What Should US Businesses Know About the New EU Sustainability Directives?

Starting in 2024, US companies operating within the European Union face new legal directives – the EU Corporate Sustainability Reporting Directive (CSRD) and the Corporate Sustainability Due Diligence Directive (CSDDD/CS3D)--that increase their need to engage in effective and on-going ESG and Human Rights Due Diligence across the whole of their production chains.

The comprehensive directives range from fair labor practices and environmental protections in house to mandates for safer working conditions and greener initiatives in supply chains and operations with third-party relationships. They provide much needed clarity about the liabilities companies face if they fail to comply, from financial fines to sanctions and prohibitions.

But, where does one start to ensure compliance with these new EU directives to avoid financial and reputational risk? In this article, we will dive into the key areas of the EU legislations and their impacts on US companies while highlighting what you can do to prepare, the benefits of compliance across the whole of your organization, and the risk of non-compliance and insufficient due diligence.

How does the Corporate Sustainability Reporting Directive (CSRD) update ESG rules?

The Corporate Sustainability Reporting Directive (CSRD) updates and fortifies rules regarding the environmental, social, and governance (ESG) data that small medium and large companies are now required to report.

According to the European Commission, the directives “ensure that investors and other stakeholders have access to the information they need to assess the impact of companies on people and the environment and for investors to assess financial risks and opportunities arising from climate change and other sustainability issues. Finally, reporting costs will be reduced for companies over the medium to long term by harmonising the information to be provided.”

How does the Corporate Sustainability Due Diligence Directive (CSDDD/CS3D) impact requirements?

The Corporate Sustainability Due Diligence Directive (CSDDD/CS3D) “would require companies to identify any environmental and social harms in their supply chains and ask to address them”, as well as asserting civil legal liability for companies that fail to take appropriate action (Financial Times, Feb 2024). It demands the transparency of all organizations with regards to due diligence and risk-management efforts, be it annual stability reports or creating easily accessible information online.

In tandem, the new directives will impose stricter privacy and data protection rules, enforce greater requirements for transparency in hiring practices, implement stronger mandates for safer working conditions, and levy tighter regulations on environmental impacts across the whole of one’s value chain.

MORE: Global spread of human rights due diligence continues with Japanese initiative

Key Areas of EU Human Rights Legislation

ESG and human rights legislation continues to grow across the whole of the European Union. The new laws comprehensively provide protection for EU residents, from data and privacy practices to labor practices and the environment.

In this section, we’ll review the previously in place EU initiatives and the new CSRD and CSDDD/CS3D directives and their establishment of a duty of care for corporate due diligence, monitoring, and reporting.

Privacy and data protection

The EU General Data Protection Regulation (GDPR), which went into effect May 2018, governs how an EU resident’s personal data is both processed and moved. It provides EU individuals protections from companies of all sizes and sectors.

Within the scope of the GDPR, personal data is defined as data the relates to an identified or identifiable living individual (including name, email, tax ID number, online ID, etc.), and the processing of data (actions that include collecting, recording, storing, and transferring data).

An accessible website is not enough to satisfy the GDPR, and companies not established in the EU may need to comply with this regulation if they process EU residents’ personal data. There is an exception for small businesses that occasionally process non-sensitive data.

US companies needing to comply must assign an EU compliance representative. If a company is not in compliance, they face fines up to 4% of their global annual revenue or 20 million euros—whichever is higher.

Non-discrimination and equal treatment

Like the US, the EU has laws enshrined in the EU Charter of Fundamental Rights (chapter 3) that prohibit discrimination against an individual, on any grounds, including: sex, race, ethnicity, sexual orientation, disability, age, religion, political affiliation, nationality, language, birth, etc.

A breach of one’s rights by a person or entity operating in the European Union will be handled by their relevant national authority or a specialized human rights body. Equal treatment under the law applies all individuals and refers to their access to and supply of goods and services.

Fair labor practices

EU labor laws define one’s rights and obligations as workers and employers, as it covers two main areas: 1) working conditions and 2) informing and consulting workers. Working conditions relates to working hours, part-time and fixed term work, and the posting of workers, whereas informing and consulting workers is about collective redundancies, transfers of companies, etc.

It provides more transparent and predictable conditions to protect the health of EU workers in a way that promotes sustainable economic growth. Fair labor practices ensure fair competition between businesses that is based on their products’ strength, not poor labor law standards.

