UK: Corporate Sustainability Due Diligence Directive: Dead In The Water?

1. INTRODUCTION

After years of planning, months of negotiations and several key hurdles surpassed, the Corporate Sustainability Due Diligence Directive ('CS3D') looked like it was on the home straight. Indeed, in our January 2024 update, we discussed how several key areas of uncertainty around CS3D (relating to scope, the exclusion of key financial sessions, core requirements and enforcement) had been settled after a compromise agreement was reached in trilogue in December 2023. Drafts circulating during January showed no gaps in the compromise text. However, at the eleventh-hour, in mid-January, the German FDP Finance Minister said that Germany could not support the text. This was already a significant blow given Germany's leading role in pushing through the legislation over the last few years, and its significant proportion of the overall vote, but the more damaging inevitable consequence was that other member states became jittery. Smaller member states such as Finland said that they would also abstain in a crucial Council committee vote, and then it seemed that Italy would join them in an apparent votes-for-votes exchange involving Italy's resistance to the Packaging and Packaging Waste Directive. The vote was pulled from the meeting agenda on the morning of the meeting, leaving the future of the Directive in doubt. The timing is key, because the European institutions are about to break for elections, and will not resume substantive work until later in the year, under new leadership. After finally being re-tabled for a vote on 28 February, the compromise text failed to achieve the necessary support and it appears that CS3D is now all but dead in the water. While there is a glimmer of hope that the Council may be able to agree a position in the coming days, and another vote can be tabled, the looming European elections and impending transition to a Hungarian presidency mean there is precious little time for any revival of the Directive before major upheaval and a potential change in priorities in the European Union.

Though CS3D's last-minute failure is an undoubted blow, it does not mean the end of supply chain due diligence obligations for companies. There remains, for example, an ever-increasing list of countries refusing to wait for the EU and introducing corporate due diligence requirements into their own national law. Various sector-specific EU regulations also incorporate new due diligence obligations. Considering this trend, as well as the increasing risk from novel litigation seeking to hold companies liable for environmental and human rights violations in their value chain, appropriate due diligence remains of significant importance for corporates and investors.

2. SUPPORT AND OPPOSITION

Major concerns were raised in early February that the Council's Coreper vote – which should have been a formality – would fail to return the necessary qualified majority (of 15 Member States representing 65% of the EU's population) in favour of passing CS3D after last-minute political opposition. Though Germany was blamed for initially throwing doubt on the compromise text, in the end France was said to have proposed to increase the 500-employee qualification threshold to 5,000 employees as a condition of its support. It is estimated that this proposal would have removed approximately 80% of businesses from being in scope of the Directive.

Those opposed to the Directive said that it was too burdensome for business in the current financial climate. In a press conference on 28 February shortly after the vote, CS3D rapporteur Lara Wolters Rapporteur Lara Wolters made little effort to hide her anger at the "political games", speaking of the "shamelessness" and "outrageous injustice" of "the big business lobbies". She said that the outcome displayed a "flagrant disregard for the Parliament as co-legislators" and that it was an "outrage" that the Council was – as she saw it – beholden to "a minority of extreme business voices". In advance of the failed vote, UN High Commissioner on Human Rights Volker Turk said that "[f]or the directive to fail now would be a massive blow", and Michael Forst, UN Special Rapporteur for environmental defenders under the Aarhus Convention, published a statement in support of CS3D, calling it "a ground-breaking opportunity to protect those at risk from business activities".

Industry support for the directive has been widespread and vocal, given that the directive was expected to level the playing field and avoid the already emerging patchwork of national laws with the same broad aims.

3. VALUE CHAIN LIABILITY RISKS: STILL RELEVANT?

As mentioned, CS3D – while a flagship piece of law – was not the only source of value chain-related risk for companies in the EU. Indeed, both within the bloc and far beyond its borders, there are an increasing number of laws and regulations, which apply across an increasing number of sectors and industries, engaging value chain liability issues.

EU-wide regimes

The EU has created several sector-specific regimes in recent years which, to varying degrees, place liability on in-scope entities for acts or omissions in their value chain. However, the idea of businesses taking responsibility for the wider sustainability impacts of their business is not totally new. As far back as 2017, the EU enacted the Conflict Minerals Regulation (Regulation 2017/821), requiring EU importers of gold, tantalum, tin and tungsten to conduct due diligence to ensure that their products were sourced responsibly. While not directly applicable to the multinationals using such products in their cars or mobile phones, the Regulation was groundbreaking (and controversial) in ensuring that such companies thought about their products' sustainability credentials in a different, broader way. The due diligence required under the Conflict Minerals Regulation was based on the OECD Due Diligence Guidance for Responsible Supply Chains of Minerals from Conflict-Affected and High Risk Areas. The OECD guidelines on responsible business conduct continue to be a guiding light for the current wave of supply chain regulations.

The Deforestation Regulation (Regulation 2023/1115), concerning products commonly associated with deforestation, confers obligations on several actors within the value chains of a wide range of relevant products – including cocoa, soy, beef, coffee, wood, some rubbers and other products. Parties in scope of the Regulation must be able to prove that any relevant commodities placed on the EU market or exported from the EU did not either originate from recently deforested land or contribute to deforestation. The extent of the due diligence obligation is significant, requiring the collection of information as specific as the exact geolocation of the plots of lands where the commodities were produced. Products linked to deforestation continue to be a particular source of risk for corporate groups with vast and complex supply chains. By way of example, in April 2023, climate activist NGO Mighty Earth conducted an investigation into supermarket giant Tesco's supply chain which reportedly identified a range of chicken and pork products linked to soy produced as a result of Amazon deforestation.

