Advancing responsible business conduct, but failing to consider key functional challenges for remedy
By Karin Buhmann
◦ 9 min read ◦
Why is the proposal important?
The EU Commission’s draft Directive on mandatory ‘corporate sustainability due diligence’ published in the end of February is already recognized to have the potential to become a game changer for responsible business conduct (RBC) in Europe and beyond. If adopted, the proposed Directive will turn international soft law recommendations for companies to exercise risk-based due diligence in order to identify and manage their harmful impacts on human rights and the environment into hard EU law and therefore binding obligations for companies. Companies will be required to exercise due diligence with regard to actual and potential human rights adverse impacts and environmental adverse impacts, with respect to their own operations, the operations of their subsidiaries, and the value chain operations carried out by entities with whom the company has an established business relationship.
The proposal also aims to establish accountability through corporate liability for violations related to insufficient due diligence.
What the draft directive refers to as ‘corporate sustainability due diligence’ draws on what the OECD Guidelines for Multinational Enterprises refer to as ‘risk-based due diligence’, and what is referred to as ‘human rights due diligence’ by the United Nations (UN) Guiding Principles on Business and Human Rights (UNGPs). Indeed, the proposal refers directly to those two international soft-law instruments, which are generally considered state of the art for responsible business conduct (RBC).
This form of due diligence is a process to identify, prevent, mitigate, remedy and account for risks or actual harm caused by the company (or its partners) to society. Unlike financial or legal liability due diligence, the focus is not on risks to the company, although of course societal (including environmental) harm may also affect the company negatively (see also Buhmann 2018).
For companies covered by the directive, this will fundamentally change RBC from being voluntary to becoming legally binding.
The Draft has generally been welcomed by business associations, although some remain hesitant towards a (much watered-down) proposal to strengthen top-level sustainability corporate governance. Civil society also generally approve although the range of companies covered has been criticized for being too narrow, and business relations too focused on contractual relations rather than impacts. The proposal’s introduction of civil liability with EU courts for victims from non-EU countries has been lauded. Yet this could and perhaps should also usher in a deeper debate on the fundamental characteristics of what constitutes adequate or meaningful remedy for harmful impacts on human rights impacts or the environment, and as importantly, how host-country victims will be ensured a de-facto equal standing with frequently well-resourced EU companies in front of EU courts. This short note addresses all of the above issues.
Part of EU corporate sustainability law
After a slow start up to around 2011, the EU has been moving fast since in an incremental development of increasingly detailed obligations on companies, including institutional investors, with the aim of creating transparency on business impacts on human rights, the environment and climate. Given the speed and political support for adopting EU law on these matters, it is quite likely that the proposed Directive will be adopted, although possibly with some changes.
The proposal forms part of the larger package of corporate sustainability legislation undertaken by the EU recently. This includes the Taxonomy Regulation (which also refers to procedures that companies should undertake to ensure alignment with the UNGPs ad OECD Guidelines); the Non-Financial Reporting Directive (requiring some information on due diligence and risk assessments on human rights), which is expected to be replaced by the Corporate Sustainability Reporting Directive; and the Disclosure Regulation, which requires financial product providers to publish certain types of sustainability related information, including information on due diligence related to harmful impacts on environment and human rights.
The draft Directive builds on a proposal from the European Parliament, but it also follows trends in several individual EU countries to introduce mandatory risk-based due diligence.
What companies are covered?
The draft Directive applies to ‘very large’ EU based companies (more than 500 employees on average and a worldwide net turnover exceeding EUR 150 million). ‘Large’ companies (having more than 250 employees on average and more than EUR 40 million worldwide net turnover) are included if they operate in specific high-risk sectors: textiles (including leather and related goods), renewable natural resources extraction (agriculture, forestry and fisheries), and extraction of minerals.
The draft Directive’s listing of activities related to minerals is quite wide and applies regardless of the place of extraction. They will therefore apply to many types of raw-materials used in the EU, including those used for power and heating, construction and the ‘green’ energy transition.
Non-EU-based companies are covered if their turnover in the EU corresponds to that of ‘very large’ companies, or that of high-impact sector companies for activities in those sectors. It is expected that requirements will be cascaded onto SMEs through the value chains that they are part of.
What are companies required to do?
Importantly, like risk-based due diligence and human rights due diligence, corporate sustainability due diligence is not a compliance obligation simply discharged by undertaking and documenting a specific action.
Rather, as established by the UNGPs and the OECD Guidelines, it is an ongoing task that requires continuous assessments of risks or actual harm, and re-assessments, follow-up and efforts to prevent risks from becoming actual harm, and mitigation and the provision of remedy when harm has occurred.
Although the draft Directive seeks to establish that, it does rely heavily on companies applying contractual assurances, audits and/or verification. As argued by the expert organization SHIFT, these are not necessarily the best options for the purpose.
