Laws and Regulations

EU Corporate Sustainability Due Diligence Directive Proposal (CS3D)

05 February 2022

Lisa Lerouge

Policy and EU Market Analyst

Last updated on December 16th, 2024

Listen to this post on CS3D
9:33

Overview

What is cs3d?

The EU Corporate Sustainability Due Diligence Directive (CS3D) sets out rules for companies to address human rights and environmental impacts occurring in their operations and supply chains, and seeks to harmonize due diligence practices across the EU.

This Due Diligence directive outlines corporate liability for human rights abuses or environmental violations occurring across their chain of activities. Several Due Diligence acts already exist in the EU Member States, including French Duty of Vigilance law and German Supply Chain Due Diligence (LkSG or SCDDA). As a directive, it now requires all 27 EU Member States to transpose its provisions into their national laws, ensuring a unified framework for corporate sustainability and accountability throughout the union.

 

Who is impacted?

EU-based Companies:

  • The CSDDD applies to large EU-based companies with more than 1000 employees, a worldwide turnover exceeding €450 million and parent companies of groups meeting these thresholds.

Non-EU Companies and SMEs:

  • It also applies to Non-EU companies generating over €450 million in EU turnover or companies earning more than 22,5 million from royalties within the EU and having a turnover of more than €80 million in the EU.

  • While SMEs are not directly subject to the directive, they may be indirectly affected as suppliers or contractors for larger companies required to implement due diligence measures

key dates to remember

The directive entered into force on July 26th, 2024. Member States shall transpose the directive into national laws by July 2026. The reporting obligations are rolling out in defined phases which depend on company size and turnover:

Reporting Year

Fiscal Year Covered

Company Criteria

2027

2026

- EU Companies: >5,000 employees and annual worldwide turnover >€1.5 billion.
- Non-EU Companies: Annual EU turnover >€1.5 billion.

2028

2027

- EU Companies: >3,000 employees and annual worldwide turnover >€900 million.
- Non-EU Companies: Annual EU turnover >€900 million.

2029

2028

- EU Companies: >1,000 employees and annual worldwide turnover >€450 million.
- Non-EU Companies: Annual EU turnover >€450 million.
- Companies in Franchising or Licensing: Royalties >€22.5 million and turnover >€80 million.

 

Requirements

The Directive sets a risk-based approach to due diligence that companies must follow by going through the following steps:

  • Integration of Due Diligence and risk management systems in their business policies (Article 5)
  • Setting up a Complaints Mechanism (Article 9)
  • Identification and assessment and prioritization of actual or potential adverse impacts (Article 6)
  • Mitigation of potential adverse impacts (Article 7)
  • Remediation of actual adverse impacts (Article 8)
  • Documentation and monitoring of the effectiveness of the due diligence measures (Article 10)
  • Reporting and Disclosure on due diligence processes (Article 11).

To assist in meeting these due diligence obligations, the Commission will provide general as well as sector-specific or risk-focused guidelines.

Due Diligence Policies and Complaints Mechanism 

Integration of Due Diligence in company’s policies (Article 5) 

Companies must develop comprehensive due diligence policies with internal stakeholders, including:

  • A description of the company’s approach to due diligence.
  • Code of Conduct applicable internally and across the supply chain.
  • documentation of due diligence measures and verifying methods
Complaints Mechanism (Article 9) 

Companies must create a transparent process for complaints regarding adverse impacts within the organization or its supply chain. This mechanism should:

  • Be public, user-friendly, and ensure complainant safety.
  • Provide clear communication if complaints are valid, with reasoning.
  • Offer follow-ups or meetings with company representatives
Risk Identification, Assessment & Prioritization (Article 6) 
Risk Identification (Article 6) 

Companies must identify actual and potential adverse impacts across three key levels:

  • Own operations
  • Subsidiaries
  • Direct and indirect business partners (both upstream and downstream).

This requires mapping operations at these levels to pinpoint where adverse impacts are most likely and severe. The mapping should consider relevant risk factors to create a comprehensive understanding of potential issues.