Environmental protections

The EU has introduced an array of initiatives, initiatives, policies, and regulations directed towards sustainability in both consumption and production, to address the acceleration of climate change and demand for energy and resources. The plans range from sustainable consumer product creation to a plan for increased procurement of green goods in the public sector. The environmental initiatives aim for a climate-neutral, resource-efficient, and circular economy.

MORE: Why ESG risk should be the top of your due diligence agenda

Impacts on US Companies

The new EU CSDR/CSDDD directives retain to all businesses that operate in the global economy, whether they have a company based in the EU and/or have working relationships in their value chains that function within the EU.

To achieve compliance, businesses will need to thoroughly evaluate the entirety of their operations, meet due diligence requirements, create a plan to avoid the ramifications of adverse environmental and human rights infractions, and create compliant contracts/contract changes with all business partners.

Steps US companies can take to prepare for new directives

While the new directives have yet to be finalized to go into effect, US companies that fall into the categories that will require compliance show consider creating and implementing systems of due diligence now to avoid costly implementation delays in operations and the supply chain. Here are some steps to take now:

• Start by doing a thorough compliance review of your current policies and procedures for alignment with the new European Union regulations. Due diligence of your human rights, ESG, and third-party risk will strengthen your assessment of potential pitfalls or non-compliance.
• Take time to properly train staff about the specific details of the new compliance requirements and update your data management protocols to meet EU privacy standards.
• Make sure your business develops and engages in inclusive & equitable hiring practices, as well as internal promotion processes, across the whole of your global value-chain. All policies and protocols must meet the higher standards of the EU directives, moving beyond the current industry norms.
• Work to institute new due diligence processes that offer the needed level of transparency about and monitoring of your ESG and human rights impacts. Using a database like Nexis Diligence+ is a great first step for researching your third-party partners and protecting
• Ensure the company-wide adoption of greener supply chain and operations initiatives that fully meet the moment and comply with the new EU directives, from end-to-end. 

MORE: Financial crime is on the rise: Here’s how your company can be one step ahead

Benefits of compliance for US companies

Compliance with the new laws of the European Union have myriad benefits to help create, sustain, and grow globally successful businesses. Some of the greatest benefits include:

• The avoidance of costly fines and lawsuits: Non-compliance with the new corporate sustainability directives can cost you millions of dollars and/or your reputation.
• An appeal to European Union consumer values: Aligning your company’s environmental and human rights focus at a level that is the same or higher than that of your customer base shows you are engaged with the ethos and concerns of those you hope to serve. It also means growth of your consumer base and revenue streams.
• Attraction of top talent by showing your commitment to human rights: The creation and implementation of policies that request and require transparency about your company’s human rights records illustrates a culture of people who want to work for companies with a commitment to humans rights. When prospective employees clearly and easily see your commitments, they are more likely to apply to lend their talents to your efforts.
• Gaining of a competitive edge over companies who lag in their compliance: It can take years to implement or streamline due diligence, which can lead to operational and value-chain disruptions. Those with third-party relationships and due diligence practices already in compliance will be better positioned to avoid penalties, sanction and litigation and maintain a strong global reputational advantage. It allows you to be the ready to go, aligned with the local laws and the consumers who see your clear presence.
• The building of trust and credibility with stakeholders: Directives and their policies are the result of thoughtful proposal, negotiation, and passage through the EU government. By adhering to the hard-won policies and practices, your company shows a respect for the laws of the land and those who live there. When you support their efforts, they will support yours.

Risks of non-compliance for US Companies

The risks and consequential costs of non-compliance for US companies can be astronomical, delaying your potential business at best and shuttering your business, at worst. Risks cost time, money, social cache and achieve the opposite result of the above listed benefits.

They include but are not limited to:

• Substantial fines and penalties
• Lawsuits and legal action
• Reputational damage and loss of consumer trust
• Difficulty recruiting and retaining top talent
• Supply chain disruptions and loss of partners
• Competitive disadvantage compared to compliant companies

Keep up with efficient due diligence

Compliance with the EU ’s new sustainability reporting and due diligence directives regarding human rights is a must for US companies. While we know it can be an overwhelming and time-intensive process to do thorough, effective, and verified due diligence for proper reporting, following these best practices will ease the transition and lead you to long-term success in Europe.

Nexis Diligence+ is here to help: tailored specifically to power your companies’ unique due diligence and compliance needs. From our extensive databases and report tools to our all-in-one due diligence software, we can help you assess any potential risk from the people and third-party entities that interact with your business, while keeping your in compliance with the ever-evolving global legal landscape.  

Want to make sure you’re staying on top of your due diligence compliance with our updated 2024 Due Diligence Checklist.