Clarity across borders
Delivering on due diligence in the value chain
The changing landscape
Towards the end of 2023, we reflected on the ongoing uncertainty surrounding the Corporate Sustainability Due Diligence Directive (CS3D) and the due diligence-related implications for companies and financial institutions. With the CS3D having come into force in July 2024, there is now a clearer picture of the legislative requirements even if companies are still grappling with how they should satisfy those requirements.
On a staggered basis, the CS3D will impose complex requirements on EU and non-EU companies to conduct ongoing due diligence (DD) into their operations as well as the operations of their subsidiaries and those within their “chain of activities”, which includes certain up and downstream business relationships. Companies must also have a transition plan in place.
Adding to the picture is a slew of other international DD legislation, in particular a range of new laws and proposals relating to modern slavery and child labour, in places such as Canada (Fighting Against Forced Labour and Child Labour in Supply Chains Act 2024), and Australia (Modern Slavery Amendment (Australian Anti-Slavery Commissioner) Act 2024). This is also true of Europe (with the Forced Labour Regulation, which will apply in three years, and the Deforestation Regulation (EUDR), which will impose its own prescriptive DD process) and the UK (where the House of Lords Select Committee on modern slavery recently published recommendations for improving the UK’s Modern Slavery Act 2015, including mandatory DD requirements compatible with international regimes, in response to which the government has confirmed its commitment to tacking modern slavery and foreshadowed a wider review of how best to tackle forced labour and increase transparency in global supply chains).
What's in a name? "Value Chain" vs "Chain of Activities"For Corporate Sustainability Reporting Directive (CSRD) purposes, a “‘value chain” means the full range of activities, resources and relationships, both upstream and downstream, related to the company’s business model and the external environment in which it operates. It includes what a company, its subsidiaries and business partners use and rely on to create its products or services from conception to delivery, consumption and end-of-life. In contrast, the CS3D refers to a “chain of activities”, which is narrower and only includes suppliers that contribute to a company's production of goods or provision of services, such as the supply of raw materials or manufacturing services (upstream); and distribution, transport and storage of a product (downstream). |
|
|
|
|
With so much change taking place in a short space of time, many global companies would benefit from a regional or group-wide approach when reviewing and implementing DD processes to meet such a range of demands at once. Simultaneously, these changes offer businesses a chance to assess their strategic risks and potential opportunities to enhance decision making.
Counting the cost of due diligence
According to the European Commission, the biggest companies within scope of the CS3D may incur significant costs in complying with these requirements. At the top end, one-off costs are estimated to reach up to €190,300, with recurring costs of up to €643,300. As such, making use of existing systems and processes wherever possible is likely to be a key factor in keeping compliance costs down and minimising additional management time.
For example, the double materiality process that the CSRD requires asks companies to assess financial and impact materiality in terms of impacts, risks and opportunities for themselves as well as the environment and people. This inward and outward looking approach could help map out a company’s value chain and potential problem areas, including where it impacts human rights. This in turn could help in developing a plan to remediate these adverse human rights impacts for CS3D purposes.
An important point to note about the CS3D’s approach is that it links environmental and human rights impacts together explicitly, and so will require an approach that looks at both simultaneously.
Managing value chain risks in 2025 and beyond
The risks of litigation, regulatory enforcement and reputational damage arising from a company’s value chain all continue to be high on the risk register of many international companies. In particular, the English courts have become a leading destination for foreign claimants seeking redress from multinational corporations for alleged harms suffered in connection with the operations of their foreign subsidiaries. More recently, this has also included third parties in their overseas supply chains. For example, the Court of Appeal held in December 2024 that the English courts have jurisdiction to hear claims brought by migrant workers against Dyson group companies concerning harms allegedly caused by a Malaysian third-party supplier to Dyson.
With the introduction of new pieces of legislation, often inspired by soft law approaches which are being converted into hard law enforcement mechanisms, these risks are heightened and increasingly complex to navigate. The CS3D, for instance, specifically requires that companies establish a complaints process for their adverse impacts, and provide remediation for any actual adverse impact they have caused or jointly caused. The EUDR currently states that anyone may submit substantiated concerns to a competent authority in the event of suspected non-compliance.
Due diligence and steps for implementationIntegrating value chain due diligence practices into company policies and management frameworks to help:
|
Practical steps in light of recent developments
The range of developments in this space over a short period of time makes it difficult to create and manage effective, efficient and cohesive solutions given the high degree of variance between different companies depending on their operational footprint, sector and corporate culture. As a result, whilst there are places to look for practical guidance such as the UN Guiding Principles and guidelines from the OECD, they do not provide a complete picture. Notwithstanding this, we consider the following aspects to be central for most companies:
1. Integrating due diligence into the company’s governance, strategy and business model. Effective governance is critical for complying with DD requirements and managing associated risks. This may include developing or reviewing existing sustainability-related governance to ensure the right structures and feedback mechanisms are in place at board, executive and operational levels. It will also often mean reviewing DD policies at both the parent and subsidiary level, to strike the right balance of control and delegation. These changes will need to be adaptable enough to absorb a wide range of evolving DD demands if companies want to stay ahead and avoid having to develop new systems more than once.
2. Looking for where the gaps are and how to fill them. The first step is often the difficult task of mapping the company’s operations and business relationships, getting the right information together, then seeing where the compliance gaps are and how to fill them. Where not all impacts can be addressed at once, impacts can be prioritised based on the severity and likelihood of harm, and stakeholder engagement. The CS3D marks a significant step change in that it not only requires in-depth DD to be carried out, but also requires plans to be developed and applied to remediate issues that come to light.
3. Reflecting on what the requirements mean for the company and its value chain. Regular review of existing business and contractual relationships and supporting policies is always a good place to start, with an increasing number of organisations putting in place standard contractual clauses to oblige partners to comply with relevant codes of conduct and provide sufficient information for rigorous reporting. Others are putting in place a screening process for prospective business partners. In doing so, companies will need to be careful to provide targeted and proportionate support to SMEs as required, for example, by the CS3D.
4. Engaging with stakeholders effectively. Stakeholder engagement, as part of a DD and double materiality assessment process, is a key requirement in the CSRD and CS3D to enable effective and transparent communication. The definition of stakeholders is broad, and can include employees, affected communities, civil society institutions and even nature as a "silent" stakeholder. Some stakeholders may be less familiar with the increasingly complex and evolving DD process, meaning additional support may be needed to enable effective engagement.
5. Being mindful of Scope 3 emissions. The CS3D refers to absolute targets, where appropriate, for reducing Scope 3 (indirect) greenhouse gas emissions. Whilst not explicit, it is likely impossible for organisations to comply with the requirements without being acutely aware of, and monitoring, Scope 3 emissions - in effect making Scope 3 a DD requirement.
Recent developments pose a significant challenge to companies as they review, adapt and develop their approach to DD across their entire value chains. With statutory obligations becoming more onerous and coming into force in a wider range of jurisdictions, we expect the demand on company resources to increase over time, with elevated levels of complexity, harder-edged consequences to getting things wrong, and ever increasing amounts of data being required.
To some degree, this process can often look and feel like just another compliance exercise, but the companies that navigate this area most successfully will be those who embed processes, systems and controls within their existing governance architecture in a way that meaningfully engages the right stakeholders and produces reliable data, but is adaptable to future legislative change.
MORE FROM HORIZON SCANNING 2025
This material is provided for general information only. It does not constitute legal or other professional advice.