The Directive (EU) No 2024/1760 on Corporate Sustainability Due Diligence introduced new harmonized rules on corporate responsibility, as part of the European Union strategy for the transition towards a fair, inclusive and sustainable economy (1,2,3).
The responsibility of large companies is extended, in particular, to the duty to ensure that their production processes respect human rights and protect the environment along the entire value chain, inside and outside the European Union itself. The ABC to follow.
1) The Directive (EU) No 2024/1760 on Corporate Sustainability Due Diligence, general objectives
The primary goal of the Directive (EU) No 2024/1760 on Corporate Sustainability Due Diligence is to ensure that companies take preventive measures to identify, avoid or mitigate adverse impacts on human rights and the environment. The new rules aim to promote:
– transparency in business practices, with a particular focus on supply chains and business partners
– reduction of negative environmental and social impacts, both direct and indirect, caused by business operations
– integration of the sustainability principle into long-term corporate strategies, in line with the European Green Deal and the Paris Agreement on climate change
– public reporting of the results of operators’ sustainability practices.
Businesses are therefore required to:
– demonstrate concrete commitments to preventing negative impacts and, where necessary, taking remedial measures
– actively collaborate with SMEs involved in the supply chain, offering them support in adapting to the new rules.
2) Agri-food sector, specific objectives
The specific objectives in the agri-food sector, concern the protection of suppliers of agricultural and food products with respect to unfair commercial practices, in a broader dimension than the prohibitions and requirements established in the Directive (EU) No 2019/633 on Unfair Trading Practices (UTPs). In fact, the Directive (EU) No 2024/1760 on Due Diligence:
– aims to 'counter harmful purchasing practices and price pressures on producers, particularly smaller ones, in relation to sales of agricultural and food products'.
Large food processing and retail enterprises, in order to address power imbalances in the agricultural sector and ensure fair prices at all stages of the agri-food supply chain and strengthen the position of farmers', should therefore
- 'adapt their purchasing practices, as well as develop and use purchasing policies that contribute to living wages and incomes for their suppliers' (Directive EU 2024/1760, recital 47).
3) Scope of application
The scope of application of the new rules has been drastically limited, compared to the original proposal of the European Commission. (3). Depending on their size, the various groups of companies will have to comply by 26 July of the following years:
– 2027 for companies incorporated in the EU with > 5.000 employees and global net turnover > €1,5 billion, as well as those incorporated in third countries with equal turnover in the EU
– 2028 for companies incorporated in the EU with > 3.000 employees and global net turnover > €900 million, as well as those incorporated in third countries with equal turnover in the EU
– 2029 for companies incorporated in the EU with > 1.000 employees and global net turnover > €450 million, as well as those incorporated in third countries with equal turnover in the EU, i.e.
– their group leaders, or again
– companies that have entered into licensing or franchising agreements worth> €22,5 million with groups whose total net turnover exceeds €80 million. (CSDD, Articles 2,37).
3.1) Responsible companies
The 'companies' required to apply the CSDD are:
– legal persons incorporated in one of the legal forms listed in Annexes I and II of Directive 2013/34/EU. Namely,
– in Italy, the SpA and partnerships limited by shares, the Srl, the s.n.c. and the s.a.s.
Cooperatives and small and medium-sized enterprises (SMEs), as well as micro-enterprises, are not subject to the application of the new rules.
SMEs (SMEs (Small and Medium Enterprises) are rather recipients of protection and support measures, when involved in value chains.
'Subject to state aid rules,Member States may provide financial support to SMEs. Member States may also provide support to stakeholders in order to facilitate the exercise of the rights established by this Directive. ' (CSDD, Article 20.2).
