Corporate sustainability due diligence in Europe and the Netherlands

It has not gone unnoticed that corporate legislative changes have arrived or are upcoming around sustainable entrepreneurship. On various platforms – globally, European, national, governmental and business – discussions are pointing at the EU’s proposal for a corporate sustainability due diligence directive and legislative developments within the various EU Member States in the same field. Like in the Netherlands.

It has to be emphasized that these still concern legislative proposals. But there is no discussion that laws and regulations on this matter will be implemented at a certain point in time. Since the impact of the new rules can be quite far reaching for business organisations, it will do no harm to be prepared better sooner than later. And at least to get an understanding of what the developments are about.This outline attempts to focus on the core of the EU’s and Dutch legislator’s proposals. Currently, tough discussions are ongoing on the exact details of the legislation – such as director’s liability – which will be addressed as well.

EU Corporate Sustainability Due Diligence Directive – state of play

On 23 February 2022, the European Commission submitted a proposal for a Corporate Sustainability Due Diligence Directive (CSDDD). This proposal has been going back and forth among various EU institutions and working groups, with various amendments being made. In addition, a public consultation was held in preparing the proposal, that ended on 8 February 2021. As of to date, the CSDDD is still subject to final agreement by the various (political) actors. 

Once the CSDDD has been adopted – which is not expected to occur on a very short notice – Member States will be granted a period of 2 years to implement the CSDDD in national legislation.

Dutch Proposal for a Bill of Law on Responsible and Sustainable International Entrepreneurship – state of play

In spite of, or maybe because of the lengthy procedure around the CSDDD, certain members of Dutch Parliament have filed a proposal for a Bill of Law on Responsible and Sustainable International Entrepreneurship (Dutch Proposal) on 11 March 2021, initially. The Dutch Proposal resembles the CSDDD to a large extent, focusing on the same topic of corporate sustainability due diligence.

This Dutch Proposal was then strongly critized by the Dutch Council of State, resulting in an amended Dutch Proposal as presented on 2 November 2022. This latest Dutch Proposal is currently, like with the CSDDD, subject of multiple discussions in and out of Parliament. Should the Dutch Proposal be adopted in accordance with the proposal, it would enter into force on 1 July 2024, with enforcement to follow during 2025. From a timing point of view, this would thus be prior to the implementation of the CSDDD. 

What is Corporate Sustainability Due Diligence

In spite of certain differences between the CSDDD and the Dutch Proposal, and also subject to specific changes that may be made along the (political) road, both proposals contain the same core. 

The overall purpose of the proposals is to obligate companies to become aware of the impact of the activities in their business chain on matters like human rights, environment and climate, and to prevent or mitigate negative consequences. In short, a duty of care is being imposed.
 
This duty of care is built on the following pillars: 

In the below, each of these pillars will be clarified for both the CSDDD and the Dutch Proposal.

Internal Policy

Companies to whom the duty of care shall apply, are held to draft an internal policy for assuring compliance with the duty of care. Such internal policy has to contain at least the following:

• a statement to underwrite the duty of care
• a code of conduct for the employees of the company
• a code of conduct that will be demanded from the company’s business partners. This can for instance be laid down in contractual arrangements with the relevant business partner.

• a policy for identifying possible adverse impacts (due diligence) e. a policy for dealing with possible discovered adverse impacts.

The Dutch Proposal demands that this internal policy is being published on the company’s website. 

The internal policy is not intended to serve as a stand-alone document, but to be integrated into the company’s overall policies and risk management systems. 

Identify adverse impacts

Companies are held to identify actual and potential adverse impacts arising from their own operations, of their subsidiaries’ operations and of their business partners’ operations. It is to be noted that the CSDDD limits the circle of business partners to “established” business relations, i.e. longer lasting relations and not of a negligible nature. 
This due diligence requires an indepth research of the company’s entire chain of business activities, collecting data, identifying potential and actual risk and performing analyses. Thereby, a company may prioritise risks based on the gravity and likelihood of a potential or actual negative impact. 

Prevent and mitigate adverse impacts

Next step is to set up an action plan for identified adverse impacts, including time lines, qualitative and quantitative indicators for measures to be taken, financial substantation and how to deal with the relevant business partner(s). 

