The Corporate Sustainability and Due Diligence Directive (CSDDD) is a groundbreaking EU initiative designed to cultivate sustainable and responsible corporate behaviour. By targeting high-impact sectors including mineral extraction, metal manufacturing, agriculture, forestry, fisheries, and fashion, the Directive mandates businesses to identify, prevent, and mitigate both actual and prospective environmental and human rights impacts of their operations.

The CSDDD significantly reshapes the corporate governance landscape, championing transparency in global supply chains and encouraging ESG reporting. By anchoring human rights and environmental considerations at the core of business operations, it aims to create a resilient, green economy. This transformative Directive looks set to redefine the future of sustainable business operations and CSR strategy, which is why our expert team hosted a TDi masterclass webinar to help our clients prepare for this critical legislation.

Watch the full webinar recording now, with our panellists: Agnes Davis, Marketing Manager; James Hollins, Senior Sustainability and Responsible Sourcing, ESG Standards Audit Manager at TDi Sustainability; and Elizabeth Arnott, Senior Analyst at TDi Sustainability.

Presented by TDi experts:

– James Hollins, Senior Sustainability and Responsible Sourcing, ESG Standards Audit Manager at TDi Sustainability

– Elizabeth Arnott, Senior Analyst at TDi Sustainability

– Agnes Davis, Marketing Manager at TDi Sustainability

Agnes Davis 

I’ll let James and Elizabeth introduce themselves and get started. So maybe James, we will hand it over to you.

James Hollins 

It’s great to see so many participants on this call. We’re talking about the CSDDD. My name is James Hollins, and I’m one of the senior managers here at TDi. I’ve spent the last 12 years within supply chains and conducting supply chain due diligence, travelling worldwide conducting audits both as a lead environmental auditor and a specialist human rights auditor. I joined TDi about six months ago and head up the data and due diligence side for TDi.

Elizabeth Arnott 

My name is Elizabeth Arnott. I’m a consultant with TDi, and I specialise in responsible mining practices, and in particular, mining policy and regulation in Sub-Saharan Africa. I’m in the final stages of completing my PhD at the University of Manchester’s School of Law, where my research has focused on the development of ASM regulation and the relationship between mining regulation and voluntary standards. 

Agnes Davis 

We’ve got a fairly good split between people who already have existing supply chains in place, and most people feel that some changes will be needed to their current procedures. So it will be interesting to see how people feel about that. Elizabeth is going to kick us off today. And I hope everyone enjoys the session. Please feel free to answer any questions you have as we go through.

Elizabeth Arnott 

It would be interesting to go through a bit of the history of due diligence. So, due diligence emerged as something that was, in many ways, purely voluntary. And we saw due diligence grow into different voluntary standards for specific sectors. As you can see here, the Ethical Trading Initiative is another prevalent one that people are familiar with. And then, the UN guiding principles on business and human rights came along in 2011. This paved the way for due diligence concerning corporate contact and human rights.

However, when it emerged, it was more of a soft law mechanism, meaning it wasn’t binding for human rights under these principles. Since then, the regulations have been growing in Europe, which really turned soft law into hard law, meaning due diligence requirements have increasingly been engraved into legislation by the EU and throughout European countries individually. Here, evolution is visualised a little bit, highlighting the EU non-financial Reporting Directive 2014. The UK modern slavery act of 2015 to the more recent Corporate Sustainability Reporting Directive, the German Supply Chain Act and then what we’re going to be focusing on today, the Corporate Sustainability Due Diligence Directive, which is commonly known as the CSDDD, or the Directive. Here we see another visualisation of how European countries have been gradually moving towards the adoption of due diligence laws. So Germany, Norway, France, Switzerland, the Netherlands and the UK have all adopted due diligence regulations. Companies headquartered within these countries or doing business operations within these countries, can be held liable for adverse human rights and environmental impacts, depending on the specification of each piece of legislation. Then, we see how each country has been gradually moving towards that throughout the EU. Here we have one last visualisation demonstrating the evolving compliance landscape and where things have been moving beyond North America’s European and European landscape.

James Hollins 

Before we go into the requirements of the CSDDD, here an important quote from Professor John Ruggie. If you know the UN’s guiding principles on business and human rights, you know he created them:

“As the world’s largest trading bloc, the EU has a golden opportunity to provide authoritative standards, which inevitably would have international spillover effects.”

