16 March 2022

Enforcing Due Diligence Obligations

The Draft Directive on Corporate Sustainability Due Diligence (Part 2)

The Corporate Sustainability Due Diligence Directive (CSDDD) creates an innovative mix of enforcement mechanisms. It relies on both administrative oversight and judicial enforcement through civil liability. Additionally, accountability of businesses for affecting stakeholder interests is strengthened by a specific environmental, social, and corporate governance (ESG) duty of care for directors and obligations to link directors’ pay to climate obligations, thus ensuring that directors need to steer businesses in light of stakeholder interests. In general, this system has the potential to effectively oblige companies to respect stakeholder interests, although some weaknesses, especially in access to justice, remain.

A network of supervision and administrative enforcement

Following the model of the German Supply Chain Due Diligence Act (GSCDDA), the CSDDD includes a mechanism of administrative oversight to ensure compliance with the obligations set out in the CSDDD. Each Member State must designate at least one authority to supervise the companies that have their registered office (for EU companies) or a branch (for third-country companies) in their territory (Art. 17(1)). Member States need to ensure the independence and impartiality of the authority’s personnel and that they are free of conflicts of interest, in particular to ensure independence from the supervised companies (see recital 53. Art. 17(8) CSDDD). If a third-country company does not have a branch in any Member State or has branches in several Member States, the competent authority is that where the company generates the highest net turnover in the EU.

The possibility to designate more than one authority enables Member States to employ higher expertise and specialization, for example, by assigning specialist environmental agencies with the supervision of environmental aspects, whilst ensuring that the respective authorities are coordinated and cooperate closely and effectively with each other.

The authority has some discretion in deciding whether to act or not: According to Art. 18(2), the authority “may” act on its own motion or following substantiated concerns communicated to it by third parties of “a possible breach” of HRDD obligations. Art. 19(3) provides that substantiated concerns formally sent to the authority shall lead the authorities to “assess” them and exercise their powers to address the situation “where appropriate”. Art. 19(1) and (3) provide that claims must meet the threshold of presenting “substantiated concerns” of Human Rights and Environmental Due Diligence (HREDD) breaches. Substantiated concerns are defined as a situation where there are “reasons to believe, on the basis of objective circumstances, that a company is failing to comply with the national provisions adopted pursuant to this Directive” (Art. 19(1)). Thus, a claim that meets this threshold arguably reduces the discretion of the supervisory authority. In case of severe violations of human rights and environment further reductions of the discretion seem likely, at least in German administrative law doctrine. Unlike the CSDDD, though, the GSCDDA does not specify this.1)

In contrast to the GSCDDA, the CSDDD does not limit the rights to start administrative procedures for HREDD breaches to affected individuals. Rather, any “natural or legal person” may present substantiated concerns to the supervisory authorities and has the right to be informed about the result of the assessment and reasoning for it under Art. 19 (4). However, not everyone has the right to challenge the decisions about their concerns in administrative courts: Art. 19 (5) limits the obligation to ensure access to a court or other independent and impartial public body to review the decisions of the supervisory authority to persons with “legitimate interest in the matter”, providing Member States with the regulatory space to decide who would qualify. The open question of the GSCDDA2) of whether qualified environmental NGOs can bring cases on behalf of environmental interest thus remains unresolved. However, the CSDDD should partially qualify as “environmental law” in line with ECJ jurisprudence (see para. 49 here and para 47 here), thus suggesting that qualified environmental NGOs have standing to bring cases concerning environmental issues.

Like the GSCDDA, the CSDDD establishes wide-ranging options for the enforcing authority to take measures. It can investigate breaches of HREDD obligations, request information and conduct inspections (Art. 18 (1) and (3)). In contrast to the GSCDDA, however, the CSDDD requires prior warning. At first glance, this hinders effective enforcement as companies can hide indications of abuses. However, Art. 18 (3) provides the option to inspect without prior warning if that would hinder effective control. It is difficult to say in which situation this would not be the case.

The CSDDD provides for different measures to remediate breaches and prevent harm. Art. 18 (4) allows the authority to order remedial action. This could mean ordering companies to take specific measures within the scope of Art. 7 and 8 CSDDD. Art. 18 (5) c explicitly allows for interim measures if harm is imminent. In addition, the CSDDD obliges Member States to introduce pecuniary sanctions based on the company’s turnover (Art. 18 (5) and Art. 20).

The authorities will be obliged to cooperate in a EU-wide network of supervisory authorities on individual cases and work on alignment of regulatory, investigative, supervisory and sanctioning practices (Art. 21). It remains to be seen if this forum can gain a similar importance as the European Data Protection Board, whose guidelines are an important guidance in the field of data protection.

