EU Supply Chain Directive

The Swiss business sector is already indirectly affected by Germany's Supply Chain Act (Lieferkettensorgfaltspflichtengesetz, LkSG). Recently, the European Union adopted its own supply chain directive, which in many aspects imposes more stringent requirements on affected companies than its German counterpart. The scope of this EU directive extends beyond that of the German legislation, encompassing additional organisations, including certain Swiss companies. These newly affected enterprises will require time to implement appropriate measures and ensure compliance with the directive's requirements.

EU Supply Chain Directive

The Corporate Sustainability Due Diligence Directive (CSDDD) was published in the Official Journal of the European Union on 5 July 2024 and entered into force on 25 July 2024. Member states have been given two years from this date to transpose the Directive into national legislation. The CSDDD marks a significant shift in regulatory approach: while previous legislation applied only to EU-based companies, these new rules extend to all non-EU companies of qualifying size that market their products within the EU.

Under the Directive, companies within scope must demonstrate due diligence throughout their supply chains regarding human rights and environmental impacts. Organisations may be held liable if they benefit from child or forced labour outside the EU or are found responsible for environmental violations. The Directive aims to foster sustainable and responsible corporate conduct by embedding human rights and environmental considerations into business operations and governance structures. These regulations seek to ensure that companies address adverse impacts of their activities across their supply chains, both within and beyond European borders.

The Corporate Sustainability Due Diligence Directive (CSDDD) introduces more rigorous requirements than the German Supply Chain Act in several key areas:

• Broader inclusion criteria encompassing more companies
• Extended due diligence obligations across the entire chain of activities or value chain
• New civil liability provisions for due diligence breaches
• Expanded list of protected interests.

From what size will a company be affected?

While the German LkSG applies solely based on a company's employee number within Germany, irrespective of turnover, the CSDDD introduces additional turnover thresholds. The EU Directive applies to EU companies (those established under the legislation of an EU member state) meeting the following criteria:

• Companies with more than 1,000 employees and net worldwide turnover exceeding EUR 450 million.
•  Parent companies meeting these thresholds on a consolidated basis including holding companies whose primary function is managing subsidiary interests. Holding companies may apply to the relevant supervisory authority for exemption from due diligence obligations if they ensure compliance by their next-tier operating company.
• Companies with franchising agreements with independent parties operating in the EU and which generate royalties above EUR 22.5 million and net worldwide turnover exceeding EUR 80 million. These thresholds apply across all business sectors.

Does the CSDDD also apply to non-EU companies?

The due diligence obligations extend to organisations established outside the European Union, with certain modifications. For non-EU companies, employee numbers are not considered; instead, the turnover thresholds (EUR 450 million, EUR 22.5 million or EUR 80 million) apply solely to revenue generated within the EU. Companies within scope must conduct due diligence across the entire chain of activities of all their products, as is the case for EU companies. Note that these non-EU organisations must appoint an EU representative to facilitate communication with supervisory bodies and receive any administrative penalties.

When will in-scope companies have to implement the Directive?

The Directive provides for a staggered implementation in three phases. Between its entry into force on 25 July 2024 and the start of the due diligence obligations, there will be various transition periods, the length of which will depend on the size of the company:

• Three years after entry into force, it will apply to EU companies with more than 5,000 employees and a net annual turnover above EUR 1.5 billion, as well as to non-EU companies with a corresponding turnover.
• Four years after entry into force, it will apply to EU companies with more than 3,000 employees and a net annual turnover above EUR 900 million, or non-EU companies with a corresponding turnover. This also applies to franchisors who generate more than EUR 7.5 million in franchise fees within the EU and EUR 40 million in worldwide turnover.
• A five-year implementation period applies to the remaining, smaller companies.

Although small and medium-sized enterprises (SMEs) are not directly affected by the law, they may be impacted indirectly, for example as suppliers to larger companies which are affected.

What measures need to be taken?

To fulfil their due diligence obligations in accordance with their risk profile, the companies directly affected must integrate these obligations into their corporate policy and implement appropriate measures to

• identify, assess and, where necessary, prioritise actual or potential adverse impacts on human rights and the environment,
• prevent or mitigate potential adverse impacts,
• halt, minimise and remedy actual adverse impacts.
• establish and maintain a reporting system and complaints procedure,
• monitor the effectiveness of strategies and measures for fulfilling due diligence obligations, and
• inform the public about compliance with due diligence obligations.

To ensure an effective company-wide due diligence system, management must consult with employees and their representatives (where applicable) before establishing a due diligence policy. This should include a due diligence strategy, a code of conduct for the company's employees, subsidiaries and business partners (both direct and indirect), and procedures for implementing due diligence, monitoring performance and disseminating the code of conduct among business partners. The company's procurement practices and policies are particularly significant. Importantly, the effectiveness of the value chain measures must be evaluated both annually and on an ad hoc basis using appropriate indicators. Due diligence obligations must be updated based on assessment outcomes if there are reasonable grounds to believe significant new risks of adverse impacts may have emerged.

Companies must implement suitable preventive measures. Suitability is determined by the extent of the company's contribution to the impact, its location within the activity chain, and the company's influence over the responsible business partner. Companies must endeavour to halt or minimise impacts proportionate to their severity and the company's involvement. If they are not immediately successful, a corrective action plan must be developed and implemented, if necessary in conjunction with industry or multi-stakeholder initiatives.

Risk situations and due diligence implementation must be monitored in accordance with Article 15 of the Directive. Compliance with due diligence obligations must be continuously documented internally, with records retained for five years. Companies must publish an annual report detailing their compliance with CSDDD obligations. These reports will be publicly accessible via the European Single Access Point (ESAP). Companies subject to the EU Directive on disclosure of non-financial information are exempt from submitting a CSDDD annual report.

