First glance at the EU’s corporate due diligence and accountability framework

Katerina Yordanova
KU Leuven Centre for IT and IP Law, Leuven

* This article is correct as of May 2021.

It has been almost a year since the EU Commissioner for Justice, Didier Reynders, announced the European Union’s commitment to adopt a legislative act on mandatory human rights and environmental due diligence. On 10 March 2021, the European Parliament adopted a resolution proposing the new legislation in the form of a directive.[1] It is important to note that this resolution, adopted under Rule 47 of the Rules of Procedure of the European Parliament juncto Article 225 of TFEU, is not binding for the European Commission, which remains the competent EU institution for initiating a legislative procedure. Nevertheless, it can only be rejected if the Commission provides reasons. Thus, we can reasonably assume that at least part of the proposed Directive on Corporate Due Diligence and Corporate Accountability will form the basis of the Commission’s legislative proposal (the Directive).

There are several things one notices by just reading the resolution and the recitals to the Directive. First, the proposed form of the legislation, being a directive, provides Member States with more freedom in designing their legal framework, considering the specifics of national systems and the fact that the EU does not have a harmonised liability regime. On the other hand, directives do not have horizontal direct effect, meaning that individuals cannot enforce them against other private parties. This could be problematic in cases where the Directive has not been transposed[2] correctly into the national legislation.

Second, the Directive addresses companies’ accountability for its adverse impacts on human rights, as well as adverse impacts on the environment and good governance, effectively combining three distinctive regimes into one due diligence process.

A third rather curious thing to notice is that the Parliament calls on the Commission to propose a negotiating mandate for the EU with respect to the ongoing process of drafting a legally binding instrument to regulate, in international human rights law (Zero Draft), the activities of transnational corporations and other businesses at the UN level. This is interesting in the sense that, until now, neither the EU nor the Member States have been very enthusiastic or involved in the process.

The reason for this ‘negotiation enthusiasm’ might be found in the text of the Directive, and more particularly in its scope. On an EU level, the Directive would adopt a size/risk-based approach. Art 2(3) stipulates that it also applies to:

‘Large, publicly listed small and medium-sized undertakings and to small and medium-sized undertakings operating in high risk sectors, which are governed by the law of a third country and are not established in the territory of the Union when they operate in the internal market selling goods or providing services.’

This approach creates an almost universal application of the legal instrument; one cannot help but notice its similarity with the application of the General Data Protection Regulation (GDPR).

In my view, the Directive and the GDPR have a lot in common. Setting aside the obvious similarity between instruments designed to protect human rights and their scope, the Directive relies on tools such as human rights impact assessment and due diligence strategy. These tools are analogous to the data protection impact assessment and overall risk-oriented approach to data processing and transparency in GDPR. I believe we can improve upon the reasonably successful implementation of GDPR, increasing the impact of the Directive.

A strong point of the Directive is the adopted definition of ‘value chain’ in Article 3(5) encompassing:

‘All activities, operations, business relationships and investment chains of an undertaking and includes entities with which the undertaking has a direct or indirect business relationship, upstream and downstream, and which either: (a) supply products, parts of products or services that contribute to the undertaking’s own products or services, or (b) receive products or services from the undertaking.’

This very detailed and comprehensive definition is particularly important for the due diligence obligation of companies or ‘undertakings’, according to the respective terminology, since it would require them to:

‘Identify, assess, prevent, cease, mitigate, monitor, communicate, account for, address and remediate the potential and/or actual adverse impacts on human rights, the environment and good governance in their own activities and those of their value chains and business relationships.’

On one hand, this feature of the Directive is positive because it would encompass even digital value chains, thereby future-proofing the instrument and making it more effective. On the other hand, the increased complexity of the value chains, especially in manufacturing, combined with new technologies, transform them into what could be described as ‘supply networks.’[3] This complexity and the established need of transparency of the value chain further complicates the due diligence process, especially for SMEs. Indeed, the Directive encourages the utilisation of technologies, such as blockchain, to achieve the necessary level of transparency and traceability. However, this approach has a lot of hidden challenges and needs to be discussed further before advertised as the ultimate solution.