4) Due diligence, the eight phases
The due diligence system that the Corporations subject to it must introduce into their organizations for the proactive management of risks is divided into eight phases:
a) integrate due diligence into corporate policies and management systems (Article 7)
b) identify and assess the adverse impacts (and priority impacts, if necessary) of its own and its partners' operations on human rights and the environment (Articles 8,9)
c) prevent and mitigate potential negative impacts, halt or minimize actual ones (Articles 10,11)
d) repair any damage caused by actual adverse impacts (Article 12)
e) engage in 'meaningful dialogue' with stakeholders (Article 13)
f) establish and maintain a notification mechanism and a complaints procedure (Article 14)
g) monitor the processes and verify the effectiveness of the measures adopted (Article 15)
h) communicate publicly the actions undertaken and their results (Article 16).
4.1) Trade secrets
Business partners may not be required to disclose to companies fulfilling due diligence obligations information that constitutes a trade secret' within the meaning of Directive (EU) 2016/943, Article 2.1, subject to disclosure of
- 'the identity of direct and indirect business partners, or of essential information necessary to identify actual or potential negative impacts,
– where necessary and duly justified for the company to comply with its due diligence obligations'.
Trade secrets may in any case be protected through the mechanisms established by Directive (EU) 2016/943 (Article 5.3). (4)
5) Integration of due diligence into corporate policies
A 'risk-based duty of care' must be integrated into all policies; relevant risk management systems. In practice, companies must approve and publish:
– a description of the company’s approach to due diligence, including long-term;
– a code of conduct that sets out the rules and principles that the entire company and its subsidiaries, as well as direct or indirect business partners, must adhere to;
– a description of the procedures in place for integrating due diligence into the company's policies and for its exercise, including
– the measures taken to verify compliance with the Code of Conduct and to extend its application to commercial partners (Article 7).
6) Risk mapping and assessment
The identification and assessment of risks of negative impacts on human rights and the environment – both current and potential – related to the activities of companies, their subsidiaries or business partners require the adoption of appropriate measures to:
- 'map their own activities, those of their subsidiaries and, if linked to their own business chains, those of their business partners, in order to identify the general sectors in which negative impacts are most likely to occur and be of greatest severity';
- 'based on the mapping results, carry out a thorough assessment of their own activities, those of their subsidiaries and, if linked to the business chains in which they participate, those of their business partners, in the sectors where negative impacts have been identified as being more likely to occur and more severe'(Article 8).
6.1) Key negative impacts
'If it is not possible to prevent, mitigate, arrest or minimize simultaneously and comprehensively all identified adverse impacts ', companies must identify the key ones.
The assignment of priority 'is based on the severity and likelihood of adverse impacts.' After these negative impacts have been addressed 'within a reasonable timeframe', the company faces others (Article 9).
7) Prevention of potential negative impacts
The prevention of identified potential negative impacts on human rights and the environment requires the adoption of appropriate measures. These must duly take into due account whether:
– the potential negative impact may be caused and manifested in the activities of the company and/or its affiliates or with a business partner
– the company is capable of influencing the business partner which may cause, even jointly with the company or its affiliates, the potential negative impact (CSDD, Article 10.1).
7.1) Action plans for the prevention of negative impacts
An action plan must be prepared and implemented without undue delay, 'if the nature or complexity of the necessary preventive measures so requires', with 'reasonable and precise deadlines for the implementation of appropriate measures and qualitative and quantitative indicators to measure progress'.
The action plans can be developed 'in collaboration with industry or multi-stakeholder initiatives', and then adapted to the activities of companies, their affiliates and business partners.
Where relevant, companies are required to adopt adequate measures to:
– request contractual guarantees from direct business partners regarding compliance with the company's code of conduct and, if necessary, a prevention action plan;
– ask direct partners to obtain equivalent contractual guarantees from their partners in relation to activities falling within the company's business chain;
– make the necessary investments, adjustments or updates (i.e. plants, processes, infrastructures);
– make necessary changes or improvements to the company's business plan, overall strategies and operations, 'including purchasing practices, design and distribution practices';
– cooperate with other entities, where appropriate, including in order to increase their capacity to prevent or mitigate the negative impact, in accordance with Union law, including competition law (CSDD, Article 10.2).
7.2) Action plans and support for small and medium-sized enterprises
If necessary, companies must offer targeted and proportionate support to their business partners, including financial support (e.g. direct financing, low-interest loans, guarantees of continuous supply, etc.), if compliance with the code of conduct or the action plan would jeopardize their economic sustainability.
