The European union adopts the Directive on Corporate Sustainability Due Diligence

On 24 May 2024, the Council passed the Corporate Sustainability Due Diligence Directive (the “CS3D” or the “Directive”), thereby concluding the legislative process. The Directive imposes obligations for large companies to promote sustainable development and respect human rights and the environment through due diligence. The CS3D is part of the European Green Deal and the Sustainable Finance Agenda, which aim to align the EU economy with environmental and social objectives. The Directive complements the Corporate Sustainability Reporting Directive (the “CSRD”). While the CSRD requires companies to report on adverse impacts on human rights and the environment in their operations and value chains, the CS3D sets out ex ante due diligence obligations for companies to identify, prevent, mitigate, and account for such impacts.

The original legislative proposal was published by the Commission in February 2022. After the Parliament adopted its position in June 2023, demanding key amendments to the proposal, it reached a provisional agreement with the Council in December 2023, under the Spanish presidency. Nevertheless, the text failed to secure a majority in the Council and had to be revised by the Belgian presidency which resulted in the compromise package adopted by the Parliament on 24 April 2024 and by the Council on 24 May 2024.

The final version of the Directive will have far reaching implications but is clearly a dilution compared to the initial proposal put forth by the Commission as well and to the version agreed between the Council and the Parliament on 14 December 2023. One of the most important changes is the narrowing of the range of enterprises that fall under the purview of the Directive. This has been achieved by raising the minimum number of employees from 500 to 1000 and the minimum turnover from EUR 300 million to EUR 450 million. As a result of these amendments, it is estimated that the Directive will now only apply to one-third of the businesses that would have been encompassed had the original draft been adopted. Moreover, the Council did not agree with the Commission’s proposal that the due diligence should fall under directors' duty of care, nor that variable remuneration should be based on directors' contributions to sustainability.

Scope of the CS3D

The CS3D will be applicable to companies that are incorporated under the laws of a Member State and meet certain financial criteria. Specifically, it will apply to companies that have had, on average, over 1000 employees and a net worldwide turnover exceeding EUR 450 million in the last financial year. In addition, companies that do not meet these thresholds individually but are the ultimate parent company of a group that on a consolidated basis meets these criteria also fall under the scope of the Directive.

Importantly, the Directive is also applicable to non-EU companies. If a non-EU company has generated a net turnover of more than EUR 450 million in the Union in the financial year preceding the last financial year. Additionally, it applies to the ultimate parent companies of a group that on a consolidated basis meets the turnover threshold. Non-EU companies must appoint an EU representative to act on their behalf for purposes of the CS3D. The representative must ensure that the company complies with the Directive and cooperates with the supervisory authorities.

In addition, the Directive encompasses specific provisions for companies that have entered into franchising or licensing agreements in the Union, generating royalties exceeding EUR 22.5 million. For the Directive to apply, the company concerned must have had, or be the ultimate parent company of a group that had a net worldwide turnover of more than EUR 80 million.  This franchising/licensing rule also applies to non-EU companies, if they generate a net turnover of more than EUR 80 in the Union.

The Directive does not apply to Alternative Investment Funds (AIFs), or Undertakings for Collective Investment in Transferable Securities (UCITS) as defined or authorized by the AIF and the UCITS Directives, respectively.

Obligations under the CS3D

Companies encompassed by the CS3D are subject to a multitude of obligations. These obligations pertain to the fulfilment of human rights and climate-related objectives and supply chain management.

The Directive inter alia sets out detailed rules on obligations for companies regarding actual and potential human rights and environmental adverse impacts with respect to their own operations, the operations of their subsidiaries and the operations of their business partners in their chain of activities. Member States shall ensure that companies covered integrate due diligence into all relevant policies and risk management systems and that they have in place a due diligence policy developed in consultation with its employees and their representatives. Companies shall identify and assess actual and potential adverse impacts, prevent or, if not possible, mitigate potential adverse impacts that have been or should have been identified, bring actual adverse impacts that have been or should have been identified to an end and provide remediation where they have caused or jointly caused an actual adverse impact.

A notable requirement is that covered companies must obtain contractual assurances from their direct business partners, ensuring compliance with the company's code of conduct. This includes an obligation for those partners to, in turn, secure equivalent contractual assurances from their own partners if they are part of the first company's supply chain.

An essential element of the due diligence process is the consultation of stakeholders, including but not limited to employees, trade unions, consumers, and other individuals, groups, communities or entities whose rights or interests are or could be affected by the products, services and operations of the company concerned, and non-governmental organizations (NGOs).  Moreover, companies must establish a procedure to deal with complaints, as well as a mechanism for submission of notifications regarding actual or potential adverse impacts with respect to their own operations, those of their subsidiaries or those of their business partners in the chain of activities.

Furthermore, Member States shall ensure that companies carry out periodic assessments and, unless already subject to sustainability reporting requirements under the CSRD, companies will be obliged to report on the matters covered by the CS3D in a statement on their website.

