ESG: EU's Proposal on Corporate and Supply Chain Due Diligence

ESG: EU's Proposal on Corporate and Supply Chain Due Diligence

Client Alert


On 23 February 2022, the European Commission (“Commission”) adopted a proposal for a Corporate Sustainability Due Diligence Directive (“Proposed Directive”) laying down new obligations for large companies to ensure that their own activities and those of their supply chains comply with human rights and environmental sustainability criteria. Once the legislative process is completed and the new rules are implemented, these companies would have a “corporate duty to identify, prevent, mitigate and account for external harm resulting from adverse human rights and environmental impacts” in their operations, as well as those of their business partners and their supply chains (Proposed Directive, Explanatory Memorandum, p. 4). 

Notably, the due diligence obligations will also apply to companies based outside the EU provided they meet applicable turnover thresholds within the EU. 

A specific provision of the Proposed Directive would require adoption of a business plan to ensure sustainability and combat climate change, in line with the Paris Agreement to limit global warming to 1.5° C. Companies would have to take fulfillment of this obligation into account when awarding bonus payments to Directors. 

The Proposed Directive also provides for enforcement mechanisms by a national supervisory authority and rules on civil liability for violations of its obligations. Notwithstanding two negative opinions on the impact assessment for the Proposed Directive by the Regulatory Scrutiny Board, the Commission has taken the political decision to put forward the Proposed Directive now, in line with the objectives of the Sustainable Finance package and the European Green Deal.

The Proposed Directive follows the Commission’s guidance on due diligence for EU businesses published in July 2021, which addresses the risk of forced labour in supply chains. It complements the proposed Corporate Sustainability Reporting Directive, currently in the EU legislative process, by going beyond reporting to add the duties to prevent and mitigate harm noted above. Adoption of the Proposed Directive is one of the top ESG agenda items for the EU in 2022 (see our previous alert on the EU’s agenda for 2022 and how it will affect companies active in the EU). 

In this client alert we review the most significant obligations for companies arising from the Proposed Directive. 


Wider context: EU strategy to promote decent work. On the same day, the Commission published a communication on decent work worldwide, setting out its strategy to eliminate child labour and forced labour and to promote human rights and labour standards in the EU as well as in global supply chains. As the Commission works to promote the objectives of this communication, it expects the European Parliament and the Council of the EU to endorse its approach.

In addition to the Proposed Directive, the Commission will work on other EU policies setting standards for corporate responsibility and transparency and to strengthen international labour standards. The Commission will soon announce new legislation to effectively ban goods produced by forced labour inside and outside the EU. Signalling further due diligence and transparency obligations for companies, the expected legislation will build on international standards and complement existing horizontal and sectoral EU initiatives.


Affected companies. The Proposed Directive affects both EU and non-EU companies which meet certain thresholds and are active in certain high-impact sectors. 

EU companies:

  • Group 1: All EU companies with more than 500 employees on average and more than €150 million in net worldwide turnover in the last financial year. 
  • Group 2: Other EU companies with more than 250 employees and more than €40 million in net worldwide turnover in the last financial year, and active in high-impact sectors including textiles, agriculture, forestry, fisheries, manufacture of food products, trade in beverages, extraction of natural resources, and manufacture and trade of metal and non-metallic mineral products, including trade of construction materials, fuels, chemicals and intermediate products. For Group 2 companies, rules will start to apply two years later than for Group 1.

Non-EU companies: Third-country companies whose turnover generated in the EU meets the same thresholds above for Group 1 and 2 companies. Employee-based thresholds do not apply to non-EU companies. 

The Commission expects the Proposed Directive to cover about 13,000 EU companies and 4,000 non-EU companies. EU companies with relatively smaller EU footprints as compared to non-EU companies will meet the thresholds given that their worldwide turnover will be taken into account, whereas only the turnover in the EU will be taken into account for non-EU companies. 

Small and medium-sized businesses are not directly affected by the proposal but are indirectly affected if they are part of the supply chain of a company in scope.

Due diligence obligations. Articles 5 to 11 of the Proposed Directive require companies to take a number of actions. 

