Insights
Explainers

Mandatory sustainability due diligence: A catalyst for change

BY Maja Johannessen, Anna Katharina Bierre
19 August 2024

The EU’s Corporate Sustainability Due Diligence Directive (CSDDD) mandates rigorous due diligence requirements for corporates. Early preparation is essential. From 2027, all companies must fully understand their value chain risks, have concrete measures to mitigate these and have a comprehensive climate transition plan in place. Successful sustainability due diligence is not just about compliance – it is also a sound business practice that helps build company resilience and long-term competitiveness.

Mandatory due diligence that follows international guidelines

Due to a lack of mandatory and harmonised standards, corporate sustainability due diligence is not yet common practice. Some companies also face legal uncertainty and unnecessary administrative burdens due to a fragmented legal landscape, with several EU countries having adopted their own due diligence laws.

To remedy this, the EU has approved a new set of mandatory due diligence requirements that establishes a general horizontal framework for sustainability due diligence for very large EU and non-EU companies. The aim is to foster sustainable and responsible corporate behaviour and to anchor human rights and environmental considerations into companies’ operations and corporate governance. The new rules will ensure that businesses address the adverse impacts of their actions across their value chain.

Which companies will the new EU rules apply to?

6000

EU companies

are in the
CSDDD scope

The regulation will gradually apply to large companies from July 26th, 2027 and onwards (§2, §37):

2027: >5000 employees and a global turnover of over EUR 1500 million

2028: >3000 employees and a global turnover of over EUR 900 million

2029: >1000 employees and a global turnover of over EUR 450 million

It is estimated that over 6,000 EU companies and 900 non-EU companies are in scope. The directive will also indirectly affect these companies’ supply chains, meaning the impact will be vast and global. Member States have two years to transpose the new rules into national laws.

A full due diligence process plus a climate transition plan is required

The directive will mandate companies to adopt the following human and environmental rights due diligence processes:

  1. Develop a risk-based due diligence policy integrated into the corresponding risk management systems
  2. Identify actual or potential adverse environmental and human rights impacts
  3. Prevent and mitigate these impacts by establishing and providing:
    • Prevention action plan
    • Contractual assurances with direct business partners
    • Proportionate support for SME’s
  4. Provide remediation as established by the OECD DDG guidelines[i]
  5. Engage stakeholders by carrying out consultations throughout the process
  6. Establish notification and complaint mechanisms
  7. Monitor and assess effectiveness (at least every 12 months)
  8. Communicating on compliance must be published within 12 months of their financial year (together with the ESG reporting under the CSRD). The contents of the annual statement will be defined by the Commission in the implementation act
  9. Adopt timebound climate targets and a ‘climate transition plan’  to be updated annually. It should be aimed at a company’s strategy and business model that are compatible and in alignment with the Paris Agreement and its objective of achieving climate neutrality (§22)

How CSDDD is linked to CSRD and OECD guidelines

The CSRD (Corporate Sustainable Reporting Directive) and the CSDDD have been launched almost reversely. The CSRD mandates companies to disclose how they conduct due diligence, which will follow the future CSDDD requirements for large companies. Secondly, the CSRD already requires companies to identify and prioritise sustainability impacts (current or likely), which is the first step of the due diligence process.

Both the CSRD and the CSDDD follow, to a large degree, the intentional guidelines set out by the UN and OECD. This is good news for frontrunners who are already conducting due diligence.

Main difference to consider carefully: reporting vs. operationalising

CSRD mandates company disclosure of environmental, social, and governance (ESG) factors to ensure transparency, consistency, and accountability in sustainability reporting. Stakeholders using this information would typically be investors, customers, and policymakers.

The CSDDD focuses on operational conduct and responsible business practices. It requires larger companies to integrate due diligence processes to manage their impact on human rights and the environment within their operations and supply chains.

We recommend including the entire value chain and following best practices for several reasons

In the final version of the CSDDD, the entire downstream value chain is no longer required to be included. Companies shall only consider downstream suppliers and partners with whom they have a direct relationship (section 22).

  1. The chain of activities should cover activities of a company’s upstream business partners related to the production of goods or the provision of services by the company, including the design, extraction, sourcing, manufacture, transport, storage and supply of raw materials, products or parts of the products and development of the product or the service, and activities of a company’s downstream business partners related to the distribution, transport and storage of the product, where the business partners carry out those activities for the company or on behalf of the company. This Directive should not cover the disposal of the product.

