DIGITALEUROPE views on Corporate Sustainability Due Diligence (CS3D)
DIGITALEUROPE welcomes the opportunity to comment on the CS3D Proposal and is supportive of a common approach and level playing field at EU level on mandatory human rights and environmental due diligence. Companies within the digital technology sector recognise their significant responsibility regarding sustainable corporate behaviour, and thus welcome the European Commission’s efforts to foster a resilient economy based on sound corporate governance and sustainable supply chains. The aim should be to introduce an effective legal framework which is practical for companies to comply with and for national authorities to enforce. It would then support the political and strategic ambition of the Union to enact a global level playing field and showcase Europe as a global leader in responsible business conduct which DIGITALEUROPE endorses.
However, to realise this ambition, the current proposal should be modified to deliver an effective and implementable outcome. In this paper, we outline our key messages towards a successful realisation of the proposal:
- Decouple the due diligence duty from liability
- Better address internal market fragmentation
- Adopt a risk-based approach
- Ensure a level-playing field
- Improve clarity in definitions
- Limit civil liability to direct business relationships
- Ensure coherence with the CSRD and other pieces of sectoral EU legislation containing due diligence requirements (batteries, minerals, deforestation, eco-design/ESPR…)
- Recognise industry schemes
- Apply a practical approach for business which will need strong guidance to support implementation
- Do not attempt to solve everything in legislation
Key points & recommendations
1. Decouple the due diligence duty from liability
While we support the intention to promote human rights and the safety of workers as well as certain environmental impacts, it is important not to confuse the roles of companies and states. The division of responsibilities between the States responsibility to protect human rights and company’s responsibility to respect human rights must be embedded into any legislative initiative. Any due diligence duty must be based on existing international frameworks specifically the UN Guiding Principles for Business and Human Rights (UNGPs), OECD Guidelines for Multinational (OECD MNE Guidelines) and the ILO Tripartite Declaration.
Recommendation: De-couple the due diligence duty from the liability.
2. Better address internal market fragmentation
We recommend identifying provisions where there should be full harmonization. As currently drafted the draft Directive will not lead to a level playing field and risks the uniform functioning of the Single Market in this critical area. By allowing Member States (MS) discretion on the implementation (MS can explicitly maintain or adopt legislation which could go further than the Draft Directive), the draft Directive risks divergence and further fragmentation of the Single Market. In similar EU efforts like the Corporate Sustainability Reporting Directive (CSRD), it was observed that diverging implementation could create issues, which prompted its revision to include measures to harmonise reporting via common standards such as EFRAG.
Recommendation: Align the draft Directive fully around international standards such as the UN Guiding Principles on Business and Human Rights (UNGP), the OECD Guidelines for Multi-National Enterprises (Guidelines), OECD Due Diligence Guidance for Responsible Business Conduct as well as ILO core conventions. Clearly state and identify certain provisions of the Directive where Member States would not be able to introduce legislation that goes beyond what has been agreed at European level. Existing directives on consumer rights and unfair practices could be relevant in this context.
3. Adopt a risk-based approach
DIGITALEUROPE welcomes the fact that the draft Directive cites proven international standards such as the UNGPs and OECD Guidelines that have been adhered to by states, business, and civil society in addressing risks across supply chains over the more than a decade since their introduction. However, while the Directive cites these standards, it does not fully align with these standards that are in practice today and have proven effective. Legislation which is not fully aligned with these international frameworks can work to undermine their effectiveness and even lower the standards many companies already practice. Concrete improvements and actual risk prevention regarding human rights and environmental within supply chains call for pragmatic risk-based approaches rather than administrative checklists / compliance / reporting exercises.
