How Europe’s human rights and environmental due diligence directive will impact Australian businesses

The European Union's (EU) Corporate Sustainability Due Diligence Directive (CSDDD) is one of the most significant corporate responsibility reforms in recent years. Its impact will be felt far beyond the EU – including here in Australia.

The CSDDD was formally adopted by the EU Parliament in April. It requires EU member states to implement legislation in accordance with the articles of the CSDDD, requiring extensive due diligence to identify adverse business impacts on people and the environment.

Australian businesses will be impacted one of three ways:

• by being directly in scope, (In Scope Entity);
  
  
• by being majority owned by an In Scope Entity; or
  
  
• by supplying goods or services to an In Scope Entity or their subsidiary.

Australian businesses will need to implement governance frameworks and due diligence systems, similar to those that were in response to the introduction of similar legislation in individual EU member states (like the German Supply Chain Due Diligence Act). This Insight explains how to navigate the new law and what it will mean for Australian businesses.

CSDDD’s objectives

The CSDDD is a legal framework by which In Scope Entities must:

• take responsibility for actual and potential adverse human rights and environmental impacts. They will do this through conducting risk-based human rights and environmental due diligence to identify, assess, cease, prevent, mitigate and remediate those impacts within their own operations, the operations of their subsidiaries and the operations of their direct and indirect business partners within their ‘chain of activities’;
  
  
• monitor the effectiveness of due diligence efforts; and
  
  
• issue an annual report covering the due diligence and related requirements of the CSDDD.

‘Chain of activities’ includes the activities of upstream and downstream direct and indirect business partners relevant to the In Scope Entities’ operations, (though the scope of downstream activities is more limited).

‘Direct business partners’ are those that have a commercial agreement with the In Scope Entity.

‘Indirect business partners’ are those where no commercial agreement exists, but who perform certain business operations.

Actual and potential adverse human rights and environmental impacts are defined by reference to certain human rights enshrined in international instruments and certain international environmental prohibitions and obligations, both referenced in the CSDDD. They are wide ranging and include modern slavery, child labour, exploitation, adequate housing, freedom of thought, discrimination, biodiversity loss, pollution and destruction of natural heritage.

In Australia, although some international obligations are integrated into Australian law already (for example, modern slavery offences pursuant to the Criminal Code Act 1995 or the regulation of pollution and hazardous substances under various laws), not all are. Accordingly, it may not be sufficient to rely on compliance with Australian laws in order to meet the requirements of the CSDDD.

Once adopted by each EU member state, the CSDDD will become binding on In Scope Entities.

Mandatory requirements for In Scope Entities (whether based in the EU or Australia)

Unlike traditional corporate due diligence, which is aimed at identifying and mitigating risks to the business, the objective of the CSDDD is to identify and mitigate risks to people and the environment. It requires an enterprise-wide approach to the governance of human rights and environmental risks, and consultation with an entity’s stakeholders to inform each stage of the due diligence process.

Key requirements for In Scope Entities include:

• implementing a climate change mitigation transition plan aligning the entity’s business model and strategy compatible with the Paris Agreement global warming scenario of 1.5°C;
  
  
• integrating human rights and environmental due diligence into relevant company policies and risk management systems;
  
  
• identifying and assessing actual and potential adverse impacts from their own operations, their subsidiaries, and where impacts are related to their chain of activities, their business partners’ actual and potential impacts;
  
  
• taking a risk-based approach to prioritising responses to actual and potential adverse impacts by focusing on areas where adverse impacts are most likely to occur and be the most severe;
  
  
• prioritising identified actual and potential adverse impacts based on severity and likelihood of adverse impact and addressing those impacts within a reasonable time;
  
  
• taking steps to prevent adverse impacts, including preparation of a preventative action plan that includes qualitative and quantitative indicators for measuring improvements or seeking contractual assurances from direct business partners;
  
  
• bringing actual adverse impacts to an end or minimising the extent of any ongoing impact, and developing a corrective action plan. This may also include seeking contractual assurances from business partners or making investments in facilities, production, operational processes and infrastructure;
  
• remediation of actual adverse impacts;
  
  
• conducting meaningful engagement with stakeholders at each stage of the diligence process;
  
  
• establishing a notification mechanism and complaints procedure; and
  
  
• monitoring the adequacy and effectiveness of diligence procedures and conducting an annual assessment.