EU Corporate sustainability due diligenCE directive (2024)

The directive’s reduced scope results from political negotiations and compromise. However, it doesn’t make good sense. Hence, impacts have already been mapped across the full value chain. Not including downstream stakeholders could be detrimental for some companies. Imagine, for example, if social media platforms did not include their users in their due diligence process. That would mean that social media companies do not need to account for and mitigate the negative impacts of their platforms, for example, when they are used for harassment, election manipulation, fake news, etc.
We recommend following the UN and OECD guidelines by integrating the entire value chain into your risk assessment. Overlooking potential risk is a poor business strategy.

Fewer requirements for the financial sector

The implications for the financial sector are less stringent. Financial services provided in the context of relationships with clients are excluded from its material scope. Nevertheless, financial institutions operating under regulatory supervision will have to perform due diligence on their own operations, that of their subsidiaries and the upstream side of their supply chain and adopt and implement a climate transition plan (section 26, 61).

Non-compliance might be fined up to 5% of global turnover

The Directive requires members to designate independent “supervisory authorities” (§24.1). They will be expected to be empowered to the extent of being able to:

  • Order the cessation of infringements
  • Impose penalties
  • Adopt interim measures in case of imminent risk of irreparable harm.

If failure to comply, penalties include fines of up to 5% of global turnover but, on a more positive note, compliance with CSDDD will be part of award criteria for public and concession contracts.

Most companies are far from ready to meet due diligence requirements

Performance assessment of the 2,000 most influential companies in human rights due diligence by the World Benchmarking Alliance (2024).

World Benchmarking Alliance HR Due Diligence

How to get started – now

Many companies – perhaps most – are immature when it comes to proper due diligence. Getting an early start has many important benefits as it ensures a smoother transition with less pressure on the organisation as it gives time to build capacity and set up the right structures.

These are some of the steps you could take to prepare:

  • Compliance: Clarify when and if your company is formally in the scope of the Assess potential future due diligence requirements affecting your suppliers​ as these may impose indirect requirements on your company
  • Maturity assessment and action plan: Identify main CSDDD compliance gaps and develop a concrete and tangible action plan that ensures you’ll be compliant in time
  • Impact assessment: Start mapping your value chain to start identifying potential or factual negative impacts and carry out additional in-depth assessments in areas of heightened risk
  • Integrate due diligence into policies and management systems
  • Start training your employees on due diligence and what it means for their work
  • Establish grievance mechanisms that help you mitigate and remediate potential or actual negative impacts.

Part of a broader legislative due diligence push from the EU

The CSDDD establishes a general horizontal framework for sustainability due diligence for very large EU and non-EU companies. Sectoral laws pursuing the same objectives but providing for more extensive or more specific obligations supersede the Directive’s general requirements in case of conflict. An example is the EU Deforestation Regulation, which provides a sectoral framework for both small and large companies on specific products (e.g. cattle, coffee, and wood) with additional concrete due diligence and information requirements.

Requirements of mitigating actions will catalyse real positive change

The CSDDD marks a significant shift away from voluntary CSR initiatives, which have proven largely insufficient, to mandatory thorough due diligence across (most of) a company’s value chain. It forces companies to not only analyse and report on impacts (like under the CSRD); it also requires concrete action to mitigate and remediate harm and to adopt a climate transition plan in line with the goals of the Paris Agreement. Many companies will have to up their game to comply with the new rules – frontrunners have already started in order to be ready.

 

[i] OECD Guidelines “the processes of providing remedy for an adverse impact and to the substantive outcomes that can counteract, or make good, the adverse impact, including: apologies, restitution or rehabilitation, financial or non-financial compensation (including establishing compensation funds for victims, or for future outreach and educational programs), punitive sanctions (whether criminal or administrative, such as fines), as well as prevention of harm through, for example, injunctions or guarantees of non-repetition”

 

Read more

Due diligence legislation:

  • CSDDD FAQ and directive (EC)
  • CSRD FAQ (EC)
  • Regulation on deforestation-free products (read our explainer here)
  • Forced labour regulation (read our explainer here)
  • Critical raw materials regulation (EC)

International guidelines:

Reports:

Tool

CSDDD maturity tool

CSDDD is the most transformative legislation so far. We have operationalised the requirements to help you reach compliance in an effective manner

Read more

Author details

Maja Johannessen

Head of Innovation and Knowledge, Senior Manager

Read bio

Anna Katharina Bierre

Senior Consultant

Read bio
Anna Kathrina

Related Thoughts

See all
Thoughts 7 November 2024 7 Nov 2024

New draft of the VSME excludes the DMA – a critical step in working strategically with sustainability

BY Frederikke Aasted, Maria Christensen
Webinars 5 November 2024 5 Nov 2024

How to build your first ESRS report

BY Bea Vanhala, Julia Goertz
Explainers 24 October 2024 24 Oct 2024

ESRS Double Materiality Assessment: Step-by-step guide

BY Bea Vanhala