  1. Integrate due diligence into policies (Art. 5)
  2. Identify adverse impacts (Art. 6)
  3. Prevent potential adverse impacts (Art. 7)
  4. Terminate actual adverse impacts (Art. 8)
  5. Establish complaints procedure (Art. 9)
  6. Monitor effectiveness (Art. 10)
  7. Public communications (Art. 11)

Two of these obligations are particularly significant as they may give rise to civil liability for damages in addition to administrative sanctions: The obligations to prevent potential adverse impacts and to terminate actual adverse impacts.

  • Preventing potential adverse impacts. Companies need to take appropriate measures to prevent or, if it is not possible, adequately mitigate potential adverse impacts that (should) have been identified in their due diligence efforts. 
  • Companies have to make an assessment and take appropriate action to prevent such adverse impacts.
  • This may include (i) measuring improvement, (ii) seeking contractual assurances from direct business partners, (iii) making necessary investments to prevent the potential adverse impact, (iv) providing support for an SME whose viability may be threatened by compliance with the company’s code of conduct or its action plan, and (v) as a last resort, collaborating with other companies in compliance with competition law to bring a company’s adverse impact to an end.
  • If a potential adverse impact cannot be prevented or adequately mitigated, companies must refrain from extending their existing relations by either temporarily suspending them, while pursuing efforts to end or minimise such impact, or terminating the business relationship.
  • Terminate actual adverse impacts. Companies must take appropriate measures to bring an end to actual adverse impacts that they (should) have identified in their due diligence efforts. If this is not possible, the extent of such adverse impacts must be minimised. Where relevant, companies must take actions which parallel those provided for to prevent potential adverse impacts. 

Failure to comply with other listed due diligence obligations may result in turnover-based administrative sanctions: 

  • Integrate due diligence into their policies. Companies must integrate due diligence into all corporate policies, and annually update their due diligence policy. Such a due diligence policy must include a description of the company’s approach to due diligence, a description of implementing processes, and a code of conduct describing the rules and principles to be followed.
  • Identify adverse impacts. Companies will have to take measures to identify adverse impacts in their own operations, their subsidiaries’ and their respective supply chains (direct and indirect established business relationships). For regulated financial companies, this specific obligation arises only before providing credit, loans or other financial services. Group 2 EU companies and non-EU companies meeting the Group 2 turnover thresholds are only required to identify adverse impacts relevant to the respective high-impact sector (e.g. textiles, agriculture etc. (see above)).
  • Establish a complaints procedure. Companies will be required to provide persons who are affected by an adverse impact, trade unions and civil society organisations with the possibility to submit complaints regarding their value chains.
  • Monitor effectiveness. Companies will need to assess the implementation of their due diligence measures on a yearly basis.
  • Public communications. Companies within the scope of the Directive that do not already have to prepare non-financial statements covering environmental and social matters and respect for human rights under EU law (e.g., under the Non-Financial Reporting Directive), will have to report on the due diligence matters covered by the Proposed Directive. They must publish an annual statement on their website by 30 April each year covering the previous calendar year. The Commission intends to adopt a delegated act concerning the content and criteria for such reporting. 

For the purposes of their due diligence efforts, companies will be entitled to share resources and information with their competitors and other companies in compliance with applicable competition law. Although this provision seems in line with the Commission’s communication for a competition policy that fits new challenges, it remains to be seen how EU antitrust enforcers will treat any such agreement (see also our previous alert on the EU’s agenda for 2022).

Adverse impact subject-matter areas. Companies must carry out their due diligence with respect to adverse impacts on rights and obligations listed in the international conventions  that are cited in the Annex to the Proposed Directive, including, inter alia, the Universal Declaration of Human Rights, the Convention on the Rights of the Child, the International Labour Organization’s Declaration on Fundamental Principles and Rights at Work, the Persistent Organic Pollutants Convention, the Convention on Biological Diversity, and the Vienna Convention for the protection of the Ozone Layer and its Montreal Protocol.

In Part I, the Annex lists the violation of rights and prohibitions including those enshrined in international human rights agreements and a list of conventions on human rights and fundamental freedoms. A human rights violation not specifically listed in the cited agreements and conventions is also covered if it has a direct impact on a listed legal interest. In Part II, the Annex lists violations of internationally recognised objectives and prohibitions included in environmental conventions.   

