While sustainability and human rights legislation has become more commonplace across the globe, the European Union (EU) takes the lead in creating the most robust requirements that impact both EU and non-EU based firms. Two of the biggest initiatives, the Corporate Sustainability Reporting Directive (CSRD) and the Corporate Sustainability Due Diligence Directive (CSDDD), work together to strengthen and expand reporting and due diligence standards for companies doing business in the region.
So what exactly do they do? And how will these new laws impact both US and EU businesses?
Below we’ve broken down each piece of legislation to review how they work, who they impact, and what this means for companies, especially procurement and supply chain leaders.
Corporate Sustainability Due Diligence Directive
Background
The CSDDD, first proposed by the European Commission in February 2022 and adopted in June 2023 pending final negotiations, establishes a due diligence duty for covered companies.
It requires companies to identify, end, mitigate, prevent, and account for negative human and environmental impacts as a result of the businesses’ activities. In other words, companies are now responsible for what happens along their supply chains-covering a broad range of ESG risk factors, including human rights abuses, labor violations, and environmental impacts such as pollution and biodiversity loss.
The legislation imposes different requirements depending on the size and type of business you operate, but all companies under its scope must implement due diligence measures, including:
- Integrate due diligence into corporate policies
- Monitor the effectiveness of due diligence policies and actions
- Identify existing or potential negative human and environmental impacts
- Prevent or mitigate potential impacts
- End or mitigate existing impacts
- Establish a complaints procedure
- Report on due diligence actions and results publicly
Companies that fall in scope will be responsible for the costs of establishing due diligence procedures, including any transition costs for changing the company’s operations to comply with the mandate. The CSDDD will be enforced through administrative supervision and civil liability-with fines of up to 5% of total revenue for non-compliance.
Purpose
The purpose of the CSDDD is to drive corporate responsibility and sustainability not only within direct business operations but also along the global supply chain. The goal is to have companies take greater accountability for their impacts on people and the environment through prevention and mitigation. Additionally, the CSDDD will increase transparency through mandated public reporting (and standardized frameworks set forth through other initiatives like the CSRD). This will help stakeholders better assess companies’ sustainability performance and hold businesses publicly accountable.
As part of the European Green Deal, the CSDDD is also designed to support the EU’s efforts towards reducing net greenhouse gas emissions by at least 55% by 2030, compared to 1990 levels. For instance, companies with a turnover of more than €150 million are required to draft climate transition plans to align their business strategies with the Paris Agreement’s goal to limit global warming to 1.5°C above pre-industrial levels.
Companies Impacted
The CSDD will affect approximately 17,000 businesses in total (an estimated 13,000 EU companies and 4,000 companies incorporated outside the EU).
Companies incorporated in the EU
For EU-based companies, the CSDDD will apply to the following:
- Companies with more than 500 employees and a global net annual revenue of €150+ million (this will be the first group affected)
- Companies in high-impact sectors (e.g., agriculture, textiles, mineral extraction) with 250 employees and a global net annual revenue of €40+ million (this group will fall into scope two years after the first group)
Companies incorporated outside the EU
For non-EU-based companies the CSDDD will apply to:
- Businesses with €150 million net annual revenue if at least 40 million euros were generated in the EU
- Businesses in high-impact sectors with a net annual revenue of more than €40million
Corporate Sustainability Reporting Directive
Background
We reviewed the CSRD in more detail in our blog post here, but essentially the CSRD-which passed in the EU Council in November 2022-outlines new sustainability reporting requirements for companies that fall under its scope.
Under the CSRD, companies must:
- publish regular reports on the social and environmental risks they face
- describe how their activities impact people and the environment
- undergo independent audits based on the new EU sustainability reporting standards
Purpose
The purpose of the CSRD is to standardize sustainability disclosure across corporations to ensure investors and other stakeholders have reliable data to evaluate companies’ sustainability performance. The CSRD also reduces the financial costs of reporting to companies by streamlining the process for everyone.
