On 14 December 2023, in a major development for environmental, social, and governance (ESG) law in the EU, the European Parliament and the Council of the EU announced that they had reached a provisional agreement on the final text of the Corporate Sustainability Due Diligence Directive (CS3D or the Directive).1
In brief, CS3D:
- lays down due diligence obligations with respect to companies’ own operations, those of their subsidiaries, and those carried out through their value chains;
- requires companies to identify, prevent, mitigate, and remediate actual and potential adverse impacts on people and the environment; and
- aims to enhance the protection of the environment and human rights both within the EU and globally by making responsible business conduct the norm.
It is widely expected that the provisional agreement will be formally adopted by the European Parliament and the Council of the EU, likely in Q1 2024. The Directive will enter into force 20 days after publication. Member States will then have two years to implement the Directive into national law, meaning the Directive will likely take effect in Q1 2026.
The new rules are likely to have a profound impact on the operations and governance of companies that do business both within and outside the EU – due to the direct (and extensive) impact of the Directive’s obligations on in-scope companies, as well as the indirect impact of those obligations on such companies’ global value chains, partners and customers.
Companies should assess whether they are subject to the new requirements, and, if so, consider how they will comply. At the same time, companies should assess whether they are subject to similar ESG rules being adopted in other jurisdictions, such as the California Climate Accountability Package adopted in October 2023 (see here) and the proposed climate disclosure rules that the U.S. Securities and Exchange Commission may adopt in early 2024. A holistic action plan is set out at the end of this note.
CS3D will apply to the following companies:
- EU companies: CS3D will apply to companies incorporated in the EU with more than 500 employees and a net global turnover of more than €150 million. In addition, EU companies that do not meet that criteria will be in scope if they have more than 250 employees and a net global turnover of €40 million, with at least €20 million generated from certain “high-risk” sectors (e.g., textiles, agriculture, mineral resources, food and beverage, construction). CS3D will apply to companies that satisfy these criteria for two consecutive financial years prior to the assessment; if the criteria are no longer met for two consecutive financial years, the Directive will cease to apply. Obligations on in-scope EU companies will commence two years from the Directive’s entry into force.
- Non-EU companies: CS3D will also apply to non-EU companies that have net EU turnover of at least €150 million, even if they have no place of business in the EU. As with EU companies, non-EU companies with a net EU turnover of more than €40 million but not more than €150 million are also in scope if they generate at least €20 million in “high-risk” sectors. CS3D will also apply to non-EU parent companies with a net global turnover of €40 million that have franchising or licensing agreements with EU companies delivering annual royalty payments of more than €7.5 million. CS3D will apply to companies that satisfy these criteria for two consecutive financial years prior to the assessment; if the criteria are no longer met for two consecutive financial years, the Directive will cease to apply. Accordingly, the Directive has extra-territorial reach and applies an equivalent EU revenue threshold to non-EU companies as it does for EU companies (although there are no employee thresholds for non-EU companies). Obligations on in-scope non-EU companies will commence one year later than for EU companies, i.e. three years from the Directive’s entry into force. EU authorities will publish a non-binding indicative list of non-EU companies that fall under the scope of the Directive.
- Partial carve-out for financial sector: Following pressure by EU Member States, the financial services sector has been granted an important carve-out from certain CS3D obligations, at least for a temporary period. Specifically, the sector’s due diligence obligations will apply only with respect to a financial firm’s own operations and its upstream value chain, i.e. financial firms will not be required to diligence their downstream value chains (including relationships with clients). This carve-out is subject to a review clause – meaning that financial firms may need to incorporate their downstream value chains in due diligence obligations at some future point.
Companies in scope will be subject to the following obligations:
- Due diligence: Companies must identify, prevent, mitigate, and remediate actual and potential adverse impacts on people and the environment.
- Climate transition plan: One of the most far-reaching CS3D obligations is the requirement for companies (including in the financial sector) to implement a detailed climate transition plan. Under this transition plan, companies will have to set out how they will reduce emissions in line with the Paris Agreement temperature goals.
The provisional agreement confirms two types of CS3D enforcement:
- Public enforcement: Penalties will be set at Member State level, with the maximum fine to be at least 5% of the ultimate parent company’s net global turnover (although a Member State can set a maximum fine of more than 5%).
- Civil liability: CS3D also establishes a civil liability regime for private enforcement, where actions can be brought in civil courts by affected private parties – including trade unions and civil society organizations. Any person affected by adverse environmental or human rights impacts of in-scope companies will be able to bring civil liability claims within five years. Where the damage was caused jointly by the company and its subsidiary or business partner, they will be liable jointly and severally.
