Due Diligence in Supply Chains – Update on corporate human rights and environmental due diligence requirements in the EU and Germany

The German Act on Due Diligence in Supply Chains (Lieferkettensorgfaltspflichtengesetz, "LkSG") came into force on 1 January 2023 and imposes new obligations for supply chain due diligence. In parallel, the European legal initiative for a Corporate Sustainability Due Diligence Directive ("CSDDD") on due diligence in supply chains is now more concrete and will have further impact on the supply chain related laws of Germany and the other Member States.

The LkSG in Germany and the EU's CSDDD are leading examples of the growing global movement for responsible business legal requirements, obliging companies to undertake human rights and environmental due diligence to identify actual or potential risks to people and the environment.

Following the publication of the European Commission's draft text on the CSDDD in February 2022, the European Parliament's Committee on Legal Affairs published on 7 November 2022 a Draft Report (so-called "Draft Wolters Report"), which is not yet finally approved by the Legal Affairs Committee. On 1 December 2022, the European Council formally adopted its negotiating position ("Council's General Approach") on the CSDDD.

This update highlights the key aspects of the new European Council's CSDDD proposal, the – in many parts opposing – positions of the Draft Wolters report and the possible outcome and its influence on the German supply chain regime.

The German Due Diligence Supply Chain Act (LkSG) came into force on 1 January 2023

Companies must now comply with the new LkSG if they have either their central administration, headquarters or registered office or a branch office AND at least 3,000 employees in Germany. From 1 January 2024, companies with at least 1,000 employees in Germany will be affected by the LkSG. (Please see, for more detailed information on the scope and the compliance duties, our client alert The German Parliament passed the "Act on Corporate Due Diligence in Supply Chains" on 11 June 2021).

In addition to companies directly in scope of the LkSG, suppliers of such in-scope companies, although themselves not direct addressees of the due diligence obligations, are – as part of their business relationships – increasingly grappling with the due diligence obligations' indirect application.

The German Federal Office for Economic Affairs and Export Control (Bundesamt für Wirtschaft und Ausfuhrkontrolle, "BAFA") is in charge of the regulatory control and enforcement of the LkSG and monitors whether the companies concerned are adequately fulfilling their due diligence obligations. In order to support companies in complying with their due diligence obligations, BAFA develops and publishes comprehensive guidance, including Q&As, on a regular basis.

The potential company's liability and related sanctions under the LkSG have been discussed in our client alert on potential liability under Civil law and Administrative law. Sec. 3 (3) LkSG explicitly makes it clear that no civil liability is established under the German Act. However, any liability arising independently from the LkSG remains unaffected. Hence, even if the obligations imposed by the LkSG shall not by themselves give rise to civil liability, it is not precluded that they will, nonetheless, implicitly expand the civil liability of companies subject to the LkSG. Arguably, infringement of the new supply chain due diligence and risk management obligations might potentially result in civil liability of companies pursuant to Sec. 823 (1) of the German Civil Code (Bürgerliches Gesetzbuch). There is a possibility that the courts could take the new (more extensive) statutory due diligence obligations into account in the context of general safety and organisational duties (Verkehrssicherungs- und Organisationspflichten) across legal entities by means of, at least, appropriate supervision and organisation. In other words, civil liability could be incurred in cases where courts hold the management responsible for failure to meet their managerial duty to supervise and organise the business (including its supply chains and suppliers in accordance with the LkSG).

As outlined below, further changes to the LkSG are anticipated with new obligations in the CSDDD.