Contractswith small and medium-sized enterprises that require guarantees must include 'fair, reasonable and non-discriminatory conditions. If compliance verification measures are implemented for a small and medium-sized enterprise, the costs of the third-party independent verification are borne by the company' (CSDD, Article 10.5).
8) Stopping and repairing actual negative impacts
The duty to neutralize actual negative impacts or minimising their extent follows the same logic as action plans aimed at preventing potential negative impacts:
– the measures must be proportionate to the severity of the negative impact and the implication of society in it;
– where it is not possible to immediately stop an adverse impact, the company must prepare and implement without undue delay a corrective action plan;
– the corrective action plan must include 'reasonable and precise deadlines for the implementation of appropriate measures and qualitative and quantitative indicators to measure progress'
– appropriate measures may include temporary suspension or termination of business relationships with business partners, subject to reasonable notice (CSDD, Article 11).
Remediation is mandatory when negative impacts are attributable to the company, while it is voluntary when they are caused by its business partners (CSDD, Article 12).
9) 'Meaningful' dialogue with stakeholders
'Appropriate measures' must be taken so that company can have an effective dialogue with stakeholders. Stakeholders must be consulted in the various stages of implementation of the due diligence system:
– gathering the necessary information on actual or potential negative impacts and identifying priorities
– development of action plans for prevention and corrective measures
– taking the decision to terminate or suspend a business relationship
– adoption of appropriate measures to provide remediation for adverse impacts
– development of qualitative and quantitative indicators for monitoring.
The stakeholders have the right to:
– receive 'where appropriate' relevant and complete information
- 'submit a reasoned request for additional relevant information, which the company provides within a reasonable period of time and in an appropriate and comprehensible format' (unless denied with a written justification. CSDD, article 13).
10) Complaint and notification procedures
Appropriate company procedures must allow:
– individuals or legal entities at risk or affected by a negative impact and their legitimate representatives (e.g., civil society organizations), trade unions and other worker representatives in the relevant supply chains, as well as civil society organizations active and experienced in sectors related to the negative environmental impact
– the possibility of submitting a complaint in case of a well-founded 'fear regarding negative impacts, whether actual or potential, of the company's own activities, the activities of its subsidiaries, or the activities of its business partners in the company's chain of activities
- through 'a fair, publicly available, accessible, predictable and transparent procedure (…) which includes a procedure for cases where a company considers a complaint to be unfounded, and informs the workers' representatives and trade unions concerned', respecting confidentiality and prohibiting any form of retaliation.
The authors of the complaints have the right to meet the company's representatives' of an appropriate level, to discuss serious negative impacts', obtain the reasons on which a complaint is considered well-founded or not and, if it has been deemed well-founded, receive information on the measures and actions taken or to be taken.
A mechanism for reporting information – including anonymously – about the negative impacts of the company's activities, its subsidiaries and business partners must also be established by the companies themselves (CSDD, Article 14).
11) Monitoring and public reporting of actions undertaken
The required monitoring and the periodic evaluation of the effectiveness of the due diligence measures involve the duties to:
– update the measures at least every 12 months, or after significant changes
– maintain compliance records (including impacts, action plans and verifications) for at least five years, (CSDD, Article 15).
An annual statement on the due diligence system, in compliance with the reporting regulations referred to in Directive 2013/34/EU, must be published on the companies' websites (CSDD, Article 16).
12) European single access point (ESAP)
As of January 1, 2029 companies shall submit the declaration to the collection agency (designated by Member States by December 31, 2028) so that it can be made accessible trough the European Single Access Point (ESAP), established by Regulation (EU) 2023/2859.
The information contained in the annual declaration must be transmitted in a data-readable format (or in a machine-readable format, where required by EU or national law), and be accompanied by metadata on:
- all company names to which the information refers;
- identification of the legal entity of the company;
- company size by category;
- industry sector or sectors of the company's economic activities;
- type of information, pursuant to reg. (EU) 2023/2859, article 7.4.c;
- indication of the presence of information containing personal data;
- any other metadata and data structuring that may be specified by the Commission through specific implementing measures (CSDD, Article 17).
