16 March 2023
ESG Collection – 4 of 5 Insights
In part one of The ESG Collection covering current themes and topics high up on the ESG agenda for businesses, we're focusing on the environmental pillar of ESG. This article considers sustainability reporting requirements for EU business supply chains under the EU Corporate Sustainability Reporting Directive (CSRD) and EU Directive on Corporate Sustainability Due Diligence (CSDDD).
Recent developments in EU legislation reflect increased levels of scrutiny by governments, the media, consumers and customers on supply chains. In particular, the CSRD and CSDDD have been devised to press businesses into investigating the source of their supplies. As well as reporting their findings to stakeholders, businesses must demonstrate the steps taken to identify those findings.
These legislative developments are immediately relevant to businesses operating within the EU but are also likely to have an impact on any enterprise that interacts with a supply chain that touches an EU member state. It is therefore vital that any business with aspirations of doing business within the EU is aware of this new legislation. The impact of the legislation outside of the EU will, in practice, extend beyond non-EU subsidiaries of EU-based corporate groups. In planning ahead and carrying out its own supply chain diligence, a non-EU business will be able to give EU-based customers the confidence that their own supply chains will not be negatively impacted by buying products or services from outside the EU.
The CSRD replaces the EU Non-Financial Reporting Directive (NFRD) and has subsequently been implemented in the member states. The NFRD, which came into force in 2014, was the first sustainability reporting legislation in Europe and has a narrower scope of application compared to the CSRD.
As a piece of EU legislation, the member states must transpose the CSRD rules into national law. Although member states have room to manoeuvre when transposing the CSRD, national legislation must at least take the CSRD’s key aspects into account. The key obligation under CSRD is that it will oblige companies within its scope to include a separate section in their management report for the past fiscal year as part of their annual financial statements, in which they report on specific aspects regarding environment, social and governance (ESG)-related issues. This section of the management report will likely be labelled a "sustainability report".
In the case of a group of companies:
The management report will form part of the annual financial statements and so the sustainability report will also become subject to mandatory annual auditing alongside those financial statements. This audit will be conducted either by the company’s auditor of the annual financial statements, an external auditor, or by an independent assurance service provider.
There is a detailed list of metrics that will need to be included within the sustainability report. Companies will also need to detail the process carried out to identify the information that they have included in their report. With the aim of improving the comparability of sustainability reports between companies, reports must be prepared according to new uniform EU standards. The final version of these standards is to be published by June 2023.
The CSRD itself does not specify concrete sanctions. Sanctions for violations are therefore determined independently by member states as part of implementation into national law. It is expected that future sanctions will be based on the existing regulatory fine framework for comparable disclosure violations. Further developments in the national legislative processes will need to be monitored. It is also expected that companies that don't comply with their CSRD obligations will be indirectly penalised as their business partners may refuse to transact with them if they don't commit to sustainable business practices.
The CSRD entered into force in January 2023 and must be implemented into national law by member states within 18 months. There are four stages of implementation:
First, CSRD will apply to companies that are already subject to reporting requirements under the NFRD. These companies will have to implement the new CSRD requirements in their management report for the fiscal year 2024, which they will publish from January 2025 onwards. This affects large EU companies of public interest only (ie listed companies, financial service providers and insurance companies with more than 500 employees and either total assets of more than EUR 20 million or an annual turnover of more than EUR 40 million).
From January 2026 onwards, the publishing of management reports for the fiscal year 2025 must be prepared in accordance with the CSRD by all EU companies that qualify as large companies. Large companies are those which meet at least two of the following three characteristics:
As of January 2027, all EU listed small and medium-sized enterprises (SMEs), as well as small and non-complex credit institutions and proprietary insurance companies, will be obliged to publish their management reports for the fiscal year 2026 in compliance with the CSRD. Small enterprises are defined as companies that do not exceed at least two of the following three size criteria:
Medium-sized enterprises are those that are neither micro-enterprises, nor small enterprises, nor large ones. However, an opt-out clause is provided for SMEs, so they are exempt from the application of the CSRD until 2028, provided that they explain in their management report why the required information is not yet available to them.
From January 2029 onwards, certain non-EU companies will also have to publish their management reports for the fiscal year 2028 in accordance with the CSRD. This applies to all non-EU companies which achieve an annual turnover of more than EUR 150 million within the EU, and which either have a branch within the EU that itself generates a turnover of more than EUR 40 million per year, or a subsidiary within the EU that itself exceeds at least two of the following three thresholds:
The first draft of the CSDDD was only published in February 2022 and is likely to be changed before it is implemented at the EU level. The EU Commission prepared the initial draft of this directive, and since then a separate amended version has been adopted by the European Council. We will focus on the version prepared by the EU Commission. Similarly to the CSRD, member states must transpose the CSDDD into national law.
