After a long and winding road through the European Union, including a detour that softened some of its proposed provisions, the EU CSDDD (Corporate Sustainability Due Diligence Directive) is set to shape the future of Europe’s supply networks. This new legislation follows several other of the EU’s attempts to encourage and compel its businesses to take sustainability seriously. As a result, the Directive puts into practice some novel approaches, predicated on the hope that the biggest businesses in Europe can be a force for good.
With measures that focus on monitoring, reporting, and encouraging positive change rather than punishing non-compliance outright, the EU CSDDD makes the legislative case for trickle-down sustainability to sub-tier suppliers. Here we unpack the latest updates to the Directive.
The scope of the EU CSDDD
The EU CSDDD isn’t the only sustainability-focused piece of legislation passed in the region over the past few years. The European Climate Law, the Sustainable Finance Disclosure Regulation, and the Corporate Sustainability Reporting Directive are just a few legislative efforts to put the bloc at the forefront of positive environmental and social change. As a result, feedback from member states during the CSDDD’s proposal stage led the EU to narrow the scope of this new directive to the biggest businesses in Europe. This was done to prevent small- and medium-sized businesses from taking on undue regulatory burdens.
Therefore, the only companies that are within the scope of the CSDDD are:
- EU companies with over 1000 employees and a net turnover of more than €450 million worldwide
- Parent companies with over 1000 employees and a net turnover of more than €450 million
- Non-EU (third country) companies with over 1000 employees and a net turnover of more than €450 million
- Franchises with a net turnover of over €80 million, if at least €22.5 million of that turnover was generated through royalties
More carrot, less stick in the updated EU CSDDD
Though the scope may seem narrow compared to some of the EU’s other sustainability laws, the CSDDD operates differently from laws that allow companies to only focus on their own compliance. Firstly, businesses must contractually define what their suppliers’ sustainability standards should be. Then, the CSDDD requires companies in scope to take “appropriate measures” to ensure that these standards are met.
A supplier’s word is no longer enough to satisfy compliance checks. Instead, businesses must actively monitor and assess their suppliers for sustainability risks, and take concrete mitigation action if necessary. However, the EU CSDDD differs from other recent legislations through its emphasis on “appropriate measures,” which include various forms of support for non-compliant suppliers. The EU is hoping that big businesses can use their influence and financial abilities to champion high-risk suppliers into long-term, sustainable compliance.
Figure 1: The EU CSDDD relies on companies to enforce compliance throughout their value networks.
New EU CSDDD assessments, monitoring, and verification
The process of assessing, continually monitoring, and verifying a company’s suppliers for various risk factors is now a given within most supply chain-focused laws and regulations. Similarly, the Directive expects businesses to fully understand the compliance status of all suppliers, as well as the impact that supplier has within the business’s value network. Supplier assessment must happen yearly at minimum unless an emerging risk brings cause for re-assessment. If a supplier is found to violate the company’s code of conduct, the company is required to mitigate the risk through appropriate measures.
Key to these assessments is ongoing supplier monitoring and verification. Businesses are advised to use third-party risk data and independently confirming the supplier’s status, instead of just relying on a supplier’s own reports. Again, the burden of monitoring and verification is centralized on the big businesses, with SMEs ideally benefitting from their influence and support.
Figure 2: Compliance with the EU CSDDD will require mapping and verifying supplier practices, and updating annually.
EU CSDDD mitigation strategies
If a business notices emerging sustainability risks from within their supply chains, they must act to mitigate the risk and strengthen their value network’s overall sustainability bona fides. The CSDDD suggests several different ways to support at-risk suppliers, including direct financial support, in-kind training support, collaborations, and more.
If, after these interventions, the supplier is still struggling to maintain the level of contractually required sustainability, the relationship between the business and the supplier may be suspended or terminated. However, the CSDDD specifies that if the termination of the business relationship is likely to cause greater harm than in its continuation, the business must take remedial actions instead.
Showing your work in EU CSDDD reporting
Finally, businesses must submit annual compliance reports. The aim is full transparency—these reports will be filed within the EU’s collection body and publicly accessible to all stakeholders. CSDDD compliance reports must include value network assessments, activities, and impacts. The big businesses will have to show their work each year to prove how they are shepherding their value networks into better, more sustainable practices.
Get started on EU CSDDD compliance
The CSDDD won’t be enforced overnight. However, EU businesses and businesses operating within the EU will only have a few years to implement the right policies, strategies, and technologies to maintain CSDDD compliance. Even out-of-scope businesses should start preparing, as these companies will be impacted sooner or later by this new legislation.
In-scope operations should start with value network visibility. Without understanding their suppliers’ sustainability risk landscape, businesses won’t be able to take the appropriate actions that the CSDDD requires. Then, using tools such as a risk management platform, companies can group and rank their risk, making it clear which supplier may need a little more support. AI-powered algorithms can also automatically monitor high-risk suppliers, leaving your risk team to make effective mitigation decisions instead of combing through tons of data.
If a supplier is deemed as needing action, businesses can either offer support or remediation, so it’s worth knowing what your company can offer to your value chain. After action is taken, the business should contemplate whether the actions were enough, or whether a different approach is needed. Either way requires the business to understand fully how and why the sustainability issues occurred, so the business can offer the best solution for support moving forward.
Finally, get your technology in order. Digital risk management platforms and tools are also an excellent way to store relevant information throughout the year. Reporting and reflections can be pulled together easily and allow for significant changes.
The EU CSDDD is on the horizon, and will affect far more companies than are technically within its scope. Implementing the necessary changes within your business now will help you stay on top of the complex web of supply chain and sustainability compliance.