Thursday 21 March 2024

Resistance is futile: the new Eurodac Regulation – part 4 of the analysis of new EU asylum laws


Professor Steve Peers, Royal Holloway University of London

Photo credit: Rachmaninoff, via Wikimedia Commons

Just before Christmas, the European Parliament and the Council (the EU body consisting of Member States’ ministers) reached a deal on five key pieces of EU asylum legislation, concerning asylum procedures, the ‘Dublin’ system on responsibility for asylum applications, the ‘Eurodac’ database supporting the Dublin system, screening of migrants/asylum seekers, and derogations in the event of crises. These five laws joined the previously agreed revised laws on qualification of refugees and people with subsidiary protection, reception conditions for asylum-seekers, and resettlement of refugees from outside the EU. Taken together, all these laws are intended to be part of a ‘package’ of new or revised EU asylum laws.

I’ll be looking at all these agreements for new legislation on this blog in a series of blog posts (see the agreed texts here), unless the deal somehow unravels. This is the fourth post in the series, on the new Regulation on Eurodac – the system for collecting personal data to attempt to ensure the operation of the EU’s asylum laws. The previous blog posts in the series concerned the planned new qualification Regulation (part 1), the revised reception conditions Directive (part 2), and the planned new Regulation on resettlement of refugees (part 3).

As noted in the earlier posts in this series, all of the measures in the asylum package could in principle be amended or blocked before they are adopted, except for the previous Regulation revising the powers of the EU asylum agency, which was separated from the package and adopted already in 2021. I will update this blog post as necessary in light of developments. (On EU asylum law generally, see my asylum law chapter in the latest edition of EU Justice and Home Affairs Law; the summary of the current Regulation below is adapted from that chapter).

The new Eurodac regulation: background

There have been two previous ‘phases’ in development of the Common European Asylum System: a first phase of laws mainly adopted between 2003 and 2005, and a second phase of laws mainly adopted between 2011 and 2013. The 2024 package will, if adopted, in effect be a third phase, although for some reason the EU avoids calling it that.

The initial Eurodac Regulation (the ‘2000 Regulation’) was adopted before the first phase of the CEAS, back in 2000, to supplement the Dublin Convention on the allocation of responsibility for asylum applications, which also predated the first phase. The 2000 Regulation was subsequently replaced in 2013, as part of the second phase of the CEAS (the ‘2013 Regulation’).

The 2013 Regulation requires fingerprints of all asylum seekers over fourteen to be taken and transmitted to a ‘Central Unit’ which compared them with other fingerprints previously (and subsequently) transmitted to see whether the asylum seeker had made multiple applications in the EU. (So did the 2000 Regulation: the difference is that Member States since 2013 have to take fingerprints not only of those who apply for refugee status, but also of those who apply for subsidiary protection, a separate type of international protection for those who do not qualify for refugee status; for the definitions, see Part 1 in this series).

Similarly, Member States have to take the fingerprints of all third-country nationals who crossed a border irregularly, and transmit them to the Central Unit to check against fingerprints subsequently taken from asylum seekers. The reason for this is that one of the grounds to determine responsibility for asylum applications under the Dublin rules is which Member State the person concerned first entered without authorisation. The deadline to take the fingerprints is within seventy-two hours after an application for international protection is made, or after apprehension in connection with irregular crossing of an external border.

Member States may also take fingerprints of third-country nationals ‘found illegally present’ and transmit them to the Central Unit to see whether such persons had previously applied for asylum in another Member State. If so, it is possible that the other Member State is obliged to take them back under the Dublin rules. But note that under the 2013 Regulation, it is not mandatory to take and transmit the fingerprints of this group, and the Eurodac system does not store them. Law enforcement agencies and Europol have also been given access to Eurodac data, subject to certain conditions.

For a transitional period under the 2000 Regulation, the data on recognized refugees was blocked once the refugee status of a person was granted. However, the 2013 Regulation unblocked this data. Conversely, the 2013 Regulation reduced the time that the Eurodac system retained data on irregular border crossers (cutting that time from two years to eighteen months).

Unlike most other EU asylum laws, the Eurodac Regulation has not been the subject of case law of the CJEU, so it is not necessary to look at case law to fully understand its meaning.

The UK and Ireland opted in to the two previous Eurodac Regulations, although the 2013 Regulation ceased to apply to the UK (along with the Dublin rules) at the end of the Brexit transition period. Ireland opted out of the proposal for the 2024 Regulation, although it could still choose to opt in to that Regulation after it has officially been adopted. Denmark is covered by Eurodac as part of its treaty with the EU on applying Dublin and Eurodac; there are also treaties with Norway and Iceland, and Switzerland (with a protocol on Liechtenstein) to apply the Dublin rules and Eurodac too.

As with all the new EU asylum measures, each must be seen in the broader context of all the others – which I will be discussing over the course of this series of blog posts. The Eurodac Regulation has always had close links with the EU’s Dublin rules on allocation of responsibility for asylum applications; the new version of the Regulation will have further links with other EU law on asylum, as discussed below.

The legislative process leading to the agreed text of the revised Eurodac Regulation started with the Commission proposal in 2016, as a response to the perceived refugee crisis. A revised version was tabled in 2020, as part of the relaunch of all the asylum talks. The negotiations on that proposal by EU governments (the Council) and then between the Council and the European Parliament, have been convoluted, but have now ended. But this blog post will look only at the final text, leaving aside the politics of the negotiations. My analysis focusses on how the new Eurodac Regulation will differ from the 2013 Regulation, the main details of which were already summarised above.

Basic issues

Like other measures in the asylum package, the application date of the 2024 Eurodac Regulation is two years after adoption (so in spring 2026). However, as discussed below, there will be special rules on the application of the Regulation to temporary protection (ie the application of the EU temporary protection Directive on initial short term protection in the event of mass influxes, so far applied only once, to those fleeing the invasion of Ukraine).

The 2024 Eurodac Regulation first of all expands the list of the purposes of Eurodac – previously support of the Dublin system, with some law enforcement access to data – to include general support for the asylum system, assistance with applying the Resettlement Regulation (on which, see part 3 of this series), control of irregular migration, detection of secondary movement, child protection, identification of persons, supporting the EU travel authorization system and the Visa Information System, the production of statistics to support ‘evidence-based policy making’, and to assist with implementing the temporary protection Directive. The clause on ‘purpose limitation’ related to the use of personal data is far broader, although it is now accompanied by a general human rights safeguard.

Next, the type of data collected is expanded beyond fingerprints to include ‘biometric data’, now defined as including ‘facial image data’. Other types of data will also be newly collected. The obligation to take data is more clearly highlighted in the 2024 Regulation, along with both further safeguards and yet also ‘the possibility to use means of coercion as a last resort’.

The age of collecting data from children will be reduced from 14 to 6. While there will be special safeguards for children, these make uncomfortable reading. For instance, ‘[n]o form of force shall be used against minors to ensure their compliance with the obligation’, and yet ‘a proportionate degree of coercion may be used against minors to ensure their compliance’.

New provisions in the 2024 Regulation aim to secure interoperability with other EU databases – namely the ETIAS travel authorization system and the Visa Information System. Also, the use of Eurodac to generate immigration statistics will be hugely expanded.

Data will still be collected for Eurodac from asylum-seekers and those crossing the external border irregularly, with additional data on changes of status of the data subject. Also, data will now be collected and stored on a mandatory basis (rather than being checked against the database, but not stored, on an optional basis), for irregular migrants, to assist in identifying them. Finally, data will now be collected for the first time as regards four more situations: EU resettlement under the new Resettlement Regulation; national resettlement; search and rescue; and temporary protection, under the EU temporary protection Directive. However, the extension to temporary protection cases only applies to future hypothetical uses of the temporary protection Directive – not to those covered by the 2022 application of that Directive to those fleeing the invasion of Ukraine.