The due diligence obligations proposed are generally in line with the UNGPs and the OECD Guidelines, but in some ways narrower. This applies in particular to the limitation of some aspects of the due diligence process to what the draft Directive defines as ‘established business relationships’, i.e. relationships of a lasting character. This contrasts with the UNGPs and OECD Guidelines which do not require a business relationship (e.g. with a contractor, a subcontractor or any other entity such as a financial partner) to be lasting but, rather, focus on the connection between the company and risk or harm. This is one of the points that have generated criticism of the draft.
Directives must be implemented by Member States. The means that some specific requirements may differ across EU countries. However, regardless of this companies will be required to integrate due diligence into all their policies and have a policy for due diligence that describes the company’s approach, contains a code of conduct for its employees and subsidiaries, and its due diligence process.
This must include verification of observation of the code of conduct and steps to extend its application to ‘established business relationships’. In terms of specific steps, companies must identify actual and potential adverse impacts; prevent potential adverse impacts; and bring actual impacts to an end (whether they were, or should have been, identified) or minimize impacts that cannot be stopped. In that context they should seek to obtain cascading by seeking contractual commitments from business partners in the value chain.
However, contrary to the UNGPs’ recommendations, there is no requirement that the company actively engages with business partners in its value chain to enhance due diligence cascading. Moreover, the provisions on involving potential or actual victims (‘affected stakeholders’) meaningfully in the development of prevention action plans, let alone the identification and redress of risks and impacts, lags behind the UNGPs.
In line with the UNGPs and OECD Guidelines, ceasing business relationships is not considered the first option. Rather, collaboration should be sought in order to advance better practices. If that is not possible, cessation a relationship may be appropriate.
Companies must also set up a complaints mechanism that can be used by affected individuals, trade unions and civil society organisations. Moreover, companies must regularly monitor their operations and due diligence processes, those of their subsidiaries and ‘established business relationships’ in the relevant value chain. They must also regularly report on these non-financial issues.
Overall responsibility for the due diligence actions is charged on a company’s directors as part of their duty of care.
Enforcement: administrative and civil liability
Companies’ compliance will be monitored by authorities in each EU country. They may request information from companies and carry out investigations based on complaints by individuals or organisations, or on their own initiative. They may impose interim measures to try to stop severe or irreparable harm, and sanctions for violations of the due diligence requirements.
Companies will not be entitled to public support if they have been issued with sanctions under the directive.
Importantly, companies can be subject to civil liability for damages resulting from a failure to adequately prevent a potential harmful impact or bring an actual impact to an end. Civil liability means that victims (or in the terminology of the UNGPs and OECD Guidelines: ‘affected stakeholders’) must themselves sue the company.
A step forward for accountability and victims – but multiple challenges remain
The institution of civil liability for third-country victims in front of courts in EU-based companies’ home states is clearly an advance in regard to establishing formal accountability. However, the complexities of the legal system, especially for those seeking damages through civil liability, can hardly be overestimated. This challenge has been absent from most discussions leading up to the current draft Directive.
By contrast to criminal courts, civil courts generally make judgments based on the ability of one party to convince the court of its arguments. Research has shown that formal civil liability regimes tend to favour those who have the legal knowledge resources to do so. A market based good, legal expertise can be very expensive. The better the record in obtaining results that a client wants, the higher the cost. This may cause a highly problematic discrepancy between the possibilities of victims/affected stakeholders and companies to argue their case. Even if some victims are able to be assisted by civil society organisations, their legal expertise for arguing a case in court, or their resources to obtain such expertise, will not necessarily match those of companies.
Moreover, the civil liability regime focuses on economic damages and compensation. Although that may be relevant in some cases, in others a sum of money does not adequately redress harm suffered. Indeed, the UNGPs emphazise that remedy can take many forms of which economic compensation is only one.
Arguably, the draft Directive falls short of adequately considering the situation of victims in non-EU countries in regard to having not just formal but actual meaningful access to justice in front of courts. It presents an approach to remedy that does not necessarily fit the complex situations and limited resources of victims/affected stakeholders. It is to be hoped that as the draft will be negotiated and amended towards the version that may be adopted, this issue will gain further prominence.
The draft directive is an important development towards ensuring that companies based or operating in the EU take steps to identify and manage their harmful impact on the environment and on human rights, and to provide accountability. Although the draft does not cover all EU-based companies, it does cover the largest ones, and large ones in the textile, renewable and non-renewable natural resource extraction, all of which are known to be high-problem sectors. However, the affected stakeholder engagement, remedy and accountability provisions of the draft display too limited understanding of the situation of victims/affected stakeholders.
About the Author
Karin Buhmann is Professor of Business and Human Rights at the department of Management, Society and Communication at CBS, as well as the Director of the Centre for Law, Sustainability and Justice at University of Southern Denmark. Her research and teaching focus on sustainability and responsible business conduct (RBC) with a particular emphasis on social issues, especially in climate change mitigation, business responsibilities for human rights, and sustainable finance.