to determine whether their existing regimes comply or need to be adapted. In the meantime, companies that will be impacted may wish to follow some of the provisions of the proposed directive as a matter of good practice.

Useful Links

EU press release

Proposed Directive on Corporate Sustainability Due Diligence

Questions and answers

Fact sheet