Most of this data will be automatically compared to data already in Eurodac. Data on asylum-seekers will be stored (as before) for ten years; data on irregular border crossers will now be stored for five years, rather than 18 months; and there are varying periods of storage (usually five years) for data newly collected under the 2024 Regulation. However, for temporary protection cases, the storage period is linked to the period of temporary protection under EU law, which is currently three years maximum. As before, data will be erased in advance if the person concerned obtains citizenship of a Member State, but not (for irregular border crossers) if they leave or obtain a residence permit. Conversely, data on those who obtain international protection will be kept for the usual ten year period, rather than (as before) deleted three years after obtaining protection.

Finally, as for data protection, the huge increase in data being collected is regulated by largely the same standards as before (adapted to include the collection and comparison of facial images, as well as the collection of data on security risks), except it is now possible to transfer data to non-EU countries for the purposes of return.


There was no Commission impact assessment specifically for the amendments to the Eurodac Regulation, and the rationales for the amendments offered in the preamble to the Regulation are rather sweeping. However, there is more detail in the explanatory memoranda to the Commission’s proposals. The 2016 proposal argues for Eurodac to be used not just to facilitate application of the Dublin system, but also as a tool for application of immigration control more broadly. In the Commission’s view, this justified the use of the system to identify those who were staying irregularly – including more comparisons of data. Collecting data on younger children was justified on grounds of safeguarding, to trace parents if they were separated. The collection of facial images and other new types of data was justified on grounds of facilitating identification. Data on relocation should be collected in order to transfer an asylum seeker to the correct Member State under the Dublin rules. The ten year period of retaining asylum seeker data, even if a claim was successful, was justified in case those with status moved without authorization and had to be returned to the Member State responsible. A longer period of retaining data of border crossers, without advance deletion in as many cases, was justified in case it was necessary for return purposes.

As for the revised 2020 proposal, the Commission argued that it was necessary to be consistent with other new rules on search and rescue, resettlement, changes to the main Dublin rules, screening, listing rejected applications (so that the rules on repeat applications could be applied), and internal security risks (because this rules out relocation under the Dublin rules).

Much of these rationales – which in any event are not based on detailed statistical analysis, in the absence of a specific impact assessment from the Commission (a vague staff working document does not contain any further detail) – can be questioned. Was it necessary to include future temporary protection cases, given that an ad hoc solution was found for the current use of the temporary protection directive? In particular, was it necessary to include such cases, considering the original rationale of Eurodac, if (as in the current use of temporary protection) the Dublin rules are de facto disapplied to temporary protection beneficiaries?

Given that the system is extended to temporary protection cases, why does the logic of a short period for retaining data in such cases not apply more broadly? Or at least, why is the logic of retaining data on resettled persons for five years – because long-term residence status is likely then – not applied equally to other people with protection status, or a residence permit? (The idea – raised during negotiations – of deleting data once people obtained long-term residence status was unfortunately dropped). This is a subset of the more general flaw with the whole package of amendments: the determination to strengthen the application of negative mutual recognition (ie Member States recognizing each others’ refusal of applications), without strengthening positive mutual recognition (recognizing the successful applications in other Member States) in parallel, and without considering the cases where those with protection status have a justified reason to move to another Member State (see the threshold set out in the Ibrahim judgment, for instance), or the prospects of long-term residents using their right under EU law (the long-term residents' Directive) to move to another Member State if they meet the criteria to do so. Finally, there is no rationale of using the Eurodac system for returns in light of the expansion of the Schengen Information System to the same ends (expanded data on entry bans, data on return decisions), which is already applicable in practice.

Overall then, the new Eurodac system will collect much more data, on many more people, for far more purposes, and for much longer – and with an inadequate explanation for many of these changes.

Sunday 10 March 2024

Climate case against ING: what does it mean for monetary policy?


Annelieke Mooij, Assistant Professor, Tilburg University

Photo credit: Sandro Halank, via Wikimedia Commons

The Dutch climate organization “milieudefensie” had threatened to start a case against the Dutch ING bank. The 14th of February 2024 the ING has responded that it will not give in into the demands of the climate organization. Hence making it highly likely that the climate policy of the ING will face legal challenges. Prima facie the case seems without EU relevance as it concerns a national climate organization suing a national bank. Though the case may seem to lack European relevance, the opposite is true. The decision by the Dutch judiciary may have serious European consequences. In particular for the Monetary Union and may even bypass the independence of the ECB.

Milieudefensie v. ING

The climate organization (plaintiff) asks the court to order the ING to take four concrete steps. The first is to align its climate policy with the target of 1.5C as stipulated by the Paris Agreement. The second demand is that the ING reduces its own emissions by 48%CO2 and 42% CO2e by 2030. Third that it stops financing large corporate clients who have adverse climate impacts. The fourth and final demand is that ING engages in discussion with the plaintiff about how to substantiate these demands. The demands made by the plaintiff are serious claims. Raising the question of the likelihood these demands are met by the Dutch court.

Whilst the court summons is not yet finalized it is likely that the plaintiff will refer to two earlier cases. The first is to an earlier case won against the Dutch state. In the Urgenda case the Dutch Supreme Court ruled that the state had to reduce its emissions in accordance with the Paris Agreement. The Supreme Court did not state how the state had to comply, simply that it had to comply. The case gave a strong message to the state that it had the obligation to meet the climate agreements. Urgenda provided the foundation for the second case.

The second case that the plaintiff will likely reference is that of Milieudefensie v. Shell. This case still has an appeal pending. The case concerned the climate responsibilities of Dutch oil concern Shell. The judiciary decided that Royal Dutch Shell (RDS) was responsible for the emission reductions of the global shell activities. In this capacity it had to reduce its global emissions by 45% by 2030 in comparison to 2019 levels. This was considered a revolutionary case as it is one of the first where the judiciary recognized climate duties against a legal person.  The legal foundation was article 6:162 of the Dutch Civil Code, this article is a form of tort law. The court considered that the emission reduction plans of Shell were not concrete enough. Shell thereby violated an unwritten duty of care. Prima facie the case against ING therefore looks strong. There are, however, two obstacles to overcome.

The first minor challenge is that of the impact of ING’s financial products on their clients. In the case against Shell the court considered that the mother company RDS determined the policy of the entire group (paraf. 4.4.4). It therefore had the influence to change the companies’ policies and directions. Arguably a bank can have a similar steering influence upon the direction of its clients. In particular the ING may refuse loans intended to buy polluting machines. On the other hand banks can approve loans for investment in greener operations. Loans can thereby have a powerful impact upon the direction of a consumer. Operating credit on the other hand will have a less likely impact on the course of a business. To demand that all financing is discontinued to corporate clients who do not have a climate plan provides a broad interpretation to the duty of care of the banking sector. In particular, as the Dutch judge will have to weigh the right to a clean environment against the right to operate a business.

