As we previously reported, the European Commissioner for Justice committed to develop legislation by 2021 that would require European companies to carry out environmental and human rights due diligence in their supply chains. A new draft report from the European Parliament Committee on Legal Affairs fills in many details and includes a draft directive—a proposal for the legislation.
As anticipated, the draft directive is largely based on the United Nations Guiding Principles on Business and Human Rights (UNGPs). Entities that have already implemented diligence procedures in accordance with the UNGPs will be subject to only marginal additional diligence burdens in “environmental and governance risks in their operations and business relationships.”
Article 4 of the draft directive contains the crux of the actual diligence requirements. The directive uses the EU concept of “undertakings”: entities performing an economic activity. Using this concept, once a supply-chain risk is identified, the undertaking (i.e., the entity) must establish a due diligence strategy that “shall”:
- Specify the risks that the undertaking has identified as likely to be present in its operations and business relationships and the level of severity and urgency thereof;
- Publicly disclose detailed, relevant and meaningful information about the undertaking’s value chain, including names, locations, and other relevant information concerning subsidiaries, suppliers and business partners in its value chain;
- Indicate the policies and measures that the undertaking intends to adopt with a view to ceasing, preventing or mitigating those risks;
- Set up a prioritisation policy for cases in which the undertaking is not in a position to deal with all the risks at the same time. Undertakings shall consider the level of severity and urgency of the different risks present, the scope of the risks, their scale and how irremediable they might be, and if necessary, use the prioritisation policy in dealing with these;
- Indicate the methodology followed for the definition of the strategy, including the stakeholders consulted.
Undertakings shall also:
- Make all reasonable efforts to identify subcontractors and suppliers in their entire value chain.
- Indicate how their due diligence strategy relates to and integrates with their business strategy, their policies, including purchase policies, and procedures.
- Ensure by means of contractual clauses and the adoption of codes of conduct that their business relationships put in place and carry out human rights, environmental and governance policies that are in line with their due diligence strategy.
- Regularly verify that subcontractors and suppliers comply with their due diligence obligations.
Even entities with UNGP-compliant diligence procedures, though, will note a significant increase in the level of scrutiny from both regulators and external stakeholders. Entities are required to consult with stakeholders, including trade unions, when establishing, implementing, and reviewing their diligence strategy; and the final strategy must then be made public and communicated to employees and business partners. Diligence strategies must contain a grievance mechanism, and Member States are required, among other things, to designate competent authorities that then have the power to investigate whether diligence undertakings comply with the directive.
The draft directive also makes good on the Commissioner of Justice’s commitment to establish civil and criminal penalties for noncompliance. Member States are required to promulgate “effective, proportionate, and dissuasive” penalties, including criminal penalties if the violation is “committed intentionally or with serious negligence.” The directive does not, however, provide for liability for any third-party harm. That is left entirely to national law.
Article 11 clarifies that responsibility and therefore liability are collective: “Member States shall ensure that the members of the administrative, management and supervisory bodies of an undertaking, acting within the competences assigned to them by national law, have collective responsibility for ensuring that the due diligence process and the undertaking’s business decisions, including remuneration policies, are consistent with this Directive.”
Although publication of the draft report and draft directive is a significant step, it is still early in the overall process. The draft report has already garnered 818 proposed amendments: from setting an application floor based on a minimum number of employees to eliminating some of the grievance requirements to eliminating the mandatory nature of the directive altogether. The draft report must be sent to the entire European Commission, as well as the Council of Ministers and the Member States. The commission will assess the draft directive in light of the proposed amendments and submit a formal legislative proposal, which will then be debated by both the EU Parliament and the council. And once finalized, the directive requires only that Member States transpose the relevant obligations into national law within two years of the directive entering into force.
That said, now is the time to prepare for the directive to take effect. Indeed, some states may move quicker and pass legislation before they are required to do so.
Two steps companies operating in Europe can and should take right now, coordinating between compliance, legal, and corporate social responsibility, are:
- Conduct a comprehensive audit to identify and address human rights, environmental, and corporate governance risks and opportunities.
While reviewing your internal processes and procedures, take an honest and careful look at your suppliers. Do any of them present an actual or potential risk? Do they have adequate procedures in place to address human rights, environmental, and corporate governance compliance? Under Article 4, a company’s risk assessment must be “proportionate and commensurate to their specific circumstances, particularly their sector of activity, the size and length of their supply chain, the size of the undertaking, its capacity, resources and leverage.”
- Extend your internal compliance efforts to your third-party suppliers.
It is critical to begin tracking and monitoring supply-chain activities that could give rise to responsibility and liability under the draft directive. Not knowing will not be a defense to enforcement. On the flip side, knowing will help you prioritize your diligence and compliance efforts (as required under Article 4). Consider getting attestation to your internal policies, including third-party suppliers in internal compliance trainings, and giving suppliers access to your whistleblower hotline or other internal grievance reporting mechanism. Keep good records of all of these efforts to show in any future investigations or enforcement actions.
The EU is pushing forward with its human rights, environment, and corporate governance supply-chain diligence requirements. Whatever form they eventually take at the EU and the Member State levels, now is the time to prepare.
Risk Definitions
“Risk” is defined as “a potential or actual adverse impact on individuals, groups of individuals and other organisations in relation to human rights, including social and labour rights, the environment, and good governance.”
“Human rights risk” is defined as “any potential or actual adverse impact that may impair the full enjoyment of human rights by individuals or groups of individuals in relation to internationally recognized human rights, understood, at a minimum, as those expressed in the International Bill of Human Rights, the United Nations human rights instruments on the rights of persons belonging to particularly vulnerable groups or communities, and the principles concerning fundamental rights set out in the ILO Declaration on Fundamental Principles and Rights at Work, as well as those recognised in the ILO Convention on freedom of association and the effective recognition of the right to collective bargaining, the ILO Convention on the elimination of all forms of forced or compulsory labour, the ILO Convention on the effective abolition of child labour, and the ILO Convention on the elimination of discrimination in respect of employment and occupation. They further include, but are not restricted to, adverse impacts in relation to other rights recognised in a number of ILO Conventions, such as freedom of association, minimum age, occupational safety and health, and equal remuneration, and the rights recognised in the Convention on the Rights of the Child, the African Charter of Human and Peoples’ Rights, the American Convention on Human Rights, the European Convention on Human Rights, the European Social Charter, the Charter of Fundamental Rights of the European Union, and national constitutions and laws recognising or implementing human rights.”
“Environmental risk” is defined as “any potential or actual adverse impact that may impair the right to a healthy environment, whether temporarily or permanently, and of whatever magnitude, duration or frequency. These include, but are not limited to, adverse impacts on the climate, the sustainable use of natural resources, and biodiversity and ecosystems. These risks include climate change, air and water pollution, deforestation, loss in biodiversity, and greenhouse emissions.”
“Governance risk” is defined as “any potential or actual adverse impact on the good governance of a country, region or territory. These include, but are not limited to, non-compliance with OECD Guidelines for Multinational Enterprises, Chapter VII on Combatting Bribery, Bribe Solicitation and Extortion and the principles of the OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions and situations of corruption and bribery where an undertaking exercises undue influence on, or channels undue pecuniary advantages to, public officials to obtain privileges or unfair favourable treatment in breach of the law, and including situations in which an undertaking becomes improperly involved in local political activities, makes illegal campaign contributions or fails to comply with the applicable tax legislation.”