Key is to bring actual identified adverse impacts to an end. However, such actions should be appropriate and proportionate, both for the company and for its business partners including the relevant stakeholders. 

As to dealing with business partners, both the CSDDD and the Dutch Proposal outline a number of possible actions that can be taken in this field. To commence with, it is mentioned to assure compliance by contractual arrangements. The European Commission has also announced to provide template contractual clauses to support the execution of the CSDDD. It is noted that such contractual arrangement should be fair, reasonable and non-discriminatory. In case contractual assurances do not provide the required outcome, next steps are temporarily or complete termination of the business relationship. However, such termination has to be done in a responsible manner, whereby the company has to identify to what extend the business partner relies on the business relationship; what the consequences for termination would be for the business partner (including for his stakeholders, such as employees); and to what extent the termination would cure the adverse impact or might even worsen such. It may also be required from the company to support the busines partner in becoming compliant with the duty of care or to provide other forms of support (such as training).

In case of actual adverse impacts, the company is held to provide remediation to affected persons and communities. 

The question that comes up, is who would fall under the scope of “business partner”. In the Dutch Proposal, reference is made to any contractor, subcontractor or other legal entity within the value chain of the company and including governmental authorities, who are in whatever form involved in the activities of the company, including by means of financing, insuring or re-insuring. The “value chain” is defined as the overall chain of activities of a company, including its supply chain, production chain and customer chain. 

In the CSDDD, a “business partner” is considered a legal entity with whom the company has a direct commercial agreement. But also a legal entity which does not have a direct relation but which performs business operations related to the company’s operations. The “value chain” under the CSDDD refers to the chain of production, supply, distribution, storage and disposal of a company’s product. 

This means that both for the CSDDD and the Dutch Proposal, the duty of care relates to direct and indirect business partners throughout the upstream-and downstream chain of activities. 

Monitoring

Companies are held to monitor their own due diligence policies and assess the effectiveness of actions taken. The Dutch Proposal requires that monitoring should occur at least on an annual basis, whereas the CSDDD speaks of at least every 24 months. Consultation with relevent stakeholders has to be part of the assessment. 

Complaints procedure

Both under the CSDDD and the Dutch Proposal, companies are held to install a complaints procedure. The purpose is to facilitate persons and organisations to submit complaints on actual or potential adverse impacts with respect to the company’s business.

Persons and organisations who may file a complaint, include (i) persons being affected by the adverse impact, (ii) organisations active in the protection of affected persons in specific or human rights or the environment in general, that is the subject matter of the complaint. The latter may thus include trade unions or workers’ representatives and non-profit organisations.

The CSDDD and especially the Dutch Proposal contain further requirements as to the set-up and functioning of a complaints mechanism. 

Climate Change

Another key pillar of the European and Dutch proposals for a duty of care, is the obligation for companies to adopt a plan to combat climate change. The CSDDD states that companies should adjust their business model and strategy in such a manner that these contribute to limiting global warming to 1.5C in line with the Paris Agreement and to achieve climate neutrality by 2050. 

The Dutch Proposal instead states that companies should set targets to reduce emissions with at least 55% by 2030 compared to the levels of 1990. The conditions for drafting such plan climate-change-combat plan are similar to the ones set for preventing and mitigating other adverse impacts. 

Reporting

Companies subject to the CSDDD and/or the Dutch Proposal, are held to report annually on their policy and actions taken in order to comply with the duty of care. 

The CSDDD states that companies which are already subject to reporting on sustainability matters under other (EU) legislation, are exempted from this reporting obligation. The Dutch Proposal does not contain such exemption. Timelines imposed also differ; for the CSDDD reporting has to be done within 12 months from the end of the financial year; the Dutch Proposal has a more strict deadline set on 30 April.

Supervision and enforcement

Imposing obligations on companies usually goes hand in hand with supervising compliance. The CSDDD states that Members States have to appoint a supervisory authority to do so. The Dutch Proposal appoints the Authority Consumer and Market (ACM) in that function. Supervisory authorities within the EU are to closely work together on this topic. 

Complaints on breaching the duty of care can be lodged with the supervisory authority. The CSDDD requires that the complainant has a “legitimate interest” in the matter, whereas the Dutch Proposal states that compaints can be filed by anyone.