Similarly, the Batteries Regulation (Regulation 2023/1542) requires companies to conduct due diligence to address a broad spectrum of social, environmental and climate risks, basing their due diligence on international regimes such as the OECD Guidelines for Responsible Business Conduct. The Batteries Regulation, however, would allow producers to meet their active diligence obligations via national or industry-developed due diligence schemes, similar to a waste compliance scheme, potentially making enforcement easier for regulators who need only investigate the rigour of several rather than hundreds of individual producer approaches.

Other regimes, including a Regulation which would see similar value chain due diligence obligations placed on sellers of certain goods commonly associated with forced labour, are in proposal stage at time of writing.

Value chain due diligence in other jurisdictions

Although the EU has been debating mandatory due diligence for several years, certain EU member states are currently ahead of the EU in having supply chain due diligence laws in force in their countries. France's 'Duty of Vigilance' law requires in-scope companies to publish a vigilance plan explaining how they carry out the core obligations under the law, namely to map risks, evaluate them, mitigate risks and prevent serious violations, and establish alert mechanisms and monitoring systems. The vigilance plan must be published in the company's annual report and is consequently available for scrutiny by a range of stakeholders including NGOs. Duty of Vigilance law litigation in France gives a sense of what may arise in other jurisdictions, whether based on CS3D should it succeed, or on national measures. There have already been some 20 cases in the French courts. The brevity and lack of clarity in the law has provided a clear route for claims of non-compliance, though the courts have helpfully indicated that they will not be dictating what substantive measures companies should be taking and describing in their plan.

Germany also has a supply chain diligence law ("SCDD Law"), which maps more closely to CS3D. In force for the largest companies since January 2023, the German SCDD Law obliges companies both German companies and foreign companies with German branches to conduct due diligence into their up- and downstream value chains for adverse impacts on a very similar range of human rights and environmental norms, though the boundaries of value chain are somewhat narrower than under the EU legislation, with indirect suppliers only in force where the covered entity has substantiated knowledge of the abuse.

A key difference between the draft EU law and the German law is that CS3D proposed a civil liability regime for those harmed by a company's failure to comply with the Directive. No additional civil liability regime is created by the German law, though civil liability also exists under the French law. Where broad and far-reaching impacts are being caused by a company, we may therefore see some "jurisdiction shopping" to enable the greatest level of damages to be claimed against that company.

Similar measures are proliferating throughout Europe and beyond: by way of example, the Netherlands has adopted a law obliging companies to conduct due diligence into child labour risks in the value chain, and has a draft supply chain law progressing through its legislature notwithstanding CS3D. Similarly, Norway has a law on Transparency and Human Rights, which also obliges in-scope undertakings to conduct diligence on human rights impacts and 'decent working conditions' in the value chain (with significantly lower thresholds for scope than many other of the measures mentioned here). Outside of the bloc, Canada recently introduced a law obliging in-scope companies to conduct diligence into their value chain with respect to forced or child labour and, similarly to CS3D, obliging companies who identify any such issues to take steps to eradicate these practices. Albeit narrower in scope, the USA recently passed an act creating a rebuttable presumption that any goods manufactured in the Xinjiang region of China are prohibited from importation into the USA by reason of being made with forced labour of the Uyghur people. Finally, in the UK, the Commercial Organisations and Public Authorities Duty (Human Rights and Environment) Bill (the 'Bill') was recently proposed by Baroness Young in the House of Lords. While still at an early stage of the parliamentary process, and overall unlikely to pass, the Bill proposes a value chain due diligence and reporting process with broad equivalence to CS3D.

One fundamental challenge with all of these regimes is simply understanding how they apply to a company and its operations. Scope of application and scope of obligations are different under each regime.

New regulation is not the only source of risk in the value chain. In recent years, there has been a slew of judgments which have significantly increased the scope of companies' liability for acts and omissions in the value chain. In 2021, the Court of Appeal's landmark judgment in Begum v Maran (UK) Ltd [2021] EWCA Civ 326 ('Begum') was among the first to apply the existing common law tort rules to a corporation in respect of acts or omissions from in its contractual value chain even where it was multiple steps removed from the harm itself. Begum is not an isolated case, either. In 2022, a claim was issued in the English High Court against two UK companies and one Malaysian company in the Dyson corporate group by lawyers representing a group of claimants who alleged that they had been victims of human rights abuses in a factory contracted to make parts for Dyson.

4. CONCLUSION

Though CS3D had looked almost certain to pass into law at the beginning of this year, last-minute political horseplay appears to have – at the very least – put an indefinite delay on its passage through the final stages of the lawmaking process. While it might be tempting to breath a sigh of relief, there remains a clear global trend towards increased national and international regulation of value chain liability through legislation and through the courts, which continues to create significant risks and liabilities for corporates and investors. Regardless of CS3D's future, now is certainly not the time for complacency in respect of value chain risk.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.