Why Corporate America Should Pay Attention to the Proposed EU Directive on Corporate Sustainability Due Diligence

On February 23, 2022, the European Commission issued its long-awaited proposal for a Directive on Corporate Sustainability Due Diligence (the Proposed Directive). Under the Proposed Directive, large companies operating in the EU market must identify, prevent, and mitigate any actual or potential adverse human rights and environmental impact in their own operations, in their subsidiaries, and at the level of their established direct or indirect business relationships in their value chain. Adverse human rights and environmental impacts are keyed to violations of a long list of human rights and environmental obligations laid out in international conventions and declarations, irrespective of whether they are ratified or recognized in the jurisdiction in which the alleged violation takes place.

One of the most ground-breaking aspects of the Proposed Directive is its extraterritorial reach. Companies must monitor adverse human rights and environmental impacts not only by them and their subsidiaries, but also by entities that are part of their value chain and with which they have an established business relationship, in each case wherever incorporated or located.

In this post we focus primarily on the extraterritorial effects on U.S. companies, in part because of their relevance in global commerce and in part because of past controversies relating to the “Brussels effect” on U.S. business. To give a sense of the Brussels effect of the Proposed Directive, this table contains the list of conventions and declarations annexed to the Proposed Directive and notates what the position of the U.S. is in relation to each. But there is an additional reason to focus on the U.S., namely that the implications of this new piece of EU legislation for
American companies would be particularly intense, given the liability regime applying to their directors and how frequently derivative suits are brought there.

U.S. Companies Affected by the Proposed Directive

The Proposed Directive potentially affects various categories of American companies. Here are the main ones:

(i) U.S. Companies with Significant EU Business. First, if a U.S. company’s own, as opposed to its EU subsidiaries’, activities cross the threshold requirements (namely, if its net turnover within the EU is above €150 million, or above €40 million if it operates in critical sectors), the Proposed Directive will directly apply to it.

(ii) U.S. Companies in the Value Chain of a Company Subject to the Proposed Directive. Second, U.S. companies that are parts of the value chain of a company subject to the Proposed Directive (think of a manufacturer of auto components in the Rust Belt selling products to an EU carmaker) would be pressured by such company to comply with international conventions setting forth rules that are not otherwise present in the United States. Unlike other companies mentioned in this list, this category would encompass U.S. firms of whatever size, so long as they do business with, or are otherwise involved in the value chain of, affected European companies.

(iii) U.S. Parents of an EU Subsidiary Subject to the Proposed Directive. Third, whenever one or more of the European subsidiaries of a U.S. parent meet the quantitative turnover and employment criteria and are therefore subject to the Proposed Directive, the U.S. parent would be affected as well, as the next section explains. In this post, we focus mainly on this case, considering how U.S. multinationals are structured.

The Impact on U.S. Parents

The most striking implication for U.S. multinationals is that, if an EU subsidiary of a U.S. parent is subject to the Proposed Directive (the “CSDD Subsidiary”), the parent itself is effectively subject to it, albeit indirectly.

More precisely, the Proposed Directive affects a U.S. parent company in two ways. We have already mentioned the first one: The U.S. parent must have safeguards in place for purposes of the Proposed Directive also as to the ways it conducts its own business so long as its business is part of the value chain of the CSDD Subsidiary. An action of the parent contrary to the underlying international conventions might reverberate downstream and cause a compliance failure at the CSDD Subsidiary. Think for example of Amazon U.S.’ labor practices, which may fail to meet the stricter labor law requirements under some of the conventions listed in the annex to the Proposed Directive (for example, the right to organize or bargain collectively bargain. Amazon labor practices in the United States might affect its EU subsidiaries’ compliance with the Proposed Directive: If such practices were deemed to have a material human rights impact, its CSDD Subsidiaries would face sanctions (which would ultimately affect the U.S. parent, as explained immediately below).

Second, a failure by a CSDD Subsidiary (including the failure just described) to comply with the Proposed Directive would reverberate upstream, especially if such failure gave rise to losses for the CSDD subsidiary resulting from the enforcement system of the Proposed Directive, which contemplates both administrative sanctions and civil liability. All such losses would be consolidated by the U.S. parent and might be litigated as Caremark claims in the United States. Caremark is the standard for director oversight duties under Delaware law: It requires taking proactive measures to facilitate compliance and to detect, mitigate, and remedy any failure. While Caremark claims require evidence of bad faith and, therefore, seldom succeed, Caremark litigation has in recent years experienced a surge in cases finding for the plaintiffs, including the recent Boeing case. Given how frequent derivative litigation is in the United States, the due diligence duties of the Proposed Directive may, strikingly, have even more bite for U.S. companies than for their EU peers.