The second difficulty is that unlike RDS, ING’s emissions (in)directly result from a varied investment portfolio. As stated by the response of ING measuring merely the emissions can lead to a negative climate result. An increased investment in heat pumps, increases the emission portfolio of ING but can decrease global emissions. The emissions in the Shell case were the direct result of the company’s own activities. Redirecting its efforts from fossil fuels to sustainable energy will have a positive impact upon the fight against climate change. In length of this argument Ferrari and Landi argue with regard to central banks that investments should be made not by simply investing in the lowest emitters.  Instead of this so-called “best-in-universe” approach, banks should invest in companies that do well within their substitute production group. The so-called best-in-class method of investment. Through this approach global demand can be shifted to green products. Therefore unlike the Shell case the court will have to decide between a blanket reduction of emissions which may have a negative environmental impact, or a best-in-class approach. The difficulty is that the court will then have to provide instructions not on what goals to achieve but rather on how to achieve emission reductions. The methods of achievement has been something the court has refrained from doing in both Shell and Urgenda. The decision on methodology may have a large impact on the future European Central Bank’s purchasing programmes.


Impact on the Monetary Union

The right to (private) life codified in the European Convention for Human Rights (ECHR) played a significant role in these cases. Article 52(3) of the EU Charter states that the ECHR provides a minimum level of protection. The CJEU may therefore award a higher level of protection but not lower than the ECHR. The interpretation of the ECHR therefore has a large influence on the fundamental rights protected within the EU Charter of Fundamental Rights.

The judgements of national judges are not binding for the European Court on the Convention of Human Rights (ECtHR). However, when there appears to be a consensus among the majority of members the ECtHR considers there is common ground. The existence of common ground decreases the margin of appreciation for the member states. The case of Urgenda directly involved an appeal to human rights against the state, specifically the right to life (article 2) and private life (article 8). Similar cases have been successfully tried in Ireland and France. The ECtHR is yet to rule on the climate change cases that are pending. There however seems a likelihood of a positive outcome for the plaintiffs. The CJEU will have to consider the scope of these cases and can decide on the same or a higher standard of protection. There is, however, a difference with the case of ING.

The cases against the states directly invoked human rights. In the Shell case the Dutch judge only indirectly applied the fundamental rights when interpreting the duty of care. It will likely do the same in the case of ING. This provides a less strong signal about common ground to the ECtHR that the right to a clean environment includes specific obligations for banks and other legal persons. It will take more national judges to reach similar judgements to provide the ECtHR with to conviction that there is common ground. The court in the Shell case, however, included the in its considerations the UN Guiding principles. These principles create a large common understanding throughout the ECHR members. The states obligation to enforce direct obligations for legal persons through its courts are likely to be accepted by the ECtHR.   If so it cannot be ignored especially by the largest bank in the EU; the European Central Bank (ECB).

The ECB has a tiered mandate. Its primary objective is to obtain price stability which has been defined as keeping inflation under but close to two percent on the medium term. To achieve this goal the Treaty on the Functioning of the European Union (TFEU) has granted the ECB with a high level of independence. This means that neither the EU or national legislators cannot determine or influence how the ECB executes its monetary policy. The ECB is therefore likely to argue that it cannot be influenced as to how it conducts is monetary policy even with regard to climate change. The ECB, however, is not immune from other primary or secondary legislation. In the Olaf case the CJEU considered that the ECB falls within the EU legal framework. Its independence only protects the ECB against political influence when it conducts monetary policy.

In addition to its primary mandate the ECB has a secondary mandate to abide by. This mandate includes “[…]the sustainable development of the Earth”. The ECB has to comply with its secondary mandate if it does not violate its primary mandate. Currently this is interpreted by the ECB to mean that when the ECB has a choice in how to achieve its price stability objectives, the secondary mandate is guiding. The secondary mandate, however, has various goals. Some of these goals can be achieved simultaneously but some are independent or even substitute goals. This makes it currently difficult to pinpoint to the legal obligations of the ECB from the secondary mandate. When it comes to climate change, however, the ECB considers itself bound by the Paris Agreement. In addition the ECB has to abide by the EU Charter of Fundamental Rights. It is however unclear what precise duties these treaties bring to the ECB when it carries out its private sector funding programmes. The ECB states that it is trying to decarbonize its corporate sector portfolio’s by using a method called tilting. The green bonds in the sector are given preference to the brown bonds. The difficulty is that when green bonds run out the ECB will continue by purchasing brown bonds if it considers this necessary for its monetary aim. The case of Milieudefensie v. ING, can provide clear guidance with regard to the ECB’s fundamental right climate responsibilities in its corporate sector programmes.  The Dutch court’s reasoning can provide the balance between a bank’s obligations to climate against the right to operate a business. This reasoning can be incorporated by the ECB.

The ECB makes choices with regard to how (intense) to pursue price stability. These choices should be guided by human rights such as climate change and economic needs. The ING decision can create a guiding framework on how to balance these different interests. However before such guidelines can be considered binding more national cases need to be tried, or the ING case would have to reach the ECtHR. Still quite a road to be travelled.

Friday 8 March 2024

The Dillon Judgment, Disapplication of Statutes and Article 2 of the Northern Ireland Protocol/Windsor Framework



Anurag Deb, PhD researcher, Queens University Belfast, and Colin Murray, Professor of Law, Newcastle Law School

Photo credit: Aaronward, via Wikicommons media

Extensive provisions of an Act of Parliament have been disapplied by a domestic court in the UK for the first time since Brexit. That is, in itself, a major development, and one which illustrates the power of the continuing connections between the UK and EU legal orders under the Withdrawal Agreement. It is an outcome which took many by surprise, even though we have argued at length that the UK Government has consistently failed to recognise the impact of Article 2 in rights cases. So here is the story of this provision of the Withdrawal Agreement, the first round of the Dillon case, and why understanding it will matter for many strands of the current government’s legislative agenda.

Article 2 of the Windsor Framework, as the UK Government insists on calling the entirety of what was the Northern Ireland Protocol (even though the Windsor Framework did nothing to alter this and many other provisions), is one of the great survivors of this most controversial element of the Brexit deal. Whereas other parts of the Brexit arrangements for Northern Ireland have been repeatedly recast, the wording of this provision has remained remarkably consistent since Theresa May announced her version of the Brexit deal in November 2018 (although it was Article 4 in that uncompleted version of the deal).

The provision was tied up relatively early in the process. Indeed, it suited the UK Government to be able to claim that rights in Northern Ireland were being protected as part of the Withdrawal Agreement, to enable them to avoid claims that Brexit was undermining the Belfast/Good Friday Agreement of 1998. Although the 1998 Agreement makes limited mention of the EU in general, it devotes an entire chapter to rights and equality issues, and EU law would play an increasing role with regard to these issues in the years after 1998.   

The UK Government made great play of explaining, in 2020, that its Article 2 obligations reflected its ‘steadfast commitment to upholding the Belfast (“Good Friday”) Agreement (“the Agreement”) in all its parts’ (para 1). Even as it appeared ready to rip up large portions of the Protocol, in the summer of 2021, the Article 2 commitments continued to be presented as ‘not controversial’ (para 37). It might more accurately have said that these measures were not yet controversial, for no one had yet sought to use this provision to challenge the operation of an Act of Parliament. In a powerful example of Brexit “cake-ism”, the UK Government loudly maintained that Article 2 was sacrosanct only because it had convinced itself that the domestic courts would not be able to make much use of it.

Little over a month ago, the Safeguarding the Union Command Paper all-but sought to write the rights provision out of the Windsor Framework (para 46):

The important starting point is that the Windsor Framework applies only in respect of the trade in goods - the vast majority of public policy is entirely untouched by it. … Article 2 of the Framework does not apply EU law or ECJ jurisdiction, and only applies in the respect of rights set out in the relevant chapter of the Belfast (Good Friday) Agreement and a diminution of those rights which arises as a result of the UK’s withdrawal from the EU.

