The European Parliament recently adopted a resolution with recommendations to the European Commission for a directive on mandatory human rights, environmental and governance value chain due diligence. In parallel, the German Government has formally adopted the draft Act for a German Supply Chain Duty of Care Act. We examine both these developments below.

European Parliament’s draft directive

The European Parliament’s resolution recommending a draft text for an EU directive to the European Commission provides a strong steer on the direction of travel, although there are still many points of detail to be worked out.

What companies will be bound by the proposed law? 

According to the resolution, the directive should apply to all large undertakings (i.e. those exceeding at least two of the three criteria: EUR 20 million balance sheet total, EUR 40 million net turnover, 250 employees on average during the relevant financial year) and to publicly listed SMEs or high-risk SMEs. The European Commission would, in time, define what high-risk means by reference to sector and types of activities. The directive would apply to undertakings governed by the law of an EU member state or non-EU undertakings that operate in the EU’s internal market by selling goods and providing services.

What risks will the law address? 

The resolution calls on Member States to implement measures to ensure that companies conduct adequate due diligence in relation to human rights, environmental and governance risks. The notion governance risks requires further definition. So far, the proposal only refers to corporate non-compliance with anti-bribery and corruption laws and any tax laws which could have adverse impact on the good governance of a country, region or territory.

What level of due diligence will companies need to do? 

Due diligence should cover the whole value chain, direct or indirect business relationships, upstream and downstream. For example, companies would have to carry out a risk analysis, implement a due diligence strategy, ensure that their business partners carry out adequate due diligence (e.g. by means of framework agreements, contractual clauses, codes of conduct or certified and independent audits), engage with relevant stakeholders and establish adequate grievance mechanisms. Companies should also publish their due diligence strategy, which should be re-evaluated at least once a year. While some companies may already undertake such due diligence measures in line with commitments made under the UNGPs, undertakings will still need to revisit and reassess their approach to ensure it is fit for purpose once the new EU directive is close to implementation.

What are the consequences for non-compliance with the law? 

In contrast to the first draft published by the Legal Affairs Committee, the resolution recommends that Member States are required to ensure that a civil liability regime is in place, i.e., provisions to hold the company liable for infringements of applicable human rights, environmental and governance standards. The company can avoid liability if it can prove that it took all due care to avoid adverse impacts or that the harm would have occurred even if all due diligence measures had been observed. However, when introducing the liability regime Member States should ensure that the burden of proof is shifted to the defendant undertaking with regards to having control over the entity involved in the abuse. Member States will have to ensure that provisions of the directive transposed into domestic law allow for the application of the national liability regime with respect to proceedings.

Criminal penalties which were proposed in the first draft have now been removed. However, in respect to administrative fines, the resolution requires Member States to ensure that such fines are proportionate and calculated on the basis of a company’s turnover. According to the recitals, Member States are encouraged to impose administrative fines that are comparable to fines imposed for violations of competition and data protection laws. As a reference, under the EU Data Protection Regulation fines of up to EUR 20 million or up to 4 % of the worldwide annual turnover of a company can be imposed. Exclusion from public procurement, state aid or public support schemes, such as export credits are also potential sanctions that Member States may impose.

Government draft for a German Supply Chain Duty of Care Act

On the national level, the draft German Supply Chain Duty of Care Act has now been formally adopted by the German Government. The draft Act is expected to be passed as early as June. There have not been many substantive changes in relation to the earlier draft proposal (which we reported on in a previous blog post), but there is still some opposition within the government in particular with respect to obligations concerning indirect suppliers, rights-holders’ representation by NGOs and trade unions, the sanctions regime or civil lability.

Most of the due diligence obligations are limited to first tier suppliers. Due diligence for lower supply tiers only needs to be carried out if there was substantiated knowledge on a potential human rights or environmental violation. Pursuant to the amended explanatory materials to the draft Act, such substantiated knowledge is triggered if the company has verifiable and credible information about a violation by its indirect suppliers. Besides gaining such knowledge via grievance mechanisms, information on risks in a specific region where the supplier operates, or activities in risk-sensitive sectors should already suffice for these purposes. Since these criteria should often be met, it seems that the German law de facto expands the due diligence duties beyond first tier suppliers without explicitly saying so.

How do the proposed laws compare? 

The proposed directive goes beyond the obligations foreseen by the draft German Supply Chain Act and as well far beyond existing due diligence laws, such as the French Vigilance Law—given that it covers SMEs and governance risks alongside human rights and environmental risks.

We remain curious to see what the Commission’s official proposal – that is now expected to be published in June 2021 – will look like. EU Justice Commissioner Reynders has recently announced that the Commission’s draft would be more far-reaching than the German draft Act and in particular – with certain exceptions – would cover companies of all sizes, foresee a civil liability regime and would explicitly go beyond first tier suppliers. It is therefore expected that the Commission’s proposal will be very much in line with the resolution adopted by the European Parliament, which itself enjoyed strong support from members of the European Parliament. This may also mean the German Supply Chain Act, if passed, may have to be revisited and adapted in due course.

Although, companies are surely exposed to a lot of “homework” in order to comply with all these new obligations in the near future, it should be noted that last year over 70% of surveyed company representatives favored the introduction of EU-wide mandatory due diligence requirements, according to a study by the European Commission.