What are the different forms of enforcement and what are the consequences of Non-Compliance?
Supervisory Authorities - Each EU Member State is required to establish or appoint a Supervisory Authority responsible for overseeing compliance with the CSDDD as it is transposed into national law. These authorities are empowered to request information, conduct compliance investigations, and take enforcement actions. The Directive also mandates that Member States provide accessible channels for the public to submit substantiated concerns about companies' non-compliance with the CSDDD. This allows for greater transparency and accountability.
Penalties for Non-Compliance - Penalties for failing to comply with the Directive are set by individual Member States but must include financial penalties with a maximum amount not less than 5% of the company's net worldwide turnover. This penalty threshold is notably higher than that set by the GDPR, highlighting the seriousness of compliance. Additionally, there is a "name and shame" policy where companies that do not pay penalties on time are publicly listed, and all penalty decisions are made publicly available for at least five years.
Civil Liability for Damages - The civil liability provisions of the CSDDD allow individuals or entities that have suffered damages due to a company’s failure to address adverse human rights or environmental impacts to seek redress. Civil society organisations, such as NGOs, can also bring claims for collective redress. However, liability is limited to failures in addressing these specific impacts, and not for other due diligence obligations or climate transition plan requirements.
What are the next steps for in-scope companies?
Although the CSDDD will not apply until 2027 and initially only to the largest companies, those potentially in-scope should begin preparations now. Companies should first assess whether they are in-scope by reviewing the Directive's definitions of net turnover and employee numbers. They should then evaluate their existing supply chain due diligence policies, update codes of conduct and contractual clauses, and establish processes for identifying and prioritising adverse impacts.
- Supply chain mapping and engagement - Companies are advised to map their supply chains, identify direct and indirect business partners, and assess areas with potential for significant adverse impacts. Engaging stakeholders, developing complaint procedures, and setting up monitoring processes are also critical steps.
- Climate transition planning - In-scope companies should start developing or reviewing their climate transition plans to ensure they meet the CSDDD’s requirements and align with the EU’s net-zero goals. They should also stay informed on forthcoming guidelines from the European Commission, which will provide sector-specific guidance and best practices for compliance.
What are the next steps for the out-of-scope companies and what should they expect or anticipate?
Companies not directly in-scope but part of the supply chains of in-scope companies should prepare for increased audit requests and contractual obligations related to sustainability. Small and medium-sized enterprises (SMEs) should be aware of provisions that require in-scope companies to support their compliance efforts through training, capacity building, and possibly financial support.