Recommendation: Align fully with existing international standards and outline a riskbased approach to due diligence. Prioritization based on salient risks is a proven concept in conducting due diligence and helping business address the most salient risks to people and planet. There should be as little deviation as possible. A risk-based approach needs to be built into the proposed directive that is in line with the international standards (UNGPs and OECD MNE Guidelines). We understand that several of the key international standards have been in effect for over 10 years and thus may need stocktaking and upgrading to be fit for purpose. Thus, the EC should work closely with relevant inter-governmental organizations (OECD, UN, ILO) to ensure they are fit for purpose and reflect current due diligence best practice.
4. Ensure a level-playing field
We welcome the intention and efforts to ensure a level-playing field, however obligations should be agnostic of the country in which the enterprise is based and the size of the company to ensure a global level playing field. Specific support should be provided to SMEs for them to avoid unnecessary burdens.
Recommendation: To better achieve the goals of the proposal, a risk-based approach should be adopted and applied to all companies regardless of size.
5. Improve clarity in definitions
The draft Directive introduces several terms that are unclear, vague and do not provide legal clarity for companies. As many of these terms address business operations we suggest engagement with industry practitioners as crucial to ensure terms align with existing due diligence practices.
- The definition of ‘established business relationships’ introduces a relatively new concept into due diligence that needs to be improved and not expanded to enlarge the scope beyond what is currently understood within existing international frameworks (UNGPs, OECD MNE Guidelines). Much of this could be addressed by opting for a risk-based approach as outlined earlier.
- The definition of ‘value chain’ is too vague and not frequently applied in the field of human rights and environmental due diligence. Moreover, ‘value chain’ could be interpreted as including the end use of products which is extremely difficult to control and detracts from the identification and mitigation of salient risks in supply chains. Imposing ’policing’ requirements upon companies should be avoided, human rights and environmental impacts should be primarily addressed by governments. Company liability should be limited to only the most egregious violations.
- Current proposal is vague on “company” definition and does not clearly address the context of corporate groups and subsidiaries (e.g., would all due diligence obligations of the affiliated companies (of the parent company) in other Member States can be fulfilled by the parent company (on the basis of the respective national law).
Recommendation: instead of creating new definitions, rely on the definitions used in international frameworks and standards such as the UNGPs and OECD MNE Guidelines. An approach like the German Supply Chain Act should be followed, including the use of ‘supply chain’ over ‘value chain’ and limiting liability to the most egregious human rights violations.
6. Limit civil liability to direct business relationships
This would align with international standards.
Recommendation: Civil liability should be tied to something more than a mere failure to comply with Article 7 and 8. It should be some level of gross negligence or willful misconduct or willful omission that results in liability. For example, the OECD Guidelines have a clear distinction between harms “caused or contributed to” and “directly linked to”. Moreover the “failed to comply” standard in Article 22 leaves open the possibility that mere negligence in failing to identify an adverse impact would trigger liability. Given the challenges in the current draft Directive not limiting the scope of due diligence requirements (i.e., no risk-based discretion), along with the full “value chain” approach (which could result in large entities having several thousand suppliers in scope), it would be preferable and more implementable to apply a heightened negligence standard (e.g., gross negligence, or “knowing” violation – party knew or should have known of the failure).
7. Ensure coherence with the CSRD and other pieces of sectoral EU legislation containing due diligence requirements (batteries, minerals, deforestation, eco-design/ESPR…).
The relationship between the CS3D and these laws should be made much clearer.
Recommendation: Introduce strong sectoral guidance which will not only help achieve policy coherence at EU level but also help companies to comply with the rules.
8. Recognise industry schemes
Such as the Responsible Business Alliance (RBA) which help companies to comply with and go beyond legal obligations. DIGITALEUROPE welcomes the acknowledgement of industry schemes in the legal text of the draft proposal. However, the legislation needs to go a step further and recognise such schemes.
Recommendation: Build in a recognition tool to the legal framework like the EU responsible (“conflict”) minerals regulation whereby industry schemes apply for formal recognition by the EU. After the applications have been accepted, a risk assessment is undertaken based on OECD methodology and formal acceptance is in the form of an Implementing Act.