The supervisory authority shall have the powers to impose penalties, whereby the Dutch Proposal has listed a number of alternatives for enforcement. Most of these enforcement measures are of a administrative legal nature. However, breach of the obligation to report may be judged a criminal offence. 

In addition, companies breaching the duty of care can be held liable under civil law. The Dutch Proposal explicitly states that a civil-society organization that serves the protection of human rights or environmental matters, may file a civil law claim under Dutch law at a Dutch court against a company to whom the Dutch Proposal applies. The latter may also include non-Dutch companies.

It is to be noted that in a previous proposal for the CSDDD, also civil law liabitily of the directors of the breaching company was included. However, during political discussions on the CSDDD, this had been deleted in the latest wording and it is questionable if it will return. This leaves aside that numerous politicians and legal scholars, also in the Netherlands, advocate for such director’s liability. It is more a technical legal question if this requires additional legal wording, or whether current corporate law already enables such claims – under the general header of “mismanagement”. 

To whom does it apply

The CSDDD is intended to apply to:

1. legal entities established in the EU and:

• having more than 500 employees on average and a net worldwide turnover in excess of EUR 150 million in its last financial year; or
• having more than 250 employees on average and a net worldwide turnover in excess of EUR 40 million in its last financial year, of which at least EUR 20 million was generated in certain “sensitive” activities (such as textiles, leather, agriculture, food products, raw materials, minerals and metals);

2. legal entities established outside of the EU and:

• generating a net turnover in excess of EUR 150 million in the EU in its last financial year; or
• generating a net turnover less than EUR 150 million in the EU in its last financial year, of which at least 20 million generated in the sensitive sectors outlined under 1.b above. 

The generic duty of care laid down in the Dutch Proposal is intended to apply to any company established in the form of a legal entity. 

However, the more specific obligations due under the Dutch Proposal including enforcement thereof shall apply only to companies:

• having (also) activities outside of the Netherlands; and
• are considered a so-called “large company”, which refers to meeting at least two of the following thresholds: (i) having more than 250 employees; (ii) a net worldwide turnover in excess of EUR 40 million and (iii) a balance sheet total in excess of EUR 20 million. 
  
  

This may include non-Dutch companies having activities on the Dutch market.

Going forward

As said, both the CSDDD and the Dutch Proposal are not done and dusted yet and much (political) turmoil is surrounding the proposals. But it can reasonably be expected that in the near future, companies will be obliged to identify and report on acting in a sustainable matter. This transparancy on sustainability is also not an entirely new phenomenon, with the Corporate Sustainability Directive (CSRD) already in place. Better, the CSDDD and the CSRD can also be regarded as complementary (if not doubling). As of 2024, companies are obliged to report on their impact on human rights and the environment under the CSRD. The CSDDD adds the obligation to have an internal policy and mechanism in place to facilitate reporting and to have concrete action tools avaible should adverse impacts occur. 

It seems that the discussion around the CSDDD is therefore not so much about the transparancy, but more about the supervision by governmental authorities and possible enforcement. Thereby, the above outline has indicated that the Dutch Proposal is in various ways more strict and far-going compared to the minimum thresholds the CSDDD imposes. 

Having said that, the European Parliament has recently proposed to amend the CSDDD in a more strict manner. Among others, the CSDDD should apply to more companies and not just larger ones. Further, where the CSDDD imposes a duty of care for established business relations, the European Parliament wishes to see this broader – any and all business relations are to be comprised. 
At the same time, the Dutch government is currently discussing whether the Dutch Proposal in its current (strict) form would not harm the Dutch business climate, with some companies threatening to leave the country. 

The devil is therefore still in the detail. But it is nevertheless recommended to start preparing internal policies and mechanisms for identifying how sustainable business operations are, because that is here to stay. Companies in Germany are already aware hereof, with a German law on the same topic having entered into force already. 

The corporate sustainability due diligence – in whatever form – may have further impact on various business and legal issues, not just being compliant with the relevant law on this topic. For instance, in M&A transactions or when attracting investments or (banking) finance, counterparties may commence to verify to what extent a target company is up to speed and prepared. Also, in commercial contracting matters may change in order to assure compliance with the corporate sustainability due diligence.

Summary Corporate Sustainability Due Diligence