Article 2 is a complex and detailed provision, by which (read alongside Article 13(3)) the UK commits that the law in Northern Ireland will mirror developments in EU law regarding the six equality directives listed in Annex 1 of the Protocol and, where other aspects of EU law protect aspects of the rights and equality arrangements of the relevant chapter of the 1998 Agreement, that there will be no diminution of such protections as a result of Brexit. But notwithstanding the complexity of these multi-speed provisions, by no construction can it be tenable to suggest that ‘the Windsor Framework applies only in respect of the trade in goods’.

The Dillon judgment marks the point at which the Government’s rhetoric is confronted by the reality of the UK’s Withdrawal Agreement obligations, and the extent to which they are incorporated into domestic law by the UK Parliament’s Withdrawal legislation. The case relates to the controversial Northern Ireland Troubles (Legacy and Reconciliation) Act 2023, heralded by the UK Government as its vehicle for addressing the legal aftermath of the Northern Ireland conflict. This Act, in preventing the operation of civil and criminal justice mechanisms in cases relating to the conflict, providing for an alternate body for addressing these legacy cases (Independent Commission for Reconciliation and Information Recovery) and requiring this body to provide for immunity for those involved in causing harms during the conflict, has provoked widespread concern within and beyond Northern Ireland.

The Act has been the subject of challenges under the Human Rights Act 1998 and an inter-state action against the UK launched before the European Court of Human Rights by Ireland. In the interest of brevity, however, this post will explore only the challenges under the Protocol/Windsor Framework. This is not the first case to invoke Article 2 (see here and here for our analysis of earlier litigation to which the UK Government should have paid more attention), but this remains the most novel element of the litigation, testing the operation of this element of the Withdrawal Agreement. It is also offers the most powerful remedy directly available to those challenging the Act; disapplication of a statute to the extent that it conflicts with those elements of EU law which this provision preserves.

These requirements are explained by the operation of Article 4 of the Withdrawal Agreement, which spells out that elements of the Withdrawal Agreement and the EU law which continues to be operative within the UK as a result of that Agreement will continue to be protected by the same remedies as applicable to breaches of EU law by Member States. Section 7A of the European Union (Withdrawal Act) 2018 reflected this obligation within the UK’s domestic jurisdictions, as accepted by the UK Supreme Court in the Allister case (see here for analysis). For Mr Justice Colton, his task could thus be summarised remarkably easily; ‘any provisions of the 2023 Act which are in breach of the WF [Windsor Framework] should be disapplied’ (para 527). All he had to do, therefore, was assess whether there was a breach.

The rights of victims are a prominent element of the Rights, Safeguards and Equality of Opportunity chapter of the 1998 Agreement. These rights were, in part, given protection within Northern Ireland Law through the operation of the Victims’ Directive prior to Brexit and, insofar as this EU law is being implemented, through the operation of the EU Charter of Fundamental Rights with regard to its terms. The key provision of the Victims’ Directive is the guarantee in Article 11 that applicants must be able to review a decision not to prosecute, a right clearly abridged where immunity from prosecution is provided for under the Legacy Act. The breach of this provision alone was therefore sufficient to require the application of extensive elements of the Legacy Act (sections 7(3), 8, 12, 19, 20, 21, 22, 39, 41, 42(1)) (para 608):

It is correct that article 11(1) and article 11(2) both permit procedural rules to be established by national law. However, the substantive entitlement embedded in article 11 is a matter for implementation only and may not be taken away by domestic law. The Directive pre-supposes the possibility of a prosecution. Any removal of this possibility is incompatible with the Directive.

The UK Government cannot claim to have been blindsided by this conclusion. They explicitly acknowledged the specific significance of the Victims’ Directive for the 1998 Agreement commitments in their 2020 Explainer on Article 2 (para 13). Moreover, in the context of queries over the application of Article 2 to immigration legislation, the UK Government insisted that in making provisions for victims the 1998 Agreement’s ‘drafters had in mind the victims of violence relating to the conflict in Northern Ireland’. Exposed by these very assertions, the Government hoped to browbeat the courts with a vociferous defence of the Legacy Act (going so far as to threaten consequences against Ireland for having the temerity to challenge immunity arrangements which raised such obvious rights issues).

The strange thing about the Dillon case, therefore, is not that the court disapplied swathes of the Legacy Act. This outcome is the direct consequence of the special rights protections that the UK agreed for Northern Ireland as part of the Withdrawal Agreement. The strange thing is that Mr Justice Colton arrived at this position so readily, in the face of such a determined efforts by the UK Government to obscure the extent of the rights obligations to which it had signed up. In the context of the UK’s full membership of the EEC and its successors, it took many years and many missteps to get to Judicial Committee of the House of Lords applying the remedy of disapplication of statutory provisions which were in conflict with EU law (or Community law, as it then was) in Factortame (No. 2). The Northern Ireland High Court was not distracted from recognising that these requirements remain the same within Northern Ireland’s post-Brexit legal framework when it comes to non-diminution of rights as a result of Brexit.

Indeed, the Court could not be so distracted. As we set out above, once Colton J determined that relevant sections of the Legacy Act had breached the Victims’ Directive, the judge had no discretion in the matter of disapplying the offending sections. This marks perhaps one of the strangest revelations to emerge from Brexit. Disapplication of inconsistent domestic law (of whatever provenance) as a remedy extends across much of the Withdrawal Agreement, covering any and every aspect of EU law which the Agreement makes applicable in the UK. This fact – spelled out in the crisp terms of Article 4 of the Withdrawal Agreement – was nowhere to be found in the 1972 Accession Treaty by which the UK became part of the (then) EEC. This is unsurprising, considering that the primacy of Community law over domestic law was then a relatively recent judicial discovery. In the decades since then, however, the principle of EU law primacy and the requirement that inconsistent domestic laws be disapplied have become a firm and irrevocable reality. Small wonder then, that the UK Government accepted it as a price to pay for leaving Brussels’ orbit without jeopardising the 1998 Agreement – no matter how it has since spun the notion of “taking back control”.

Where the government might have its own interests in attempting to obscure the clarity of Article 2 and its attendant consequences, Dillon is by some measure a wake-up call for Westminster. The report of the Joint Committee on Human Rights’ scrutiny of the Bill which became the Legacy Act contained no reference to the Windsor Framework, notwithstanding consistent work by the statutory Human Rights and Equality Commissions in Northern Ireland (the NIHRC and ECNI) to highlight the issue. Dillon marks not only some of the most extensive disapplication of primary legislation ever enacted by Parliament, but also the first such outcome after Brexit. But Dillon is only the beginning. It will be followed in the weeks to come by a challenge to the Illegal Migration Act 2023 by the NIHRC, where there are clear arguments that relevant EU law has been neglected. The Government, and Westminster in general, have not woken up to the legal realities of the Brexit deal. Dillon makes clear that Parliament needs to pay far greater attention to the Windsor Framework; not as a legal curio that only occasionally escapes its provincial relevance, but as a powerful source of law which impacts law-making and laws which are intended to apply on a UK-wide basis.


Thursday 1 February 2024

Saying Nothing much at all, to General Acclaim – The Windsor Framework Relaunch


Colin Murray, Professor of Law, Newcastle Law School

Photo credit: en:User:Dom0803, via Wikimedia Commons

The landing space in which to do a deal on the Windsor Framework and make it stick, second time round, was remarkably small. The hard work of agreeing with the EU an approach to the rules covering trade in goods involving Northern Ireland which would produce as little friction as possible between different parts of the UK whilst simultaneously safeguarding the EU Single Market had been done almost 12 months ago. This, however, had not brought an end to the Democratic Unionist Party’s (DUP’s) boycott of the Northern Ireland Assembly.

