Wednesday 31 January 2024

Would’ve, Could’ve, Should’ve: Preliminary Reflections on the EU’s New Corporate Sustainability Due Diligence Directive


Tara Van Ho, Senior Lecturer in Law, University of Essex


Photo credit: Infrogmation of New Orleans, via Wikimedia commons


The European Union’s Council and Parliament have agreed to a provisional text for a new directive that would require certain large corporations to undertake human rights and environmental due diligence.


I was reminiscing just the other day while having coffee all alone, and Lord, it took me away, back to a first-glance feeling during my first UN Forum. My hope was mixed with equal levels of scepticism about the likelihood that laws like this would be adopted let alone be effective. Over the past twelve years, the hopes and scepticism have been met in equal measure, but never more so than with this law.


While the final text is not yet public, a press release indicates the key expectations and components of the agreed text. MEP Axel Voss has posted the side-by-side comparator of the various drafts, including the new draft agreement. This draft confirms:


-          The directive will apply to large EU companies with a worldwide net turnover of €150million and 500+ employees;

-          It will eventually capture non-EU companies with €300 million net turnover generated in the EU and the Commission will publish a list of applicable non-EU companies the law;

-          Affected businesses will need to address actual and potential adverse human rights and environmental impacts in their “business chain of activities” which covers their own operations, their subsidiaries, and “the upstream business partners of the company and partially the downstream activities, such as distribution or recycling”;

-          The financial sector is (temporarily?) excluded pending a review and “a sufficient impact assessment;

-          There is a specific list of human rights and environmental protections that businesses will be expected to respect and address, and a list of obligations the breach of which will constitute “an adverse human rights impact”;

-          That list excludes from application certain ILO core conventions because not all EU member states have ratified them; 

-          Large companies will have an obligation of means to develop and implement an effective plan to mitigate their impact on climate change;

-          Those who are negatively affected (including civil society or trade unions) can bring claims for civil liability within a five-year period; and

-          At times, as a matter of last resort, businesses may need to end their business relationships where negative impacts cannot be prevented or ended.


This law represents progress for many in the world. If implemented in good faith, it could provide better access to remedies for victims who are negatively impacted by business operations. It should also lead to the adoption of better and greater preventative measures, avoiding the need for remediation in the first place.


It is the first mandatory human rights due diligence legislation to address climate change, not just environmental damage. It anticipates civil liability for businesses that breach their responsibilities. It suggests compliance with the law as a criterion for public procurement, placing the power of Member States’ purses beyond the law. The recognition that at times business relationships will need to be terminated to ensure compliance is significant and can help fill in gaps the negotiation has otherwise left unaddressed, like the issue of conflict-affected and high-risk areas (which I’ll return to later in the post).


I’d like to express my appreciation to the NGOs and Parliamentarians who have gotten us to this point: it is clear from the Council’s approach during negotiations that if you would’ve blinked then they would’ve looked away at the first chance. I particularly appreciate those who fought for the inclusion of international humanitarian law and specific language on conflict-affected and high-risk areas. This was needed and I was shocked by early rumours that the draft agreement excluded this issue. I’m happy those were wrong.


The long-awaited human rights requirements are intended to implement the 2011 United Nations Guiding Principles on Business and Human Rights (UNGPs). I remember it all too well how the EU celebrated the adoption of the UNGPs and how, together with the US and other capital-exporting states, promoted the UNGPs as the standard for businesses when addressing human rights. The EU long opposed proposals for an international treaty on business responsibility for human rights because they felt that it was unnecessary in light of the UNGPs’ existence and could distract states from implementing the UNGPs.


Only recently, and only because Parliament required it, the EU has joined the negotiations with all the enthusiasm of a 6-year-old child called to dinner when they’re playing with their dinosaurs (meaning: none). The new directive evidences strong disconnects from the EU’s demand that the UNGPs lead is pretty and what the EU advocates for in the binding treaty and what the directive now requires for reasons I set out below.


In this post, I provide a list of things the EU would’ve, could’ve, and should’ve done had the Council been as serious as Parliament about implementing the UNGPs. The would’ves apply to an ideal application of the UNGPs: applying to all businesses and with a more robust and comprehensive understanding of human rights. The could’ves represent those areas in need of greater development: consulting with rightsholders abroad; and clarifying that contractual clauses are not enough. Finally, the “should’ve” is applying the law to the financial and arms sectors, a bare minimum expectation under the UNGPs, the exclusion of which should embarrass Council members for decades to come (I would have said generations but that felt a tad bit dramatic).