How CS3D fits into the broader EU ESG regulatory matrix
On its own, CS3D is a major development and will present significant challenges. However, CS3D should not be considered alone. This new Directive has been designed to work hand in hand with other legislation, notably the EU’s Corporate Sustainability Reporting Directive (CSRD), to raise the bar for corporate accountability for ESG matters.
In terms of scope, many large companies will be subject to both, although, in some cases, a company will be subject to one but not the other. As mentioned, under the provisional agreement, CS3D will apply to companies that have significant EU revenue, even if they have no place of business in the EU. As a result, at least in some respects, CS3D will likely have a bigger impact than CSRD on corporate groups with a non-EU parent – the largest of these groups will be subject to CS3D, in full, from 2027. Initially, CSRD will apply only to EU companies, with large EU companies subject to first reporting in respect of activities in 2024 or 2025. CSRD will also apply to corporate groups with a non-EU parent, but only if there is an EU place of business, only from 2029 onwards, and with less far-reaching ESG requirements than CS3D.
Both CSRD and CS3D will require companies to maintain robust ESG due diligence processes covering the whole value chain. Due diligence is a continuous process, serving as an early warning system within a company, so that ESG issues are addressed as soon as they arise. Information gathered through the due diligence process will provide the basis for assessing material ESG impacts on people and the environment. Under CSRD, companies must also assess the financial risks and opportunities arising from sustainability issues. In some sectors, additional ESG due diligence obligations will also apply, notably for products containing batteries under the Batteries Regulation, and for some food products (e.g., chocolate, coffee, and beef), paper, and wood products under the Deforestation Regulation.
CSRD is rightly considered to be very demanding, with ESG reporting requirements that cover, in great detail, a broad set of sustainability issues (broader than CS3D). CS3D will also require ESG reporting – in fact, companies that have a CSRD report will likely be able to use that report for CS3D purposes.
Besides these overlapping reporting requirements, CS3D will go beyond CSRD in important ways in tackling the impacts of a business on people and the environment.
- First, CS3D will require ESG due diligence – with a need for planned ESG actions – to be integrated into all corporate policies, which goes beyond CSRD.
- Second, CS3D will require companies to take action to prevent, end, remediate adverse ESG impacts and monitor their effectiveness. In contrast, under CSRD, when companies have ESG impacts, they will not be required to take ESG actions – if a company takes no action, it can simply report that fact (of course, that may not be acceptable from a reputational or litigation perspective).
- Third, unlike CS3D, CSRD does not require the implementation of a climate transition plan – it only requires a company to report on a climate transition plan, if it has one (if it does not, it must explain whether and, if so, when it intends to adopt one).
- Fourth, and finally, CSRD does not include the double enforcement mechanisms of CS3D, namely public enforcement alongside civil liability.
ESG action plan for companies
Companies should assess whether they fall within the scope of CSRD and CS3D, and possibly the Batteries Regulation and the Deforestation Regulation. They should likewise assess whether they fall under similar ESG rules in other jurisdictions, like California’s Climate Accountability Package. If they do, they should already be preparing for compliance with the complex matrix of due diligence and reporting requirements. Companies should map the applicable requirements, evaluate their current ESG processes and policies to identify gaps, and take the steps to fill those gaps. In so doing, companies may also need to take into account other parts of the EU’s ESG rulebook, such as ESG product-related requirements, as well as applicable ESG rules in other jurisdictions (such as the California Climate Accountability Package). Going forward, companies should adopt a holistic ESG strategy, treating each of those parts of legislation as pieces of the same puzzle.
For more information, please refer to our Updates:
- “California Enacts Landmark Climate Accountability Package Requiring Expansive Disclosure of Climate-Related Risks”, October 10, 2023
- “EU Adopts First Set of European Sustainability Reporting Standards — Critical Considerations for Companies in Scope of CSRD”, August 30, 2023
- “EU Corporate Sustainability Reporting Directive — What Do UK- and U.S.- Headquartered Companies Need to Know?”, August 2, 2022
1 This Update contains publicly available information – the text of the provisional agreement has not yet been published.
Attorney Advertising—Sidley Austin LLP is a global law firm. Our addresses and contact information can be found at www.sidley.com/en/locations/offices.
Sidley provides this information as a service to clients and other friends for educational purposes only. It should not be construed or relied on as legal advice or to create a lawyer-client relationship. Readers should not act upon this information without seeking advice from professional advisers. Sidley and Sidley Austin refer to Sidley Austin LLP and affiliated partnerships as explained at www.sidley.com/disclaimer.
© Sidley Austin LLP