The European Union's (EU) Corporate Sustainability Due Diligence Directive (CSDDD) is one of the most significant corporate responsibility reforms in recent years. Its impact will be felt far beyond the EU – including here in Australia.
The CSDDD was formally adopted by the EU Parliament in April. It requires EU member states to implement legislation in accordance with the articles of the CSDDD, requiring extensive due diligence to identify adverse business impacts on people and the environment.
Australian businesses will be impacted one of three ways:
- by being directly in scope, (In Scope
Entity);
- by being majority owned by an In Scope Entity; or
- by supplying goods or services to an In Scope Entity or their subsidiary.
Australian businesses will need to implement governance frameworks and due diligence systems, similar to those that were in response to the introduction of similar legislation in individual EU member states (like the German Supply Chain Due Diligence Act). This Insight explains how to navigate the new law and what it will mean for Australian businesses.
CSDDD's objectives
The CSDDD is a legal framework by which In Scope Entities must:
- take responsibility for actual and potential adverse
human rights and environmental impacts. They will do this
through conducting risk-based human rights and environmental due
diligence to identify, assess, cease, prevent, mitigate and
remediate those impacts within their own operations, the operations
of their subsidiaries and the operations of their direct and
indirect business partners within their 'chain of
activities';
- monitor the effectiveness of due diligence
efforts; and
- issue an annual report covering the due diligence and related requirements of the CSDDD.
'Chain of activities' includes the activities of upstream and downstream direct and indirect business partners relevant to the In Scope Entities' operations, (though the scope of downstream activities is more limited).
'Direct business partners' are those that have a commercial agreement with the In Scope Entity.
'Indirect business partners' are those where no commercial agreement exists, but who perform certain business operations.
Actual and potential adverse human rights and environmental impacts are defined by reference to certain human rights enshrined in international instruments and certain international environmental prohibitions and obligations, both referenced in the CSDDD. They are wide ranging and include modern slavery, child labour, exploitation, adequate housing, freedom of thought, discrimination, biodiversity loss, pollution and destruction of natural heritage.
In Australia, although some international obligations are integrated into Australian law already (for example, modern slavery offences pursuant to the Criminal Code Act 1995 or the regulation of pollution and hazardous substances under various laws), not all are. Accordingly, it may not be sufficient to rely on compliance with Australian laws in order to meet the requirements of the CSDDD.
Once adopted by each EU member state, the CSDDD will become binding on In Scope Entities.
Mandatory requirements for In Scope Entities (whether based in the EU or Australia)
Unlike traditional corporate due diligence, which is aimed at identifying and mitigating risks to the business, the objective of the CSDDD is to identify and mitigate risks to people and the environment. It requires an enterprise-wide approach to the governance of human rights and environmental risks, and consultation with an entity's stakeholders to inform each stage of the due diligence process.
Key requirements for In Scope Entities include:
- implementing a climate change mitigation transition
plan aligning the entity's business model and strategy
compatible with the Paris Agreement global warming scenario of
1.5°C;
- integrating human rights and environmental due
diligence into relevant company policies and risk
management systems;
- identifying and assessing actual and potential adverse
impacts from their own operations, their subsidiaries, and
where impacts are related to their chain of activities, their
business partners' actual and potential impacts;
- taking a risk-based approach to prioritising responses
to actual and potential adverse impacts by focusing on
areas where adverse impacts are most likely to occur and be the
most severe;
- prioritising identified actual and potential adverse impacts
based on severity and likelihood of adverse impact and
addressing those impacts within a reasonable
time;
- taking steps to prevent adverse impacts,
including preparation of a preventative action plan that includes
qualitative and quantitative indicators for measuring improvements
or seeking contractual assurances from direct business
partners;
- bringing actual adverse impacts to an end or minimising the extent of any ongoing impact, and developing a corrective action plan. This may also include seeking contractual assurances from business partners or making investments in facilities, production, operational processes and infrastructure;
- remediation of actual adverse impacts;
- conducting meaningful engagement with
stakeholders at each stage of the diligence process;
- establishing a notification mechanism and
complaints procedure; and
- monitoring the adequacy and effectiveness of diligence procedures and conducting an annual assessment.
Significant penalties will apply for non-compliance, based on a company's net worldwide turnover. In Scope Entities may be held civilly liable for intentional or negligent failure to comply with a preventative or corrective action plan causing harm to a person (including legal person). They may also be held jointly and severally liable for damage caused jointly by subsidiaries or business partners.