Civil Liability

Civil liability has two pivotal roles: ensuring compliance with the law and providing access to remedies for affected individuals. While the French Loi de Vigilance (LdV) contains an express civil liability provision in its Art 2, the GSCDDA’s provisions on this issue are contradictory. The first sentence of Art. 3 (3) expressly excludes civil liability, while the second sentence of both Art. 3 (3) and Art. 11 imply the need for civil liability related to damage caused by failure to fulfil HRDD obligations. Coupling the HREDD obligations with a civil liability provision (Article 22) is absolutely crucial for the law to potentially play a transformative role.

Under Article 22, companies should be liable when they fail to comply with their obligations to prevent, bring to an end and mitigate adverse human rights and environmental impacts if such failure results in damage. This is a fault-based regime as opposed to a strict liability regime. The burden of proof will normally fall on the claimant(s) to prove that they suffered a damage as a result of a breach of due diligence obligations by the company.

Recital 15 specifies that the main obligations set out in the CSDDD are “obligations of means” rather than obligations of result. This has important implications in terms of the civil liability: It will be the appropriateness of the measures taken by the company (as defined in recital 29 and in Art. 3(q)) that will be decisive in a court proceeding, i.e. whether, under the circumstances of the specific case, the company did in fact comply or fail to comply with its due diligence obligations (Article 22(1)(a)). This is very much in line with the UNGPS’ approach to due diligence as a standard of care as opposed to a tick-box approach.

In this respect, the civil liability provision of the CSDDD is somewhat similar to the French approach. In particular, the LdV provides that companies should be liable in relation to the damage that could have been avoided had the company complied with its due diligence obligations. This, too, is a fault-based regime as the provision expressly refers to articles 1240 and 1241 of the French civil Code under which three elements must be proven for civil liability to arise: a fault, a damage, and a causal link between the two. However, the burden of proof remains on the claimant. It has been argued that this is one of the main weaknesses of the LdV since the burden of proof is often one of the key hurdles that claimants face in business-related human rights claims. The CSDDD leaves the question of burden of proof to national law (see recital 58).

Article 22(2) of the CSDDD provides for a defence that companies can use only in relation to indirect business partners with whom they have an established business relationship. It provides that a company shall not be liable for damages caused by the activity of indirect business partners if certain criteria are met. First, the company needs to have sought contractual assurances in relation to compliance with its code of conduct and a prevention action plan or a corrective action plan. Also, the company must have put in place “appropriate measures to verify compliance”. In addition, the defence does not apply if it would be unreasonable, in the circumstances of the case, to expect that the action actually taken, including as regards verifying compliance, would be adequate to prevent, minimise, bring to an end or mitigate the adverse impact. Reasonableness (in Art. 22(2)) and appropriateness (by reference to Art. 7(4) and Art. 8(5)) refer to the understanding of HREDD as a standard of expected conduct, in line with the UNGPs. They prevent companies that have insufficient and only formal contractual clauses in place to escape liability. Rather, a judge will need to scrutinize the adequacy of relying on contractual clauses and verification and auditing schemes in the circumstances of the given case concretely addressed that the indirect business partners activity had caused. One would expect that in a significant number of cases, the reliance on contractual clauses, verification and auditing schemes will not constitute, by themselves, adequate due diligence and will therefore not allow companies to rely on this defence.

Article 22(5) specifies that the liability provided for overrides the law applicable to the dispute under private international law rules. This strengthens access to justice, as recital 61 points out, and can potentially help overcome some of the burdens on victims in civil liability cases, as seen in the German KiK case, where the application of Pakistani Law led to the case being dismissed.

Changing incentives

Art. 25 (1) of the CSDDD expands the nature of company directors’ general duty of care to the company for companies covered by the CSDDD’s scope. The provision stipulates that Member States must ensure that company directors consider the human rights, climate, and environmental consequences of their decisions. Therefore, the “interest of the company” cannot just be equated with shareholder primacy, understood as pure profit maximization (anymore). Instead, the CSDDD clarifies that stakeholder interests must form an integral part of directors’ fiduciary duties to the company. This is a meaningful step towards stakeholder capitalism which sets it apart from its German and French counterparts. However, there is a strong case that the interplay between German corporate law and the GSCDDA creates an obligation for publicly listed companies to tie directors’ remuneration to ESG metrics under German Law.

The CSDDD directors’ duties tackle the disastrous side effects of shareholder primacy which drives companies to pursue profits, even where these are gained at the expense of people and the planet. These so-called “externalities” are not factored into profits and are of such proportion that they threaten to destroy our very societal and natural foundations (think of climate change). Currently, company directors have the single purpose to maximize profits, while governments regulate companies and force them to internalize their costs (e.g. through a carbon tax). The imagined result would be an efficient market where companies produce a net benefit for society. This sole reliance on regulators, however, is failing. Large companies act at a global level while regulations mostly remain national. Furthermore, regulators often lack information and/or understanding of companies’ businesses to regulate them effectively, and companies can undermine regulatory efforts through lobbying. Therefore, companies must aim to create a net benefit for society from the outset.

Expanding the nature of directors’ duties to include stakeholder interests is a necessary step in that direction, but by no means sufficient.