This meant that the UK Government had appease multiple parties as it tried to persuade the DUP that the special post-Brexit trading arrangements for Northern Ireland are not a threat to its place in the UK. It had to be seen to provide further concessions to the DUP to finally get the deal over the line, while simultaneously not doing anything that could be regarded as threatening to the EU single market access for Northern Ireland goods provided by the reworked Protocol. Looming over this difficult balancing act was the threat of Brexit’s most ardent supporters within Rishi Sunak’s own party, who remained anxious lest the new deal introduce an enhanced degree of alignment between UK law and EU law post Brexit (as unhelpfully splashed in the Telegraph).

It turns out that Sunak’s formula for performing such a complex feat has been to announce as little as possible as loudly as possible (a masterclass in the Yes, Prime Minister, “radical tie for sober announcement” approach to policy). The new Command Paper is more than twice as long as the Windsor Framework Command Paper of February 2023 and proclaims just how much it matters (derivatives of “important” appear more than 50 times in the text, buttressed by nearly 30 uses of forms of “significant”). In appreciation of how well a ship building metaphor plays in Northern Ireland, commitments are “copper fastened” fully five times in the text.  

Announcing the new package in Parliament, the Northern Ireland Secretary declared that the Conservative Party was “the party of the Union”. You could be forgiven for thinking at this point that he had not read the document, for it is repeatedly damning of the Conservatives’ record in office. The Command Paper laments that failing to respond to Unionist concerns during negotiations over Brexit had “undermined economic and political stability in Northern Ireland” (para 16) and lamented that “The decision of the then Government to drop UK Internal Market Act clauses that would have protected NI-GB trade meant that unfettered access was placed in legal jeopardy” (para 27). If only Rishi Sunak could find out who was Chancellor of the Exchequer at the time of that decision.

Such is the DUP’s fury over the undermining of their position by the Conservatives, however, that the efforts to address these concerns are a necessary part of the package, notwithstanding the deflection of blame onto “the then Government”. What is perhaps more surprising are some of the tonal slips. There are repeated reference to “the sense” or “the perception” of the Union being under threat, so as to give Sunak’s government enough cover to claim to be addressing DUP concerns without ever acknowledging that it accepts them wholesale.

The most practically significant elements of the Command Paper relate to the expansion and rebranding of the “green lane” arrangements by which goods not generally believed to be at risk of onward movement into the EU as they are moved from Great Britain into Northern Ireland are subject to a minimal regime of checks based around specific risks. These risks are identified on the basis of analysis of real-time trade flow data shared with the EU.  It is important to note that these developments were to a large extent foreshadowed in the Windsor Framework, as the operation of data sharing and risk management processes became embedded. We are less than a year on from the acknowledgment that “[t]hese protections are also not static, with specific recognition in the agreement of the need to monitor, and as necessary adapt to, other changes in the future” (Windsor Framework Command Paper, 2023, para 50). That the rebranded internal market lane has been pledged to be operative “as soon as possible” speaks to the need for the EU to accept the adequacy of the processes in meeting the UK’s obligations.

Alongside these changes come an agreement with the EU, and a draft legal text, which when concluded at the next Joint Committee meeting will enable businesses operating in Northern Ireland to have full access to goods imported into the UK under the UK’s post-Brexit trade agreements. Much as hill farmers in Tyrone are unlikely to be jumping for joy at the prospect of direct competition from New Zealand lamb, this development does close off a complaint that Northern Ireland is experiencing post-Brexit trading rules in a way that is distinct from (and for some, disadvantageous to) the arrangements for the rest of the UK.

The DUP’s Gavin Robinson was eager to draw attention to this change:

“We were told that there would be no legal change to the Windsor framework or the EU text, yet—this was part of the process of ensuring trust and commitment—colleagues will have noticed the publication just yesterday of more than 60 pages of legislative changes to text on the European perspective”

It is accurate to state that Joint Committee decisions have legal status equal to Withdrawal Agreement provisions, but this is better regarded as an outworking of the Windsor Framework rather than a change to its core text. The Windsor Framework Command Paper made it clear that this development was a priority for the UK and the EU (see para 15), it is just one that has taken some months come to fruition given the complexity of the subject matter. As the new Command Paper notes, “There is always the potential for issues to emerge, and for challenges to need to be addressed. That capacity for ongoing dialogue, and for further development as may be required, is acknowledged in the Windsor Framework and its accompanying political declaration” (para 35). No one should be jumping up to say that Brexit is finally done.

One key take away, which extends from the Windsor Framework into the new Command Paper, is that the UK Government’s focus has been on trading rules and not goods production. The DUP’s Carla Lockhart put the issue directly to Chris Heaton-Harris in the Commons; “Will the Secretary of State therefore confirm whether Northern Ireland still remains under the EU’s single market laws for the production of food and agrifood?” This drew a terse response from the Secretary of State; “May I recommend that she re-reads the Windsor framework and indeed the Command Paper?” If anyone does reread the documents they will find very little relevant to goods production, and the UK Government might be better advised not to attempt to obscure the reality that their efforts have been focused on securing (dual) market access for Northern Ireland produced goods, not attempting to reset the rules governing goods production established under the Protocol.

In parts of the Paper, the UK Government become quite shrill in their insistence about the limitations to the operation of EU law in Northern Ireland after Brexit; “The important starting point is that the Windsor Framework applies only in respect of the trade in goods - the vast majority of public policy is entirely untouched by it” (para 46). It is impossible not to see this as predominantly for the consumption of its own MPs, because the discussion is couched entirely in terms of the Windsor Framework having no impact on the Rwanda policy.

This is a strange flex in the middle of a document about trade and Northern Ireland, and amounts to an attempt to deny any general significance to the “non-diminution” of rights commitment under Article 2. The problem for these claims is that the non-diminution commitment does encompass elements of EU law like the Trafficking Directive which means that different rights protections are at issue in Northern Ireland by comparison to the rest of the UK. The Command Paper, perhaps unsurprisingly, makes no mention of the fact that the Northern Ireland Human Rights Commission is currently engaged in litigation challenging the Illegal Migration Act 2023 for what it regards as breaches of Article 2.

The new legislative protections for Northern Ireland’s place in the Union is where the document goes full Houdini. In discussing the UK Supreme Court’s Allister judgment, the Command Paper is at pains to assert that the UK Parliament is fully sovereign and has “taken back control” post Brexit (“Importantly, the Supreme Court importantly recognised the UK’s sovereignty, exercised through Parliament”, at para 51, which I guess must mean it is doubly important). But just a few pages after this reminder that nothing is “permanent or irreversible” in this Government’s account of the UK Constitution, come the supposed guarantees of Northern Ireland’s place in the Union.

The most significant of these come in the form of statutory instruments (the Windsor Framework (Constitutional Status of Northern Ireland) Regulations 2024, the Windsor Framework (Internal Market and Unfettered Access) Regulations 2024 and the Windsor Framework (Marking of Retail Goods) Regulations 2024), which, promulgated under the European Union Withdrawal Act, allow for far ranging changes to primary legislation, including the Act itself. This allows these blocks of the deal to be put in place rapidly, and Stormont restored. It also, of course, allows for the whole process to be completed with cursory parliamentary scrutiny.

