In recent weeks, it looked like the Corporate Sustainability Due Diligence Directive (CSDDD) would not get enough support in the Council, but on 15 March 2024, the necessary qualified majority was obtained. The core of the compromise agreement reached in December 2023 remains intact, meaning that companies falling within the CSDDD's scope will need to adhere to rules that foster sustainable and responsible corporate conduct and anchor human rights and environmental factors in corporate operations and governance. However, substantial concessions had to be made to secure the Council's approval, and the CSDDD is still subject to the final approval of the European Parliament.

Main elements of approved text

The key elements of the text approved by the Council are as follows.

Scope

The CSDDD will apply to: (i) EU companies with, on average, more than 1,000 employees and more than EUR 450 million global net turnover; (ii) non-EU companies with more than EUR 450 million net turnover in the EU; and (iii) companies that do not reach the thresholds in (i) and (ii) but are an ultimate parent company of a group that does reach those thresholds. The CSDDD provides for an exemption regime that could apply in the case of (iii) above. The thresholds must have been met for two consecutive financial years.

Companies that have entered into or are the ultimate parent company of a group that has entered into certain franchising or licensing arrangements with independent third parties in the EU, in return for royalties, also fall within the CSDDD's scope.

In the Council-approved text, the thresholds are significantly higher than the thresholds set out in the compromise agreement; the lower thresholds for companies operating in industries facing a higher likelihood of adverse impacts have been removed. This eliminates almost 70% of companies from the previous scope. Approximately 0.05% of the total number of EU companies are estimated to now be in scope.

In view of this, it remains to be seen whether the Dutch legislature will consider the CSDDD adequate enough to remove the need for national legislation such as the Child Labour Act and the initiative bill on responsible and sustainable international business conduct. It is also uncertain how much impact the CSDDD will have on the unwritten standard of care for companies as construed by the Dutch courts on the basis of internationally accepted standards, such has the OECD Guidelines for Multinational Enterprises.

Definition of "chain of activities"

The due diligence obligations apply to a company's own operations, the operations of its subsidiaries, and the operations carried out by business partners in the company's chain of activities. The definition of "chain of activities" has both an upstream and downstream component.

• The downstream chain includes the activities of a company's downstream business partners related to the distribution, transport and storage of a product if the business partners perform these activities for or on behalf of the company. The due diligence obligations do not cover the disposal of the product (including dismantling, recycling, composting or landfilling). Nor do the activities of a company's downstream business partners in relation to services provided by the company fall within the scope of the CSDDD.
• The upstream chain comprises the activities of a company's suppliers in connection with the company's production of goods or provision of services, including the design, extraction, sourcing, production, transport, storage and supply of raw materials, products or parts of products and the development of the product or service.

The definition of "business partner" has not been changed. A business partner means an entity (i) with which the company has a commercial agreement relating to the company's operations, products or services, or to which the company provides services (direct business partner), or (ii) which is not a direct business partner but conducts business operations relating to the company's operations, products or services (indirect business partner).

Chain of activities – financial institutions

The CSDDD covers only the upstream, not the downstream part of a financial institution's chain of activities. A review and reporting clause has been included requiring the Commission to submit, no later than two years after the CSDDD's entry into force, a report to the EU Parliament and the Council on the need of setting rules for additional due diligence requirements tailored to the financial sector.

Obligation of means

The preamble to the CSDDD states that the main obligations in the CSDDD constitute "obligations of means". Companies must take appropriate measures to meet due diligence objectives by effectively addressing adverse impacts, proportionate to the degree of severity and likelihood of the adverse impact. Consideration should also be given to: the specifics of each case; the nature and extent of the adverse impact and relevant risk factors; the specifics of the company’s business and its chain of activities; the sector or geographical area in which business partners operate; the company’s ability to influence its direct and indirect business partners; and whether the company could increase its sphere of influence.

Climate transition plan

Companies must adopt and implement a climate transition plan aimed at ensuring, through best efforts, that their business model and strategy are compatible with the transition to a sustainable economy and the limiting of global warming to 1.5 °C in line with the Paris Agreement and the objective of achieving climate neutrality as established in Regulation (EU) 2021/1119. The plan should address the company's interim and 2050 climate-neutrality targets, and where relevant, its exposure to coal, oil and gas-related activities. The previously proposed requirement for companies to adopt appropriate policies to ensure the implementation of this climate transition plan, including through financial incentives for board members, executives or members of supervisory bodies, has been removed from the draft directive.

Civil liability

Companies may be held liable for damage caused to a natural or legal person, provided that:

• the company has intentionally or negligently failed to comply with the obligations to prevent and mitigate potential adverse impacts, and bring actual adverse impacts to an end and minimise their extent, where the right, prohibition or obligation listed in Annex I of the CSDDD is aimed to protect the natural or legal person; and
• as a result of such a failure, damage has been caused to the natural or legal person’s legal interest protected under national law.

A company cannot be held liable if damage was caused solely by business partners in its chain of activities. Without prejudice to national rules on civil procedure, the CSDDD includes a five-year limitation period for affected persons to file a claim. The liability regime does not regulate under what conditions civil proceedings can be brought; this issue is left to national law.

In this regard, the text of the proposal allows for more flexibility in various ways, including by stipulating that member states must establish "reasonable conditions" that enable injured parties to grant NGOs or other organisations the authority to file legal actions to protect their rights. The phrase "in their own capacity" has been deleted to give member states more flexibility to apply this rule.

Application dates

The application deadlines are:

• Three years after the CSDDD enters into force (likely late 2027/early 2028) for companies with more than 5,000 employees and a net turnover of EUR 1.5 million;
• Four years after the CSDDD enters into force (likely late 2028/early 2029) for companies with more than 3,000 employees and a net turnover of EUR 900 million;
• Five years after the CSDDD enters into force (likely end 2029 / early 2030) for companies with more than 1,000 employees and a net turnover of EUR 450 million.

Next steps

The text approved by the Council was also approved by the European Parliament's Legal Affairs Committee (JURI) on 19 March 2024. The EU Parliament now has to vote on the proposal in its final sitting in April. After this, the CSDDD needs to be translated into the various EU languages, followed by a vote in another plenary sitting. Another vote by the Council completes the process before the CSDDD can be published in the Official Journal. In view of the EU elections in June, it remains to be seen what the timeline of these actions will be.