After political to-and-fro for over two years, the EU Corporate Sustainability Due Diligence (“CS3D”) made it over the line on 24 April 2024 with the European Parliament formally approving it.
We set out the headline requirements and timing of CS3D below.
What is the CS3D?
This legislation is far-reaching with mandatory human rights and environmental-related requirements applicable to both EU and non-EU companies meeting specific thresholds, as set out below. The non-EU companies captured may be those without companies organised or headquartered in the EU but as a result of significant EU-based turnover.
The headline human rights and environmental requirements are:
- Integrate human rights and environmental considerations and due diligence into policies and management systems.
- Implement measures to identify and assess any potential or actual adverse human rights and environmental impacts.
- Prevent and mitigate potential adverse impacts — remediate and mitigate any actual adverse impacts.
- Monitor the effectiveness of due diligence policy and measures periodically.
- The assessment of actual and potential adverse human rights and environmental impacts must be beyond your company/group to capture a company’s upstream and downstream business partners throughout the company’s “chain of activities.”
- Carry out stakeholder engagement.
- Adopt a climate change mitigation transition plan aligned with the Paris Agreement to limit global warming to 1.5 degrees Celsius.
- Publish an annual statement on due diligence processes, the impacts — potential or actual identified, steps taken to prevent, cease, mitigate or remediate those actions.
What is its timing?
CS3D needs to be formally adopted by the European Council and published in the Official Journal of the EU. Member States will then have two years to transpose the new rules into their own national laws.
The timing will then vary depending on the status of the in-scope company — which could be one based outside of the EU. The below years are on the basis of September 2024 being the year of entry into force for CS3D with Member States transposing the law by September 2026 at the latest.
For EU companies:
EU requirements and timing – on a standalone or group basis |
Phase 1 – from 2027: – At least 5,000 employees – Net global turnover above $1.5 billion |
Phase 2 – from 2028: – At least 3,000 employees – Net global turnover above $900 million |
Phase 3 – from 2029: – At least 1,000 employees – Net global turnover above $450 million |
For Non-EU companies:
Requirements – on a standalone or group basis |
Phase 1 – from 2027: – At least $1.5 billion net EU-wide turnover – No headcount requirement |
Phase 2 – from 2028: – At least $900 million net EU-wide turnover – No headcount requirement |
Phase 3 – from 2029: – At least $450 million net EU-wide turnover – No headcount requirement |
Franchises may also be captured where a EU or non-EU company or ultimate parent company of a group has entered into franchising or licensing agreements in the EU where the royalties amount to at least €22.5 million with either a company or group worldwide net turnover of at least €80 million. The expected reporting requirements for such franchises is from 2029 onwards.
What if we do not comply?
Each Member State will designate or create a supervisory authority that will supervise compliance with CS3D. The penalties this authority will have include:
- Financial penalties based on net worldwide turnover — the maximum limit must not be less than 5% of the net worldwide turnover of the company in the financial year preceding the fine. This could be extremely high for a Fortune 500 company, as an example.
- “Naming and shaming” via a public statement, which would occur if the company fails to comply with the decision imposing a financial penalty within the set time limit.
There could also be liability for damages associated with the adverse human rights or environmental impacts that were intentionally or negligently not prevented as a result of their company or global operations.
Are there any carve-outs?
Yes, for regulated financial services entities, including asset managers, banks and insurers. The due diligence requirements are limited to their own operations, their subsidiaries and the upstream part of their ‘chain of activities.’ This means, for example, that for asset managers investments and loans would not be included.
How do I find out more?
Please contact ukreg@proskauer.com for further information.