The Windsor Framework (Constitutional Status of Northern Ireland) Regulations 2024 begins with an amendment to section 38 of the European Union (Withdrawal Agreement) Act 2020, asserting that the Windsor Framework operates without prejudice to the “constitutional status of Northern Ireland as part of the United Kingdom”. This is constitutional surplusage. The whole point of the legislation is to implement an international agreement, and it is therefore to be read in light of that agreement. And Article 1 of the Northern Ireland Protocol, as remixed by the Windsor Framework, affirms that it operates “without prejudice” to Northern Ireland’s constitutional status.

This Statutory Instrument then takes an interesting turn. It inserts section 38A into the 2020 Act, which purports to ban any future UK Government from ratifying any new agreement with the European Union “that would create a new regulatory border between Great Britain and Northern Ireland”. Two observations can be made of this pledge. The first is that the horse has very much bolted. The Windsor Framework provides a continuing mechanism for new and amended EU law relating to trade in goods to apply to Northern Ireland (subject to the requirements of the Stormont veto, which UK Governments can ultimately override if they disagree with a use of it). There is thus no need for any new Agreement – a process of response to change in EU law is baked into the existing arrangements and this new stricture will not apply to it. Second, anyone who seeks to put much weight on this pledge was not paying attention to the UK Government’s explanation of parliamentary sovereignty just a few pages earlier. This commitment is a gimmick, not unlike the statutory “tax lock” once promised by David Cameron.

The Statutory Instrument then sets out an amendment to section 7A of the European Union (Withdrawal) Act 2018. This is the closest that the whole process comes to a live wire, because this provision is the connective tissue which allows EU law to have legal effect within the domestic legal order insofar as it gives effect to the Withdrawal Agreement (including the Protocol). Great play has been made of this amendment as the end to the “automatic” application of EU law in Northern Ireland. But that is not what this amendment does. A large body of EU rules applies because of the Withdrawal Agreement, although the amendment of some of these rules, or the addition of new EU measures, is subject under the Windsor Framework to the operation of the Stormont Brake.

This new provision simply makes that reality explicit in the statute. This perhaps has a clarificatory function, but it suffices once again to note that this is a statute implementing an international agreement and the operation of section 7A has been assumed to operate to take account of the working of the Stormont Brake since the Brake was introduced. It is worth noting explicitly that the obligation on the law of Northern Ireland to automatically track developments in the equality directives contained within Annex 1 of the Protocol, as modified by the Windsor Framework, remains in full effect as it is not subject to the Stormont Brake.

The Statutory Instrument then amends the 2018 Act to require a ministerial acknowledgement before the Parliament of whether a Bill affects trade between Northern Ireland and the rest of the UK. This has been likened to the process under the Human Rights Act by which ministers have to make a statement on the compliance of new legislation with human rights. And there is an irony to this present government lifting and repurposing such a provision. In this instance, however, the assessment does not have to be conducted before every piece of legislation, but only where ministers think there might be an issue. Plenty of scope exists for this element to be overlooked, and it has no legal impact on the operation of a statute in which it is not included. Very soon such ministerial statements will become background noise.

The last piece of legislative reform that I will address in this piece has also been accompanied by noisy speculation; the UK Government has promised to banish from the statute book any duty to have “due regard” to the all-island economy. This is very much in the weeds of Brexit, but when Theresa May was having difficulty securing the passage of the Withdrawal Agreement legislation she was obliged to concede the Patten amendment, which became section 10 of the European Union (Withdrawal) Act 2018. This was meant to restrict any ministerial attempts to use the wide-ranging powers of delegated legislation under the Act to ignore the UK’s commitments as part of the negotiating process made in the 2017 Joint Report. Ministers had to have “due regard” to maintaining regulatory alignment which supported the “all-island economy” in their use of these powers.

This phrase is a particular bugbear of Unionism, and the Command Paper makes great play of the dangers of “the divisive and misguided political notion of the ‘all-island economy’” (para 71), but it is a stretch to say it is still playing any part in informing government policy. For one thing, new powers to implement the Protocol were created in the 2020 Act, and it is arguable that the strictures imposed on the original powers in the 2018 Act do not apply to them. Second, read in context, the commitment in paragraph 49 of the 2017 Joint Report is about the backstop. A lot of water has passed under the bridge since then; it is not relevant to interpreting the UK’s subsequent (distinct) obligations. At best, this is the cleaning up of an outdated provision on the statute book. 

For all that attention devoted to minor or inconsequential issues, a remarkable aspect of the Command Paper is the extent to which it still leaves important issues unresolved. Paragraph 121 of the Paper makes an eye-catching commitment:

“The Government can also confirm that there will be no Border Control Post at Cairnryan. While goods that do not qualify for unfettered access to the UK’s internal market - such as goods moving from Ireland via Northern Ireland - will need to comply with the formalities required of any other third country goods movements, we will develop an approach to checks and formalities on those goods that does not pose any risk to the free and unfettered movement of qualifying Northern Ireland goods.”

The commitment, however, obscures a continuing problem. The UK Government has not finalised its definition of Qualifying Northern Ireland Goods (despite talking about expanding the definition for months).

With the Border Target Operating Model now taking effect in Great Britain there remains no clarity on what the government will do to check whether goods shipments moving from Northern Ireland into Great Britain involve goods which qualify for unfettered access and those which should be checked. There is no easy answer to this issues that does not require some assessment of whether goods movements meet the criteria, but the failure to address the issue in detail in the Paper must generate suspicions that Unionists might find the approach the UK is contemplating unpalatable.

The final thirty pages of the Command Paper consists of “make weight” content, with Annex 1 addressing the history of barriers to trade which have existed since the conclusion of the Acts of Union and the creation of Northern Ireland. This content amounts to a repost to claims that the “Acts of Union are the Union” or that Article VI must somehow be “restored” or “fulfilled”. They speak to the incompleteness of the UK’s removal of barriers to trade which came with incorporating Ireland into the Union, and to the amount of times subsequent legislation has impinged upon trade.

But they also speak to an opportunity lost. These realities have been known, and discussed, for years. Successive UK Governments, however, have cultivated inaccurate impressions of the workings of the extent to which the Union operated to remove barriers to trade for their own purposes. This is not a summary that the Johnson Government, which talked relentlessly of “the provisions of the Acts of Union playing a key role in keeping markets open” (Internal Market White Paper, 2020, para 63) would have produced. Instead it is a belated effort to redress that narrative. It is also a rushed effort, with large sections of it apparently lifted from Professor Henry Patterson’s account of trade between different parts of the UK since the Acts of Union published in the Belfast Newsletter earlier this week. 

No such package would be complete without reheating some existing promises. The Castlereagh Foundation was announced in the New Decade, New Approach deal (para 26) as a means “to support academic research through Universities and other partners to explore identity and the shifting patterns of social identity in Northern Ireland”. The fact that Castlereagh’s biographer, John Bew, is the great survivor amongst special advisers to recent UK Prime Ministers is surely not coincidental to this enduring fixation with a politician best remembered for being maligned by Shelley after Peterloo, for the Castlereagh Foundation is once again promised, indeed guaranteed, in Annex 2. Given the overall tenor of the Paper, perhaps the inclusion of reheated promises was inevitable, but it does flag the extent to which the UK Government’s supposed commitments to Northern Ireland fade in and out depending on the extent to which it is in crisis. What might Shelley say of the whole thing; Very smooth, yet grim.

At this juncture, this account might give the impression that these new developments are so insubstantial as to not warrant Jeffrey Donaldson’s return to power sharing. But that is only the case because all of the heavy lifting was done in the Windsor Framework’s mitigations. Where these changes are at their most substantive, they are a continuation of developments explicitly planned as part of the Windsor Framework. Where they are window dressing, and there is a large amount of window dressing, all of this could have been asserted many months ago.

