In the realm of corporate law, board directors are bound by fiduciary duties of loyalty and care to both the company and its stockholders.[1] The interpretation of these duties, however, is national, even in the European Union, despite its efforts to harmonize corporation law across borders since 1968.[2] While the influence of Delaware law in American courts brings some uniformity to U.S. corporation law, European courts in member states only sporadically consider laws from other member states, even though doing so would encourage the common markets of Europe.[3] In practice, the advancement of EU law is left mostly to the commission.[4]

Lawmakers and judges in Europe have also hesitated to examine certain U.S. legal concepts that might benefit EU corporation law. The most notable exception is the business judgment rule, which gives management valuable leeway to run a company and is often applied in European case law.[5] In contrast to the United States, however, a narrow conception of board duties has led to weak corporate oversight in Europe.[6] Yet all this is about to change, thanks to the requirements of the EU’s Current Directive of Sustainability Reporting (CSRD).[7]

In this post, I address those requirements from the viewpoint of a director of a publicly traded company registered in the EU.[8] I argue that merely adhering to the business judgment rule is insufficient for European directors to meet their obligations under the CSRD, and that only by adopting U.S. oversight doctrine can they comply with the CSRD’s demands.

Disclosure Requirements of the CSRD

Under the CSRD, publicly traded companies must disclose their ESG (environmental, social and governance) data in a sustainability report.[9] The report consists of information about not only the impact of ESG matters on a company’s operations and financial condition, but also the impact of the company’s operations on the environment and society. The content of the information is further specified in the European Sustainability Reporting Standards (ESRS) issued by the EU Commission.[10]

The ESRS cover the full range of ESG issues, including climate change, biodiversity, and human rights. ESRS 1 (“General Requirements”) sets general principles for reporting information, and ESRS 2 (“General Disclosures”) specifies the essential information to be disclosed about each aspect of sustainability. ESRS 2 requirements are mandatory,[11] but disclosure of other (“specific”) standards and datapoints within them are subject to a materiality assessment.

However, the CSRD does not define what is material,[12] leaving it up to each company. In addition to materiality, the other relevant aspect of CSRD is its nature as a disclosure vehicle. In addition to the specific data called for in the ESRS, there is a transparency requirement that covers:[13]

• “the due diligence process implemented – – with regard to sustainability matters – -;
• the principal actual or potential adverse impacts – -,
• actions taken to identify and monitor those impacts, and other adverse impacts which the undertaking is required to identify pursuant to other Union requirements – – to conduct a due diligence process”.

Hence, the EU companies must disclose in their sustainability reports how they conduct their due diligence.[14]The procedure follows closely the model of the OECD,[15] but the CSRD regulates only the transparency of ESG matters. In principle, the CSRD does not require any particular due diligence process.

The Continuing Nature of Due Diligence in the CSRD

With regard to procedure, CSRD refers to the guidance provided by the UN and the OECD.[16] Due diligence is a continuous process, given that risks may change over time: “Due diligence is an on-going practice that responds to and may trigger changes in the undertaking’s strategy, business model, activities, business relationships, operating, sourcing and selling contexts” (ESRS 1 para 59).[17] In this respect, the procedure differs from the usual business due diligence, which often occurs case-by-case in, for example, the context of a transaction.[18] Thus, constant monitoring is required. Pursuant to the ESRS, the sustainability report shall disclose “- – whether and how the process [used to identify, assess, prioritise and monitor risks and opportunities] has changed compared to the prior reporting period, when the process was modified for the last time and future revision dates of the materiality assessment” (ESRS 2 para 53.h).

Moreover, based on the UN guidelines, it is clear that the risk of liability should not be absolute but fault-based. “Conducting appropriate – – due diligence should help business enterprises address the risk of legal claims against them by showing that they took every reasonable step to avoid involvement with an alleged human rights abuse.”[19]But, due diligence is not fulfilled by a mechanistic procedure: ”- – enterprises conducting such due diligence should not assume that, by itself, this will automatically and fully absolve them from liability for causing or contributing to human rights abuses.”[20] Hence, the engagement in due diligence must be proactive, with the focus on improvement. [21]

The Role of the Board in the ESRS

The ESRS disclosure obligations indirectly reflect the expectations for the directors and management carrying out their due diligence. The aim is, inter alia, to provide information on “how the administrative, management and supervisory bodies and senior executive management oversee the setting of targets related to material impacts, risks and opportunities, and how they monitor progress towards them” (ESRS 2 para 22.d).[22]

