Administrative Enforcement of Corporate Human Rights Due Diligence Legislation

Mandatory human rights and environmental due diligence legislation such as the new EU’s Directive on Corporate Sustainability Due Diligence (CSDDD) have received praise and critique in practice and scholarship for various reasons. The question whether such laws provide effective remedies for rights-holders from a human rights perspective has been subject of much contestation. The present contribution assesses the CSDDD’s provisions on administrative enforcement from this perspective.

The United Nations Guiding Principles on Business and Human Rights (UNGP) require states to ensure that rightsholders have access to effective remedies. In particular, Guiding Principle 25 states that “States must take appropriate steps to ensure, through judicial, administrative, legislative or other appropriate means, that when such abuses occur within their territory and/or jurisdiction those affected have access to effective remedy.” The Commentary on Principle 25 specifies that these remedies may include “punitive sanctions (whether criminal or administrative, such as fines)”. In its 2017 Report on access to effective remedy for business-related human rights abuses the UN Working Group on Business and Human Rights pointed out that “[t]he ability of rights holders to choose and obtain a bouquet of remedies depending upon the unique circumstances of each case will […] be a vital precondition for access to effective remedies”.

The requirement of effective remedies is hence also a yardstick to measure the effectiveness of mandatory human rights due diligence (HRDD) laws including the CSDDD. While much has been written and discussed on the necessity of civil liability in such laws (see here, here, and here), other forms of sanctions may also be relevant. As Surya Deva argued recently, „mandatory HRDD laws should provide for civil, administrative and criminal remedies as they serve different but complementary purposes.“ This post will therefore assess the regime of administrative enforcement contained in the CSDDD and ask if it meets the standards of effective remedy. In short: The post will look at one flower in the bouquet of remedies.

Purpose and function of administrative enforcement and remedies

Administrative enforcement of laws refers to the oversight of compliance of private actors with the laws by state or other administrative entities with the necessary competence and means of enforcement. It rests on the idea that such compliance is in the public interest and its enforcement is hence a public duty which should not be left to (private) individuals. Administrative enforcement should also ensure that a law is implemented coherently and independently of private interests avoiding “corporate capture”, i.e. the undue influence of corporations on the activities of administrative entities. A key requirement of effective administrative enforcement is that the entities which are entrusted with the enforcement operate in the public interest and are equipped with appropriate legal competences as well as sufficient staff and infrastructure.

Compared with criminal penalties, administrative sanctions are often seen as less impactful, because they do not carry the strong value judgments of criminal law and non-compliance which is only subject to administrative fines is seen as a negligible petty offence. However, a criminal conviction requires a high standard of proof (“beyond reasonable doubt”) while administrative sanctions may also be imposed if a particular chain of events or causation seems likely or plausible.

Unlike civil liability, administrative enforcement usually does not focus on compensation of harm, but on ensuring compliance with a particular law. Yet, relying on civil liability as remedies requires victims to file legal claims against companies which is often difficult because access to courts can be restricted due to financial and procedural reasons. It should also be noted that compensation based on civil liability is only of a remedial nature and only carries a very limited deterring effect.

While there are deficiencies of administrative enforcement from a human rights perspective when compared with criminal and civil sanctions, administrative enforcement seems better equipped to preventively ensure compliance with HRDD laws. An administrative entity does not need to wait until a case for compensation is filed or that non-compliance is so outrageous that it amounts to a criminal offence. Instead, the entity can monitor compliance on a general level and therefore effectively contribute to prevention. Examples of good practice concerning the effectiveness of administrative overview can be found in the enforcement of EU environmental law by administrative agencies of EU Member States at central, regional and local levels.

The approach of the CSDDD: Rely on authorities – with a little help from stakeholders

The CSDDD establishes on a two-tier approach of enforcement: Articles 24 to 28 of the CSDDD relate to administrative supervision while Article 29 CSDDD requires a system of civil liability for non-compliance with due diligence obligations. The CSDDD does not provide for criminal sanctions, arguably due to a lack of EU competence in this regard. This would not preclude Member States from employing criminal sanctions in line with their domestic legal systems.

The Council’s compromise proposal of 15 March 2024 and the version adopted by the European Parliament on 15 April 2024 did not change the substance of the administrative enforcement regime proposed by the European Commission in 2022. The CSDDD contains five articles on administrative enforcement, Article 24 requiring Member States to establish one or more supervisory authorities, Article 25 which sets out the powers of the supervisory authorities, Article 26 on the possibility to submit substantiated concerns regarding non-compliance by a company to the authorities, Article 27 detailing the possible penalties (called sanctions in the Commission’s proposal) and Article 28 establishing a European Network of Supervisory Authorities. Those provisions should be read in the light of paragraphs 75 to 78 of the Preamble which explain the motivation of the lawmakers behind these provisions.