It should be noted that industry schemes should not be used as smoke screen by companies not to undertake due diligence.
9. Apply a practical approach for business which will need strong guidance to support implementation
Recommendation: guidance could be introduced on a sector-specific basis that looks at what the sector has built in terms of due diligence, whether the approach is effective and sufficient and what additional steps and measures could be introduced. Sectors should also be encouraged to go beyond the basic legal requirements.
10. Do not attempt to solve everything in legislation
It should be designed for a specific purpose but be accompanied by other measures such as collaborative partnerships.
Recommendation: encourage accompanying measures. For example, the minerals regulation focuses on importers of minerals and is accompanied by the highly successful European Partnership for Responsible Minerals (EPRM) which brings together governments, industry and civil society to help improve the conditions in conflict-affected and high-risk communities across the world, helping to deliver on the goals of the Regulation.
11. Articles 7 and 8
Contractual Duties and DD implementation – Articles 7 and 8 require seeking contractual assurances from direct partners. This should be done on a go-forward basis or on reasonable risk-based basis, from a legal perspective it is extremely difficult to amend contracts after the fact. Companies work with many suppliers, and it is unrealistic to expect companies to amend existing contracts wholesale to put in place contractual assurances especially given the financial burden that may result as these responsibilities and assurances cascade.
Articles 7 and 8 require companies to collaborate with other entities to address risks, but still comply with competition law. There should be clarification on what that collaboration means, and a safe harbour should be clearly outlined and incorporated. Otherwise, failure to collaborate due to fear of competition law violations could lead to liability under CS3D. Companies would then be put in a difficult position.
Companies should be allowed to use commercially reasonable efforts to verify compliance with contractual assurances. Given the number of suppliers that a company may work with, this could become quite costly and bring major administrative burdens.
Further clarification on what is meant by companies needing to provide support for SME where compliance with code of conduct or remediation plan would jeopardize the viability of the SME, so that larger companies can identify when they are required to engage. Moreover, companies do not have access to information regarding the viability of SMEs with whom they have entered into arrangements with. Companies will work collaboratively with SMEs but should not be required to subsidize SMEs who have engaged in systemic practices that cause supply chain and human rights risks.
Companies to terminate/suspend business with suppliers in certain situations. Often, suspension or termination is not in the best interest of the workers or communities affected by suppliers’ actions and companies want to engage in building capacity and continuous improvement. Further, in some instances there may only be one main supplier for a critical service or product and termination is not possible without significant business implications. As such, companies should be encouraged to assist their suppliers in improving practices and be given discretion to use their business judgement about suspending or terminating supplier relations, responsibly disengaging where necessary.
12. Oversight of company boards
We consider that oversight company boards should be included in the due diligence obligations as it is part of due diligence strategy.
13. Article 15
Article 15 is out of place in the legal body of the Proposal. It relates more to an environmental impact measure which is not really adapted to a due diligence framework. Article 15 seems to be inconsistent with the stated objectives of the Proposal. While our industry agrees with the importance of the Paris Agreement and we are working at great lengths to put it into practice, these are global objectives and cannot be imposed on individual companies in the form of legal obligations. A suggestion could be that encouraging companies to respect the Paris Agreement could be included in the preamble instead.
14. Complaints Procedure
A company should be given discretion to evaluate complaints and meet with complainants as reasonably appropriate. Forcing companies to meet with all complainants regardless of a complaint’s merit, risk or severity of issue may will motivate complainants to weaponize this requirement. This could lead to complainants filing complaints to interfere with a company’s operations merely to create added burden. Furthermore, there should also be clarification on what “appropriate follow-up” is in response to complaints. Again, companies should be allowed to use reasonable business judgment in how to follow-up complaints based on the merit of the complaint or severity of the risk raised.
DIGITALEUROPE looks forward to discussing the points raised in this position paper with all stakeholders.