Even though the explicit requirement for director liability for the sustainability report is missing in the CSRD, the board is required to give a separate statement on whether the sustainability report satisfies the requirements imposed on it by the ESRS.[23] This duty can cause anxiety while the threat of ESG-related legal action is rising.[24] How can a director ensure its diligence in issuing such a statement? This must be considered in the light of the breadth and depth of the information requirements that the EU Commission has set forth in the ESRS. All in all, the ESRS comprise several hundred data points. Moreover, the board’s role is accentuated by the fact that the auditor is not required to verify the report as thoroughly as financial statements. Where the objective of the auditor’s report is reasonable assurance, the sustainability report is only a matter of limited assurance.[25]

U.S. Oversight Doctrine as a Benchmark

The open-ended nature of the CSRD leaves companies with lots of discretion in following the due diligence requirement and determining materiality. The lack of specificity is troublesome from the view point of a director trying to determine the measures necessary to ensure compliance and avoid liability.

 U.S. law offers a helpful model. The focus of the ESRS on the process of due diligence and the concept of materialityis similar to the obligations imposed on boards by the oversight doctrine. A recent example is the case of Marchand v. Barnhill,[26] In whichthe Delaware Supreme Court found that the board had breached its duty of loyalty by failing to establish a compliance system to monitor food safety. The company, Blue Bell Creameries USA, Inc made a single product (ice cream), hence “- – food safety was essential and mission critical” for its operations.[27] It was irrelevant that the company had procedures in place to ensure food safety in accordance with legal requirements. The board should have implemented procedures that would promptly inform it of safety problems. Moreover, the board should have overseen investigation and resolution of those problems. In short, the board was required to engage in the establishment, operation, and development of the system.^[28]

However, a company´s due diligence system is not expected to be perfect under the supervision of the board. It is sufficient for the board to believe in good faith that the system functions properly in relation to the risks and circumstances of the company. An appropriate compliance regime implemented in good faith by the board thus shields a board member from liability unless she knew or should have known of any fact or circumstance that would have required the adoption of a compliance measure to prevent or reduce the risk.[29]

In the realm of the CSRD, it would be a stretch to suggest that compliance with the U.S. oversight doctrine would be enough to prove that a board met its due diligence obligations. However, EU law can certainly benefit from the doctrine and its capacity for protecting directors, stakeholders, and the company itself.

Summary

The CSRD has established the first toehold for oversight duties within the EU. Recognizing that compliance is a crucial aspect ofdoing businesa board must ensure the proper establishment and efficient operation of due diligence Although the CSRD and the ESRS do not impose an obligation of a due diligence, the sustainability report must include detailed information on such an approach, and , the transparency requirements of EU`s financial institutions require sustainability disclosure of their own operations.[30] Unlike the application of the business judgement rule on a case-by-case basis, due diligence is a course of conduct that evolves with experience.

Since sustainability reporting is a board obligation, directors should also be responsible for due diligence. The CSRD transparency obligations in the ESRS also imply that the board should be in charge of due diligence, and the US oversight doctrine offers a helpful template.

ENDNOTES

[1] Inter alia, the G20/OECD Principles of Corporate Governance 2023, states that these are “the two key elements of the fiduciary duty of board members” (section V.A).

[2] First Council Directive 68/151/EEC of 9 March 1968 on co-ordination of safeguards which, for the protection of the interests of members and others, are required by Member States of companies within the meaning of the second paragraph of Article 58 of the Treaty, with a view to making such safeguards equivalent throughout the Community.

[3] On the convergence in European law, see generally, Thomas Wilhelmsson, Free Movement of Legal Ideas – Towards a Dynamic Europeanisation of Private Law. Hart Publishing, United Kingdom 2024.

[4] According to the Article 17.2 of the Treaty on European Union “Union legislative acts may only be adopted on the basis of a Commission proposal, except where the Treaties provide otherwise.” (Official Journal of the European Union, C 202/25, p. 25-26 (https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A12016M017; visited 4 September 2024). Of the impact of member state national laws to the substance of EU law, see, Allan Rosas, European Union Law and National Law: A Common Legal System? pp. 11-29, in: Katja Karjalainen – Iina Tornberg – Aleksi Pursiainen (eds.) International Actors and the Formation of Laws. Springer, Cham 2022.