Significant penalties will apply for non-compliance, based on a company’s net worldwide turnover. In Scope Entities may be held civilly liable for intentional or negligent failure to comply with a preventative or corrective action plan causing harm to a person (including legal person). They may also be held jointly and severally liable for damage caused jointly by subsidiaries or business partners.

Effects on Australian businesses

Australian subsidiaries of In Scope Entities

Some In Scope Entities will require their subsidiaries to implement the substantive requirements of the CSDDD in full. This will likely be challenging for many Australian businesses who are not subject to the same regulatory requirements. Until now, many were not required to have either climate transition plans or holistic frameworks in place that operationalise human rights and environmental due diligence at the enterprise level.

Doing business with In Scope Entities

The CSDDD’s prescriptive requirements will also have a significant impact on Australian businesses doing business with In Scope Entities. Impacts may include:

• requests for emissions data to enable In Scope Entities to assess alignment of their transition plan to a global warming scenario of 1.5°C;
  
  
• the imposition of stringent contractual terms in supply and other commercial agreements, as a result of In Scope Entities seeking to ensure business partners and suppliers adopt practices directed to preventing adverse human rights and environmental impacts. This includes those relating to reducing emissions, for example, requiring direct business partners to adhere to prevention and/or corrective action plans, contractual requirements to notify risks and incidences of adverse human rights and environmental impacts, rights to inspect records including transition plans or to impose other methods of verifying compliance with human rights and/or environmental standards; and
  
  
• requirements to indemnify In Scope Entities against losses caused by intentional or negligent failure to comply with a preventative or corrective action plans imposed by the In Scope Entity.

Because the Australian regulatory framework for human rights and enterprise-wide environmental impacts (including climate change) is less developed than the EU, we expect Australian businesses will require significant uplift to existing approaches to managing human rights and environmental risks to respond to likely impacts of the CSDDD.

Phased implementation

Once fully implemented, the CSDDD will apply to an estimated 5,500 companies with operations in the EU. It will be introduced in three phases from 2027, giving In Scope Entities and other impacted entities between three and five years to prepare. The phases are:

• from 2027: EU companies with over 5,000 employees and revenue greater than €1.5 billion, and non-EU companies satisfying the revenue threshold within the EU;
  
  
• from 2028: EU companies with more than 3,000 employees and greater than €900 million revenue, and non-EU companies satisfying the revenue threshold within the EU; and
  
  
• from 2029: EU companies with 1,000 or more employees and an annual turnover of €450 million, and non-EU companies satisfying the revenue threshold within the EU (or if this threshold is met by ultimate parent companies). Also captured are EU franchising or licensing agreements for annual royalties that exceed €22.5 million and an annual net turnover of more than €80 million in the EU (or if this threshold is met by ultimate parent companies).

Preparing for the CSDDD

Impacted Australian businesses should take steps to understand how and when they are likely to be impacted to ensure that they are able to maintain (or exploit in the future) EU relationships and distribution networks. For example, preparation may include:

1. Liaising with EU-based parent companies or EU-based business partners to understand if they are In Scope Entities and when their respective obligations commence;
   
   
2. Understanding the scope of contractual obligations likely to be imposed by EU parent companies/investors and business partners;
   
   
3. Assessing readiness by conducting a gap analysis between likely impacts and current human rights and environmental risk management frameworks, for example the OECD Guidelines for Multinational Enterprises on Responsible Business Conduct and the United Nations Guiding Principles on Business and Human Rights;
   
   
4. Assessing readiness by conducting a gap analysis between the scope of the human rights and environmental due diligence requirements that underpin the CSDDD and an entity’s existing due diligence processes for identifying human rights and environmental risks in operations, supply and value chains;
   
   
5. Identifying necessary systems changes. Australian businesses should be mindful that although existing Australian regulatory frameworks operate to protect some human rights (for example, industrial relations laws), or require some level of due diligence to identify and assess potential environmental impacts (for example, site and project-specific environmental risk and impact assessment during approvals and licensing processes) these are unlikely to meet the enterprise-wide focus of the CSDDD, nor span the breadth of the entity’s supply and value chains.

Whether directly in scope, or indirectly in scope, Australian businesses with a high dependence on supplying to or trading in EU markets should assess their readiness by understanding the scope of uplift required to existing practices. Doing so early may also provide a competitive advantage, allowing Australian businesses to remain attractive as suppliers and business partners. Conversely, delay will mean limited time within which to design and implement enterprise-wide human rights and environmental due diligence – and may ultimately expose the business to potential loss of EU generated revenue streams.