This article was updated on 21 January 2024 to take into account the provisional deal reached on the final text of the CS3D on 14 December 2023.
This article looks at the history of mandatory human rights and environmental due diligence legislation in Europe, including recent developments such as the Corporate Sustainability Due Diligence Directive (CS3D), the final text of which was agreed by EU lawmakers in late 2023.
We make the case for why businesses of all shapes and sizes should start conducting due diligence on their supply chains now in line with the CS3D’s requirements.
Businesses are increasingly being held accountable for human rights abuses and ecological damage that take place thousands of miles away from their headquarters, predominantly in regions and communities of the Global South.
This is because of a growing body of legislation – mainly in Europe – that imposes obligations on companies to take steps to prevent their business operations (and those of their suppliers) from causing humanitarian and environmental harm abroad.
These laws originate from a set of guidelines on business and human rights published by the United Nations in 2011 which establish a corporate duty of due diligence in respect of human rights and environmental risks.
Research however shows that companies have been slow to respond to the United Nations’ recommendations for better business conduct. The latest Corporate Human Rights Benchmark analysis revealed that most enterprises still scored poorly on their efforts to address human rights and environmental impacts in their supply chains (with an average score of 17.3%).[1]
An increasing number of countries, especially in Europe, have passed legislation to force companies to take concrete action to prevent abuses in their supply chains.
Even though mandatory human rights and environmental due diligence (mHREDD) laws still vary significantly from country to country, the recent introduction of the CS3D indicates a concerted attempt by European lawmakers to harmonise and standardise existing laws.
It is therefore vital for businesses to be aware of the likely direction of travel of mHREDD laws and make the necessary changes to adapt to them now.
The genesis of corporate sustainability due diligence
The idea that businesses should assess human rights-related risks, take steps to eliminate them, and remediate any harm caused by their commercial activities originates from the United Nations Guiding Principles on Business and Human Rights. [2] These Principles mandate business enterprises to implement due diligence policies and processes to ensure respect for human rights in their supply chains as well as remediation measures for any harm caused.[3]
The OECD added meat to the bones of the human rights due diligence concept originally pioneered by the United Nations.
Subsequently, the OECD published further guidance which set out a comprehensive framework for due diligence processes, including how to embed them into company policies and management systems and effectively monitor implementation and results. [4]
The OECD added meat to the bones of the human rights due diligence concept originally pioneered by the United Nations. Over time, the concept was expanded to include not just a duty to prevent adverse human rights impacts but also environmental harm. [5] Thus, we have the birth of the mHREDD duty.
Development of due diligence legislation in Europe
Several European states incorporated the United Nations and OECD guidelines into domestic law, resulting in a patchwork of legislation imposing varying degrees of legal responsibility on businesses.
In 2017, France enacted its Duty of Vigilance Law, requiring all French companies of a certain size to conduct human rights and environmental due diligence and publish an annual “vigilance plan” for their activities, and those of their subsidiaries and suppliers. [6]
Powerful and effective compliance mechanisms including regulatory enforcement and the right of victims to bring civil proceedings in France against non-compliant businesses have made this legislation a game-changer.
In May 2019, the Dutch Child Labour Due Diligence Law came into existence, obliging companies to conduct due diligence on child labour risks in their supply chains and to submit certain statements and information to the national regulator.
Businesses must also establish an action plan to address any identified child labour risks. Although the law contains enforcement mechanisms including fines and even criminal prosecution of company directors for repeated violations, it does not allow victims to sue non-compliant companies directly, and its focus on child labour alone makes the law much narrower in scope than its French counterpart. [7]
The Dutch parliament is currently working on a broader responsible business conduct legislation which will have much wider application.
Norway’s Supply Chain Transparency Act came into force in July 2022 and obliges all businesses with at least 50 full-time employees to conduct human rights due diligence on activities in their entire supply chains.
Unlike its French counterpart, the Norwegian legislation does not explicitly refer to environmental harm, nor does it create a specific civil liability regime (companies can however be fined and sanctioned by the regulator).
It does however go a step further by forcing companies to respond to requests for information from members of the public concerning their efforts to prevent human rights abuses in their supply chains – thereby promoting citizen engagement.[8]
The result of this recent flurry of mHREDD legislation in Europe has been a patchwork of mismatched and diverging laws imposing different obligations on companies and with varying enforcement and liability regimes.
In January 2023, The German Supply Chain Due Diligence Act came into force for companies with at least 3,000 employees in a German head office or branch. As of January 2024, all companies with at least 1,000 employees are now caught by the legislation.
The Act contains a less stringent duty to conduct due diligence in an “appropriate fashion” by implementing effective risk management processes and preventative measures to stop human rights abuses (and related environmental harm).[9]
The Act does not impose on companies a duty to succeed but only to make “reasonable efforts”. [10] The legislation includes powers of regulatory enforcement and a right for trade unions and NGOs to bring civil lawsuits on behalf of interested parties.
The result of this recent flurry of mHREDD legislation in Europe has been a patchwork of mismatched and diverging laws, imposing different obligations on companies and with varying enforcement and liability regimes.