Effects on Australian businesses
Australian subsidiaries of In Scope Entities
Some In Scope Entities will require their subsidiaries to implement the substantive requirements of the CSDDD in full. This will likely be challenging for many Australian businesses who are not subject to the same regulatory requirements. Until now, many were not required to have either climate transition plans or holistic frameworks in place that operationalise human rights and environmental due diligence at the enterprise level.
Doing business with In Scope Entities
The CSDDD's prescriptive requirements will also have a significant impact on Australian businesses doing business with In Scope Entities. Impacts may include:
- requests for emissions data to enable In Scope Entities to
assess alignment of their transition plan to a global warming
scenario of 1.5°C;
- the imposition of stringent contractual terms in supply and
other commercial agreements, as a result of In Scope Entities
seeking to ensure business partners and suppliers adopt practices
directed to preventing adverse human rights and environmental
impacts. This includes those relating to reducing emissions, for
example, requiring direct business partners to adhere to prevention
and/or corrective action plans, contractual requirements to notify
risks and incidences of adverse human rights and environmental
impacts, rights to inspect records including transition plans or to
impose other methods of verifying compliance with human rights
and/or environmental standards; and
- requirements to indemnify In Scope Entities against losses caused by intentional or negligent failure to comply with a preventative or corrective action plans imposed by the In Scope Entity.
Because the Australian regulatory framework for human rights and enterprise-wide environmental impacts (including climate change) is less developed than the EU, we expect Australian businesses will require significant uplift to existing approaches to managing human rights and environmental risks to respond to likely impacts of the CSDDD.
Phased implementation
Once fully implemented, the CSDDD will apply to an estimated 5,500 companies with operations in the EU. It will be introduced in three phases from 2027, giving In Scope Entities and other impacted entities between three and five years to prepare. The phases are:
- from 2027: EU companies with over 5,000
employees and revenue greater than €1.5 billion, and non-EU
companies satisfying the revenue threshold within the EU;
- from 2028: EU companies with more than 3,000
employees and greater than €900 million revenue, and non-EU
companies satisfying the revenue threshold within the EU; and
- from 2029: EU companies with 1,000 or more employees and an annual turnover of €450 million, and non-EU companies satisfying the revenue threshold within the EU (or if this threshold is met by ultimate parent companies). Also captured are EU franchising or licensing agreements for annual royalties that exceed €22.5 million and an annual net turnover of more than €80 million in the EU (or if this threshold is met by ultimate parent companies).
Preparing for the CSDDD
Impacted Australian businesses should take steps to understand how and when they are likely to be impacted to ensure that they are able to maintain (or exploit in the future) EU relationships and distribution networks. For example, preparation may include:
- Liaising with EU-based parent companies or EU-based business
partners to understand if they are In Scope Entities and when their
respective obligations commence;
- Understanding the scope of contractual obligations likely to be
imposed by EU parent companies/investors and business
partners;
- Assessing readiness by conducting a gap analysis between likely
impacts and current human rights and environmental risk management
frameworks, for example the OECD Guidelines for Multinational
Enterprises on Responsible Business Conduct and the United Nations
Guiding Principles on Business and Human Rights;
- Assessing readiness by conducting a gap analysis between the
scope of the human rights and environmental due diligence
requirements that underpin the CSDDD and an entity's existing
due diligence processes for identifying human rights and
environmental risks in operations, supply and value chains;
- Identifying necessary systems changes. Australian businesses should be mindful that although existing Australian regulatory frameworks operate to protect some human rights (for example, industrial relations laws), or require some level of due diligence to identify and assess potential environmental impacts (for example, site and project-specific environmental risk and impact assessment during approvals and licensing processes) these are unlikely to meet the enterprise-wide focus of the CSDDD, nor span the breadth of the entity's supply and value chains.
Whether directly in scope, or indirectly in scope, Australian businesses with a high dependence on supplying to or trading in EU markets should assess their readiness by understanding the scope of uplift required to existing practices. Doing so early may also provide a competitive advantage, allowing Australian businesses to remain attractive as suppliers and business partners. Conversely, delay will mean limited time within which to design and implement enterprise-wide human rights and environmental due diligence – and may ultimately expose the business to potential loss of EU generated revenue streams.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
![]() |
![]() |
Lawyers Weekly Law firm of the year
2021 |
Employer of Choice for Gender Equality
(WGEA) |