EU Corporate Sustainability Due Diligence Directive - The Final Text is Here!

The final consolidated text of the EU Corporate Sustainability Due Diligence Directive (CS3D) was published on 30 January 2024. Following the agreement in the trilogue negotiations in December 2023, the work product emerged on 30 January 2024: the latest draft of the CS3D. The document details on 435 pages how European and foreign companies will have to deal with their supply chains - or "chains of activities", as they are now called.


The most important points:

  • Companies with more than 500 employees and a turnover of more than EUR 150 million are in scope. For companies in "high-impact" sectors, lower thresholds of 250 employees and EUR 40 million turnover apply. "High-impact", i.e. particularly sensitive sectors include textiles, agriculture, food & beverages and - a completely new addition - construction. Employees and turnover must be consolidated within the group. Group parents can assume obligations for their subsidiaries, but this does not affect their criminal and civil liability which remains with them.
  • Ultimately, the thresholds are practically meaningless: Due to the literally boundless understanding of the CS3D, those companies along the "chain of activities" that do not reach the thresholds but are contractual partners of the obligated companies will also be affected, i.e. SMEs in particular.
  • Good bye "value chain", hello "chain of activities"! The conceptual change also extends the scope of application. It includes all direct and indirect suppliers from whom entrepreneurs receive products or services for the manufacture of their own products or services (upstream). It also includes all direct and indirect suppliers involved in the distribution, transportation, storage or disposal of their own products (downstream). The reference to the "use" of one's own product in relation to downstream suppliers has been omitted from the final text. This could be understood to mean that no negative impacts on the environment or human rights are to be identified in the intended use of a product downstream. Conversely, however, the company that uses a third-party product to manufacture its own products is again obliged to check compliance with ESG regulations upstream and will have to pass on these obligations. In this context, negative effects caused by the use of the product must therefore first be taken into account.
  • The protected rights continue to be very broad: For environmental standards, virtually all measurable negative environmental impacts count. In terms of social standards, there is a comprehensive reference to conventions under international law, e.g. the Universal Declaration of Human Rights or the UN Social Covenant on Economic, Social and Cultural Rights. Topics such as the gender pay gap are also included.
  • The risk-based approach is emphasized. Companies must not only screen their suppliers on a risk basis. They must also take a risk-based approach to remediation in the event of multiple negative impacts. Remedial measures must be prioritized according to the severity of the impact, the number of people affected or the finality of the impact.
  • Such remedial measures can take many forms. For example, companies may be obliged to provide their suppliers with "targeted financial support" for their ESG measures, e.g. in the form of low-interest loans or guarantees (apparently not taking into account that such activities are reserved for banks). Further obligations: Companies must set up knowledge databases or hold training courses for their suppliers.
  • Cooperation is a top priority: In order to remedy negative impacts, companies must cooperate directly not only with direct suppliers, but also with indirect suppliers. And if none of this helps, contracts must be temporarily suspended or permanently terminated. However, the current text makes it very clear once again that this is really only a last resort.
  • Stakeholder engagement comes to the fore in a completely new provision: companies must regularly discuss their ESG strategy with employees, suppliers - directly and indirectly - and owners. Stakeholders should not only be asked on paper, but actually involved.
  • Competition law concerns about obtaining sensitive information about suppliers are addressed but not resolved. The text recognizes that much of the information that must be obtained under CS3D may not come into the possession of the contractual partner under competition law. However, the CS3D leaves open how this should be handled. In our view, particular transparency is required in this context. In practice, we have already developed a number of ways in which such constellations can be dealt with contractually. In any case, it is important to consider competition law and data protection concerns from the outset.
  • The inclusion of the financial industry - especially banks and insurance companies - has been a longstanding issue. These are now only included with regard to their upstream contracts, but not their downstream contracts. Own financial products/services therefore do not appear to be within the scope of the law. However, this is not completely consistent, as the CS3D also stipulates that financial service providers will have to take into account the OECD Guidelines for Multinational Enterprises in relation to their own products and services. The question also arises as to what applies if financial service providers are contractually obliged to take their upstream contractual partners into account. In any case, a review by the legislator is to take place within two years, on the basis of which a decision is to be made as to whether financial service providers should be included to a greater extent.
  • The legal consequences are material: Administrative penalties of up to 5 % of consolidated global turnover with fines to be published by the supervisory authority for at least five years (naming and shaming). Compensation for damages is mandatory in the amount of "full compensation" and with special rights of action for NGO and civil society. In addition, in public tendering procedures CS3D infringements must be taken into account.
  • The explicit liability of the management board and supervisory board has been dropped in the final text. However, under Austrian law members of the management board and supervisory board can still be personally liable if they behave unlawfully and culpably in the exercise of their function. A breach of the CS3D could constitute such unlawful conduct, which could lead to personal liability.
  • Companies must extend their whistleblower protection. In particular, third parties such as suppliers or persons affected by negative effects must also have the opportunity to report information.
  • There is an obligation to submit annual reports: These should include, among other things, a presentation of the due diligence system, the company's own code of conduct and the risk criteria according to which it proceeds. In addition - as with many other parts of the CS3D – further regulations to be published as Delegated Regulations based on the CS3D shall bring clarity to the exact extent of the obligations.

In our view, three points are clear from the final text:

  1. Preparation for CS3D is contractual work: Adapting contracts with suppliers - direct and indirect ones - will become mandatory. Not only the new ESG values, but also the accompanying civil law obligations such as information rights or steering rights must be part of this.
  2. The clock is ticking: From the date of entry into force, which could apparently take place this May 2024, the member states have two years to transpose the CS3D into national law. After that, companies will have one to three years (depending on their size) to make the transition. This would mean that the first companies would fall fully within the legal scope of CS3D in three years' time - and with them all their direct and indirect suppliers.
  3. Pragmatic approach: Risk-based approach is key and diligent, but courageous implementation is required. No one can guarantee the flawlessness of their entire chain of activities. However, we do not believe that this is necessary. Instead, it is about a pragmatic and constructive approach, which will also have a lot to do with knowing and understanding the market standard and the expectations of the supervisory authority.

The next step is the vote on the text in the European Council. This vote is expected to take place on February 9. This will be followed by the vote in the European Parliament.

"Ensuring that no one is left behind" is one of the new phrases in the final draft. The CS3D is by far the most ambitious ESG framework ever developed in the EU and probably also globally. In order to ensure that really no one is left behind, we believe that a great deal of sound reasoning is required in the further implementation.