Would’ve: Applied to all businesses


First, the UNGPs are explicit that the responsibility to respect human rights applies to all businesses at all times including small and medium-sized enterprises (SMEs). In the Geneva treaty negotiations the EU has always walked a very thin line, insisting that the treaty, like the UNGPs, should apply to all businesses, not just transnational corporations. The initial Parliamentary proposal for a directive would’ve (largely) continued this approach and complied with the UNGPs. Yet, it was clear from the Commission’s proposal and the Council’s response that we were never going to get a UNGP-compliant directive. The Directive will now only apply to large companies (and not in the financial sector, an issue I’ll return to). The press release does not indicate an intention to expand the scope of the Directive in the future.


Including SMEs is admittedly difficult. In the transnational context, large European companies have long forced SMEs in places like Bangladesh and Pakistan to absorb the cost of social auditing processes while insisting on contracts that limit the legal liability of European buyers and parents. This often leads to corrupt practices for certifications or in redirecting revenue for the certification away from protections or living wages for employees. That would defeat the purpose of the law.


EU SMEs, on the other hand, often already have a language of human rights, practices that facilitate due diligence, and networks that can support their efforts to develop in this area. A graduated expansion coupled with clauses aimed at protecting SMEs from the abusive practices we’ve seen elsewhere could’ve provided an important example of how SMEs can be included in mandatory human rights due diligence legislation. It also would’ve strengthened the EU’s position in the Geneva-based negotiations.


Instead, whenever the EU pushes for an expansion of the treaty, I hope states like Pakistan and Bangladesh point out the hypocrisy.


Would’ve: Taken a broader approach to human and labour rights


The UNGPs also call for businesses to account for all human rights. In Principle 12, it states that businesses should account for, “at a minimum,” the International Bill of Human Rights (the Universal Declaration of Human Rights, the International Covenant on Civil and Political Rights, and the International Covenant on Economic, Social and Cultural Rights) and the ILO Core Conventions. Where relevant, businesses need to rely on other standards as well.


The EU’s press release suggests that the directive will only invoke treaties that are universally ratified by EU member states. That would mean most of the major UN treaties are addressed but there are some disturbing omissions, including the International Convention on the Protection of All Migrant Workers and of their Families and the ILO Core Conventions. Those are rather significant omissions given issues of modern slavery in EU food supplies, and more broadly problems with the treatment of migrant workers throughout EU corporate supply chains.


The list also prioritises EU commitments over relevant obligations where the law has extraterritorial impacts. There should have been a recognition that at times the Inter-American and African systems on human rights can be applicable. This recognition is important as the Inter-American and African systems have produced stronger jurisprudence on various issues, including indigenous rights and community rights than Europe (significantly stronger in the Inter-American system) while the Inter-American system also produces more progressive jurisprudence on the definition and nature of reparations, and the direct responsibility of businesses. While the African system has more limited jurisprudence, its jurisprudence on land rights and community rights is similarly more advanced than the European system’s.


Sometimes, I miss who I used to be when I could naively believe the absence of reference to the other human rights systems was an oversight, but I fear this strengthens the case for the laws as a form of neo-coloniality by suggesting a hierarchy of rights and systems that centres European expectations in legislation that is supposed to reflect broader standards.


Could’ve: Undertaken Direct Consultations with Foreign Rightsholders


The failure to recognise the relevance of Inter-American and African jurisprudence reflects a broader procedural failure by the Commission to consult foreign rightsholders who will be affected the law. I cannot do greater justice to this criticism than Caroline Omari Lichuma has done already in her TWAIL critique of European human rights due diligence laws.


While my experience suggests that many victims groups and rightsholders want mandatory laws, what they want in those mandatory laws matters just as much as the desire for a law. They had a right not just to voice their support for (or criticism of) the law but to make substantive demands for the law itself. What would the additional demands of rightsholders look like? Well, sometimes you just don't know the answer ‘til someone's on their knees and asks you for a particular legislative proposal, but a very recent study suggests that consultation might have led to different approaches to remediation, particularly for climate-related harms.


I often find that memories feel like weapons. In this field, we have often seen European businesses and states undertake “new” initiatives they claim are for the benefit of others without actually talking to the “others.” For example, studies suggest “social auditing” and certification schemes do not deliver on the promises European companies and social initiatives claim. This is unsurprising. Writing in the U.S., the founding father of critical race theory, Derek Bell, has explained that many “anti-racist” developments really represent interest convergence of White and Black leaders. As such, the concessions are less radical or responsive than what racialised communities would seek themselves. These additional demands, however, are often dismissed or ignored. When Dr Lichuma provided an overview of her critique at the 2022 UN Forum on Business and Human Rights, one European delegate infamously responded that Europe’s position wasn’t a matter of imperialism but of “leadership.” Real leadership, however, would reflect the results of consultations with rights-holders not just the political interests and concessions of European leaders.


Could’ve: Clarified that Contractual Clauses are not Enough


Recital 34, para 43 in the table contains an extensive discussion of the kinds of measures companies can take to comply with their human rights responsibilities. One of those is the development of contractual clauses with business partners. I worry that I've seen this film before and I didn't like the ending.