Role of directors and their duty of care. Directors of EU companies will be responsible for putting in place and overseeing the due diligence actions and policies with consideration for input from stakeholders and civil society organisations. Directors will report to their board in that respect. When acting in the best interest of the company, directors of EU companies must take into account the short-, medium- and long-term consequences of their decisions on human rights, climate change and environmental consequences (duty of care). 

Business strategies to combat climate change and remuneration of directors. In addition to due diligence requirements, under Article 15 of the Proposed Directive, EU companies in Group 1 and non-EU companies meeting the turnover threshold aligned with Group 1 in the EU need to have a plan to ensure that their business strategy is compatible with limiting global warming to 1.5 °C in line with the Paris Agreement. If climate change is a principal risk for the company’s operations, companies should include emission reduction objectives in their plans. Companies will have to link any bonuses paid to directors to their contributions to planned objectives to achieve sustainability and combat climate change.


The Proposed Directive lays out a combination of administrative sanctions, turnover-based sanctions and civil liability. 

  • Administrative fines. National authorities will supervise these new rules and may impose fines in case of non-compliance. As is common in EU law, the Proposed Directive provides only generic guidance on sanctions. Thus, Member States should ensure that the sanctions are “effective, proportionate and dissuasive”. In addition, when imposing sanctions, Member States must take into account (i) companies’ efforts to comply with any remedial action required of them by a supervisory authority, (ii) any investments made and any targeted support provided to prevent, mitigate, terminate the adverse impact or mitigate its consequences, as well as (iii) collaboration with other entities to address adverse impacts in value chains.
  • Civil liability. Companies may be liable for damages if they fail to comply with their obligations to prevent potential adverse impacts or terminate actual adverse impacts. Victims may take legal action for damages that could have been avoided with appropriate due diligence measures. The introduction of this liability regime was requested by several NGOs. However, the fact that companies may seek contractual assurances from their suppliers that they comply with the companies’ code of conduct and prevention action plan may provide grounds for limitation of liability.

Limitation or exclusion of liability is possible. Companies may limit or exclude their liability for damages caused by an adverse impact caused by an indirect business partner if they take actions to prevent or terminate adverse impacts under Articles 7 and 8. In particular, the assessment will take into account (i) the company’s efforts to comply with any action required by a supervisory authority to remedy the specific damage in question, (ii) any investments made under Articles 7 and 8, and (iii) any collaboration with other entities to address adverse impacts in its value chains.

A company being held liable for damages under the Proposed Directive does not affect the civil liability of its subsidiaries or business partners. These specific rules under the Proposed Directive are without prejudice to stricter civil liability rules related to adverse human rights or environmental impacts. 

Any person may submit concerns to the supervisory authorities when they have reasons to believe that a company is not complying with its due diligence obligations. 

National rules. Some Member States, including Germany in 2021 (Sorgfaltspflichtengesetz) and France in 2017 (Loi relative au devoir de vigilance), have already implemented similar national rules on sustainability due diligence while others, including the Netherlands and Luxembourg, are planning to implement them. The Proposed Directive will harmonise national initiatives by establishing a floor, but it will not reduce the level of protection already enshrined in national law. 

Next steps

The Proposed Directive will be presented to the European Parliament and the Council of the EU for approval. Many amendments are likely to be considered, given its far-reaching and controversial provisions, as well as the lack of approval of the impact assessment for the proposal by the EU’s Regulatory Scrutiny Board. Once the legislative process is completed, Member States will have two years to transpose the Directive into national law.



    Unless you are an existing client, before communicating with WilmerHale by e-mail (or otherwise), please read the Disclaimer referenced by this link.(The Disclaimer is also accessible from the opening of this website). As noted therein, until you have received from us a written statement that we represent you in a particular manner (an "engagement letter") you should not send to us any confidential information about any such matter. After we have undertaken representation of you concerning a matter, you will be our client, and we may thereafter exchange confidential information freely.

    Thank you for your interest in WilmerHale.