Key aspects of the Council's General Approach to the CSDDD and the Draft Wolters Report 

The CSDDD as proposed by the EU Commission in February 2022 aims at setting a horizontal framework for better human rights and environmental protection, creating a level playing field for companies within the EU and avoiding fragmentation resulting from Member State's national approaches. The recently published Council's General Approach addresses the following key concerns:

1. Personal scope of application (Art. 2 CSDDD)

The Council has maintained similar general thresholds to the Commission’s CSDDD proposal:

• EU companies: 
  • net worldwide turnover of more than EUR 150 million and more than 500 employees on average, or
  • For high-risk sectors (including textiles, agriculture, food, metals and mineral extraction) a global turnover of EUR 40 million, provided that at least EUR 20 million of this net turnover was generated in a high-risk sector, and with more than 250 employees on average
• Non-EU companies (for which the number of employees is not taken into account):
  • At a turnover of more than EUR 150 million in the European Union, or
  • At a turnover of more than EUR 40 million but less than EUR 150 million in the European Union, provided that at least EUR 20 million was generated in a high-risk sector (Article 2 (2)) 

The Draft Wolters report proposes to further reduce the thresholds for EU companies to a net worldwide turnover of EUR 40 million (instead of EUR 150 million) and 250 (instead of 500) employees on average and for those active in a high risk sector to a global turnover of EUR 8 million (instead of EUR 40 million) and to 50 (instead 250) employees on average provided that 30 per cent (instead of 50 percent) of this net turnover was generated in a high-risk sector. A public listing should also be taken into account. Similar threshold reductions are also proposed for non-EU companies.

The Council's General Approach adds the requirement that the threshold criteria of the number of employees and the net worldwide turnover should be met for two consecutive financial years. This is in line with the EU Corporate Sustainability Reporting Directive (CSRD).

In relation to non-EU companies, the Council's General Approach introduces a new provision in Art. 21 CSDDD requiring the Commission to set up a secured system of information exchange about non-EU companies' net turnover generated in the EU (irrespective of whether they have a branch in any Member State or branches located in different Member States). This new paragraph is aimed at determining which Member States are competent to enforce the CSDDD for non-EU companies.

In addition, the Council's General Approach provides for a phased application and a one-year "vacatio legis" period before the application of the new CSDDD rules. In essence, these rules shall first apply three years from the entry into force of the Directive to very large companies with more than 1,000 employees and EUR 300 million net worldwide turnover or, for non-EU companies, EUR 300 million net turnover generated in the EU (cf. Art. 30).

The Council proposes (in a new Art. 29) that these thresholds, the high-risk sectors and, more generally, the personal scope of CSDDD, shall be reviewed by the Commission no later than seven years after the date of entry into force of the CSDDD.

All the latter amendments by the Council were not available for the Draft Wolters Report and will be subject to further negotiations.

The thresholds for the application of the LkSG are based on employee numbers only, without consideration of revenue generated within Germany.

2. Material Scope of application, in particular "chain of activities" vs "value chain" and "business partner" vs "(established) business relationships" (Art. 3 CSDDD)

The Council's General Approach revises the key concept of the regulated supply chain by replacing the Commission's "value chain" with "chain of activities".

"Chain of activities" is defined as (i) activities of a company's upstream business partners related to the production of a good or the provision of services by the company (…) and (ii) activities of a company's downstream business partners related to the distribution, transport, storage and disposal of the product, including the dismantling, recycling, composting or landfilling, but expressly excluding the disposal of the product by consumers and the distribution, transport, storage and disposal of the product being subject to, inter alia, EU export control under Regulation (EU) 2021/821. The Council's General Approach intends to limit the Commission's full life-cycle "value chain" approach in its first CSDDD draft to a more "supply chain" approach by excluding the phase of the use of the company's products or provision of services from the chain of activities which are relevant under the CSDDD.

The Council's General Approach also replaces the Commission's definition of "(established) business relationship" (originally defined as relationship with a contractor, subcontractor or any other legal entities (see former Art. 3 (e) and (f) CSDDD) by exclusively relying on direct and indirect "business partners".

These proposals in the Council's General approach on the material scope are not in line with the Draft Wolters Report, which reinforces the concept of "value chain" to widen the relevant material scope upstream and downstream.

Essentially, the Council's position would result in a closer alignment of the supply chain concepts under the CSDDD and the LkSG, as the latter is also limited to the steps that are required to manufacture products and provide services up to the delivery to the customers (cf. section 2 (5) LkSG).

