Will the CSDDD push businesses to codify good behaviour in their supply chains and how can this be achieved? 

Having finally cleared a number of last-minute hurdles, the EU’s Corporate Sustainability Due Diligence Directive (CSDDD) will come into force from 2027. It will bring into play significant new demands around environmental and human rights due diligence, forcing those companies in scope to ensure that robust processes are in place to meet the directive’s obligations. 

However, will compliance with the EU’s Corporate Sustainability Due Diligence Directive (CS3D) result in a ‘Big Bang’ moment, with businesses changing codes, policies, practice and procedures to promote their own requirements of behaviour across their chain of activities, or will it lead to a more gradual change and a tick-box exercise?

Our latest debate at the House of Lords asked whether the CS3D will push businesses to codify good behaviour, not just in their own organisations, but also in their supply chains – and if so, what will this mean? Introducing the debate topic, GoodCorporation’s Clément Caballero explored some of the factors that have led to the development of the directive.

Evolution of the CS3D  

Mandatory supply chain due diligence laws have been emerging on a country-by-country basis in recent years, including the French Duty of Vigilance law, the Norwegian Transparency Act and the German Act on Corporate Due Diligence Obligations in the Supply Chain.

These legislative developments stem from the globalisation of business in the second half of the 20^th century as companies began subcontracting the less profitable elements of their businesses, such as sourcing and manufacturing, to intermediaries and suppliers, often in low-cost jurisdictions. Previously, enterprises had a considerable degree of control over a relatively simple, vertical supply chain, often local and comparatively easy to oversee.

Many of these new operations were often in countries with weaker legal frameworks where managing social and environmental risks and performance is more challenging. Scandals, such as the Dhaka garment factory fire in Bangladesh, highlighted these risks, but the massive disruption to global supply chains brought about by Covid threw the spotlight on the lack of control over these vast networks and the implications on people and planet.

The CS3D could, therefore, be mandating a form of ‘taking back control’ to manage the impacts on people and planet more effectively. But how can this be achieved given that corporate codes and policies are:

a) primarily about controlling an organisation’s own activities,

b) expecting first tier suppliers and partners to follow requirements of a contract which might contain aspects of ‘good behaviour’ and

c) the focus of these codes and policies is almost always on the material interests of the corporation, rather than focusing on risks to the planet and to people more generally?

For a business to be able to prevent, mitigate and remedy human rights and environmental harms, it must take account of impacts in entities ordinarily considered beyond an organisation’s direct control. This will require a different approach and content in terms of codes and policies.

Potential impacts of the CSDDD on business practices  

At the debate, it was argued that one of the key drivers influencing whether this will lead to radical change, or a more gradual tick-box approach, will be the interpretation of the directive by the different member states and the rigour with which the various supervisory authorities impose the law. If maximum fines are levied and the offending organisations are publicly named and shamed, then this could well drive radical change to ensure that breaches are avoided and businesses are properly protected. If authorities are slow to prosecute, however, we may only see moderate change, or tick-box tactics, as organisations take a ‘wait and see’ approach rather than investing resources in new procedures and systems.

A number of reasons were given for why this would lead to radical change and what some of those changes might be: – 

• A simple tick-box approach cannot ensure compliance with the directive’s obligations as the requirements are too demanding
• The risk of reputational damage from failing to take a meaningful approach to compliance is too high. Those businesses in scope need to be seen to be taking compliance seriously and this is likely to mean doing things differently
• One of the reasons behind the introduction of the CSDDD was to require businesses to focus on ‘doing’ rather than reporting. If the compliance effort ticks boxes to fulfil reporting requirements such as the CSRD, it will be insufficient and may lead to breaches and fines
• This is likely to mean taking a cross-cutting approach to compliance rather than leaving individual functions to manage their own obligations. As a result, we may see some structural changes in organisations as they embrace new levels of due diligence, which could be substantive
• The civil liability regime also acts as a lever for change and businesses will want to ensure that they are protected from the reputational damage of litigation for actual or even potential harms. UK courts in particular, can be swift to hear such cases and civil society organisations proactive in bringing about proceedings
• To further minimise the risk of facing civil proceedings, care will also be needed to ensure that actions match words, which may mean doubling down on efforts to ensure that any commitments to people and planet are lived out across the supply and distribution chains
• Ensuring the right levels of accountability may also require significant changes. Assurance that appropriate environmental and human rights due diligence is being carried out and integrated into corporate policies and risk management systems should be a board issue. Good boards will not look the other way and will need to see evidence of what is being done to assess and manage these risks. Wider compliance and assurance mapping will also be needed to ensure that boards have all the information they need to discharge their responsibilities.

Those who felt it may only produce moderate, or tick-box changes put forward the following arguments: – 

• The decision to take a tick-box or moderate approach will be driven by three key issues
  • The speed, scale and level of enforcement
  • The level of corporate desire to really understand and mitigate these risks, will senior managers be able to get away with plausible deniability to avoid the due diligence requirements?
  • Developing a compliance model that focuses on box-ticking reporting rather implementing risk-based due diligence and integrating systems into the business model
• Some of the businesses in scope have already been working on the ground to manage these issues in order to comply with existing legislation or adhere to best practice and, as such, may only need a shift in emphasis rather than wholesale change to fulfil their new obligations
• Similarly, some sectors such as fashion, agriculture and extractives have needed to address some of these issues already and as such, the management of these issues may already be quite mature so radical change will not be needed
• Some industries may not be able to mitigate their harms substantially and continue to operate – as such they may only be able to effect small change until new business models emerge
• Concern was also expressed around board capacity to discharge their duties fully due to the pressures of compliance with a significant amount of other new legislation
• Finally, a number of participants pointed to previous similar legislation and the fact that these had not driven radical change, so a gradualist approach would therefore be prudent.

Broader implications of the CSDDD  

In addition to the different levels of change this might bring about, the debate also explored some of the wider challenges this legislation raises. 

Some of the root causes of the adverse impacts cannot be tackled by businesses alone. Issues such as fair pay, living wages, child labour would be better addressed at government level. Businesses would like to see more governments using their influence and leverage to help with some of these issues.  

Child labour in particular is a complex issue, as in many countries, families won’t eat if their children don’t work. Companies, governments, industry bodies and civil society organisations need to work together to tackle these issues for the long term, rather than pushing businesses to walk away which could lead to even greater harms. 

Industry initiatives that promote responsible sourcing can be beneficial, but more guidance may be needed to allow businesses to work together and use their combined leverage to create lasting change without fear of falling foul of tough competition laws. 

It was also felt that some form of trusted global database of ‘approved’ suppliers would be an invaluable resource. 

The GoodCorporation View 

Whether it leads to a ‘Big Bang’ or a moderate shift in emphasis, we expect that the CSDDD will drive a change for the better. The speed with which this happens may well be determined by the levels and scale of enforcement. Although, the benefits of compliance far outweigh simple fine avoidance. Addressing adverse impacts on people and planet protects reputation, builds trust with stakeholder groups and helps attract and retain the best talent, all of which contributes to building more sustainable and profitable businesses. 

Many of our clients are already looking at the steps that need to be taken to integrate the directive’s requirements into their business models. Many had already embarked on this journey as part of their commitment to meeting the UN’s Sustainable Development Goals and embed best practice.  No one expects every issue to be addressed simultaneously, but a prioritised risk-based approach to understanding the issues and planning all possible mitigation and remediation will be the place to start. GoodCorporation has developed a framework on human rights and environmental due diligence which is explicitly mapped to each of the articles of the directive. The aim of the framework is to help businesses understand in simple and straight-forward language, what will be required and how organisations can ensure and demonstrate compliance.