person standing near the stairs

Introduction

Check out Responsible Cyber website : Cybersecurity and Risk Management.

On January 30, 2024, the European Union (EU) released the final draft of the Corporate Sustainability Due Diligence Directive (CSDDD). This legislation, first introduced by the European Parliament in February 2022, aims to address environmental, social, and governance (ESG) standards within companies and their supply chains. If adopted, the law will go into effect in phases starting in 2027. As a result, any organization that conducts business in the EU should be prepared to establish or improve its supply chain due diligence program. This blog post examines the proposed law’s requirements, applicability, and penalties, and suggests best practices to prepare for its implementation.

EU Corporate Sustainability Due Diligence Directive Requirements

The CSDDD outlines specific obligations for companies to perform due diligence on their operations and supply chains. The goal is to identify, prevent, mitigate, and account for adverse impacts on the environment, labor, and human rights. This law is closely related to the Corporate Sustainability Reporting Directive (CSRD), which lays out specific ESG reporting requirements, including those arising from supply chains, as part of regular company disclosures.

Eight Due Diligence Obligations

The CSDDD includes eight key due diligence obligations that companies must fulfill:

1. Integration into Policies

Companies are required to integrate due diligence into their corporate policies. This involves defining and adopting a due diligence policy that outlines the company’s approach to identifying and addressing adverse impacts on human rights and the environment.

2. Identification of Adverse Impacts

Organizations must proactively identify actual and potential adverse impacts on human rights and the environment. This includes their own operations, subsidiaries, and throughout their value chains, encompassing both direct and indirect business relationships.

3. Prevention and Mitigation

Upon identifying adverse impacts, companies are obligated to prevent potential impacts from materializing and to mitigate actual impacts. This involves taking appropriate actions and measures, such as adjusting operations, engaging with suppliers or business partners, or implementing corrective action plans.

4. Accounting for Impacts and Remediation

If adverse impacts occur, companies must account for how they address these impacts and, where necessary, provide for or cooperate in the remediation process. This includes ensuring that remediation is accessible to affected parties and aligns with international standards.

5. Establishing a Grievance Mechanism

Companies need to establish or participate in a grievance mechanism that is accessible to individuals and communities who may be impacted by the company’s activities. This mechanism should allow for the submission of complaints regarding non-compliance with the company’s due diligence obligations.

6. Monitoring and Evaluation

Organizations should monitor the ongoing effectiveness of due diligence measures and actions taken to address adverse impacts. This involves regular assessment and adaptation of strategies and measures in response to findings.

7. Public Reporting

Companies are required to publicly report on their due diligence policies, processes, and findings. This includes disclosing how they identify and address adverse impacts, as well as the outcomes of their due diligence efforts.

8. Supply Chain Due Diligence

For relationships in the supply chain that pose a high risk of adverse impacts, companies must take additional steps. This could involve deeper engagement with affected stakeholders, conducting more detailed assessments, and collaborating with other entities to address systemic issues. The directive emphasizes a continuous and proactive approach to due diligence, requiring companies to not only assess and address risks once but to monitor and adapt their strategies over time.

EU Corporate Sustainability Due Diligence Directive Applicability

Once passed, the CSDDD legislation will apply to EU companies and parent companies with over 500 employees and a worldwide turnover higher than 150 million euros. The obligations will also apply to companies with over 250 employees and with a turnover of more than 40 million euros if at least 20 million euros are generated in one of the following sectors:

– Manufacturing and wholesale trade of textiles, clothing, and footwear
– Agriculture, including forestry and fisheries
– Manufacture of food and trade of raw agricultural materials
– Extraction and wholesale trade of mineral resources or manufacture of related products
– Construction

Implementation will be phased in over three years based on turnover and company size, with implementation ending in 2029.

In conclusion, the EU Corporate Sustainability Due Diligence Directive introduces significant requirements for companies operating in the EU. By integrating due diligence into their policies, identifying and addressing adverse impacts, establishing grievance mechanisms, and publicly reporting on their efforts, companies can ensure compliance with the law and contribute to sustainable business practices. It is crucial for organizations to familiarize themselves with the directive’s obligations and begin preparing for its implementation to avoid penalties and reputational risks.

Leave A Comment

about Responsible Cyber

Responsible Cyber is a leading-edge cybersecurity training and solutions provider, committed to empowering businesses and individuals with the knowledge and tools necessary to safeguard digital assets in an increasingly complex cyber landscape. As an accredited training partner of prestigious institutions like ISC2, Responsible Cyber offers a comprehensive suite of courses designed to cultivate top-tier cybersecurity professionals. With a focus on real-world applications and hands-on learning, Responsible Cyber ensures that its clients are well-equipped to address current and emerging security challenges. Beyond training, Responsible Cyber also provides cutting-edge security solutions, consulting, and support, making it a holistic partner for all cybersecurity needs. Through its dedication to excellence, innovation, and client success, Responsible Cyber stands at the forefront of fostering a safer digital world.