Due diligence and EU directives: unpacking the relationship between the CSDDD and the CSRD
In July 2024, the EU Corporate Sustainability Due Diligence Directive – the CSDDD – came into force and the countdown to compliance for in-scope companies began. For the many companies affected which were already in scope of the EU Corporate Sustainability Reporting Directive, the CSRD, in effect since January 2023, the logistical and financial burden posed by these directives may seem daunting.
Although the transposition of the CSRD into national law has been delayed in numerous member states – with only 11 meeting the deadline of 6 July 2024 – this should not prevent companies from taking the steps needed to comply. Organisations which find themselves in scope of both directives may have a substantial list of new requirements to be met to ensure compliance, and the clock is now ticking towards the first deadline under the CSDDD. To meet this challenge, it is worth exploring the relationship between the two directives, understanding where they differentiate as well as how they work in tandem. Unpacking the interoperability between the directives gives companies the best head start in their journey to comprehensive CSRD and CSDDD compliance.
Both directives are core elements of the EU Green Deal, and each constitutes a key component of the EU’s drive towards a just transition and climate neutrality by 2050. The CSRD is an enhanced sustainability reporting standard, replacing the previous EU Non-Financial Reporting Directive (NFRD). It requires companies to report on a range of sustainability-related matters in accordance with the European Reporting Sustainability Standards (ESRS), in a uniform digital format. More recently in force, the CSDDD requires companies to conduct far-reaching due diligence in their supply chains, identifying and mitigating their actual and potential adverse impacts, as well as developing a climate transition plan which sets out how they will achieve climate neutrality by 2050. They must report on their actions taken in an annual statement published on their website. There is a strong degree of overlap between the directives: they both require companies to conduct due diligence in line with internationally recognised frameworks (notably the UN Guiding Principles on Business and human Rights, the OECD Guidelines for Multinational Enterprises, and related Guidance on Responsible Business Conduct) which are referenced in both directives. However, there are several key differences between the two.
The directives have a different purpose
To begin with the most obvious point of contrast, the directives have differing objectives. While the CSDDD sets out the specific due diligence actions that companies must take, the CSRD sets out how they must report on this due diligence (in addition to other topics such as governance and finance). In a nutshell then: the CSDDD is what you do; the CSRD is how you report on it. The CSRD aims to make sustainability reporting more consistent, comparable and reliable across the EU, facilitating comparison for third parties such as investors and NGOs who wish to analyse and compare companies’ respective ESG performance. While the aim of the CSDDD is also to harmonise sustainability-related obligations on companies, the focus is different: it requires companies not only to identify and report on sustainability-related impacts, but to adopt concrete steps to mitigate and remedy these impacts as well.
The CSRD has a larger scope
There is a significant discrepancy in the number of companies that the directives apply to and their criteria for an organisation to be in scope. The CSRD applies notably to EU companies with over 250 employees and a net worldwide turnover of EUR 50 million plus. Following substantial debate and subsequent revisions, the CSDDD, in contrast, will apply primarily to EU companies with over 1000 employees and a net worldwide annual turnover of EUR 450 million plus. What this means in practice is that while it is estimated that the CSRD applies to around 50,000 companies in total, the final version of the CSDDD adopted in July will only apply to approximately 5,500 companies.
The deadline for CSRD compliance is earlier
The first companies in-scope were required to comply with the CSRD at the beginning of 2024, with subsequent groups being phased in over time until January 2028. Certain companies may see deadlines extended given the delays in transposition into national law across EU member states; nevertheless, in-scope companies should by now be well underway with their preparation. The CSDDD has only just entered into force and the first set of companies will not be required to comply until 2027. This gives companies the time needed to prepare and consider how the work they have undertaken for CSRD compliance may be used and adapted for the purposes of CSDDD compliance.
The CSRD adopts a lens of double materiality
The CSRD requires companies to approach their reporting from a double materiality perspective. Companies will need to report on both their impacts on people and planet, in addition to the risks and opportunities that the business faces. As such, the ESRS that companies should report against cover a wide range of topics including an organisation’s strategy, governance and finance matters, in addition to their human rights and environmental impacts. In contrast the CSDDD focuses on companies’ impacts on people and planet only, thereby putting human rights and the environment centre stage.