Risk Assessment  

Once risks are identified, companies must conduct in-depth assessments of the most critical areas. This involves:

  • Use resources like independent reports and complaints data.
  • Focus on entities where risks are most likely and severe

Risk Prioritization 

Prioritize risked based on:

  • Severity of the impact: How harmful the impact could be.
  • Likelihood of occurrence: How probable the impact is.
Definition: Chain of Activities: 

  • Upstream Activities: Include design, extraction, sourcing, manufacturing, transport, storage, supply, and product or service development.
  • Downstream Activities: Cover the distribution, transport, and storage of products or services.

Mitigation OF adverse impacts (Articles 7 & 8) 

  1. Key Actions

    • Companies must take appropriate steps to preventremedy, or mitigate potential risks based on the findings.

  1. Factors Influencing Actions depends on the company’s link to the risk, and if the risk is:

    • Caused solely by the company.

    • Jointly caused with subsidiaries or business partners.

    • Caused by business partners alone.

  1. Appropriate Actions

    • Minimize or neutralize the adverse impact based on severity and influence.

    • Implement prevention or corrective action plans

    • Adjust strategies, pricing, or purchasing policies.

    • Collaborate with entities to improve risk mitigation efforts.

    • Secure contractual commitments from partners to follow Code of Conduct.

  1. Business Relationship Adjustments

    • Suspend or terminate relationships with entities contributing to the risk, unless doing so would worsen the situation.

    • Avoid establishing new relations that could perpetuate the issue.

Obligation to Remedy (Article 8c)

  • If the company caused or jointly caused the harm, it must provide remediation.

  • the company may offer voluntary support for harm caused by partners.

Stakeholder Engagement (Article 8d)

Companies must:

  • Engage stakeholders effectively, providing relevant information and addressing requests.

  • Ensure security and anonymity.

Monitoring, Documentation, Disclosure and Reporting (Articles 10 & 11) 

  1. Monitoring (Article 10)

    • Regularly assess the effectiveness through:

      • Policies for risk identification, evaluation, prioritization, and mitigation.

      • qualitative and quantitative indicators.

      • Stakeholder input.

  1. Reporting (Article 11)

    • Publish an annual statement on due diligence efforts

      • Publicly accessible.

      • Provided in a data-extractable format.


Combating Climate Change (Article 15) 

  1. In terms of the transition plan for climate change mitigation, companies must adopt a plan compatible with:

    • the Paris Agreement and its limit of 1.5°C global warming.

    • Climate neutrality goals for 2050.

  1. The transition plan shall include:

    • Time-bound targets for 2030 and every 5 years till 2050.

    • Decarbonization Strategies and funding allocation.

    • Administrative management and supervisory bodies for plan execution.

 

Consequences of Non-Compliance with CS3D

The consequences will vary across Member States as they transpose the directive into their national laws, consequences may be:

Financial Penalties: Substantial fines proportional to turnover, with severe impact on large multinationals.

Legal Liability: Risk of lawsuits for failing to address human rights or environmental violations, requiring compensation or corrective actions.

Reputational Damage: Publicized violations can harm brand image, erode consumer trust, and deter investors.

Operational Disruptions: Possible license suspension, restricted market access, or supply chain issues due to partner non-compliance.

Regulatory Scrutiny: Increased audits, reporting requirements, and compliance costs, potentially delaying operations.

 

Recommendations

To ensure compliance with the upcoming Directive, companies should start to design and implement an effective compliance system and get an understanding of their entire value chain in order to discover any human rights or environmental violations.

Check out the Due Diligence Framework which we have put together in the guide, Labor in Supply Chain Compliance.

 

How TrusTrace can help

Sounds complicated? Not with the right platform! TrusTrace provides actionable transparency of your entire supply chain and makes it easier to manage compliance, supply chain risk and communicate product origin easily and credibly. Contact us for more information on how we can help your company.

 

 

Disclaimer: At TrusTrace, we want to keep you informed on laws and regulations, but this information in the blog should not be considered or used as legal advice.

ready to trace?

Take control of your supply chain risk, compliance, and impact with the world’s leading traceability platform for fashion, footwear and textile supply chains. Start by speaking with the TrusTrace team today.
contact sales