In addition, again unless already doing so under the CSRD, companies will have to adopt and put into effect a transition plan for climate change mitigation that aims to ensure, through best efforts, that their business model and strategy are compatible with the transition to a sustainable economy and with the limiting of global warming to 1.5°C in line with the Paris Agreement and the objective of achieving climate neutrality as established in the European Climate Law (Regulation 2021/1119). The plan must inter alia articulate explicit targets for the year 2030 and for each subsequent five-year period leading up to 2050, all underpinned by conclusive scientific evidence. The transition plan shall be updated annually and contain a description of the company’s progress.

It is finally worth noting that Member States shall ensure that contracting authorities may take CS3D compliance into account as an environmental or social factor as part of the award criteria for public procurement and concession contracts in accordance with the EU public procurement directives.

Control mechanism and penalties

The CS3D incorporates various control mechanisms to ensure that its requirements are met. These mechanisms include the appointment of independent supervisory authorities by the Member States. These authorities shall inter alia have the authority to require the provision of information, carry out investigations and inspections, order cessation of an infringement and corrective action, and impose penalties. Additionally, the Directive sets up a European Network of Supervisory Authorities to promote cooperation and coordination between the national bodies. Further, Member States must ensure that any person is allowed to submit substantiated concerns to the supervisory authorities when they have reason to believe that a company is failing to comply with its obligations.

Further, Member States shall lay down rules on penalties, which must be effective, proportionate and dissuasive, and must include at least pecuniary penalties and a public statement indicating the company responsible and the nature of the infringement. The pecuniary penalties, which shall be based on the company's net worldwide turnover, with the maximum limit not being less than 5%. When deciding whether to impose penalties and, if so, the nature and appropriate level, the national supervisory authorities, shall take due account of various factors such as the gravity, duration, and financial benefits of the infringement, as well as the cooperation and remediation efforts of the company.

The decisions of the supervisory authorities shall be without prejudice to companies’ civil liability (see below).

Civil liability

An important element in the Directive is the introduction of a civil liability regime, which can be seen as rather far reaching. Nevertheless the exact effects of this regime remain to be seen.

The CS3D requires Member States to introduce provisions for civil liability holding companies liable for damages resulting from intentional or negligent non-compliance with due diligence obligations, when the right, prohibition or obligation in the human rights or environmental instruments listed in Annex I is aimed to protect the natural or legal person concerned and the damage has been caused to the natural or legal person’s legal interest that is protected under national law.

The civil liability of a company shall be without prejudice to that of its subsidiaries or any direct or indirect business partners in its chain of activities. When the damage was caused jointly, they shall be liable jointly and severally, but the company cannot be held liable if the damage was caused only by its business partner in its chain of activities. Victims have the right to full compensation in accordance with national law. The limitation period shall be at least five years and shall not start to run before the infringement has ceased and the claimant knows, or can reasonably be expected to know, of the behaviour and that it constitutes an infringement, that it caused harm to it and the identity of the infringer. Furthermore, costs of proceedings shall not be prohibitively expensive and claimants must be able to seek injunctive measures.

Moreover, Member States shall allow alleged injured parties to authorize trade unions or NGOs to bring actions to enforce their rights on their behalf. The liability rules under the Directive apply even if the law applicable to the claims is not the law of a Member State.

Next steps

The CS3D will enter into force 20 days after publication in the Official Journal of the European Union. Thereafter, the Member States will have two years to transpose the Directive.

The Directive sets varying compliance deadlines based on company size, turnover, and location:

  • The largest companies with over 5000 employees and a net worldwide turnover exceeding EUR 1500 million, as well as non-EU companies with a Union turnover above EUR 1500 million, face a three-year deadline from entry into force (2027);
  • Slightly smaller companies with over 3000 employees and a net worldwide turnover above EUR 900 million, along with non-EU companies with a Union turnover over EUR 900 million, have a four-year deadline (2028);
  • All other companies under the Directive – over 1000 employees and net worldwide/Union turnover of above EUR 450 million – have a five-year deadline (2029).


Given that most EU Member States currently lack legislation on corporate sustainability due diligence, the CS3D will introduce substantial additional obligations on businesses, although, due to the changes made to the initial proposal the number of enterprises coming within the scope of the Directive is rather limited. Nevertheless, the CS3D in principle only sets out minimum requirements and Member States are therefore, with the exception of a few specified provision. free to introduce more stringent provisions.

The obligations imposed on the large companies are quite far-reaching, not least in light of the obligation to set up complaint and notification mechanisms for stakeholders as well as the right for injured parties to bring actions for damages (including the right to authorize trade unions or NGOs to bring such actions on their behalf.

Although smaller businesses are not directly subject to the CS3D, they may still be indirectly affected by it, as they may be part of the value chain of larger companies that have to comply with the Directive, and thus be required to provide information or adhere to due diligence measures as part of contractual relationships with them, or face the risk of losing business opportunities or being held contractually liable for damages caused by their own non-compliance.

Moreover, smaller businesses may consider it a competitive advantage to comply with the Directive also when not obliged to do so. This may be supported by the fact that larger companies are encouraged to support them in complying with due diligence measures and that Member States are also required to provide information and support to them, which may include financial support.