The CSRD covers more of the value chain – but companies can prioritise what they report on
There is a subtle but important difference in the value chain coverage of each directive: while the CSRD uses the latter term, the CSDDD in contrast covers a company’s “chain of activities”. In-scope companies under the CSRD must therefore report on their internal operations and the entirety of their upstream and downstream activities, extending to the final disposal of the product. The “chain of activities” of the CSDDD, however, is more limited, with downstream activities only covering the distribution, transport and storage of products.
Similarly to the watered-down number of companies in scope, the restricted value chain coverage reflects the alterations made to the original draft of the legislation. While the CSRD’s wider scope may seem more daunting for companies, there is however a caveat, since companies only need to report on their impacts which are deemed ‘material’ enough to include in their double materiality assessment (in addition to certain compulsory points under the ESRS). While the CSDDD’s chain of activities may seem to demand less from companies in terms of the required coverage of their operations, companies are nevertheless required to identify their less severe and less likely adverse impacts as well as their most severe ones, although prioritisation of impacts’ severity is again key in how companies can feasibly manage these risks.
Prioritisation
This leads to the first point of overlap between the two directives and one which substantially alleviates the burden placed on companies: the directives allow organisations to adopt a risk-based approach to acting and reporting on their most severe adverse impacts. As highlighted above, CSRD reporting is made more approachable thanks to the fact that companies are permitted to employ their best judgement and establish materiality thresholds to determine the matters material enough for reporting in a double materiality assessment. Similarly, companies mitigating their impacts to comply with the CSDDD are allowed to prioritise impacts depending on their severity and likelihood, and should use their leverage and resources judiciously in order to facilitate remediation. Prioritisation of risks and impacts is therefore key in making compliance manageable for companies.
Stakeholder engagement
Both directives also make clear that stakeholder engagement should be at the heart of a company’s due diligence. The CSDDD for instance recommends that companies consult with stakeholders to identify, assess and prioritise their actual or potential adverse impacts, to develop prevention and corrective action plans to address these impacts, and to determine the appropriate remediation measures needed. In a similar vein, the CSRD requires companies to engage with stakeholders to identify their impacts on people and planet, and again, to determine their materiality (i.e. their prioritisation). This is a good example of how companies can coordinate the due diligence required by each directive, in this case conducting their stakeholder mapping and consultations in tandem to gain the necessary insights.
Climate transition plan
Both directives require companies to develop and publish climate transition plans in line with the Paris Agreement. The good news for companies already in scope of the CSRD is that they do not need to do this again under the CSDDD.
Implications for businesses
To a large extent, preparation for the CSRD and CSDDD is compatible. As a starting point, companies will need to figure out whether they comply with either or both of these directives, and if so, which part of their operations fall in scope. Companies should also be smart about how they coordinate and minimise their workload. Updating the strategy and risk assessments for key departments such as procurement, for instance, should be undertaken with the demands of both directives in mind. Moreover, a company’s process of identifying their impacts on people and planet under the CSRD can certainly feed into the necessary identification and prioritisation of their human rights and environmental impacts under the CSDDD. Stakeholder consultation can be done in a harmonised manner. Companies should also shore up the resources they will need to comply, for example by investing in technological tools which allow them to collect the data required under both directives in a cost-effective and efficient way.
How GoodCorporation can help
GoodCorporation brings its 20+ years of expertise and experience across multiple sectors to support companies in their compliance journey. We offer a range of frameworks and services to help companies manage their human rights, environmental, social and governance risks. For CSDDD compliance specifically, our human rights and environmental due diligence framework can be used to help organisations review and improve their practices and processes for managing their human rights and environmental impacts. To find out more, visit our ESG-related and CSDDD services webpages.
Author
Rosa Martin
Rosa is an analyst based in GoodCorporation’s London office. She works particularly on AI, ESG and bribery and corruption topics. Rosa is heavily involved in the work of GoodCorporation’s Artificial Intelligence business practice area and researches on AI’s relationship to business ethics. She is currently investigating how companies across different sectors use AI systems in their operations and how they approach AI governance and regulation. Outside of her AI work Rosa supports clients in developing and improving their ethics and compliance programmes across a wide range of business ethics areas, including fraud, human rights, supply chain due diligence, ESG and bribery and corruption. She speaks Spanish, French and Russian and has a first-class degree in History and Russian from the University of Cambridge.