As we review the requirements, you’ll see how the UN GP (United Nations’ Guiding Principles) are fundamental to the CSDDD from a due diligence perspective and the OECD guidelines. So, let’s go into it, and we’ll talk about the requirements for the purpose. And the scope for the CSDDD. So what does the Directive of the Directive require EU member states to transfer international law, a corporate due diligence duty to identify, prevent, bring to an end, mitigate and account for adverse human rights and environmental impacts? The duty would apply to a company’s operations, not only its operations but where it goes above and beyond other due diligence. It’s looking at subsidiaries and its environment’s entire value chains. So, it is all-encompassing. What is the goal of the Directive? Essentially, the Directive aims to ensure that companies active in the EU internal market contribute to sustainable development and the transition to sustainable economies. Through the identification, prevention mitigation, cessation and minimisation of these risks, we’ve been talking about the potential and adverse human rights and environmental impacts connected with a company’s operations, subsidiaries and value change chains. It’s an instrumental piece of legislation aimed at compelling both domestic and international companies operating within the European Union to take accountability for their environmental and social impacts, inclusive of those generated in its supply chain, so it’s not just your operations, it is your entire value chain as well. So, the Directive will mandate these corporations in scope, and we will discuss what’s in and out of scope in upcoming slides. The Directive mandates that these corporations identify, mitigate and prevent these actual risks from occurring. This is important because not everyone is impacted by this ESG reporting.

It’s broken down into two groups. Group one, which we will refer to here as the first group, is an EU company with a worldwide turnover of 150 million euros and over 500 employees. These are essentially companies operating in non-high-impact sectors. We’ll talk about the high-impact sectors on the following slide. But these are non-high impact sector companies. Group two, so these are EU companies operating in high-impact sectors. The threshold has been lowered because there is significantly more risk. So the threshold for group two EU companies is a 14 million net turnover worldwide and 250 employees; as you can see, it’s a significantly lower threshold. These operations don’t apply to non-EU companies operating in the EU markets. So, in terms of non-EU companies, it’s a 150 million euro turnover within the EU. So these are differences. It’s not a worldwide turnover. It’s the EU turnover of 150 million euros specific to the EU. And then, in group two, again, the thresholds lower, but it’s 40 million euro euros turnover within the EU market. An employee test is not required for non-EU companies. So, the 500 plus employees that apply only to EU companies does not apply to non-EU companies. In terms of group one and group two, it is split into high-impact sectors.

So what is a high-risk sector? The first revolves around the textile and fashion world – the manufacturer of textiles, leather and related products, including footwear, and the wholesale trade of textiles, clothing and footwear. The textile and fashion world is considered a higher risk here. And you would fall under group two. The second one, which falls under group two, is agriculture to forestry and fisheries, including aquaculture, the manufacture of food products, and the wholesale trade of agricultural raw materials, live animals, wood, food and beverages. And then third is the extraction of mineral resources regardless of where it is extracted. This includes crude petroleum, natural gas, coal, lignite, metals and metal ores. As well as other nonmetallic minerals and quarry products. There’s an extensive range of things that fall under this category. It is also the manufacturer of basic metal products, other nonmetallic mineral products and fabricated metal products. The exception is that machinery and equipment do not fall under this category. It does not fall under group two within this section. Finally, the wholesale trade of mineral resources and basic and intermediate mineral products, including metals, metal ores, construction materials, fuels, chemicals and other intermediate products.

in terms of the estimated number of companies who are affected by the CSDDD: There is a significant number of companies who are going to be impacted and have to comply essentially. It’s estimated at around 30,000 EU companies will fall under these requirements, and another 4,000 third country companies

So there are around 17,000 companies total. Of these 4,000 are third country companies, 2,600 non-EU companies are in group one and 1,400 non-EU companies are within the group two higher risk sectors.

Of the 13,000 EU companies, around 9,400 EU companies fall under category one, so the lower sector, and the remaining fall under the high-risk sectors. So, many companies will be impacted by the rollout.