[5] Adina Ponta – Radu N. Catană, The Business Judgment Rule and Its Reception in European Countries. The Macrotheme Review 4(7) 2015 p. 125-144. But, on a more cautious note, see Gerner-Beurle who underlines the risk that the meaning of a transplanted rule may remain distinct from the original. Carsten Gerner-Beurle, The Duty of Care and the Business Judgment Rule: A Case Study in Legal Transplants and Local Narratives pp. 220-241, in: Afra Afsharipour – Martin Gelter (eds.), Comparative Corporate Governance. Edward Elgar, Cheltenham 2021, p. 241. On the other hand, actual convergence has been achieved on the soft law field, particulary with the corporate governance code promoted by the G20 and the OECD. See OECD Corporate Governance Factbook 2023. OECD Publishing, Paris (file:///C:/Users/03113271/Downloads/6d912314-en.pdf; visited 8 July 2024).

[6] This is particularly evident in Sweden and other Nordic jurisdictions where public companies must have an executive management function as a separate organ with its own legal duties and liabilities. Despite being formally subordinated to the board, the executive management has far-reaching authority over the day-to-day business. See, e.g., Per Lekvall, Chapter III – A Consolidated Nordic Governance Model p. 78-81. In: Lekvall Per (ed.), The Nordic Corporate Governance Model. SNS Förlag. Stockholm 2014.

[7] Directive (EU) 2022/2464 of the European Parliament and of the Council amending Regulation (EU) No 537/2014, Directive 2004/109/EC, Directive 2006/43/EC and Directive 2013/34/EU, as regards corporate sustainability reporting.

[8] Besides the publicly traded companies, private companies fall also under the scope of CSRD if at least two of the following three criteria are exceeded: balance sheet of MEUR 20, turnover of MEUR 40 and average number of employees 250 (art. 3.7 of Directive 2013/34/EU of the European Parliament and of the Council on the annual financial statements, consolidated financial statements and related reports of certain types of undertakings, amending Directive 2006/43/EC of the European Parliament and of the Council and repealing Council Directives 78/660/EEC and 83/349/EEC).

[9] The obligation already applies to the largest companies in the financial year starting on 1 January 2024, and their reports will thus be published in 2025.

[10] Commission Delegated Regulation (EU) 2023/2772 of 31 July 2023 supplementing Directive 2013/34/EU of the European Parliament and of the Council as regards sustainability reporting standards.

[11] Currently there are ten specific standards: ESRS E1 – Climate, ESRS E2 – Pollution, ESRS E3 – Water and marine resources, ESRS E4 – Biodiversity and ecosystems, ESRS E5 – Resource use and circular economy), ESRS S1 – Own workforce, ESRS S2 – Workers in the value chain, ESRS S3 – Affected communities, ESRS S4 – Consumers and end users, and ESRS G1 – Business conduct. The Commisson emphasizes that climate change has wide-ranging and systemic impacts across the economy. Hence, if a company concludes that climate change (ESRS E1) is not a material, it has to provide a detailed explanation of this conclusion in its sustainability report. European Commission, Questions and Answers on the Adoption of European Sustainability Reporting Standards, 31 July 2023 (https://ec.europa.eu/commission/presscorner/detail/en/qanda_23_4043; visited 22 July 2024).

[12] Even the definition in Regulation (EU) 2023/1772 is indistinct (Annex II, Table 2): “Impact Materiality – A sustainability matter is material from an impact perspective when it pertains to the undertaking’s material actual or potential, positive or negative impacts on people or the environment over the short-, medium and long-term. A material sustainability matter from an impact perspective includes impacts connected with the undertaking’s own operations and upstream and downstream value chain, including through its products and services, as well as through its business relationships.”

[13] CSRD 1.4 art. amending 19a.2.f art. of the directive 2013/34/EU of the European Parliament and of the Council on the annual financial statements, consolidated financial statements and related reports of certain types of undertakings, amending Directive 2006/43/EC of the European Parliament and of the Council and repealing Council Directives 78/660/EEC and 83/349/EEC (later: Accounting Directive).

[14] See ESRS 2 para 51-62.

[15] See OECD Guidelines for Multinational Enterprises on Responsible Business Conduct, OECD Publishing, Paris 2023 p. 17 (note 15 of Commentary on Chapter II: General Policies).

