The European Union’s Draft Corporate Sustainability Due Diligence Directive (“CSDDD”) continues to generate ample attention and feedback. At its core, the proposed directive seeks to apply the due diligence formula of the UN Guiding Principles on Business and Human Rights to businesses based or operating in the EU, requiring them to: adopt due diligence policies, identify relevant human rights and environmental risks and impacts in their operations and supply chains (and maybe value chains), implement mitigating measures and evaluate the effectiveness of those measures, report publicly on their due diligence efforts, and adopt a grievance process that can be accessed by employees and affected stakeholders throughout the company’s supply chain. The law, once transposed by EU members, will help elevate human rights to a business imperative, as has now occurred with anti-corruption, compelling companies to integrate human rights considerations into their operational processes.

Key provisions of the CSDDD remain under active debate, generating unease and apprehension for companies, civil society organizations, foreign governments, academics, investors, and a range of other stakeholders. There is highly active public and private lobbying that the bill is too broad or too narrow, too vague or too specific, too onerous or unduly lax. A flurry of position statements, petitions, studies, and other documents are being put forward to support the varied positions.

The anxiety is somewhat misplaced. Not because the law won’t be momentous; it will apply directly or indirectly to nearly every significant company in the world, either because they will be covered by the CSDDD or they will be subjected to the diligence of a company that is. However, the concern seems to miss the obvious: mandatory due diligence in the EU is already here.

In fact, with comparably little fanfare, the EU has recently passed, or is about to pass, a handful of new legislation that mandate human rights due diligence and disclosure across a range of sectors.  These include:

• The Digital Services Act

Seeking to limit the spread of illegal content online, the DSA applies to hosting services, marketplaces, and online platforms that offer services in the EU. Very large online platforms must conduct a risk assessment, deploy mitigating measures, and conduct independent audits. In fact, the due diligence chapter of the DSA specifically recognizes systemic risks to fundamental rights arising from the systems and operations of covered providers.

• Conflict Minerals Regulation

EU importers of tin, tantalum, tungsten, and gold must ensure they use only responsible and conflict-free sources, accomplished through strong company management systems, identifying and assessing supply chain risks, designing and implementing a strategy to respond to identified risks, carrying out an independent third-party audit of supply chain due diligence, and reporting annually on supply chain due diligence. The regulation also indirectly affects around 500 smelters and refiners globally, because EU-based importers are required to identify these businesses in their supply chains and check whether they too have the correct due diligence practices in place.

• Deforestation Regulation

Covering seven major commodities, as well as some related derivatives and products, the law prohibits their sale to or export from the EU unless the products are deforestation-free, were produced in accordance with the law of the country of production, and are covered by a due diligence statement. Operators must conduct due diligence on each product and issue a statement confirming that diligence was undertaken and identifying by its coordinates each plot of land where goods originated.  Operators also must communicate their requirements to traders in order to gather information necessary to confirm that due diligence was carried out and that risks were not identified. 

• Sustainable Finance Disclosure Regulation

The SFDR requires that market participants make public how they adhere to responsible business conduct codes and internationally recognized standards for due diligence and reporting.  It further requires that financial market participants of a certain size publish on their websites their due diligence policies with respect to the principal adverse impacts of investment decisions on sustainability factors.  As the recitals to the SFDR make clear, the regulation provides that financial market participants and financial advisers should integrate into their processes, including in their due diligence processes, relevant financial and sustainability risks that might have material negative impacts on either the financial return of an investment or their advice.

• Corporate Sustainability Reporting Directive

Adopted late last year, the CSRD will replace the EU’s non-financial reporting directive. In addition to expanding the number of companies who must report, it specifically includes requirements for covered companies to report on their due diligence processes related to sustainability matters, including human rights, along with the “principal actual or potential” adverse impacts connected with their operations, business relationships, and supply chains. The reports must accompany financial reporting, and are subject to audit.

• Regulation of Batteries and Waste Batteries

On the cusp of becoming law, the batteries regulation requires that batteries of all types that are imported into the EU go through due diligence.  Companies must create a due diligence policy addressing social and environmental risks, which must be validated by an independent third party as to its existence and implementation.  Each battery also has to include a QR code where detailed information about the battery, including its sourcing and the third-party validation report, can be viewed.  Battery manufacturers must have a system of controls and transparency over the value chain, including chain of custody and traceability.

While each of these laws – as well as others – affirmatively requires human rights due diligence, additional laws both within and outside the EU strongly incentivize it.  For instance, the EU’s Regulation on Human Rights Sanctions, and its burgeoning Proposal for a Ban on Forced Labor Products, push companies to conduct human rights due diligence as breaches can result in significant operational and legal penalties. Similar such laws exist in North America and elsewhere.  And of course, laws in Germany, France, and Norway already have mandatory human rights due diligence provisions in the spirit of the CSDDD, on domestic levels.

To be clear, the CSDDD is likely to be the crown jewel of human rights due diligence laws, given its broad scope and contemplated civil liability provisions. But given the EU’s growing body of human rights due diligence laws, for many companies, the CSDDD will not be wholly novel, but rather supplement existing human rights due diligence requirements that the EU has quietly put in place.