Elizabeth Arnott 

So now let’s let’s turn and look at this specific coverage of the Directive. So, what does the Directive cover regarding adverse human rights impacts? The Directive, very broadly, looks to protect human rights. This contrasts with many other corporate human rights laws, which historically have tended to focus on forced labour and child labour or particular issues. So, an adverse human rights impact would be an adverse impact on a protected person resulting from the violation of one of the 22 foundational human rights instruments listed in the annexe. So a few examples of those are indigenous peoples’ rights to the lands, territories and resources they have traditionally owned, occupied or otherwise used or acquired. The prohibition of human trafficking, the ban of all forms of slavery, slavery practices akin to slavery, served on other forms of domination or oppression in the workplace, the right to just and favourable conditions of work, which includes a fair wage, a decent living, safe and healthy working conditions and reasonable limitations on working hours, and the prohibition of employment of children under the age at which compulsory schooling is completed, which is generally not less than 15 years of age.

And then, when we see the adverse environmental impacts covered, this is more narrow in the range of harms than the Human Rights components of the Directive. These are related to one of 12 specific environmental conventions, which, among other things, pertains to the biological diversity and endangered species manufacturing, such as the use of mercury production and use of persistent organic pollutants, the handling collection, storage and disposal of waste, the importation of hazardous chemicals, the production and consumption of specific substances that deplete the ozone layer, and exporting and importing of hazardous waste. So these are just some examples that are covered.

Now let’s look at what happens if a company in the regulation’s scope doesn’t comply. First, there’s civil liability, which is covered in articles 22, 23 and 27. So, companies that are in scope face civil liability for failure to conduct due diligence on the impact of their operations on human rights and environmental risks of their value chains. And when they fail to take adequate action to prevent or mitigate any identified adverse impacts. So, more is needed than identifying them; you must also take preventative action. So, the four conditions for a company to be held liable include damage caused to a natural or legal person, a breach of duty, and a causal link between the damage and the breach of duty. And a fault that could be intentional or just through negligence also covers that. 

Then, we have the director’s duty of care. So, this is covered in articles 25 and 26. So under the Commission’s current proposal, a director’s duty of care to act in the company’s best interest would be expanded to take into account, where applicable, human rights, climate change and those environmental consequences, and this means that members state would be required to ensure that laws, regulations and administrative provisions providing for a breach of directors duties apply to those duties. Directors would specifically be responsible for establishing and overseeing their due diligence systems. So, in particular, directors would be responsible for a due diligence policy, with due consideration for relevant input from stakeholders and civil society organisations wherein they operate. So with sanctions, under the Directive, member states would be required to establish rules or sanctions in the event of a violation of national provision adopted under this Directive. So the sanctions are at this stage required to be effectively proportionate, and the determining factors for this include efforts to comply with any remedial action required investments and targeted support provided to address the impacts and the collaboration with other entities to address the effects. These are things that should be considered when looking at sanctions. And it should be noted as well that if sanctions are imposed, this has to do with a company’s turnover. So this has to do with the revenue of a company as well.

James Hollins 

In relation to that point, it is similar to how the GDP and general data protection regulations for companies are currently administered. If you’re familiar with GDPR and how companies are fined, it’s a similar approach regarding the company’s turnover being considered when sanctions are applied. That’s the due diligence aspect. It’s important to note that the due diligence generally aligns with the OECD guidelines for multinational enterprises and the UN guiding principles on business and human rights, which we’ve discussed. The CSDDD is becoming mandatory and being put into legislation. The UN guiding principles and the OECD multinational enterprise are becoming hard law when it comes to the due diligence part.

And what is the Directive trying to achieve with due diligence at a high level? This due diligence consists of the following actions: You’re required to integrate due diligence into policies; you’re identifying actual or potential adverse impacts within your value chain; you’re preventing and mitigating potential adverse impacts. So it’s not just a case of, as Elizabeth said, identifying it. You are preventing and mitigating these impacts as well. You’re required to bring actual adverse impacts to an end and minimise their extent, establishing and maintaining a complaints procedure. So that’s a grievance process for employees throughout the value chain, and monitoring the effectiveness of due diligence policy and measures taken is not just a case of having these in place. You are required to monitor the effectiveness of your audit schemes and these due diligence processes and ensure that your value chain partners comply. And then, finally, it’s publicly communicating on due diligence. What I will say is if you’re familiar with the CSRD, the Corporate Sustainability Reporting Directive, there are no additional reporting requirements when it comes to the CSDDD for publicly communicating, so it is entirely in line with the CSRD, and we’ll talk about that later on.