[16] Thus, ESRS should be interpreted in consistency with “- – the UN ‘Guiding Principles on Business and Human Rights: Implementing the United Nations ‘Protect, Respect and Remedy’ Framework’ (‘UN Guiding Principles on Business and Human Rights’), the OECD Guidelines for Multinational Enterprises and the OECD Due Diligence Guidance for Responsible Business Conduct” (CSRD preamble point 31). This is also emphasized in ESRS 1 para 45.

[17] In the same vein, UN Guiding Principles on Business and Human Rights, para 17.c: “– – due diligence – – [s]hould be ongoing, recognizing that the human rights risks may change over time as the business enterprise’s operations and operating context evolve.”

[18] Robert McCorquodale – Cristina Blanco-Vizarreta, Guiding Principle 17: Human Rights Due Diligence pp. 126-136 in: Barnali Choudhury (ed.), The UN Guiding Principles on Business and Human Rights. Edward Elgar Publishing 2023, p. 132.

[19] United Nations, Guiding Principles on Business and Human Rights 2011 (HR/PUB/11/04) 2011 p. 19 (explanatory note to para 17).

[20] Ibid.

[21] Report of the United Nations High Commissioner for Human Rights: Improving Accountability and Access to Remedy for Victims of Business-Related Human Rights Abuse: The Relevance of Human Rights Due Diligence to Determinations of Corporate Liability’ (June 1st 2018) UN Doc A/HRC/38/20/Add.2 (A/HRC/38/20/Add.2) para 13, p. 4.

[22] In the passage “administrative, management and supervisory bodies” means a board of directors, inter alia (Annex II of the Regulation 2023/2772).

[23] Art. 4.2(c) of the Directive 2004/109/EC of the European Parliament and of the Council of 15 December 2004 on the harmonisation of transparency requirements in relation to information about issuers whose securities are admitted to trading on a regulated market and amending Directive 2001/34/EC [as amended by the CSRD]: “statements made by the persons responsible within the issuer, whose names and functions shall be clearly indicated, to the effect that, to the best of their knowledge – – that the management report – – is prepared in accordance with sustainability reporting standards – -.”

[24] See, Joana Setzer – Catherine Higham, Global Trends in Climate Change Litigation: 2024 Snapshot 2023. The Grantham Research Institute on Climate Change and the Environment 2024. (https://www.lse.ac.uk/granthaminstitute/wp-content/uploads/2024/06/Global-trends-in-climate-change-litigation-2024-snapshot.pdf; visited 26 July 2024).

[25] CSRD 1.13 art. amending art. 34.1 of the Accounting Directive. According to the preample 60 of the CSRD: “The conclusion of a limited assurance engagement is usually provided in a negative form of expression by stating that no matter has been identified by the practitioner to conclude that the subject matter is materially misstated. In a limited assurance engagement, the auditor performs fewer tests than in a reasonable assurance engagement. The amount of work for a limited assurance engagement is therefore less than for a reasonable assurance engagement.”

[26] Marchand v. Barnhill, 212 A.3d 805 (Del. 2019).

[27] 212 A.3d 805 (Del. 2019) at 824.

[28] See, e.g., Patrick J. O`Malley, Directors` Duties and Corporate Anti-Corruption Compliance. Edward Elgar Publishing 2021 p. 237–238.

[29] Of the oversight doctrine in general, e.g., Jennifer Arlen, Evolution of Director Oversight Duties and Liability under Caremark: Using Enhanced Information-Acquisition Duties in the Public Interest pp. 194-220 in: Martin Petrin – Christian Witting (ed.), Research Handbook on Corporate Liability. Edward Elgar Publishing 2023. The oversight duty was established in 1996 by the Caremark judgment, stating, inter alia: “- – a sustained or systematic failure of the board to exercise oversight — such as an utter failure to attempt to assure a reasonable information and reporting system exist — will establish the lack of good faith that is a necessary condition to liability.” In Re Caremark Intern. Inc. Deriv. Lit (698 A.2d 959 (Del. Ch. 1996)).

[30] The obligations of financial market participants are essentially based on Regulation (EU) 2019/2088 of the European Parliament and of the Council on sustainability-related disclosures in the financial services sector.

This post comes to us from Timo Kaisanlahti, a professor of practice in the Faculty of Law at the University of Helsinki.