The Directive attempts to lower the burden for SMEs by introducing the possibility for them to publish a declaration that they do not cause, contribute to or directly link to any potential or actual adverse impacts on human rights, the environment or good governance. Interestingly, large undertakings whose direct business relationships are domiciled within the EU also have the same option, effectively stipulating that the level of protection of human rights within the EU is sufficient. This is a rather arrogant idea, especially with respect to labour and employment rights in different parts of the EU, especially the east and the south.

On a positive note, the due diligence strategy that the undertakings need to establish and implement when not exempt from this obligation seem quite comprehensive and well-rounded. It also takes into account the delicate balance of commercial interests, such as confidentiality and IP rights, and the involvement of stakeholders in the whole process. This is certainly in the spirit of the approach taken by Professor John Ruggie when designing the Guiding Principles on Business and Human Rights.

Another positive feature is the requirement of public availability of the due diligence strategy and the risk impact assessment, and their dynamic nature in the sense that undertakings need to evaluate the effectiveness of the strategy and its implementation at least once a year. While this might not sound like good news for businesses, there are some options to mitigate this responsibility through the so-called sectorial due diligence action plans. This implies the adoption of voluntary sectoral or cross-sectoral due diligence action plans at national or EU level, aimed at coordinating the due diligence strategies of undertakings. This needs to be done with consideration of any sector-specific due diligence requirements[4] which, according to Article 1(4), are lex specialis and a higher level of protection needs to be respected. However, the way Article 11 is currently formulated relegates this to an option that Member States ‘may encourage’. Given the benefits for both companies and other stakeholders who can get better protection, I would say it is highly recommendable to replace ‘may’ with ‘shall’.

The right to remedy seems well secured, as both Articles 9 and 10 contribute to this by prescribing establishment of grievance mechanisms and extra-judicial remedies. The framework also provides additional guarantees embodied in the establishment of national supervision authorities responsible for the investigation of possible adverse impacts, the adoption on the EU level of additional guidelines to further clarify the due diligence obligations and, of course, the sanctions envisioned in Article 18 and partially in Article 13.

Interestingly, in the case of the interim measures against undertakings’ activities that could lead to irreparable harm, Article 13(6) contains a rather puzzling provision related to undertakings governed by the law of a non-Member State and which operate in the internal market. Apparently, for them this could mean the temporary suspension of activities, amounting to even a wholesale ban on operating in the internal market. Confusingly, this prerogative is given to Member States, meaning a single national competent authority may effectively exclude a company from the internal market. This would certainly need clarification and possibly a revision during the Directive's adoption process.

The prescribed sanctions in Article 18 are also interesting. In addition to the conventional fines calculated on the basis of the undertaking’s turnover, Article 18(2) includes a temporary or indefinite exclusion from public procurement, state aid, and public support schemes including schemes relying on Export Credit Agencies and loans, seizure of commodities and other appropriate administrative sanctions.

In conclusion, the proposed Directive on Corporate Due Diligence and Corporate Accountability is a step in the right direction. It has many highly commendable features but also some flaws that need to be addressed by the Commission. Overall, transposing and implementing the Directive into the national legal systems would be the moment the proverbial rubber meets the road. It will take substantial efforts to avoid turning the due diligence process into another ‘check box’ exercise and achieve the needed level of transparency of value chains as well as the needed degree of protection of human rights, the environment and good governance.

[1] See the text of the resolution and the Directive at www.europarl.europa.eu/doceo/document/TA-9-2021-0073_EN.pdf

[2] On transposition of EU legislation: www.epgencms.europarl.europa.eu/cmsdata/upload/09adb8a6-5006-4bfe-9b1e-d9a7afde2be2/EPRS_ATAG_627141_Transposition_implementation_and_enforcement_of_EU_law-FINAL.pdf

[3] Deloitte, ‘The Rise of the Digital Supply Network’ (2016) 2, available at www2.deloitte.com/content/dam/insights/us/articles/3465_Digital-supply-network/DUP_Digital-supply-network.pdf

[4] For example, Regulation (EU) 2017/821 of the European Parliament and of the Council of 17 May 2017 laying down supply chain due diligence obligations for EU importers of tin, tantalum and tungsten, their ores, and gold originating from conflict-affected and high-risk areas.