It’s important to note that a company’s value chain would include both upstream and downstream activities. It’s not just your operations -it is your upstream and downstream activities. The value chain would be defined in the Directive to include activities related to the production of goods or the provision of services by a company, including the development of the products or services and use and disposal of the product, as well as the related activities of upstream and downstream established business relationships. This construct is intended to cover all aspects of a value chain, including the upstream established direct and indirect business relationships that design, extract, manufacture, transport, typically store and supply the raw materials. It will also cover downstream relationships, which are intended to include established direct and indirect business relationships, which typically are dealing with products or services, from a company up to the end of life. It includes the distribution of a product to retailers to transport and storage in warehouses or the product, the dismantling of the product, and its recycling. When we talk about establishing business relationships, there are important details here to discuss. A business relationship would be a relationship with a contractor, subcontractor, or any other legal entity. A business relationship is established if it is expected to be lasting, given its intensity or duration, and does not represent a negligible or merely ancillary part of the value chain. This relationship can be direct or indirect, and the guidance is to check your business relationships periodically at least every 12 months to ensure that business relationships that previously weren’t are haven’t just become it because you would have to conduct monitoring on that as well.

The requirements for group one and group two due diligence are the same. The thresholds are slightly different, but the actual due diligence process and what is required stays the same between group one and group two. The thresholds for group two are lower, and they are required to comply with a lower turnover and fewer employees if they are operating in the EU. And non-EU companies have an EU turnover of 40 million euros.

So, let’s talk about steps for compliance. This is key as to what is required to be done regarding compliance with the CSDDD. The first part is integrating due diligence into the company’s policies. You must have a due diligence policy containing the company’s approach to due diligence activities and the corresponding process for implementing the activities. A Code of Conduct will be required, including rules to be followed by employees and subsidiaries, and that has to be communicated to them as well. It’s not a case of you developing them and not communicating them, so they need to learn about it. It’s a requirement that they know about it, and communication is really important here. These policies, ideally in best practice, should be updated at least every two years. So, once you’ve created the policies. The next aspect is looking at risk and performing risk analysis to identify actual and potential adverse impacts. So, we keep talking about these actual and potential adverse impacts. And what this is is risk analysis. So, you should take appropriate measures to identify potential adverse human rights and environmental impacts arising from your operations and your supply chain operations. As Elizabeth mentioned, there are 22 fundamental human rights that fall under this category. These have remained the same in terms of the following international frameworks as to violations of human rights and the 12 environmental impacts, as well as following international frameworks for water violation of an environmental impact well. So, it’s worth knowing what these are because the risk analysis is key to identifying if you’re causing these risks in your value chains. So, number three is preventing, ceasing or minimising actual and potential adverse human rights and environmental impacts. Essentially, a company is required to develop and implement a prevention action plan. Through this and numerous mechanisms, seek contractual assurances from direct business partners, cover your policies and codes of conduct and step one, and make the necessary investments in order for these to be compliant. So, make sure your value chain partners are complying with your policies and procedures. And within the CSDDD, providing targeted and proportionate support for SMEs, particularly smaller businesses, to comply with this. It is a process of supporting these SMEs with the company that you’ve established. So, requirements are quite strict, and compliance is going to be relatively tough. It is about supporting smaller businesses as well through this, who may well be your suppliers, or you may well be a supplier to a bigger business. So that’s important here. Number four is fundamentally looking at established channels for communication and how affected parties can communicate if there are risks directed at them. This is normally through a formal grievance mechanism, which is fundamental to the UN GP. This is really about establishing a formal grievance process within your value chains to ensure that if risks are occurring, the relevant channels are there. To facilitate the knowing of these risks. And then number five, this is looking at monitoring the effectiveness of due diligence policies and measures. Often, this is done through an audit approach and an on-site due diligence assessment, and this is required to ensure that your processes previous to step fives are effective. So, there are requirements to ensure that you are monitoring the effectiveness of your due diligence procedures and policies and making sure that suppliers are following your codes of conduct and the policies you’ve developed. And then, finally, number six, it’s about the communication of due diligence. So, as I said, the Directive does not introduce any new reporting obligations in addition to the CSRD, the Corporate Sustainability Reporting Directive. They are entirely aligned, but there is a requirement for reporting, and this would be integrated into your reporting processes. 

