ESG: first penalty under Norwegian Transparency Act shows direction of travel
Joanne HarrisTuesday 26 November 2024
In September, the Norwegian Consumer Protection Authority (the CPA, or Forbrukertilsynet) issued its first infringement penalty under the country’s Transparency Act. A retail company was fined NOK 450,000 (around €38,500) after failing, on two occasions, to respond on time to requests for information about how it’s addressing human rights impacts within its organisation.
The penalty comes a little over two years after the Act came into force and has cast renewed light on how the legislation may be applied by the authorities, with the timing coinciding with the roll-out of the EU Corporate Sustainability Due Diligence Directive (CSDDD).
The Act was enacted in summer 2022. It’s aimed at targeting human rights abuses in connection to the provision of goods and services in Norway, and by Norwegian companies around the world.
Companies to which the Act applies must carry out due diligence in accordance with Organisation for Economic Coordination and Development (OECD) guidelines for multinational enterprises on responsible business conduct, investigating whether there are any actual or potential adverse impacts on human rights and working conditions caused by or contributed by the company, or linked to its supply chain. Enterprises must then report on their due diligence, and if they receive a request for information, provide it.
Kristin Nordland Brattli, a partner at Wikborg Rein in Oslo, says the CPA initially took a fairly soft approach to the implementation of the Act, but this penalty indicates that this period is at an end. ‘This shows that it is now a law which does bite,’ says Nordland Brattli.
The CPA held that the retail company had intentionally failed to provide information within the required deadline, and disagreed with the company’s argument that its failure to respond to the information requests was due to ‘ignorance’. The CPA said ignorance of the law wouldn’t exempt a company from liability if the ignorance is negligent. The decision to impose the penalty is under appeal.
‘A lot of the companies I’ve talked to have been quite surprised about the strict reasoning the CPA gave,’ says Nordland Brattli. ‘It gives people in […] organisations working with the Transparency Act more leverage internally.’
I’m hearing and seeing requests come from journalists, from global NGOs […] I am seeing this right to information component being used by a wide range of stakeholders
Jonathan Drimmer
Diversity and Inclusion Officer, IBA Business Human Rights Committee
Jonathan Drimmer, Diversity and Inclusion Officer on the IBA Business Human Rights Committee and a partner at Paul Hastings in Washington, DC, says that the penalty is ‘a little bit of a surprise in that they’re taking the right to information as seriously as they are off the bat.’
Drimmer highlights that many multinational companies active in Norway are already used to reporting under similar compliance rules in other jurisdictions, but the right to information angle is more of a challenge. Companies aren’t required to have a single point of contact for information requests, so enterprises must ensure all employees are aware of the requirement to respond and know who within the business is responsible for this. ‘I’m hearing and seeing requests come from journalists, requests from global NGOs [non-governmental organisations] that are looking to understand how a global process is applied in a domestic market. I am seeing this right to information component being used by a wide range of stakeholders,’ Drimmer adds.
While companies in Norway get to grips with the Transparency Act and this first penalty, many will also be examining the potential impact of the CSDDD on their businesses. The Directive will only apply to very large companies – unlike the Norwegian Transparency Act – but in addition to requiring due diligence and mitigation of human rights issues, the CSDDD also encompasses environmental issues.
In a sense, the CSDDD and the Transparency Act are part of a process of codifying into law the UN’s Guiding Principles on Business and Human Rights (UNGPs), which were endorsed in 2011. Stéphane Brabant, Senior Partner at Trinity International in Paris and the Chair of the group that authors and updates the IBA’s Guidance Note on Business and Human Rights, says the UNGPs encouraged a number of companies to self-regulate, but that the Norwegian Transparency Act, CSDDD and similar rules are a positive step to minimise risk. ‘Regulation is the basis for legal security for a company. They need to understand what they can do and what they can’t do,’ Brabant says.
But Brabant stresses that adhering to regulation shouldn’t become a ‘tick-the-box’ exercise for a business, and that regulators and stakeholders alike should understand what the purpose of any particular law actually is.
He says human rights and environmental, social and governance (ESG) compliance rules should focus on preventing and minimising harm to human beings in every sphere of business. ‘We cannot change the world in a day. We need to prioritise and focus first on what is essential, and what is essential today are all activities of business which can cause or contribute to the violation of fundamental rights of human beings, especially the most severe,’ Brabant says.
He sees this as linking back to a company’s success and the need for continued profitability, questioning whether a business can maintain this if it’s not also looking to protect human rights across its supply chain.
Nordland Brattli says the Transparency Act’s aims are clear. ‘The objective is something everyone can agree with. People should not suffer in order for companies to deliver goods and services’, she explains. ‘The question is, does it really work? We do see concrete, positive outcomes with companies in Norway going into dialogue with their suppliers, but it varies how much impact it has in practice.’
Drimmer believes the example set by legislation such as the CSDDD and Transparency Act will become common globally, with jurisdictions that don’t yet have similar rules in place learning from the EU’s example – and the bloc’s Member States looking to Norway as they themselves transpose the CSDDD into national law.
Ali/AdobeStock.com