13) Accompanying measures
Dedicated websites, platforms and portals - to inform and assist companies, their business partners and stakeholders – should be set up and managed, even jointly, by Member States.
The IT platforms will have to provide ' particular attention to SMEs that intervene in the business chains of companies' and provide access, in particular, to:
– content and criteria for reporting, also in light of the Commission’s delegated acts;
– Commission guidelines on voluntary standard contractual clauses (see paragraph 7.2 above);
– information for stakeholders and their representatives on how to engage in dialogue throughout the due diligence implementation process (CSDD, Article 20).
A single helpdesk will also be established by the Commission, with the assistance of national authorities, to provide companies with information, guidance and assistance in fulfilling their obligations (CSDD, Article 21).
14) Climate transition action plan
The transition to climate change mitigation must in turn be the subject of a plan 'aimed at ensuring, with the greatest possible commitment, that the business model and strategy are compatible with the transition towards a sustainable economy and with limiting global warming to + 1,5 °C, in line with the Paris Agreement and the objective of achieving climate neutrality by 2050.
Consideration is also given to interim objectives, as set out in Regulation (EU) 2021/1119, ' and where applicable, the company's exposure to coal, oil and gas related activities'. The plan must be updated every 12 months and include:
- ' defined time targets for 2030 and in five-year steps to 2050, based on conclusive scientific evidence. Where appropriate, absolute greenhouse gas emission reduction targets for Scope 1,2,3 for each significant category;
– description of the identified decarbonisation levers and the key actions envisaged to achieve the objectives. Including, where appropriate, changes in the company's product and service portfolio and the adoption of new technologies;
–an explanation and quantification of investments and funding to support the implementation of the transition plan for climate change mitigation; and
– a description of the role of the administrative, management and control bodies with regard to the transition plan for climate change mitigation' (CSDD, Article 22).
15) Proxies and supervisory authorities
An agent must come appointed and accept the task of managing communications between the company and the supervisory authorities for the purpose of enforcing due diligence obligations (CSDD, Article 23).
The supervisory authorities designated by the Member States assume competence based on the country where:
– the EU based company has its head office
– non-EU companies have branches in the EU, meaning they generated most of their net turnover in the EU.
When the parent company has fulfilled its due diligence obligations, the competent authority shall cooperate with those of the countries where the affiliated companies are based (CSDD, Article 24).
15.1) National supervisory authorities
Member States must provide supervisory authorities with powers of investigation and sanctions, as well as adequate resources to carry out the tasks assigned to them by the CSDD Directive. Supervisory authorities may initiate investigations:
– on their own initiative or following detailed reports, if they have sufficient information to indicate possible violations of the rules in question;
– through inspections with or without notice, when this may hinder their effectiveness;
– in collaboration with the equivalent authority of another Member State, where appropriate.
In case of detected non-compliance with the rules, the authorities should grant companies 'an appropriate period of time to take corrective measures, if possible'. Without prejudice to the imposition of sanctions or the activation of civil liability.
15.2) Powers of supervisory authorities
The powers supervisory authorities include:
– orders to cease the violation of regulations, including by taking action; refrain from repeating the violations; to provide necessary and proportionate reparations for the violation;
– imposition of sanctions;
– adoption of provisional measures, in case of imminent risk of serious and irreparable damage;
– also by contacting the competent judicial authorities, which shall apply sanctions with equivalent effect to those imposed directly by the supervisory authorities (CSDD, Article 25).
16) Detailed reports
Any individual or legal person must have the right to transmit, through easily accessible channels, a detailed report to the supervisory authority if it has reason to believe, based on objective circumstances, that a company is not complying with the rules in question.
Circumstantial reports must be assessed by the supervisory authorities within an appropriate period of time, with the obligation to inform their authors as soon as possible of their outcome. In addition to information on how to access administrative and judicial appeal procedures (CSDD, Article 26).