The CSDDD requires companies to exercise reasonable due diligence in their own business lines and in their "value chains" to prevent or minimise human rights or certain environmental risks and to end human rights or certain environmental violations. The CSDDD defines several measures to be taken for a company to fulfil its due diligence obligations:
A "value chain" will encompass more than simply a "supply chain" – it includes those involved in the development of a product or service, its use and disposal, and activities of upstream and downstream "established business relationships" of the company, ie relationships which are expected to be long-lasting, and which are more than a mere ancillary part of the company's value.
The CSDDD also generally obliges member states to ensure that affected companies adopt a plan to ensure that the business model and strategy of any such company are compatible with the transition to a sustainable economy and with the aim of limiting global warming to 1.5°C in line with the Paris Agreement. As the CSDDD does not state specific requirements of this plan, close monitoring of further legal developments in each member state will be necessary.
The CSDDD will apply to companies which are formed in accordance with the legislation of a member state and have either:
The draft legislation contains a definition of "high-risk sectors” which includes textile manufacturers, certain food/agricultural businesses, and businesses relating to mining and the manufacture and sale of certain metals and mineral products.
The CSDDD foresees financial sanctions where there is a breach of the rules. It does not determine fixed thresholds with regard to the sanctions, but requires such sanctions to be effective, proportionate and dissuasive. The number of imposed sanctions can depend on the company’s effort to comply with a remedial action required by a supervisory authority. It remains to be seen how member states implement any sanctions into national law.
This legislation remains to be approved by the European Parliament and Council for approval, and once adopted, member states are anticipated to have two years to implement the provisions of the CSDDD.
The CSRD and CSDDD are separate pieces of legislation which identify different approaches towards promoting sustainable supply chain governance. Both laws are targeted at businesses operating within specific parameters (such as the number of that business's employees, or turnover figures). As mentioned above, many businesses operating within EU supply chains will find both pieces of legislation indirectly impact their business (for example, even if a business operates below the thresholds within a member state, its own customers may be required to carry out diligence on that business to inform its own diligence or reporting obligations). While the legislation applies to the EU and its member states, any English parent company with EU-based subsidiaries will need to consider this legislation to determine whether the requirements would apply to their multi-jurisdictional groups.
It remains to be seen whether England will see similar developments in terms of supply chain reporting. Even if the reporting obligations do not directly apply to English businesses under the EU law by virtue of Brexit, any English companies within an EU supply chain may be required to investigate as part of their EU customers' own supply chain diligence, so these developments will have an impact on the English economy regardless of Brexit.
Alongside legislative development at the EU level, a number of member states have begun implementing their own supply chain-related legislation. In some cases this legislation overlaps with or exceeds the anticipated requirements of the EU legislation. Where groups have entities in relevant jurisdictions, they will need to comply with both member states' and EU law. Examples include:
While the focus of this article has been on recent European legislative developments to promote ESG considerations in supply chains, the trend extends to non-European jurisdictions too. Examples include the Brazilian draft bill currently under consideration in relation to "Human Rights and Businesses and Established Guidelines for the Promotion of Public Policies on the Subject". Further, while there are demonstrable efforts of western governments to develop supply chain legislation to limit damage to the environment, requirements to diligence suppliers and restrictions on imports remain a powerful political tool.
Economic sanctions have been a direct legislative tool to put pressure on foreign nations (most notably in recent times, in response to Russia's invasion of Ukraine). The US has also used ESG legislation as a more indirect means of influencing trade partners – for example the Uyghur Forced Labor Prevention Act (UFLPA) of 2021, which requires evidence of supply chain diligence by US businesses before importing goods into the US from the Xinjiang Uyghur Autonomous Region of China.
Such reactive legislative changes will prove more challenging to anticipate, but by implementing a diligent approach to investigating supply chains, businesses will be better prepared for any equivalents to CSRD/CSDDD implemented within their jurisdiction as well as being able to answer any challenging questions about the provenance of the materials or services on which their operations depend.
For more information on how the CSRD or CSDDDD could impact your business, get in touch with a member of our team.
15 February 2023
1 March 2023
16 March 2023
Timothy Pinto looks at recent ASA decisions on greenwashing in the context of the UK's regulatory framework.
3 April 2023