3. Banks and regulated Financial Undertakings (Art. 2 (8), Art. 3 (a) and (g), Art. 6 (3), Art. 7 (6), Art. 8 (7), Art. 10 (2) and Art. 29 (ca) CSDDD)

According to the Council's General Approach, each Member State can decide whether or not to include the provision of financial services by regulated financial undertakings when transposing the CSDDD. If a Member State decides to apply the CSDDD to the provision of financial services, the regulated financial undertakings should be required to identify the adverse impacts in the operations of their business partners only before providing the financial services. This proposal delegating the possible inclusion of regulated financial undertakings to Member States is not addressed in the Draft Wolters Report.

The LkSG does not differentiate between sectors, basing its application solely on employee numbers. A significant number of financial institutions will be in scope of the LkSG from 1 January 2024.

4. Due Diligence at group level (Art. 4a CSDDD)

With a new Art. 4a CSDDD, the Council's General Approach explicitly provides for parent companies to fulfil the due diligence obligations set out in Articles 5 to 11 and Art. 15 CSDDD on behalf of companies which are their subsidiaries and fall under the scope of the CSDDD. In its new recital 16a, the Council emphasises that the possibility to fulfil the due diligence obligations at the group level shall be limited to parent companies and subsidiaries both falling under the scope of the CSDDD. The Draft Wolters Report does not cover the fulfilment of due diligence obligations at the group level.

The due diligence obligations of the LkSG are also group-related. According to the definition of the LkSG, with respect to affiliated companies, the "own field of business" of a parent company that is in scope of the LkSG, shall include the operations of any group company on which the parent company exercises a determining influence. However, unlike the CSDDD, the LkSG does not explicitly provide for a parent company to fulfil the due diligence obligations for the entire group. According to the wording of the LkSG, it should rather be the case that, in addition to the parent company, the subsidiary can also be obligated, namely if the subsidiary itself exceeds the relevant thresholds of the LkSG and is thus an in-scope company.

5. Prioritisation of impacts and determination of appropriate measures to prevent potential adverse impacts and/or end actual adverse impacts on human rights and the environment (Art. 6a, and Art. 7 (1) subpara. 2 and/or Art. 8 (1) subpara. 2 CSDDD)

The Council's General Approach intends to strengthen the risk-based approach by amending Art. 6 CSDDD (mapping and in-depth assessment of adverse impacts) and introducing a new Art. 6a on prioritisation of adverse impacts. This prioritisation is based on the severity and likelihood of the adverse impact. In addition, the Council's General Approach explicitly integrates the principle of appropriateness, codifying how to determine appropriate measures to (i) prevent or mitigate potential adverse impacts and/or (ii) bring actual adverse impacts to an end.

These amendments proposed by the Council also would result in a further alignment of the CSDDD rules with the graded German supply chain due diligence and risk management obligations under the LkSG. The concepts of prioritising the impacts and determining appropriate measures is included in the Draft Wolters Report, too. It can be expected that this will be reflected in the final CSDDD.

Furthermore, the Council's General Approach – unlike the Draft Wolters Report – includes the possibility for companies not to terminate the business relationship if there is a reasonable expectation that the termination would result in an adverse impact that is more severe than the potential adverse impact that could not be prevented or adequately mitigated. Business relationships can also be maintained if no available alternative to a business relationship that provides a raw material, product or service essential to the company's production of goods or provision of services exists and the termination would cause substantial prejudice to the company (Art. 7 (7) and Art. 8 (8) CSDDD).

These changes proposed by the Council are in line with the considerations in the article "Supply chains and national interests – the EU Supply Chain Directive needs to be reviewed!" by White & Case partners Dr. Alexander Kiefner and Dr. Lutz Krämer (originally published in German in Börsen-Zeitung No. 214/2022 on 5 November 2022).