The sour taste that the whole arrangement leaves is that of a lost year in Northern Ireland’s governance. A year in which politicians in Northern Ireland could have been governing in the interests of the people of Northern Ireland and helping to address the cost of living crisis. The conclusion of needs-based funding arrangements did not have to become bound up in the story of the Windsor Framework, but the parties returning to power sharing could not contemplate governing Northern Ireland effectively without something being done to address the unsustainable pressure on its finances.

The UK Government reached a workable compromise with the EU in the Windsor Framework and the new arrangements are in large part no more than outworkings of that deal. Had Sunak been less concerned with looking over his shoulder at the threat posed by his predecessors, so much more could have been done to involve the Northern Ireland parties directly in the Windsor Framework negotiations and to arrive at something that landed first time, without the need to confect this second deal.

Wednesday 31 January 2024

Would’ve, Could’ve, Should’ve: Preliminary Reflections on the EU’s New Corporate Sustainability Due Diligence Directive


Tara Van Ho, Senior Lecturer in Law, University of Essex


Photo credit: Infrogmation of New Orleans, via Wikimedia commons


The European Union’s Council and Parliament have agreed to a provisional text for a new directive that would require certain large corporations to undertake human rights and environmental due diligence.


I was reminiscing just the other day while having coffee all alone, and Lord, it took me away, back to a first-glance feeling during my first UN Forum. My hope was mixed with equal levels of scepticism about the likelihood that laws like this would be adopted let alone be effective. Over the past twelve years, the hopes and scepticism have been met in equal measure, but never more so than with this law.


While the final text is not yet public, a press release indicates the key expectations and components of the agreed text. MEP Axel Voss has posted the side-by-side comparator of the various drafts, including the new draft agreement. This draft confirms:


-          The directive will apply to large EU companies with a worldwide net turnover of €150million and 500+ employees;

-          It will eventually capture non-EU companies with €300 million net turnover generated in the EU and the Commission will publish a list of applicable non-EU companies the law;

-          Affected businesses will need to address actual and potential adverse human rights and environmental impacts in their “business chain of activities” which covers their own operations, their subsidiaries, and “the upstream business partners of the company and partially the downstream activities, such as distribution or recycling”;

-          The financial sector is (temporarily?) excluded pending a review and “a sufficient impact assessment;

-          There is a specific list of human rights and environmental protections that businesses will be expected to respect and address, and a list of obligations the breach of which will constitute “an adverse human rights impact”;

-          That list excludes from application certain ILO core conventions because not all EU member states have ratified them; 

-          Large companies will have an obligation of means to develop and implement an effective plan to mitigate their impact on climate change;

-          Those who are negatively affected (including civil society or trade unions) can bring claims for civil liability within a five-year period; and

-          At times, as a matter of last resort, businesses may need to end their business relationships where negative impacts cannot be prevented or ended.


This law represents progress for many in the world. If implemented in good faith, it could provide better access to remedies for victims who are negatively impacted by business operations. It should also lead to the adoption of better and greater preventative measures, avoiding the need for remediation in the first place.


It is the first mandatory human rights due diligence legislation to address climate change, not just environmental damage. It anticipates civil liability for businesses that breach their responsibilities. It suggests compliance with the law as a criterion for public procurement, placing the power of Member States’ purses beyond the law. The recognition that at times business relationships will need to be terminated to ensure compliance is significant and can help fill in gaps the negotiation has otherwise left unaddressed, like the issue of conflict-affected and high-risk areas (which I’ll return to later in the post).


I’d like to express my appreciation to the NGOs and Parliamentarians who have gotten us to this point: it is clear from the Council’s approach during negotiations that if you would’ve blinked then they would’ve looked away at the first chance. I particularly appreciate those who fought for the inclusion of international humanitarian law and specific language on conflict-affected and high-risk areas. This was needed and I was shocked by early rumours that the draft agreement excluded this issue. I’m happy those were wrong.


The long-awaited human rights requirements are intended to implement the 2011 United Nations Guiding Principles on Business and Human Rights (UNGPs). I remember it all too well how the EU celebrated the adoption of the UNGPs and how, together with the US and other capital-exporting states, promoted the UNGPs as the standard for businesses when addressing human rights. The EU long opposed proposals for an international treaty on business responsibility for human rights because they felt that it was unnecessary in light of the UNGPs’ existence and could distract states from implementing the UNGPs.


Only recently, and only because Parliament required it, the EU has joined the negotiations with all the enthusiasm of a 6-year-old child called to dinner when they’re playing with their dinosaurs (meaning: none). The new directive evidences strong disconnects from the EU’s demand that the UNGPs lead is pretty and what the EU advocates for in the binding treaty and what the directive now requires for reasons I set out below.


In this post, I provide a list of things the EU would’ve, could’ve, and should’ve done had the Council been as serious as Parliament about implementing the UNGPs. The would’ves apply to an ideal application of the UNGPs: applying to all businesses and with a more robust and comprehensive understanding of human rights. The could’ves represent those areas in need of greater development: consulting with rightsholders abroad; and clarifying that contractual clauses are not enough. Finally, the “should’ve” is applying the law to the financial and arms sectors, a bare minimum expectation under the UNGPs, the exclusion of which should embarrass Council members for decades to come (I would have said generations but that felt a tad bit dramatic).


Would’ve: Applied to all businesses


First, the UNGPs are explicit that the responsibility to respect human rights applies to all businesses at all times including small and medium-sized enterprises (SMEs). In the Geneva treaty negotiations the EU has always walked a very thin line, insisting that the treaty, like the UNGPs, should apply to all businesses, not just transnational corporations. The initial Parliamentary proposal for a directive would’ve (largely) continued this approach and complied with the UNGPs. Yet, it was clear from the Commission’s proposal and the Council’s response that we were never going to get a UNGP-compliant directive. The Directive will now only apply to large companies (and not in the financial sector, an issue I’ll return to). The press release does not indicate an intention to expand the scope of the Directive in the future.


Including SMEs is admittedly difficult. In the transnational context, large European companies have long forced SMEs in places like Bangladesh and Pakistan to absorb the cost of social auditing processes while insisting on contracts that limit the legal liability of European buyers and parents. This often leads to corrupt practices for certifications or in redirecting revenue for the certification away from protections or living wages for employees. That would defeat the purpose of the law.


EU SMEs, on the other hand, often already have a language of human rights, practices that facilitate due diligence, and networks that can support their efforts to develop in this area. A graduated expansion coupled with clauses aimed at protecting SMEs from the abusive practices we’ve seen elsewhere could’ve provided an important example of how SMEs can be included in mandatory human rights due diligence legislation. It also would’ve strengthened the EU’s position in the Geneva-based negotiations.


Instead, whenever the EU pushes for an expansion of the treaty, I hope states like Pakistan and Bangladesh point out the hypocrisy.


Would’ve: Taken a broader approach to human and labour rights


The UNGPs also call for businesses to account for all human rights. In Principle 12, it states that businesses should account for, “at a minimum,” the International Bill of Human Rights (the Universal Declaration of Human Rights, the International Covenant on Civil and Political Rights, and the International Covenant on Economic, Social and Cultural Rights) and the ILO Core Conventions. Where relevant, businesses need to rely on other standards as well.


The EU’s press release suggests that the directive will only invoke treaties that are universally ratified by EU member states. That would mean most of the major UN treaties are addressed but there are some disturbing omissions, including the International Convention on the Protection of All Migrant Workers and of their Families and the ILO Core Conventions. Those are rather significant omissions given issues of modern slavery in EU food supplies, and more broadly problems with the treatment of migrant workers throughout EU corporate supply chains.


