The EU Commission proposed a new directive on the 23rd of February that will require many large businesses to make obligatory due diligence assessments of their supply chain processes, companies in breach of this will be subjected to fines. Since it has not yet been approved by the EU Parliament or Council, it is hard to tell when the new directive might be put into force. Yet, with multiple similar legislations being approved in many EU countries, it seems more a matter of time until the new Directive on Corporate Sustainability Due Diligence is juridically binding for many companies operating within the EU.
Because of this, it is important for businesses to orientate themselves early on, so that they can more easily adapt to the upcoming requirements. The Directive requires companies to perform obligatory due diligence processes, to assess and mitigate negative impacts that stem from their business operations. According to the Directive, this process should focus specifically on human rights and environmental impacts. It should include the six steps outlined in the OECD Due Diligence Guidelines:
1) Integrate due diligence into policies and management systems
2) Identify and assess adverse human rights and environmental impacts
3) Prevent, cease or minimize actual and potential adverse human rights, and environmental impacts
4) Assess the effectiveness of the measures taken.
5) Communicate the results.
6) Provide remediation if needed.
The current provisions also require businesses to adopt plans to limit global warming in line with the 1.5C target of the Paris Agreement.
This process requires businesses to assess and mitigate impacts, but not necessarily eliminate any possible risk of adverse impact. The focus here is rather on continual improvement of sustainability practices, and mitigating risk within what is reasonably expected. Important factors here are the particular circumstances of the company in question, which include the risks linked to their direct business operations, the status of those risks in the local geographical area, the severity of the negative impact, the amount of business partners impacted and so on. This still marks a huge shift from today, businesses cannot just report on what is happening, but they will also be required to actually address risks and act to mitigate them.
The current scope of the directive targets businesses that meet the following criteria.
Group 1 encompasses all companies meeting the criteria mentioned.
Group 2 excludes businesses which are not in high-impact sectors. According to the Directive these sectors are: 1) Extraction sector, 2) Mineral supply sector, 3) Agricultural sector, 4) Garment supply sector. So, the criteria for group 2 only applies to companies with operations within any of these 4 sectors.
According to the EU Commission this it is estimated that the Directive will cover about 12,800 EU companies and about 4,000 non-EU companies.
We don't know yet how the Directive will look when it is finally approved. The Principles for Responsible Investment (PRI) have published a statement calling for the Directive to include even stricter demands for companies, and to tie it closer to similar due diligence requirements and ESG reporting directives already in effect in the EU. The PRI has called for broadening the scope of directly affected businesses to include more businesses. They have also asked the Directive to include a requirement for ongoing due diligence assessments in regards to investments calling for businesses to conduct both pre- and post-assessments as the current draft only calls for pre-investment due diligence. In addition, they have called for stricter requirements for larger companies to report on their plans on how they will work to limit global warming to 1.5C, and not only adopt such plans. The International Federation for Human Rights (FIDH) have signed a joint statement with academics and members which calls for the inclusion of provisions related to conflict sensitivity and international humanitarian law as part of the new due diligence Directive, as the Directive in it's current draft does to supply companies with any guidelines or criteria regarding responsible business conduct in conflict-affected and high-risk areas.
Apparel producer's have also proposed that the directive more explicitly should be connected to existing due diligence guidelines and frameworks, such as the OECD, to ensure harmonised and proper reporting, as the current draft remains vague to how due diligence should be performed. Basing it on such frameworks would make the due diligence reporting more properly risk-based. Currently, the proposal limits the duty to perform due diligence to "established relationships", which makes the assessments relationship-based. A risk-based assessment would on the other hand require a more direct accountability and prioritisation than this. Within a risk-based frameworks, individual companies must assess the risks caused by their operations, products and services, and prioritise these, throughout their entire supply chain, and not only to their established relationships. This means they have to assess risks connected to sub-suppliers, new suppliers, late-tier buyers, and similar, in addition to established relationships. The risk based focus of some current Transparency Laws, such as the Norwegian Transparency Act, makes it probable that reference to risk-based frameworks might be included in the final draft.
In addition, with the recent report by UN Climate Change informing us that we are nowhere near the required emission reductions needed to uphold the 1.5C goal, the inclusion of stricter provisions on environmental impacts, especially the reporting requirement on emission reduction plans proposed by the PRI, seems very plausible to be included in the final draft.
No matter what form it takes, though, and what provisions it will include, the Directive will require larger companies operating in the EU to adopt due diligence policies and implement due diligence processes to mitigate impacts on the environment and human rights. In its current form, the directive does not directly target every business operating within the EU. Rather, it only targets about the 1% largest companies. This does not mean that smaller businesses are not effected – if they are suppliers or part of the supply chains of the largest 1% they will share some of the burden and cost of the due diligence process. Both because of this, and because due diligence requirements are becoming more and more prevalent in Europe, SMBs should prepare accordingly in case they need to provide supporting services, implement due diligence as they grow bigger, or implement due diligence in the future, if the directive is expanded to encompass more businesses. Incorporating clear due diligence routines early makes it a lot easier to tackle these possibilities! In addition the proposed Directive does include provisions on supporting SMEs to commit to the same kind of due diligence reporting as larger businesses.
The Orixe platform helps give you the visibility and control over your supply chain that you need in order to assess the compliance risks, and enact mitigating strategies. Read more about what we offer here.