What to expect from the EU’s CSDDD #2: Civil Liability and Litigation Risks

This blog is part of a series of in-depth overviews of aspects of the Corporate Sustainability Due Diligence Directive (CSDDD), which, after approval by the Council on 24 May 2024, will enter into force shortly. In this post, we spotlight civil liability and litigation risks under the CSDDD.

Civil liability regime

In addition to the public enforcement of its due diligence and reporting obligations, both EU and non-EU companies within its scope may face considerable liability risks. The central provision introducing a civil liability framework is Article 29, going beyond existing Member States’ supply chain legislation, such as the German Supply Chain Act, which lacks provisions for civil liability. 

Companies may be held liable for damage caused to a natural or legal person if they fail to comply with the CSDDD’s due diligence obligations to prevent or end adverse impacts (Articles 10, 11). These due diligence obligations do not only apply to the operations of a company and its subsidiaries, but also to business partners in the chain. Contrary to the proposal by the European Parliament, however, liability does not apply to all obligations under the CSDDD. Notably, the Directive itself does not provide for any liability associated with a company’s climate plan obligations under Article 22.

Civil liability can attach to a parent company or to a specific subsidiary within a group. A subsidiary might be held liable for damage, regardless of whether the due diligence obligations were supposed to be observed by the subsidiary or by the parent company on behalf of the subsidiary. If the damage is caused jointly by the company and its subsidiary, or direct or indirect business partners, they are jointly and severally liable.

Limitation periods for bringing civil liability claims must be at least five years and, in any case, should not be shorter than the limitation period under national civil liability rules. The limitation period shall not start to run before (i) the relevant infringement has ceased and (ii) the claimant knows or should reasonably be expected to know about the infringement, the harm caused by it, and the infringer.

The CSDDD mandates that the laws of Member States transposing the Directive’s liability regime are overriding and mandatory. These laws must apply even if the law of a third country would otherwise govern the claims (see Article 29(7)), including requirements as to who can bring a claim, the statute of limitations, and the disclosure of evidence. From a private international law perspective, this approach is remarkable, as it allows parties to bring a claim even if there is no equivalent liability under the law of the third country or if such claim had become time-barred under that law. 

Directors’ duty of care

Previous proposals of the CSDDD explicitly requiring directors to consider the sustainability impact of their decisions  or linking variable remuneration of directors to sustainability goals, have been removed in the final version. It is now left to the national laws of the Member States to determine the duties and liability of directors. The CSDDD remains relevant as  under national law  directors are generally responsible for ensuring that the company complies with legal requirements, including those of the CSDDD.

Role of NGOs and trade unions in civil litigation

The CSDDD introduces new procedural rules and guidelines for civil actions to ensure effective access to justice. Liability for violations of a company’s due diligence duties can be enforced in three ways: (i) individual actions by the injured party; (ii) authorisation of a trade union or NGO to file an action on behalf of injured parties; or (iii) a collective action if CSDDD violations fall within the scope of a Member State’s collective action regime. Enforcement can also take the shape of injunctive relief to put an end to certain activities. 

The CSDDD facilitates private enforcement by empowering trade unions and NGOs in a Member State to stand in for individuals who may be based abroad and/or lack the resources, knowledge, or motivation to initiate legal proceedings on their own (Article 29(3)(d)). The growing prevalence of supply chain-linked litigation (for example, in the United Kingdom) demonstrates that NGOs are often closely connected to damaged parties, and may be able to facilitate litigious actions more effectively than unrepresented groups. Where damage is caused to many people (e.g. all workers in a certain factory), there is scope under the CSDDD for a trade union or NGO to represent some or even all injured parties.

Whether and how claims of a group of injured parties can be brought collectively is subject to Member States’ national laws in the absence of a CSDDD-specific collective redress mechanism. Violations of the CSDDD do not fall within the scope of the Representative Action Directive 2020/1828, which is limited to infringements of certain EU consumer laws. However, Member States could incorporate CSDDD-related claims into their collective action mechanisms, which is already the case in some Member States. For instance, the German regime on representative actions covers all types of consumer civil claims and potentially covers violations of the CSDDD’s due diligence duties. In the Netherlands, the existing regime on collective actions is already an active forum for ESG-related claims. 

Disclosure risks

Under the CSDDD, companies may be ordered to disclose evidence to the claimant, provided the latter presents a reasoned justification with sufficient facts and evidence to plausibly support the damage claim and that additional evidence is under the control of the company (Article 29(3)(e) and Recital 83). Such (pre-action) disclosures, which are foreign to most EU civil law jurisdictions, are limited to what is necessary and proportionate to support a (potential) claim for damages. In determining whether a disclosure order is proportionate, courts shall consider the initial justification of the claim, the scope and cost of disclosure, and whether the evidence to be disclosed contains confidential information.

The (pre-action) disclosure regime under the CSDDD is mandatory, even if the law applicable to the claims is not the law of a Member State. Companies facing such disclosure requests should be aware of the risk of information spill-over from one case to another, even if these cases are dealt with in different jurisdictions.

Key takeaways

While companies will naturally focus first on setting up appropriate risk and compliance systems or aligning their existing systems with the CSDDD, the following should be kept in mind regarding the Directive’s private enforcement:

• Violating due diligence obligations under the CSDDD could trigger a company’s civil liability and/or actions for injunctive relief. Therefore, a company’s risk-based approach and the measures taken to identify, prevent, or mitigate potential adverse impacts should be carefully documented to demonstrate compliance with the obligations under the CSDDD. 
• Public statements, including the annual reporting on CSDDD compliance, could provide claimants and NGOs with relevant information to question the measures taken or to lodge disclosure requests. Supply chain litigation in the United Kingdom shows that public statements often form the basis of civil claims. 
• Litigation activities by NGOs, authorised by injured parties, are likely to increase, typically accompanied by litigation PR campaigns against the defendant. NGOs are already the driving force behind climate change and other ESG-related claims in Europe. Their close connection to law firms specialising in strategic ESG litigation and local contacts to potential victims gives reason to expect that civil actions under the CSDDD will primarily be brought by NGOs.