European Union Moves Towards Mandatory Supply Chain Due Diligence: Start Gearing Up For New Directive

30 April 2021

Introduction

There has been a proliferation of new laws concerning ethical sourcing and due diligence in supply chains in various territories in recent years. This trend is being taken to the next level in the European Union with a proposed new law that will introduce far-reaching supply chain due diligence obligations for certain businesses.

On 10 March 2021, the European Parliament considered and adopted an outline proposal for the “EU Directive on Mandatory Human Rights, Environmental and Good Governance Due Diligence” (the Directive). The European Commission has now been tasked with drafting a formal legislative proposal for the Directive, to be presented to the European Parliament in summer 2021. Whilst the Directive is not expected to come into force until late 2022 or early 2023, companies falling within its scope will need to start gearing up to ensure they’re ready when the new requirements kick in.

This alert summarises the aims of the Directive, who it will apply to, what they will need to do to comply, and what the risks will be if they don’t.

What are the aims of the Directive?

The Directive aims to introduce far-reaching mandatory due diligence obligations amid concerns that a voluntary regime is insufficient in addressing the potential negative impacts of globalised business activities in various fields of corporate responsibility. 

The European Parliament’s concern that too little is being done today is corroborated by the European Commission’s recent finding that only one business in three is currently conducting appropriate due diligence measures with regards to its value chain.

The Directive is also intended to exclude unfair competitive advantages across the European Union, by harmonising and creating a level playing field in light of different national supply chain laws already, or soon to be, enacted in several member states (such as France, Germany, and the Netherlands).

Who will have obligations under the Directive?

It is currently expected that the Directive’s obligations apply to:

  • Large undertakings, defined as businesses operating in the European Union (irrespective of place of registration) with more than:
    • 250 employees;
    • €50 million annual turnover; or
    • a balance sheet total exceeding €43 million.
  • Publicly listed or “high-risk” small and medium sized entities; and
  • Companies providing financial services and products.

What will companies need to do to comply?

Companies falling within the scope of the Directive will be obliged to:

  • Take measures and make efforts to prevent potential adverse impacts in three fields of corporate responsibility: human rights, the environment, and good governance;
  • Put appropriate processes in place; and
  • Publicly communicate their approach to due diligence in a due diligence strategy document.

Measures and efforts to prevent adverse effects

Affected companies will need to take “all proportionate and commensurate measures,” and “make efforts within their means,” to prevent potential adverse impacts in the following three fields of corporate responsibility:

  • Human rights – including social, trade union, and labour rights;
  • The Environment – for example, the production of waste, sustainable use of natural resources, pollution, greenhouse gas emissions, deforestation, biodiversity, and ecosystems; and
  • Good Governance – including combatting bribery, corruption, and illegal campaign contributions.
What does “proportionate measures” mean?

Given the broad scope of affected entities, the obligations will be applied proportionately, meaning not all companies will be required to take the same actions. The necessary actions for each company will depend on factors such as:

  • The severity and likelihood of the adverse impacts;
  • Sector of activity;
  • Size of the undertaking;
  • The nature and context of the undertaking’s operations (including geography);
  • The undertaking’s business model;
  • Its position in the value chain; and 
  • The nature of the business’s products and services.
Know your customer

Affected companies will need to:

  • Make appropriate efforts to identify their suppliers and subcontractors – the due diligence requirements will not be limited to the first tier downstream and upstream in the supply chain, but will encompass any identified as posing “major risks” in any stage of the value chain;
  • Take appropriate action to ensure that their business partners put in place governance policies in line with the company’s due diligence strategy (e.g., by means of framework agreements, contractual clauses, codes of conduct, or certified and independent audits); and
  • Regularly verify that subcontractors and suppliers comply with these obligations.

Appropriate processes

Affected companies will be obliged to put processes in place in relation to potential adverse impacts in the above areas that:

  • Identify;
  • Assess;
  • Prevent;
  • Mitigate;
  • Cease;
  • Monitor;
  • Communicate;
  • Account for;
  • Address; and 
  • Remedy.

Due diligence strategy

Affected companies will be required to produce a Due Diligence Strategy Document in which they publicly communicate their approach to due diligence, which must be integrated into their overall business strategy.

The Due Diligence Strategy Document, which will need to be evaluated (and revised if necessary) on an annual basis, will need to:

  • Specify the company’s potential or actual adverse impacts on human rights, the environment and good governance;
  • Map the company’s value chain;
  • Indicate the appropriate policies and measures adopted by the company, with a view to ceasing, preventing, or mitigating the identified potential or actual adverse impacts; and
  • Set up the company’s prioritisation strategy.

Enforcement

Enforcement of the mandatory regime under the Directive will fall on the competent national authorities of EU member states, who will have the power to carry out investigations into compliance, including by conducting interviews with stakeholders and their representatives, and carrying out on-the-spot checks.

Possible sanctions under the final Directive regime are expected to be serious and may include:

  • Large administrative fines (comparable in magnitude to fines currently provided for in competition/antitrust law and data protection law);
  • Exclusion from public procurement, state aid, or public support scheme; and
  • Import bans in the case of severe human rights violations (such as child labour).

The proposed regime also envisages a system giving victims of a company’s actions in third world countries access to a legal remedy in the form of compensation.

When will the requirements kick in?

Based on the usual timeline for legislation adoption at EU level (approximately 19 months), we expect that the Directive will be adopted in late 2022, at the earliest. Following this adoption, EU member states will be given time to transpose the Directive into national law, which is usually a maximum period of 2 years – meaning binding national laws would not be expected before 2023.

However, given the extent of these obligations, companies expecting to be subject to the new regime under the Directive will need to begin to consider necessary steps to reach compliance and potentially upgrade the measures already implemented under national regimes (such as those in Germany, France and the Netherlands), to ensure all required measures are in place before the Directive comes into force.