The European Parliament adopted its negotiating position on the Corporate Sustainability Due Diligence Directive (CSDDD) on June 1, 2023. Under the CSDDD, companies — potentially including those in financial services — will be obligated to demonstrate what action they are taking to protect not only the environment, but also human rights.

Due diligence is not a new concept for corporations. In fact, it originated in corporate law (mainly in the United States) with the sole aim of preventing business risks for companies. In that realm, due diligence focused on the protection of a company’s assets by applying a risk analysis prior to agreements or transactions and assessing, for instance, whether mergers or new acquisitions could pose risks (financial, reputational, operational) to a given company.

Now, however, some of the principles and guidelines of pioneering instruments in the development of sustainability due diligence, such as the UN Guiding Principles (UNGP) or the OECD Guidelines (both from 2011), are being transferred from soft, voluntary formats to ones that are hard and legally binding. Recent examples include France’s Corporate Duty of Vigilance Act (2017), the German Supply Chain Act (2021), and the upcoming EU CSDDD (formal adoption not expected before 2024). Once the CSDDD is formally adopted, EU Member States will have two years to implement the law into national legislation.

Under the CSDDD, companies will be required to:

“Identify, and where necessary prevent, end or mitigate the negative impact of their activities on human rights and the environment such as on child labor, slavery, labor exploitation, pollution, environmental degradation and biodiversity loss.”

These requirements apply not only to their own operations, but also to those of their value chain partners. Until recently, implementing such due diligence processes centered mostly on recommendations that could be voluntarily undertaken by interested companies. However, upon increasing challenges created by business-as-usual practices, due diligence is currently being integrated in national and supranational legislation as a mandatory requirement.

‘Hard’ approaches to sustainability due diligence: Legislative initiatives in Europe

The French Corporate Duty of Vigilance Law, adopted in 2017, was the first to transpose the soft instruments and concepts linked to sustainability due diligence into binding norms. The Rana Plaza collapse in 2013 Bangladesh triggered the need to regulate transnational (parent) companies which use subsidiaries, subcontractors, and suppliers to carry out work. They were often underpaid and there was limited consideration for core humanitarian principles, including unionization and workers’ rights. While indigenous groups and civil society organizations (CSOs) have filed lawsuits under the French law (e.g. Casino Group, BNP Paribas), critics say that the Corporate Duty of Vigilance Law is imprecise and provides meager guidance for its interpretation. The law currently lacks robust reporting requirements, a framework for monitoring enforcement plans, and transparency about which companies are eligible. The vague concepts leave room for interpretation of the law, and the burden of proof falls on individuals and CSOs who must engage in lengthy lawsuits against companies.

The German Supply Chain Act, which passed in 2021 and became applicable starting January 1, 2023, also lays down obligations for companies regarding sustainability due diligence. The German due diligence law is more precise than the French law, but it is also ambiguous. For instance, territory of supervision is not clear. While indirect suppliers are covered under the German law, due diligence obligations are less strict for them.

At the EU level, other sustainability due diligence legislative initiatives are currently in the process of development and adoption. The before mentioned EU CSDDD includes due diligence rules for companies with more than 500 employees and 150 million euros in net turnover worldwide (with adapted thresholds for companies in high-impact sectors, such as mineral, agricultural, and garment supply chains). The CSDDD is bound to cover companies’ own operations and those of their subsidiaries, as well as other value chain operations carried out by third parties with whom the company has (established) business relationships.

Figure 1 below highlights several key differences and similarities between the voluntary UN Guiding Principles on Business and Human Rights and several binding legislative initiatives in Europe.

Figure 1: Comparing Sustainability Due Diligence Initiatives

Source: AidEnvironment, 2023, based on the Guiding Principles on Business and Human Rights; texts from the French law on the Duty of Vigilance (2017), the German Supply Chain Act (2021), and the upcoming EU CSDDD; European Parliament News (1 June 2023).

Finally, other existing and upcoming EU legislative initiatives with due diligence obligations include the European Deforestation Regulation (EUDR), the EU Battery Regulation, and the EU Forced Labor Regulation. Also, outside Europe, due diligence processes are part of legislative initiatives such as the United Kingdom’s Environment Act and the United States’ FOREST Act (which was proposed in 2021 but has not become law).

Implementing sustainability due diligence: Challenges and discussions ahead

The legislative initiatives are important tools for corporations and investors to promote the adoption of environmentally and socially responsible business practices. Several hurdles and increased corporate lobbying can be expected in the upcoming (trilogue) negotiations and implementation phase of the CSDDD. The following issues will be key parts of the discussions:

• Whether the financial sector should be excluded from the CSDDD. If it remains included, the financial industry will likely demand clarity and legal certainty, including the definition of clients (consolidated group level?); the scope of financial products; and the consistency with other legislation in this area such as the Taxonomy Regulation or the Corporate Sustainability Reporting Directive (CSRD).
• How the CSDDD will relate to existing national due diligence laws (such as the French and German laws).
• How governance authorities and judges will interpret ill-defined terms and expressions used in the laws’ provisions, such as “appropriate risk mitigation,” “established business relationships,” and who are “relevant” or “affected” stakeholders.
• The risk of important rights holders being left out of consultation processes, despite stakeholder engagement provisions in the legislative initiatives (except for the German law).
• Weak accountability and enforcement mechanisms of public administration authorities.

Although they are works in progress, these laws could pave the way to effective change of unsustainable business models and practices. Sustainability due diligence is here to stay, and the Duty of Vigilance, the Supply Chain Act, the EUDR, and the CSDDD are clear examples of this trend.

Companies and financiers will need to prepare for these changes sooner rather than later. They could face financial risks if they default on implementation and compliance efforts. These risks can consist of loss of revenues, loss of EBITDA, financing risks, and reputation value loss. Various reports by Chain Reaction Research have demonstrated that the costs of execution and monitoring — for instance, no-deforestation policies or laws such as NDPE and EUDR — are much lower than the financial risks, particularly for downstream sectors.