So some of the really challenging factors when your due diligence programmes are being developed include developing effective grievance mechanisms, which relates to step four, which we’ve just talked about, the complaint process, making sure it’s in a language designed for the right level, there are no technology barriers for rights holders to access to assess the complaints and ensure they’re addressed correctly. They’re really important factors in the agreement process, as how you obtain a contract for assurance that suppliers are meeting your expectations and requirements, so putting contractual clauses in place to prevent these risks is important. Going back to civil liability, failure to fulfil the obligations can result in civil liability. This is for your subsidiaries and the direct and indirect suppliers as well. This is unique to the CSDDD in terms of civil liability; there is a potential for victims of human rights abuses and environmental impacts. To take companies directly to the member states courts. And when Elizabeth was talking about sanctions, that that is an avenue for victims of these impacts to take civil liability against a company and again, going back to when fulfilling their duty to act in the company’s best interest, directors must take into account the conscious consequences of their decision for sustainability matters, including the short term, the medium term and the long term. At TDi, we’ve developed a framework for how you can create a due diligence approach to complying with the CSDDD, and this really does need to be quite robust.

So, let’s start with number one, risk identification and assessment. What I will say here is that due diligence is dynamic. It’s an ongoing process. It involves continuous assessments. It is not simply a static tick-box exercise. This needs to be ongoing and continuous. So, when it comes to risk identification, a risk-based and proportional approach is essential for a company to demonstrate that effectively protecting all rights holders within the value chain and ensuring that no abuses are occurring. The key is ongoing risk management. We essentially need to move past this notion of due diligence as an annual static box-ticking practice. Instead, it should be continuous, and a robust process will establish environmental and social frameworks within number two, commitment and governance. Your company’s commitment to sustainability should not be just a statement. It should be a set of clearly defined policies backed up with access to risk experts who can design this for you and the establishment of appropriate governance models. This is about creating an organisational structure that is capable of coping with the challenges of sustainability. Number three, integration communication and training essentially, is the integration of the findings of risk and your commitment to mitigating these risks. So, any findings from assessments that you’ve developed and policy requirements should be integrated into existing risk and due diligence processes and systems. It’s crucial to communicate expectations to key internal and external stakeholders. Communication is key to getting all your suppliers on board. Training relevant stakeholders to uphold commitments to conduct due diligence of their own activities is equally critical because you are relying on your suppliers as well to be compliant, and its an approach where you will need to be on board through your value chain to ensure these risks and abuses are not occurring. Number four, compliance tracking in response, monitoring enforcement programmes such as audits should be set up and implemented to track compliance, but having people resources and mechanisms to respond when issues arise effectively is equally important. 

So it’s not just about audit; there are many alternative channels as well here, and when necessary, action should be taken to cease, prevent, and mitigate these risks, taking into account these contractual obligations that you will have in contracts as well. To see if these risks are occurring. Number five is grievance handling and remediation. Again, we talked about it as being really a key point here and how it has to be accessible to all rights holders. The key point is that it’s accessible for all workers, regardless of literacy. And there should be no technology barriers here. And this really feeds into the overall how are you communicating this in your reporting and review mechanisms? So regularly, having management reporting stakeholder communications that should be carried out, but remember, due diligence, due diligence itself is it’s not a destination, it’s a journey, and you really need to be changing your approach is modifying them as you’re getting more information throughout this process and regularly reviewing the learnings and adjusting for continuous improvement is very important to an effective due diligence framework. It is not static. As I mentioned, it has to be a dynamic approach.

Elizabeth Arnott 

As somebody who works to advocate for small-scale producers in law and regulation, it’s important to look at the other angle of the laws that are coming in place. And so with this regulation in particular, as has been explained by genes, companies will be expected to go into their value chains beyond their direct operations, which means beyond their tier one, you know firsthand suppliers and often at the beginning of value chains, particularly the complex ones such as the mineral, textile, and agricultural value chains. That is where we find the most vulnerable value chain actors who are often operating on a small scale and may also be working informally. This presents a risk that companies will disengage from small-scale producers as they are perceived as risks or suppliers instead of actually taking steps to engage them, which is really what the Directive intends to encourage. However, a continued pattern of this would ultimately lead to the exclusion of some of the most vulnerable value chain actors from the European market. So this is definitely something to keep an eye on as things progress from my perspective.