The list also prioritises EU commitments over relevant obligations where the law has extraterritorial impacts. There should have been a recognition that at times the Inter-American and African systems on human rights can be applicable. This recognition is important as the Inter-American and African systems have produced stronger jurisprudence on various issues, including indigenous rights and community rights than Europe (significantly stronger in the Inter-American system) while the Inter-American system also produces more progressive jurisprudence on the definition and nature of reparations, and the direct responsibility of businesses. While the African system has more limited jurisprudence, its jurisprudence on land rights and community rights is similarly more advanced than the European system’s.


Sometimes, I miss who I used to be when I could naively believe the absence of reference to the other human rights systems was an oversight, but I fear this strengthens the case for the laws as a form of neo-coloniality by suggesting a hierarchy of rights and systems that centres European expectations in legislation that is supposed to reflect broader standards.


Could’ve: Undertaken Direct Consultations with Foreign Rightsholders


The failure to recognise the relevance of Inter-American and African jurisprudence reflects a broader procedural failure by the Commission to consult foreign rightsholders who will be affected the law. I cannot do greater justice to this criticism than Caroline Omari Lichuma has done already in her TWAIL critique of European human rights due diligence laws.


While my experience suggests that many victims groups and rightsholders want mandatory laws, what they want in those mandatory laws matters just as much as the desire for a law. They had a right not just to voice their support for (or criticism of) the law but to make substantive demands for the law itself. What would the additional demands of rightsholders look like? Well, sometimes you just don't know the answer ‘til someone's on their knees and asks you for a particular legislative proposal, but a very recent study suggests that consultation might have led to different approaches to remediation, particularly for climate-related harms.


I often find that memories feel like weapons. In this field, we have often seen European businesses and states undertake “new” initiatives they claim are for the benefit of others without actually talking to the “others.” For example, studies suggest “social auditing” and certification schemes do not deliver on the promises European companies and social initiatives claim. This is unsurprising. Writing in the U.S., the founding father of critical race theory, Derek Bell, has explained that many “anti-racist” developments really represent interest convergence of White and Black leaders. As such, the concessions are less radical or responsive than what racialised communities would seek themselves. These additional demands, however, are often dismissed or ignored. When Dr Lichuma provided an overview of her critique at the 2022 UN Forum on Business and Human Rights, one European delegate infamously responded that Europe’s position wasn’t a matter of imperialism but of “leadership.” Real leadership, however, would reflect the results of consultations with rights-holders not just the political interests and concessions of European leaders.


Could’ve: Clarified that Contractual Clauses are not Enough


Recital 34, para 43 in the table contains an extensive discussion of the kinds of measures companies can take to comply with their human rights responsibilities. One of those is the development of contractual clauses with business partners. I worry that I've seen this film before and I didn't like the ending.


I’ve now mentioned twice that social auditing is a sham. There will be exceptions to this rule and I can point people to a few of my favourite exceptions, but let me reiterate what existing research indicates: social auditing is generally ineffective and often detrimental for rights-holders, providing a veneer of respectability for disrespectful practices.


Increasingly, it is clear that this is equally true of index listings meant to advise institutional investors on their human rights risks. Last year, the US advisory company Morningstar adopted rules aimed at exempting Israel that so fundamentally misunderstand the UNGPs that it renders all its human rights reporting questionable (short story: Morningstar concluded Israel isn’t a conflict-affected area…). More recently, index provider MSCI accepted audits from Xinjiang, China, as evidence that the car company Volkswagen was seriously addressing the issue of Uyghur forced labour. No company can adequately address the issue of Uyghur forced labour when operating in Xinjiang and (again, I cannot emphasise this enough) it is irresponsible to rely on a social audit in this context. Because these indexes set their own rules, and have no professional board standards, I can’t actually accuse them of professional malfeasance but these responses are shockingly inept.


Human rights due diligence is not supposed to be the same as an audit, but often businesses looking for a quick and dirty misdirection will use social audits and contractual clauses as a substitution for due diligence. I fear that if contractual clauses are allowed, due diligence will start to look more and more like social auditing and indexing and less like the robust and circular mechanism of assessment, responsiveness, and reparations than it is supposed to be.  


The directive could and should clarify that while contractual clauses can be important they cannot transfer legal liability. 


Should’ve: Applied to the Financial and Arms Sectors


At Recital 18, para 27, and  Recital 19, para 28, we find an effective exemption from the law for the arms and financial sectors, respectively. In Recital 19, the CSDDD excludes “downstream business partners” from the scope of due diligence obligations. I knew this was true from the press release, but seeing the blatant language was surreal. I’m laughin', but the joke's not funny at all.


I’m going to set aside the arms sector for now (because I’m working on a lot regarding that sector right now), but the exemption for the financial sector is gross (gross being a legal term of art, just ask anyone…). The draft agreement says that “as regards regulated financial undertakings, only the upstream but not the downstream part of their chain of activities is covered by this Directive.” In other words: the bank is not responsible for breaches caused by its financing of another’s activities no matter how much the bank should have known how its financing would be used for human rights violations.


Out of every group you’re concerned with protecting, out of every business and industry, it is the banks you the Council thinks can’t do due diligence?




The banks that kept looted Nazi material from their rightful Jewish owners for decades?


The banks that repeatedly financed South Africa’s apartheid regime, saving it when it was on the brink of collapsing?


The banks accused of facilitating money laundering for drug lords and terrorists?


The ones who facilitate tax evasion? 


The banks that finance dam projects in indigenous lands with such disregard for human rights that many of their logos should just be “Hi, it’s me, I’m the problem. It’s me.”


The banks that know how to do extensive due diligence on operational impacts when it’s in their financial interests?


Those banks? That’s who needs protecting with this law?


You cannot be serious about human rights if you are not serious about tackling the responsibility of the financial sector. When it comes to the Council members who betrayed the rights-holders with this clause, I got a list of names and yours is in red, underlined, France and Austria. France was the first to indicate resistance to the application to the financial sector, but it is Austria’s recent pressure on Ukraine, in which it leveraged international assistance for the war on the removal of Austrian Raiffiesen Bank from the list of international sponsors of war, that is perhaps the worst development in this area. People need to know this, so they know where to put pressure moving forward.


It appears there will be an “impact assessment” to determine if the law should apply to this industry, but that will be too little and far too late.


It’s also wholly unnecessary.


There is nothing particularly special about banks or the financial industry that makes human rights due diligence hard. They just don’t want to pay for it to be done properly. That’s not surprising. No company wants to pay for it. Disney once complained about reporting requirements before we even had any human rights due diligence laws because they didn’t way to cut into CEO bonuses or shareholder profits. The desire to not spend money on human rights due diligence is not an adequate reason for allowing those complicit in the Nazi genocide or South African apartheid or Russia’s unlawful war of aggression in Ukraine to continue to evade human rights responsibilities. If anything, their focus on profits and finances over people is exactly why this law is needed.


Concluding note


So that’s it: my would’ves, could’ves, should’ve for the EU. At times, the CSDDD provides me with hope about the direction of travel for this field, but in other areas it represents a crisis of my faith.




PS, Taylor Swift’s birthday was on the same day as the final trilogue. As a fun Easter Egg hunt for my fellow Swifties, I’ve sprinkled her lyrics throughout this post (13 times, obviously). I’ll send a friendship bracelet to the first Swiftie who emails me a list of all the hidden gems. Please use the subject line “T-Swift Easter Egg Hunt” in your email. My email address can be found on my Essex profile.