I’ve now mentioned twice that social auditing is a sham. There will be exceptions to this rule and I can point people to a few of my favourite exceptions, but let me reiterate what existing research indicates: social auditing is generally ineffective and often detrimental for rights-holders, providing a veneer of respectability for disrespectful practices.


Increasingly, it is clear that this is equally true of index listings meant to advise institutional investors on their human rights risks. Last year, the US advisory company Morningstar adopted rules aimed at exempting Israel that so fundamentally misunderstand the UNGPs that it renders all its human rights reporting questionable (short story: Morningstar concluded Israel isn’t a conflict-affected area…). More recently, index provider MSCI accepted audits from Xinjiang, China, as evidence that the car company Volkswagen was seriously addressing the issue of Uyghur forced labour. No company can adequately address the issue of Uyghur forced labour when operating in Xinjiang and (again, I cannot emphasise this enough) it is irresponsible to rely on a social audit in this context. Because these indexes set their own rules, and have no professional board standards, I can’t actually accuse them of professional malfeasance but these responses are shockingly inept.


Human rights due diligence is not supposed to be the same as an audit, but often businesses looking for a quick and dirty misdirection will use social audits and contractual clauses as a substitution for due diligence. I fear that if contractual clauses are allowed, due diligence will start to look more and more like social auditing and indexing and less like the robust and circular mechanism of assessment, responsiveness, and reparations than it is supposed to be.  


The directive could and should clarify that while contractual clauses can be important they cannot transfer legal liability. 


Should’ve: Applied to the Financial and Arms Sectors


At Recital 18, para 27, and  Recital 19, para 28, we find an effective exemption from the law for the arms and financial sectors, respectively. In Recital 19, the CSDDD excludes “downstream business partners” from the scope of due diligence obligations. I knew this was true from the press release, but seeing the blatant language was surreal. I’m laughin', but the joke's not funny at all.


I’m going to set aside the arms sector for now (because I’m working on a lot regarding that sector right now), but the exemption for the financial sector is gross (gross being a legal term of art, just ask anyone…). The draft agreement says that “as regards regulated financial undertakings, only the upstream but not the downstream part of their chain of activities is covered by this Directive.” In other words: the bank is not responsible for breaches caused by its financing of another’s activities no matter how much the bank should have known how its financing would be used for human rights violations.


Out of every group you’re concerned with protecting, out of every business and industry, it is the banks you the Council thinks can’t do due diligence?




The banks that kept looted Nazi material from their rightful Jewish owners for decades?


The banks that repeatedly financed South Africa’s apartheid regime, saving it when it was on the brink of collapsing?


The banks accused of facilitating money laundering for drug lords and terrorists?


The ones who facilitate tax evasion? 


The banks that finance dam projects in indigenous lands with such disregard for human rights that many of their logos should just be “Hi, it’s me, I’m the problem. It’s me.”


The banks that know how to do extensive due diligence on operational impacts when it’s in their financial interests?


Those banks? That’s who needs protecting with this law?


You cannot be serious about human rights if you are not serious about tackling the responsibility of the financial sector. When it comes to the Council members who betrayed the rights-holders with this clause, I got a list of names and yours is in red, underlined, France and Austria. France was the first to indicate resistance to the application to the financial sector, but it is Austria’s recent pressure on Ukraine, in which it leveraged international assistance for the war on the removal of Austrian Raiffiesen Bank from the list of international sponsors of war, that is perhaps the worst development in this area. People need to know this, so they know where to put pressure moving forward.


It appears there will be an “impact assessment” to determine if the law should apply to this industry, but that will be too little and far too late.


It’s also wholly unnecessary.


There is nothing particularly special about banks or the financial industry that makes human rights due diligence hard. They just don’t want to pay for it to be done properly. That’s not surprising. No company wants to pay for it. Disney once complained about reporting requirements before we even had any human rights due diligence laws because they didn’t way to cut into CEO bonuses or shareholder profits. The desire to not spend money on human rights due diligence is not an adequate reason for allowing those complicit in the Nazi genocide or South African apartheid or Russia’s unlawful war of aggression in Ukraine to continue to evade human rights responsibilities. If anything, their focus on profits and finances over people is exactly why this law is needed.


Concluding note


So that’s it: my would’ves, could’ves, should’ve for the EU. At times, the CSDDD provides me with hope about the direction of travel for this field, but in other areas it represents a crisis of my faith.




PS, Taylor Swift’s birthday was on the same day as the final trilogue. As a fun Easter Egg hunt for my fellow Swifties, I’ve sprinkled her lyrics throughout this post (13 times, obviously). I’ll send a friendship bracelet to the first Swiftie who emails me a list of all the hidden gems. Please use the subject line “T-Swift Easter Egg Hunt” in your email. My email address can be found on my Essex profile.

No comments:

Post a Comment