So what should companies be doing? I’m sure at this point, you’re wondering, what do we do now? So, first and foremost, at a minimum, companies should be assessing whether they’re likely to come into the scope of the Directive, and if so, they should continue to monitor the status of the Directive. Secondly, potentially affected companies should consider conducting a high-level preliminary gap assessment to provide a directional sense of the amount of work that would be required to comply with the Directive’s requirements. Third, and this needs to be highlighted, the ultimate terms and timing of the final Directive will be what determines the company’s compliance obligations when those begin. However, companies should take a flexible approach to new or enhanced policies and procedures to accommodate these future requirements. Here is a little example. Going back to point number two in terms of what companies can be doing to prepare, it’s important to really be doing these types of analysis analyses within your companies to understand what is going to be applicable and to compare your management systems against the Directive that is coming up to understand what needs to be done to ensure that you will indeed comply. This is a quick snapshot of something that I did, which compares the number of regulations not limited to the EU. We also see North American regulations in there as well. And so we often do these types of analyses for companies, and then we’ll compare them against their management systems or against their jurisdictions, even just the simple step of understanding if it’s a, you know, if it’s a very large company operating in multiple jurisdictions, what applies where and how can a company demonstrate compliance. This is always a good activity as a first step for companies to be doing if they feel like they are unprepared or are unsure of whether they are meeting the Directive’s requirements.

James Hollins 

I’m now going to answer some commonly asked questions before we delve into any of your questions. The first one is: Is the Directive currently legally binding? The Commission has adopted the Directive. However, it is not yet in effect, so there are no current legal obligations at the moment. It is going through the US tripartite system, in terms of the EU Commission, the EU Parliament and the EU Council; they all have to agree on it, and then it gets transposed into the 27 member states. That is expected to happen this year.

As a result, where is compliance required? So if that aspect does happen this year, group one companies that we’ve talked about the 100 and 50 million turnovers with 500 employees, you will have two years after the Directive enters into force. So if that happens this year in 2023, you will have until 2025 to comply with the higher-risk sectors. The mining, agricultural, and fashion sectors will have an additional two years beyond 2025. So we’re talking 2027 at the earliest for the higher-risk sectors. This is not immediate, but there should be some plans to prepare for this because it is significantly more strict than other due diligence legislation that certain EU countries have. 

Does it directly relate to the EU non-financial reporting directive? So, the CSRD is intended to complement the current CSRD and its proposed amendments by adding substantive requirements to perform due diligence to identify, prevent, mitigate, and account for external harm resulting from adverse human rights and environmental impacts within the entire operations. This is designed to complement the CSRD, which is really important, particularly with changes to the Uyghur Forced Labour Act in the last few weeks and how developments in the US have been taking place. This is slightly different at the moment in terms of whether it is comparable to that sort of legislation that the US House directive does not import into the European products produced with forced labour. This is expected to be addressed in separate EU legislation, and the EU Forced Labour Act is potentially looking at that avenue. However, forced labour would be an adverse human rights impact that Elizabeth talked about earlier. It would be covered by the due diligence requirements or Directive, so the sanctions and fines certainly can be applied for some of these high-risk industries with forced labour, which is prominent in some of these higher-impact sectors.

Agnes Davis 

We’ve got quite a few questions coming in. Some of them might have been touched on, but it’d be good to make sure we’ve got everything covered there. So we’ve got one here: if your company belongs to group one requirements, but it’s also a subsidiary, does the CSDDD still apply to you?

James Hollins 

Yeah, if you breach the thresholds of group one, then yes.

Agnes Davis 

Another one: Do you know if the UK is planning on something similar or if the UK will be affected by these decisions?

James Hollins 

Good question. I’ll let Elizabeth answer as well, but from my side, for UK companies operating in the EU. For non-EU companies group one, the thresholds still apply to non-UK companies. You fall under the non-EU category. In terms of adoption, there are plans to talk in terms of taking what the EU CSDDD is doing and applying it to a UK perspective. Regardless of that law, you are required to comply if you fall in the non-EU categories anyway for group one and group two. So there are UK companies operating in the European market, which will have to be compliant anyway because of their turnover in the EU market.