NFRD vs. CSRD:
The CSRD replaces the sustainability reporting requirements under the Non-Financial Reporting Directive (NFRD). The NFRD, which went into effect in 2014, required companies with more than 500 employees to provide non-financial disclosures (i.e., sustainability reports).
However, under the NFRD, companies could determine their own reporting frameworks. Without a standard reporting guideline, it was difficult for stakeholders to reliably assess a company’s performance or accurately compare them against other organizations. As a result, reporting costs rose as companies tried to meet multiple (and often conflicting) reporting standards.
To correct these issues, the EU adopted the new CSRD legislation.
Companies Impacted
The CSRD includes a much broader scope of organizations than the NFRD.
In addition to all the companies already subject to the NFRD (~11,700), the CSRD applies to all large EU companies as well as EU subsidiaries of non-EU parent companies listed on the EU-regulated market. While this also includes SMEs (small-medium size enterprises), “micro” businesses are excluded.
Specifically, the CSRD applies to large EU companies that meet two out of the following criteria:
- More than 250 employees
- Balance sheet totals more than 20 million euros
- Net turnover of more than 40 million euros
It also applies to non-EU companies with a net turnover of >150 million euros that have either an EU subsidiary that follows the above criteria or a branch that generates >40 million euros net turnover in the previous financial year.
Differences between the CSDDD and CSRD
The CSDD and CSRD work in tandem to support more stringent and comprehensive sustainability and due diligence standards across companies doing business in the EU.
The CSRD is a reporting framework that focuses on standardizing non-financial reporting procedures and requires compliance with all EU sustainability reporting standards.
The CSDDD also has a reporting component (reinforced by the CSRD), but focuses more broadly on supply chain due diligence related to sustainability, the environment, and human rights. It requires companies to set up due diligence processes to identify their impact in these areas, including:
- Creating a due diligence policy
- Identifying and evaluating risks
- Implementing mitigation strategies and prevention plans
Both initiatives follow the United Nations Guiding Principles of Business and Human Rights (UNGPs) and the OECD’s guidelines for multinational companies.
How Procurement, Supply Chain & Compliance Professionals Can Prepare
While these laws are based in the European Union, it’s important to note that large non-EU-based companies are not necessarily off the hook. Additionally, other countries, such as Canada and the US, look to the EU when shaping their own ESG policies, so firms that operate in both North America and the EU must pay special attention to these regulations and the standards they are based on-and take action to ensure compliance now and in the future.
For instance, the CSDDD and CSRD guidelines are based on international standards-such as the United Nations Guiding Principles on Business and Human Rights and the OECD Due Diligence Guidance for Responsible Business Conduct-which means they provide an important framework for new ESG initiatives and programs.
Better Compliance Starts with Better Data
Building strong due diligence policies is only the first step. To ensure compliance-and improve reporting transparency-you need the right data to help you uncover key risks and potential ESG impacts.
Traditionally, corporations have relied largely on supplier surveys to understand their operations down the value chain. However, while subjective supplier surveys may be useful for certain types of risk, ensuring ESG compliance from vendors requires more real-time, objective, third-party data.
For example, a simple “yes or no” check from a supplier survey will not necessarily count as due diligence-and can’t give you the in-depth information you need to properly vet suppliers and validate compliance. Instead, large enterprises will be expected to invest in more robust efforts to ensure ethical and sustainable supply chains.
Therefore, supplier risk management needs to be centralized across all key stakeholders, with data coming from a variety of reliable sources, and combined with machine learning models to assess risk levels across numerous categories.
Craft’s supplier risk management platform is purpose-built to give businesses a holistic view of their operations through the entire value chain. As global supply networks increase in size and complexity, enterprises need a robust solution like Craft to identify, monitor, and alert them in real time to existing and potential risks so they can ensure compliance with confidence.
Learn how our comprehensive supplier risk platform gives you 360° views of your vendors so you can comply with numerous ESG policies, such as the German Supply Chain Act, Canada’s Forced Labor Act, Norwegian Transparency Act, the US Uyghur Forced Labor Prevention Act-and much more.