In February 2022, this situation culminated in a joint statement by over 100 companies calling for a harmonised and effective EU-wide mHREDD legislative framework. [11]
Europe as trailblazers of a new global standard for mHREDD legislation
In February 2022, the EU Commission took on the challenge of standardising corporate due diligence legislation through its proposal for the CS3D.
The Directive was provisionally agreed by EU lawmakers in December 2023. It is driven by a desire to: (a) create a single, harmonised framework; and (b) establish a more robust legal obligation on companies to conduct mHREDD. The main provisions are listed below.
Scope
It will apply to all EU companies with at least 500 employees and a EUR 150 million annual global turnover. For companies that are active in "high-risk" sectors, there is a lower threshold of 40 million EUR annual turnover (provided that at least 20 million EUR is generated in those high-risk sectors).
Non-EU companies
Supply chain
Due diligence duty
Enforcement
Climate change
Obligation to end business relationships
Penalties
The Directive in many ways mirrors the patchwork of existing mHREDD laws already implemented across Europe, and it aims to standardise those key elements of the due diligence duty to give businesses legal certainty and uniformity of application of their legal obligations across all 27 member states.
The CS3D also goes a step further from previous mHREDD laws in some respects. The obligation to terminate business relationships is a novel provision and the CS3D also imposes on businesses a duty to engage with stakeholders as part of the due diligence process (including civil society organisations).
Some commentators have expressed dissatisfaction that the CS3D does not go far enough, by excluding the financial sector from its scope and failing to make company directors personally liable for implementing their company's due diligence policies.
There is a clear desire from the EU Commission to hold individual company directors personally responsible for the due diligence process and to elevate the importance of sustainability in corporate decision-making.
It also shows an intent to involve a broader spectrum of society in mHREDD processes by empowering civil society and ordinary citizens.
Member states must introduce new - or amend existing - domestic legislation within two years to give effect to the CS3D. The outcome is that a business operating in multiple European countries can expect to have the same legal duties (and to discharge those duties in the same way) across the entire Union.
Companies that have previously not committed to meaningful human rights due diligence will be forced to if they operate anywhere in the EU.
The CS3D reflects a clear desire for an effective and transparent mHREDD framework that mandates companies to act – rather than just report - on environmental and human rights abuses in their supply chains.
The CS3D will have a significant impact on how businesses operating in Europe manage and monitor their supply chains.
Companies that have previously not committed to meaningful human rights due diligence will be forced to if they operate anywhere in the EU.
British businesses that operate in the EU will also need to ensure compliance with the CS3D if they come within its scope.
Even those companies that do not fall within the Directive's scope may find themselves in a value chain with enterprises that are affected by the CS3D, and will therefore benefit from aligning their due diligence policies with those of their business partners.
With legislative change usually comes cultural change, such that the mHREDD duty will eventually become a social and moral expectation of companies regardless of whether they have a legal duty to engage with it.
The CS3D is not the only piece of European legislation expected to address corporate responsibility for supply chain abuses: in 2022 EU lawmakers proposed regulations banning the trade of products made using forced labour in the single market.
Other similar laws have also been proposed and it is expected that this legislative trend will continue throughout 2024.
Best practice for integrating mHREDD into your business operations
What practical steps can businesses take to integrate the CS3D's provisions?
Let’s start with the obvious: mapping your supply chains and identifying high-risk regions or sectors in your activities and those of your suppliers and partners.
With legislative change usually comes cultural change, such that the mHREDD duty will eventually become a social and moral expectation of companies regardless of whether they have a legal duty to engage with it.
To bring about meaningful change in your business activities and those of your suppliers, you will also need to integrate mHREDD into your company culture: everyone in the business who interacts with suppliers, procurers, and business partners must have mHREDD considerations at the forefront of their minds in their daily work.
Information and training are essential to achieve this, in addition to an effective and practically workable internal due diligence policy, and actionable codes of conduct for suppliers and business partners.
Transparency and engagement with a wide range of stakeholders are also key. The business should openly disclose and publish its mHREDD efforts and outcomes each year in the form of a comprehensive Responsible Supply Chain Management Report.
Regular engagement with customers, suppliers, investors, regulators, civil society, and affected communities will also ensure that your business builds credibility and recognition of its efforts to prevent and stamp out abuses in its supply chain.
Being able to openly address issues and demonstrate the steps you are taking to resolve them will enhance your brand’s reputation and customer loyalty.
Ensuring that you have adequately discharged your mHREDD duties - and that you can prove how - will significantly decrease the risks of litigation and ensuing reputational harm to your business.
At Green Path to Global, we help businesses communicate their sustainability strategy, goals, and actions with impact and purpose. We ensure you engage with your customers on the issues that matter most to them (and to you).
Contact us to find out how we can create a powerful and effective human rights and environmental due diligence policy for your business or a compelling and insightful Responsible Supply Chain Management Report to highlight your company’s efforts to carry out effective due diligence on your supply chains.
Comments