One stimulating question in this area then becomes whether Caremark duties applicable to the parent directors will morph over time to adapt to the potentially more taxing oversight duties under the Proposed Directive. Consider that the nature of the EU due diligence obligations themselves implies that the U.S. parent will have to monitor, in connection with its oversight function to escape or minimize Caremark liability, that its CSDD Subsidiaries have all the procedures in place to fulfil the due diligence requirements under the Proposed Directive. Hence, to adequately exercise its oversight duties the U.S. parent will have no choice but to essentially engage in the same due diligence that the CSDD Subsidiary is directly responsible for; failure to do so may trigger Caremark liability. One can see how procedural duties set once and for all by the EU legislature could potentially reshape the very contours of fiduciary duties of directors of a Delaware corporation. From a different angle, while on paper the Proposed Directive seems not to clash with the internal affairs doctrine by limiting to EU companies the express duties it otherwise imposes on directors (see Article 25), if a U.S. firm does business in Europe via (CSDD) subsidiaries, it is de facto subject to the same duties.

And that is not all: Not only would a U.S. parent have to monitor its CSDD subsidiary’s compliance with duties arising from the Proposed Directive, but it would also have to comply with such duties itself if it qualifies as having an existing business relationship in such subsidiary’s value chain.  Notice that this might have instant repercussions once the implementing measures by the EU Member States come into force, because if the parent’s work-practices on labor rights amount to a violation of an underlying international convention (as is likely the case for U.S. companies because of looser U.S. labor law), such practices would represent an actual adverse impact for purposes of the Proposed Directive.

A couple of important caveats. First, as  Mariana Pargendler and Alessio Pacces have pointed out, the Proposed Directive provides that the relevant thresholds be calculated on a stand-alone basis and not on a consolidated one. Thus, the current text offers a relatively easy opportunity for firms to avoid the Proposed Directive: It would suffice that they divide their operations into separate entities, none of which crosses the applicable thresholds. If the Proposed Directive is to have any bite, this apparent loophole will clearly have to be closed in the next phases of the legislative process.

Second, like all analyses to date on the Proposed Directive, ours deals with an incomplete picture. Crucial pieces, such as the size of sanctions and the effectiveness of enforcement, are left for Member States to determine. If expected penalties are substantial, then the Proposed Directive will have significant bite as described throughout this post. On the other hand, if companies expect to face low penalties or weak enforcement, the Proposed Directive will have an immaterial impact on how business is structured and conducted. Only time will tell if Member States will race to the bottom with respect to corporate sustainability due diligence.

Conclusion

By indirectly imposing the EU-accepted standards on a number of key areas of a firm’s operations, including environmental obligations and worker rights imposed on any firm that is part of an EU-connected value chain, the Proposed Directive would expand the extraterritorial reach of EU law to areas that are both highly politically sensitive and key to any country’s choices on how to ensure its firms’ international competitiveness. Firms doing business with EU companies might face a choice: Either stop doing business with those companies or make sure to adapt their own work practices and policies to the EU standards. The European Commission’s approach here is much more aggressive than the celebrated extraterritorial reach of the General Data Protection Regulation. After all, technology companies are free to maintain different privacy arrangements outside the EU, as many of them, including giants such as Amazon (as Jens Frankenreiter reports), have done. On the contrary, by design, the Proposed Directive would require adaptation to EU standards across the globe by any firm that wants to be part of the value chain of any large company operating in the European market (i.e., the largest trade area in the world).

The European Commission’s intentions are unquestionably good: Most people sharing the values of liberal democracies will consider the rights it aims to protect as quintessential to the very concept of human dignity. Yet, the Proposed Directive attempts to de facto impose Europe’s values and political preferences on the ways business should be transacted practically in every other country, an aspiration that looks particularly precarious given the nationalistic trend in current geopolitics. Even if one accepts that this would be a positive development, one cannot ignore how ambitious it is. At a minimum, because the devices and mechanics of how to achieve its underlying goals are novel and untested, several aspects of the Proposed Directive will require careful assessment and refinement.

This post comes to us from Luca Enriques, a professor of corporate law at the University of Oxford, and Matteo Gatti, a professor of law at Rutgers Law School. A version of this post appeared on the Oxford Business Law Blog, here.