6. Combatting climate change and directors' duties (Art. 15 (originally Art. 25 and 26) CSDDD)

The Council aims at aligning the provision combatting climate change with the recently adopted Corporate Sustainability Reporting Directive ("CSRD"), which came into force on 5 January 2023. The Commission's proposal linked the variable remuneration of directors to their contribution to the company's business strategy and long-term interest and sustainability, and would be further strengthened with the amendments proposed by the Draft Wolters Report. However, the Council's General Approach deleted the provisions, reasoning that the directors' remuneration is a matter of corporate governance primarily falling within the competence of the company and its relevant bodies or shareholders. Instead, the Council's proposal requires companies (not directors) to put in place and oversee the actions required to fulfil the due diligence obligations in accordance with Art. 4 (1) CSDDD (cf. Art. 5 (3) CSDDD).

7.  Civil liability of companies (Art. 22 CSDDD)

The Council's General Approach amends the Commission's proposal on civil liability in order to achieve more clarity and avoid unreasonable interference with the Member States' tort law systems. It introduces the prerequisite of fault (intention or negligence). This new concept is not yet reflected in the Draft Wolters Report.

A company shall be liable for a damage caused to a natural or legal person, provided that:

• The company intentionally or negligently failed to comply with the due diligence obligations laid down in Art. 7 and Art. 8 CSDDD; provided the right, prohibition or obligation listed in Annex I is aimed at protecting the natural or legal person, and 
• As a result of such a failure, a damage to the natural or legal person's legal interest protected under national law was caused.

The civil liability of a company for damages arising under the Council's proposed new Art. 22 CSDDD shall be without prejudice to the civil liability of its subsidiaries or of any direct or indirect business partners in the company's chain of activities. When the damage is caused jointly by the company and its subsidiary, and direct or indirect business partner, they shall be jointly and severally liable without prejudice to relevant provisions of national law (cf. Council's new Art. 22 (3) CSDDD). Where the conditions for civil liability proposed by the Council's General Approach in its revised Art. 22 (1) CSDDD are met, the subsidiary may be held liable for damage caused, even if the relevant due diligence obligation was insufficiently fulfilled by the parent company on behalf of the subsidiary (cf. Council's new recital 16b).

Furthermore, the right of victims to full compensation has been included. However, the right to full compensation should not lead to overcompensation, e.g. by means of punitive damages. The safe harbour exclusion of civil liability for companies that seek contractual assurances from their indirect business partners as proposed by the Commission in its draft Art. 22 (2) CSDDD shall be deleted under the Council's General Approach.

Next Steps and Outlook

Based on the Council's General Approach, the CSDDD-Draft will now be negotiated by the Council presidency with the European Parliament in the so-called "trilogue" proceedings.

Given the opposing positions in the Draft Wolters Report and the Council's view, the outcome of the trilogue negotiations remains uncertain. It can be expected that the trilogue proceedings will aim at an alignment across the green deal legislation. Companies across Europe will watch to what extent the experiences with the LkSG in Germany will influence the negotiations at the EU level and will be incorporated into the final version of the CSDDD.

If the CSDDD comes into force as proposed by the Council, amendments of the LkSG will become necessary in order to adapt the German legislative framework to the new European regulation on supply chain due diligence. Which amendments to the LkSG may be required remains open, but it seems likely that at least the scope and the civil liability provisions in the LkSG will be amended.

In any case, companies will have to adapt further their compliance and governance systems in place to meet all new due diligence obligations stipulated in the CSDDD and its implementation law. Companies should consider taking steps now to assess their risks of adverse impacts, which could lead to financial penalties. 

_{White & Case means the international legal practice comprising White & Case LLP, a New York State registered limited liability partnership, White & Case LLP, a limited liability partnership incorporated under English law and all other affiliated partnerships, companies and entities.}

_{This article is prepared for the general information of interested persons. It is not, and does not attempt to be, comprehensive in nature. Due to the general nature of its content, it should not be regarded as legal advice.}

_{© 2023 White & Case LLP}