Which areas of law are to be protected?

In addition to previously mentioned aspects, particular attention should be drawn to newly included obligations regarding chemicals, and those protecting biological diversity, endangered species, protected areas and marine environments. These reference international environmental agreements concerning:

• biodiversity protection under the Convention on Biological Diversity, the Cartagena and Nagoya Protocols,
• endangered species protection under the CITES Convention,
• chemical import and export under the Rotterdam Convention,
• production, consumption, import and export of controlled substances under the Montreal Protocol, annexed to the Vienna Convention for the Protection of the Ozone Layer,
• natural heritage protection under the Convention for the Protection of the World Cultural and Natural Heritage,
• wetlands protection under the Ramsar Convention,
• ship-source pollution under the Convention for the Prevention of Pollution from Ships (MARPOL),
• marine environment pollution from dumping under the United Nations Convention on the Law of the Sea.

What is meant by ‘chain of activities' or 'value chain’?

While the German LkSG primarily focuses on direct suppliers, including indirect suppliers only when there is 'substantiated knowledge' of violations, the CSDDD takes a broader approach.

Under the CSDDD, companies must prioritise information requests from business partners where adverse effects are most likely. This aims to reduce the burden of information requests on smaller businesses along the value chain. The value chain encompasses all activities related to goods production or service provision, including service or product development, use and disposal, as well as related activities of the upstream and downstream business relationships.

Due diligence obligations apply to all adverse human rights and environmental impacts which are generated by

• the company's own business activities,
• its controlled subsidiaries' business activities, or
•  business partners' activities within the business's activity chain, including indirect business partners, i.e. units with which the company has no contractual relationship but whose activities relate to the company's operations, products or services.

The concept of the value chain or chain of activities, comprising upstream and downstream elements, is therefore central to due diligence scope. Upstream activities encompass the production of goods or the provision of services, including product design, raw material production, procurement, manufacturing, transport, storage, delivery of raw materials, products or product components, as well as product or service development. Downstream activities involve the distribution, transport, storage and disposal of the product (including its disassembly, recycling, composting and landfilling), where the business partner conducts these activities directly or indirectly for or on behalf of the company. This scope is likely to extend to online distribution platforms and packaging service providers (co-packing). However, traders (such as supermarkets) are excluded as they do not work for the manufacturer but operate independently in the market.

Furthermore, EU companies of significant size and economic power (those meeting the aforementioned thresholds) will be required to develop transition plans and use their best endeavours to align their business strategy with the 1.5 °C global warming limit. The Directive also includes support measures for directly affected companies and indirectly affected SMEs. These measures include the development of dedicated individual or shared websites, platforms or portals and potential financial support for SMEs. The European Commission may adopt specific guidelines to support companies, including model contract clauses, and can supplement member states' support with new measures, such as assistance for companies in third countries (see tip below).

Companies failing to comply with due diligence obligations may face sanctions from the national competent administrative authorities. Injured parties will be entitled to seek legal redress for losses incurred due to due diligence failures.

To what extent are affected companies liable?

While the German LkSG does not introduce new civil liability for due diligence violations, the EU Directive explicitly provides for civil liability where due diligence obligations to prevent potential or halt actual adverse effects are breached. Importantly, liability extends beyond the company's own violations to include potential violations by subsidiaries and suppliers. Liability arises where

• adverse environmental and human rights impacts have occurred due to non-compliance with the aforementioned due diligence obligations, which would have been identified, avoided, mitigated, halted or reduced had due diligence obligations been observed,
• and damage has resulted.

A less stringent liability standard applies to indirect business partners where obligations regarding contractual implementation of due diligence have been fulfilled. However, this new civil liability provision must be transposed into member states' national law.

Tip: Potentially affected Swiss companies should ensure they maintain an effective compliance and control system. This involves first verifying the conditions for being affected and then examining whether and which measures or due diligence obligations are already incorporated within the company, for example through direct or indirect effect of Corporate Sustainability Due Diligence Directive (CSDDD). If no measures exist, the principles set out above should be observed, i.e.

• knowledge and assessment capability of all suppliers throughout the entire supply chain (direct or indirect business partners); keyword: risk analysis,
• contact with all suppliers requesting case-specific checks of their critical suppliers,
•  stablishment of internal responsibility for monitoring obligations, processing received information and maintaining regular control and reporting obligations.

These requirements apply throughout the entire chain of activities or value chain. Affected companies verify the origin of supplied goods, their manufacturing processes and environmental and climate impacts. When importing from developing countries, supply chain verification may present additional challenges.

For legal security in preparation for the new regulation's requirements, companies should implement a continuous and transparent risk management system.

EU Commission support: Various forms of assistance will be available before the new due diligence obligations become binding. The EU Commission will publish model clauses to facilitate agreement between companies within an activity chain regarding appropriate handling of human rights and environmental impacts. The Commission will also issue general and sector-specific guidance and recommendations for companies. Member states will provide support services for companies subject to due diligence obligations, their business partners and stakeholders. A central helpdesk set up by the Commission will serve as a contact point for companies.

Note: The German Supply Chain Act (LkSG) remains fully applicable.

Authors:
Gabriele Ochner, Rechtskonsulentin bei der Vereinigung Schweizerischer Unternehmen in Deutschland (VSUD),
Stefanie Luckert, Geschäftsführerin der Vereinigung Schweizerischer Unternehmen in Deutschland (VSUD)