17) Sanctions
The penalties for violations of the Corporate Sustainability Due Diligence Directives are established by the Member States, together with 'all measures necessary to ensure their application'. Sanctions must be 'effective, proportionate and dissuasive', with a maximum limit of pecuniary sanctions of not less than 5% of the company's worldwide net turnover in the preceding financial year.
The decision on the application, nature and extent of sanctions must take due account of, in particular:
– nature, severity and duration of the violation, severity of the impacts caused by it;
– investments made and targeted support provided to business partners and their partners;
– any collaboration implemented with other entities to address the impacts in question;
– extent of any corrective measures already adopted;
– specific precedents definitively ascertained;
– financial benefits gained or losses avoided as a result of the breach.
The decisions (private personal data) must be published and remain in the public domain for at least five years, in addition to being transmitted to the European network of supervisory authorities referred to in the following paragraph (CSDD, Article 27).
18) European Network of Supervisory Authorities
A European network of supervisory authorities is established by the European Commission for The European network to facilitate cooperation between national supervisory authorities. With the aim of:
– facilitating coordination and alignment of regulatory, investigative, sanctioning and supervisory practices and, where appropriate, information sharing among them;
– collecting all information necessary to assess the overall net turnover and employment of EU-based companies, as well as the turnover in the EU of non-EU companies (CSDD, Article 28).
19) Civil liability and damage compensation
Deliberate or culpable (through negligence) failure to comply with the obligations related to action plans to prevent risks and measures to neutralise and minimise their effects constitutes civil liability for the company, with an obligation to compensate for damages caused to individuals and legal entities.
Therefore, national systems will also have to be adapted in procedures, so that actions cannot be time-barred earlier than five years from the cessation of the wrong doing or its knowledge by the plaintiffs.
However, the European legislator was careful to exclude:
– the civil liability of companies for damages caused only by business partners in their business chain;
– the application of 'overcompensation for the damage suffered, neither in the form of punitive damages nor in the form of multiple damages or any other kind of damages ', according to the model in force in the USA (CSDD, article 29). (5)
20) Application
Member States must transpose the Due Diligence Directive by July 26, 2026. Member States have the option to introduce more stringent rules for the protection of human rights, the environment, and climate into their national laws (Article 4.2).
The European Commission, in consultation with the Member States, in turn will have to adopt guidelines on:
– standard contractual clauses, for voluntary use (to facilitate the activities indicated in the previous paragraph 7.2), by 26 January 2027 (CSDD, Article 18);
– good practices and ways of fullfiling due diligence duties, including at the sectoral level. To this end, the Commission must also consult stakeholders, the European Union Agency for Fundamental Rights, the European Environment Agency, the European Labour Authority and, where appropriate, international organisations and other competent bodies in the field of due diligence, by 26 January and 26 July 2027 (Article 19).
Dario Dongo
Footnotes
(1) Directive (EU) 2024/1760 of the European Parliament and of the Council of 13 June 2024 on corporate sustainability due diligence and amending Directive (EU) 2019/1937 and Regulation (EU) 2023/2859 https://tinyurl.com/3m4upued
(2) Directive (EU) 2019/1937 on the protection of persons who report breaches of Union law. Consolidated text 25.7.24 https://tinyurl.com/yrd6yww5
(3) Dario Dongo, Elena Bosani. Due diligence and ESG, social and environmental sustainability of companies, the proposed EU directive. GIFT (Great Italian Food Trade).
(4) Regulation (EU) 2023/2859 establishing a European single access point providing centralized access to publicly available information of relevance to financial services, capital markets and sustainability. Consolidated text 25.7.24 https://tinyurl.com/mtz4vzuh
(5) The big lobbies are in fact fighting for the reform of US legislation on exemplary and punitive damages. See the previous article by Dario Dongo. USA, Bayer's lobby against glyphosate class actions. GIFT (Great Italian Food Trade).
Dario Dongo, lawyer and journalist, PhD in international food law, founder of WIISE (FARE - GIFT - Food Times) and Égalité.