 Agnes Davis 

Thanks so much. So, this one you did touch on, but again, it might be good to elaborate: Are OECD principles and guidelines applicable to European companies and businesses? Are they applicable to European companies and businesses. And why are there Chinese companies that don’t necessarily comply with them, especially in oil and gas and rare earth minerals? Why are they not being applied in the same way to the OECD principles?

James Hollins 

The OECD guidelines are voluntary in terms of aspects as well as the UN guiding principles to do due diligence aspects. This is really taking that and making it hard law. So, there are legislative impacts now. Your subsidiaries or your value chains within China and high-risk sectors are within the scope of the CSDDD, and particularly aspects like forced labour in Xinjiang. This is being looked at with the CSDDD and making sure that there is compliance there. So, it is a case of the suppliers and your partners there. You will have to ensure they’re compliant with the requirements, particularly as forced labour isn’t one of the fundamental human rights breaches. So it is taking that to the next level, saying that if you aren’t ensuring these risks are mitigated, there will be sanctions on the company.

Elizabeth Arnott 

To reiterate what James said about the OECD principles and guidelines, they are a soft law mechanism, as we would call them, but they’ve been enshrined into European legislation. So, if a Chinese company is operating in Europe, this would apply directly to them. But through this Directive, if a company operating in Europe has relations with the Chinese company in their value chain, then it will still be applicable to them.

Agnes Davis 

So we’ve got a question here that says: We’ve set up our supply chain policy and procedures based on OECD due diligence guidelines and minerals, plus we added environmental risks to annexe two. What are the key changes we need to think about to be in line with the CSDDD?

Elizabeth Arnott 

That’s a bit of a tricky one because it is something that I think for us to make a full assessment out. We need more information in terms of what is actually going on in your company. That would be my first reaction to a question like that. But in terms of following those six steps that James elaborated on, which are founded on the OECD due diligence guidance, it does sound like you’re on the right path. 

James Hollins 

There’s a key difference here as well between policy commitments and actually ensuring it’s implemented throughout your value chains. You can have very deep and complex policies that address all of your risks. That doesn’t mean that your value chains, your suppliers, and your partners are adhering to that. So, the next step of due diligence is taking your commitments and ensuring that your commitments are being applied throughout your value chain. This is an entire due diligence process that is not simply saying you’ve got a commitment. You need to prove to the EU that these commitments are actually being applied throughout the value chain. So, it’s going above what is currently in due diligence legislation at the moment. And there will be enforcement bodies within the 27 member states. So the Directive is going to require all 27 member states to have an enforcement body whereas, if you aren’t complying, there will be sanctions against the company. So, you’re taking your policies, you need to ensure that these policies apply through audits due, through assessments throughout the value chain. It simply needs to have a policy committed to the OECD requirements with them checking that it’s effective. And when we talk about effectively ensuring that there is no forced labour in, you know, tier five of your value chain, the higher risk aspects tend to occur in the tiers below tiers three, four and five, you do need to ensure that your policy commitments are being applied to these higher-risk areas in the value chain as well through audit and assessment.

Agnes Davis 

Can you show us an example of a management system that incorporates the new regulations? I’ll let you answer, but we’re really open to having conversations with anyone attending this webinar who needs extra specific information on your circumstances or applicable to the last question and this next one. As Elizabeth said, every company is unique, and your value chain is unique to you. So this is what we do at TDi. We’re here to make sure that we’re getting it right for you. So please feel free to reach out to Elizabeth or James or info at TDi to make sure that you’ve got your details. 

James Hollins 

You could have a general approach to the management system, as we highlighted on the wheel, a one to six-step process. That is an all-encompassing management system. But it does go above that as well. And there is every value chain, and every supply chain is completely different. You might have a very simple supply chain, which is often the case with perishable goods in agriculture. It goes directly from somewhere to the distribution centres, and they’re much shorter supply chains. The management systems would still have to be all-encompassing for the shorter supply chain as it would be for a more complex supply chain, like Elizabeth mentioned, with particular electronics there. They can be very complex supply chains. Fashion supply chains, cotton in particular, can be extremely complex, with multiple tiers beyond tears and fives. We’d have to cover all of that. So it’d be difficult for me to provide a one-step solution, but certainly, it would need to be customised to fit your value chain. 