The authority to ensure compliance with the obligations laid down in domestic provisions adopted pursuant to Articles 7 to 16 and Article 22 CSDDD is given to one or more supervisory authorities. The directive places significant emphasis on the impartiality and independence of the supervisory authorities. Authorities, their staff and third parties working for the authorities, such as auditors and experts have to exercise their powers “impartially, transparently and with due respect for obligations of professional secrecy.”  Authorities shall be “legally and functionally independent, free from external influence whether direct or indirect, including from the companies”. This requirement seeks to prevent corporate capture or other forms of conflicts of interest which seems of particular relevance in light of the often limited experience of national authorities with the concept and main requirements of sustainability due diligence and the risk that they may rely too heavily on the perspective and experiences of companies and consultants. The requirement of independence should not be read in such a way that the authorities cannot be subject to legal and policy supervision by higher authorities such as national ministries.

The supervisory authorities need to have adequate powers and resources to carry out their tasks. Article 25 CSDDD refers explicitly to the power to require companies to provide information and to carry out investigations, including the power to initiative investigations on their own motion or as a result of substantiated concerns communicated to the authorities by individuals or legal persons. Inspections shall be based on the applicable domestic law and usually require prior warning, “except where prior notification hinders the effectiveness of the inspection”. If the supervisory authority identifies a failure to comply with the requirements of the Directive, it shall grant the company concerned an appropriate period of time to take remedial action. The CSDDD also requires Member States to entrust their supervisory authorities with the power to order the cessation of infringements of the national laws by performing an action or ceasing a conduct and the abstention from any repetition of the relevant conduct as well as to provide remediation proportionate to the infringement. Furthermore, the authorities shall have the power to impose penalties and to adopt “interim measures in case of imminent risk of severe and irreparable harm.”

Substantiated concerns: an innovative avenue for enforcement

One of the more interesting provisions is Article 26 which gives natural and legal persons the right to submit “substantiated concerns” to a supervisory authority if the persons believe that a company is not complying with requirements of the CSDDD. The CSDD specifies that the identity and personal information of someone submitting substantiated concerns shall be protected. Furthermore, the supervisory authority is required to assess the concerns in an appropriate period of time, use its powers if necessary and inform the persons of the result of and reasoning for the assessment of the authority. While individuals and companies can always inform administrative entities about any matter which might fall into the competence of the entity, Article 26 creates incentives for individuals to do so (protection of identity and personal information) and establishes procedural standards for dealing with such submissions. The domestic legislation implementing Article 26 could specify some of these standards, for example by determining a clear time period in which the concerns must be dealt with.

Article 26:6 takes the procedural standards a step further and contains a highly innovative juridical right for persons submitting complaints. If the person submitting the concern has a “legitimate interest” in the matter, it shall have access to a court or body competent to review the legality of the reaction of the supervisory authority. However, the existence of legitimate interests depends on the standards of domestic law as stated in Article 26:6 CSDDD. This may limit the scope of the right to have access to a court and should have further specified in the CSDDD. Nevertheless, individuals and legal persons (NGOs, labour unions, but also other companies) will have the right to initiate legal proceedings against a supervisory authority for not fulfilling its tasks properly based on legislation implementing Article 26:6 CSDDD. In the course of such proceedings the behaviour of a company in light of the obligations under the CSDDD will also be assessed which is why such a trial could become an indirect form of access to remedies. In this regard, the CSDDD resembles a similar provision in the German Supply Chain Due Diligence Act which has, however, not yet been tested.

Article 27 CSDDD requires Member States to establish a system of penalties which include pecuniary penalties. Penalties shall be based on the nature, gravity and duration of the infringement, and the severity of the impacts resulting from that infringement. They shall also take remedial or other mitigating activities of companies into account. Pecuniary penalties shall be based on the company’s net worldwide turnover and may go up to at least 5% of that figure. While this amount is not insignificant it is clear that high penalties will require severe infringements.

Traditional administrative enforcement and a spark of innovation

The regime of administrative enforcement established by the CSDDD follows the traditional model of oversight and supervision of compliance by independent authorities with appropriate competences and the power to sanction companies for noncompliance. Overall, the powers given to the authorities in the CSDDD seem adequate, but the effectiveness of administrative enforcement will depend on the implementation of Articles 24 to 28 CSDDD in domestic law and the financial and personnel resources Member States will give to the supervisory authorities. The most innovative element of the administrative enforcement regime is the right of stakeholders – be they individuals or legal persons – to submit substantiated concerns to the authorities which trigger the obligation of the authorities to investigate a matter and the right of persons with a legitimate interest to seek judicial review of the decisions of the respective authority. The latter will enable stakeholders to hold authorities and hence indirectly also companies accountable on the basis of the standards of the CSDDD. If Member States implement this right effectively into their domestic judicial system without restricting the definition of legitimate interests unduly, administrative enforcement of the domestic laws based on the CSDDD could be an attractive flower in the “bouquet of remedies”.