In April 2024, EU Parliament approved the Corporate Sustainability Due Diligence Directive (CSDDD), a new regulation that requires unprecedented levels of corporate action addressing human rights, the environment, and climate transition planning.
This is a watershed moment for corporate sustainability, not just in the EU, but globally—any multinational company doing revenue of at least €450 million in the EU is considered in scope. Plus, with its value chain requirements, CSDDD will impact not just companies that fall within its scope, but also any company that does business with them.
CSDDD key points
CSDDD is a new high water mark for climate legislation, for several key reasons:
- The fines for noncompliance are large enough to be compelling, at up to 5 percent of company’s net worldwide turnover
- It compels companies to proactively shift their long-term business strategy to align to the 1.5 degree pathway and the EU’s goal for net zero emissions by 2050
- It requires due diligence within scopes 1, 2, and 3—meaning that companies are responsible for the impact of their own operations and the operations of their upstream and downstream partners
- Sharing ESG data, in particular emissions data, will become an essential part of doing business for nearly all major suppliers around the globe
- Based on the thresholds for compliance, nearly all large multinational companies—and their suppliers—will be affected
- While CSDDD originates within the EU, its effects will be felt globally. We break down the exact requirements, who’s affected, the timeline for compliance, penalties, and more below.
What is CSDDD?
CSDDD is a directive approved by the EU Parliament that requires companies doing business in the EU to mitigate adverse impacts on human rights and the environment, including impacts that stem from their upstream and downstream business partners, plus establish a climate transition plan that aligns with the Paris Agreement’s 1.5 degree pathway.
CSDDD is an EU directive, meaning that EU member states must transpose it into their own local law, as opposed to an EU regulation which enters into force immediately across the EU. Thus, the implementation of the directive could differ across the EU. The language of the directive establishes a minimum requirement, so member states may choose to make their own laws more strict. The aspects of the directive that are up to member state discretion include minimum thresholds for compliance, remediation options, and how much of scope 3 is included in due diligence.
Who is affected by CSDDD?
CSDDD affects EU-based companies and non-EU companies who do business in the EU, with the following thresholds for typical business models:
- Companies based in the EU: Global revenue of at least €450 million and have 1,000 employees or more
- Companies based elsewhere: Revenue of at least €450 million within the EU.
The threshold is lower for companies with a franchise or licensing model:
- Companies based in the EU: revenue of €80 million globally and royalties of €22.5 million globally
- Companies based outside the EU with franchises or licensees in the EU: revenue of €80 million within the EU and royalties of €22.5 million in the EU
Because CSDDD requires companies to identify adverse impacts of their own operations and their upstream and downstream activities, it will also affect many companies that don’t meet the minimum threshold but sell to or buy from companies who do.
What is the CSDDD compliance timeline?
CSDDD will enter into force 20 days after being published in the EU Official Journal (expected in early summer 2024). Member states have two years to transpose the directive into local law, and companies will be required to comply on a rolling basis shortly afterward:
- 2027: Revenue of at least €1500 million and at least 5000 employees
- 2028: Revenue of at least €900 million and at least 3000 employees
- 2029: Revenue of at least €450 million and at least 1000 employees
How to comply with CSDDD, step by step
With nearly 32 articles outlining the requirements for EU member states and in-scope companies, the directive is extensive, and companies should begin preparing to comply right away.
Here are the 8 main steps for CSDDD compliance:
-
Update existing policies, or create new ones, regarding due diligence
- The CSDDD requires companies to have a specific due diligence policy which is updated annually. This policy must cover the company’s approach to due diligence and describe its process for implementing due diligence.
- The company must also have a code of conduct regarding behavior by the company’s employees and its partners, plus a method for ensuring compliance with the code of conduct.
- In addition, due diligence must be addressed and integrated into the company’s other policies.
-
Complete a risk assessment across company operations and supply/value chain to identify current or potential adverse impacts to human rights or the environment
- Companies are responsible for identifying adverse human rights or environmental impacts that stem from their own operations or their subsidiaries’ operations.
- They are also responsible for identifying current or potential adverse impacts stemming from their business relationships; in other words, upstream and downstream activities.
- Financial institutions, namely those providing credit, loans, or other financial services, are responsible for identifying adverse impacts before providing those services.
-
Establish an ongoing risk-based due diligence process, impact mitigation/prevention measures, and regular assessments to ensure that the due diligence and mitigation process is working
- Where a potential negative impact to human rights or the environment has been identified, companies must take action to prevent or mitigate that impact.
- Where actual negative impact to human rights or the environment has been identified, companies must end or mitigate that impact including corrective action plans and the payment of damages.
- Where the impact stems from a business relationship, companies must seek contractual assurances that their partner will make changes to mitigate, end, or prevent the impact. Where those assurances are not granted, the company must end the contract.
- This process must be reviewed annually.
-
Set up a complaints intake process
- Companies must establish a process for affected parties, workers unions and other worker representatives, and civil organizations to submit complaints when they believe the company or its value chain are creating adverse human rights or environmental impacts.
- That process must include steps for investigating complaints.
- Complainants may request follow-up communications and/or meetings with the company to discuss the potential or actual adverse impacts at the heart of their complaint.
- Complainants are protected under the EU Whistleblower Directive.
-
Engage and collaborate with business partners to ensure their compliance
- Companies are responsible for ensuring that across their value chain, their business partners comply with the requirements of CSDDD. That means companies must make changes to contract language, policies for third party relationships, and more.
- Especially in relationships with small businesses, companies must ensure that complying with these requirements does not threaten their partner’s viability; if it does, the company must provide targeted and proportionate support.
- If third-party verification is necessary to ensure that a partner is compliant, and that partner is a small business, the company must cover the cost of verification.
-
Create climate transition plan
- Companies must develop a plan to ensure that their long-term strategies and business plan align with the Paris Agreement’s 1.5 degree pathway.
- The plan must disclose whether climate change puts their business at risk and the extent to which their operations contribute to climate change. If either is a factor, the climate transition plan must include emissions reduction.
- If director-level compensation is tied to business performance, that compensation plan must take into account the fulfillment of the climate transition plan’s objectives.
-
Publish annual report
- Those companies who are not already required to report under the EU’s 2013 Accounting Directive must now publish an annual report on their website by April 30, covering the prior year’s efforts under CSDDD.
-
Non-EU based companies: Designate an EU-based representative
- In-scope companies based outside the EU must designate an authorized representative, based in an EU member state where they operate, who is empowered to communicate and cooperate with local authorities on its behalf.
Penalties for not complying with CSDDD
Each member state will appoint its own authority to investigate noncompliance and impose penalties. Sanctions may include compliance actions, civil liability, damages to victims, and “naming and shaming.” Financial penalties may include fines of up to 5 percent of a company’s net worldwide turnover.
Conclusion
CSDDD is a big deal. Starting in 2027, EU-based companies and multinational companies must have a climate transition plan in place and be taking concrete action to prevent, mitigate, and end their adverse impacts on human rights and the environment. If they don’t, they face significant financial penalties and the dreaded “naming and shaming.”
But CSDDD presents an opportunity as well. Those who embrace a mindset shift toward sustainability as a core business imperative will outcompete their peers when it comes to new business, government contracts, innovation, and long-term value creation. Companies that proactively embrace the principles of CSDDD will future-proof their operations and supply chain and contribute to a more sustainable future.
Need help complying with CSDDD?
Optera’s team of experts can help you create a climate transition plan, identify emissions hotspots among your upstream and downstream partners, design a supplier engagement strategy, and more. Get in touch today to get started.