Agnes Davis 

We’ve got a few questions here about mechanisms. So, what are the mechanisms of visits for enforcement? Another question is: we operate in a precious metal sector – if we are audited by a scheme recognised by the EU conflict mineral legislation, is that sufficient? 

Elizabeth Arnott 

At first glance at that question, the conflict mineral legislation covers just one aspect of what the Directive covers. So it’s very much focused on conflict-affected and high-risk areas and human rights, whereas the Directive is wider in scope. So it covers environments, climate change, and other topics. So, from first glance, it’s great that you are being audited by that, but I don’t think that that would be sufficient, specifically to show compliance with this Directive.

Agnes Davis 

Okay, that’s helpful. And so, to go back to the mechanisms envisaged for enforcement.

James Hollins 

So I can answer that one. So, each member state has to designate one or more supervisory authorities to supervise compliance with the due diligence requirements. So, that has yet to be established. We’re still in the tripartite agreement stage. Once we’ve gone, it’s been agreed by the Commission, Parliament, etc. That’s when it gets designated to 27 member states to impose in law that is when each member state will be required to designate one or more supervisory authorities, whatever that may look like will be specific to that country.

However, they will have the authority to investigate companies and enforce the actions of the Directive on them. So that’s a watch this space one. 

Audits are not generally sufficient as well. This is only one part of a management system to detect risk. There needs to be more than an audit to detect some of these risks and can be a poor mechanism for detecting things like discrimination or forced labour, which are often hidden risks. You would need to go back to your early steps to really identify what the key risks in your value chain are and then ensure that you’re deep-diving those risks through an audit, and these sometimes one-size-fits-all audits do not deep dive into things like forced labour or discrimination which are typically very poorly picked up through non-compliances in audit frameworks. So it’s key that more than an audit is required to be compliant.

Agnes Davis 

If you are a non-EU entity, what does it mean to be operating in the EU as at any aspect of your value chain crossing in the EU? 

James Hollins 

As long as you’ve got 50% of your net turnover within the EU, you are categorised as being required to comply.

Agnes Davis 

To what extent, in your estimation, do contractual requirements with suppliers shield a company from obligations regarding compliance further upstream? Should companies consider those contractual ethical requirements as one layer but that the company itself is still ultimately responsible for all impacts in all tiers of the supply chain?

Elizabeth Arnott 

Yes, to the latter part of that. As James stated before, it’s not enough to simply have a policy in place. A contract is a great way to go about this, but that isn’t how you gauge risk because if you are operating in a conflict-affected area, just as a simple example, and you have a contract in place with your supplier there, that’s not enough to ensure that there’s no damage being done throughout that supply chain. So it’s just one tool.

James Hollins 

And to add to that, contractual clauses are useful as if everything else fails for remediation and mitigating the risks. It acts as a process for disengaging and risk disengaging. So, it’s an avenue to remove yourself from that risk. But it is not in itself sufficient to address the risks.

Agnes Davis 

And so final question: Will the impact of the Directive depend on the resources invested by national governments in its implementation and enforcement?

Both

Yes.

Agnes Davis 

I’ve got one more question that has popped in: Are you assessing the risk of climate change on the supply chain? Is the risk of climate change considered to be something that’s going to be part of the scope? 

Elizabeth Arnott 

Yes, they do look at greenhouse gas emissions and the environment.

James Hollins 

Yes, there is an aspect of it.

Agnes Davis 

A huge thank you to Elizabeth and James. I appreciate your time and hard work that’s gone into this. We are there to support anybody who needs to discuss your reaction to this in whatever way you need. We have a wide range of services that support specifically offering creating and making available data for due diligence. We specialise in creating digital tools that make data easily available and tailored to your needs. So please reach out if that’s of interest. It’s to help speed up your compliance process considerably. We also work on creating bespoke strategies for companies and the whole suite of everything end to end of the value chain that’s needed, including auditing. So, take a look at the TDi website to learn a bit more. Also, please don’t hesitate to ask us if there are specific questions that you have, either to James or Elizabeth or through the Contact Us page on the website. Thank you very much to everybody for your time today.