EU Legislation Affecting Supply Chain Management

The way companies conduct business is changing. Legislation is tightening regulations all over the world. The EU has produced over 50,000 laws and directives in 25 years applicable to the Eurozone, and these regulations continue to get more complex. 

Directive on Corporate Sustainability & Due Diligence

On February 3, 2022, the European Commission adopted a proposal for a directive on corporate sustainability due diligence. The proposal aims to foster sustainable and responsible corporate behavior throughout global value chains. Companies play a key role in building a sustainable economy and society. They will be required to avoid adverse impacts of their operations on human rights such as child labor and exploitation of workers, and on the environment such as pollution and biodiversity loss.

This directive will be applicable to EU and non-EU companies working in the Eurozone and includes:

• EU Companies Group 1 - All EU limited liability companies of substantial size and economic power (with 500+ employees and EUR 150 million+ in net turnover worldwide).
• EU Companies Group 2: Other limited liability companies operating in defined high impact sectors that do not meet Group 1 thresholds but have more than 250 employees and a net turnover of EUR 40 million worldwide. For these companies, rules will start to apply 2 years later than for group 1.
• Non-EU Companies - Active in the EU with turnover threshold aligned with Group 1 and 2, generated in the EU.
• Small and Medium Enterprises (SMEs) - Not directly in the scope of this proposal.

The primary objectives are as follows:

Citizens

• Better protection of human rights, including labour rights
• Healthier environment for present and future generations
• Products and services made in a sustainable way
• Increased trust in business
• More transparency and informed choices
• Better access to justice for victims

Businesses

• Harmonized framework in the EU creating legal certainty and a level playing field
• Greater customer trust and employees’ commitment
• Greater awareness of negative impacts
• Better risk management (including reputational risk) and adaptability
• Better access to finance

Developing Countries

• Better protection of human rights and the environment
• More awareness about sustainability issues
• Sustainable investment
• Improved living conditions for people

The rational for the legislation is, in part, answered by the Economist Impact Survey data that shows ESG regulation to be to be both positive and negative for companies. While keeping up with an ever-evolving landscape, uncertainty is named the top challenge and compliance with ESG is one of the key focus areas. This is closely followed by an increased diversification of funding sources with new investors and customer acquisition and retention.

Human Rights & Environmental Due Diligence Laws

In addition to the new directive, the EU is proposing mandatory Human Rights and Environmental Due Diligence laws based on the publication in late February of 2022 by the European Commission. The Proposal for a Directive on Corporate Sustainability Due Diligence (the “Proposed Directive”) follows a March 10, 2021 European Parliament resolution calling for the adoption of such rules.

The proposed directive represents the first proposed imposition by the Commission of a general human rights and environmental due diligence obligation for companies across their global value chains. Organizations need to be aware that this new law will carry costly penalties for companies and company directors for non-compliance, as well as a civil liability regime to allow victims to sue companies in relation to harm which occurred due to the company’s failure to comply with due diligence obligations.

The Proposed Directive will apply to all EU companies meeting either of the following thresholds:

• Entities with more than 500 employees on average and a net worldwide turnover of more than EUR 150 million in the last financial year (Article 2.1(a)); and
• Any other entities with more than 250 employees on average and a net worldwide turnover of more than EUR 40 million in the last financial year, provided that at least 50 percent of this net turnover was generated in certain “high-impact” sectors, including textiles, agriculture, forestry, fisheries, the manufacture of food products, and mineral resources (including oil, gas and coal) (Article 2.1(b)).

Non-EU companies with significant operations in the EU will also be impacted by this proposed legislation.

The proposed directive applies to third-country companies which generated a net turnover in the EU in the financial year preceding the last financial year of:

• More than EUR 150 million (Article 2.2(a)); or
• More than EUR 40 million but less than EUR 150 million, provided that at least 50 percent of the company’s net worldwide turnover was generated in one of the high-impact sectors described above (Article 2.2(b)).

The principal aims of the proposed directive considers adverse impacts on:

• Human rights, resulting from the violation of one of the rights or prohibitions under the international human rights agreements listed in Part I of the Annex to the Proposed Directive (including the International Covenant on Civil and Political Rights, the Universal Declaration of Human Rights, and the International Covenant on Economic, Social and Cultural Rights); and
• The environment, resulting from the violation of one of the prohibitions or obligations under the international environmental conventions listed in Part II of the Annex to the Proposed Directive (including the 1992 Convention on Biological Diversity, the Convention on International Trade in Endangered Species of Wild Fauna and Flora, the Basel Convention, and the Montreal Protocol).

The EU will require organizations to:

• Integrate human rights and environmental due diligence into all their corporate policies, and have in place a due diligence policy, which must be updated annually (Article 5);
• Identify actual or potential adverse human rights and environmental impacts arising from their own operations or those of their subsidiaries, as well as from their “established business relationships” across their value chains (Article 6):
  • “Established business relationships” are a company’s direct or indirect relationships with contractors, subcontractors or other entities: 
    • With which the company has a commercial agreement or to which the company provides financing or insurance.
    • That perform business operations related to the company’s products or services for or on behalf of the company, provided the relationships are lasting in view of their intensity or duration and not a negligible or merely ancillary part of the company’s value chain (Article 3).
• Prevent and mitigate potential adverse impacts, and bring actual adverse impacts to an end, while minimizing their extent (Articles 7 & 8).
• Establish and maintain a complaints procedure, allowing persons and organizations (including trade unions or civil society organizations) to submit complaints where they have legitimate concerns regarding actual or potential adverse human rights or environmental impacts (Article 9).
• Monitor the effectiveness of their due diligence policy and measures, as well as those of their subsidiaries and established business relationships, at least once every 12 months (Article 10).
• Publicly communicate on due diligence, including by publishing on their website an annual statement in a language customary in the sphere of international business, by no later than April 30 each year (Article 11).^[2]

Some additional obligations complement the due diligence requirements including:

• The adoption of a plan to ensure that the company’s business model and strategy are compatible with limiting global warming to 1.5°C in line with the Paris Agreement (Article 15.1).
• Include emission reduction objectives in the company’s plan, where climate change is or should have been identified as a principal risk or impact of the company’s operations, (Article 15.2).
• Recognition of a director’s contribution to the fulfillment of the above obligations when setting directors’ variable remuneration (Article 15.3).

The proposed directive will require member states to lay down rules governing the civil liability of companies for damages arising from a failure to carry out adequate due diligence. It is further stipulated that civil liability will arise even where the law applicable to the relevant claim is the law of a non-EU State.

A company will not be held liable as regards damages occurring at the level of an indirect business relationship if the company:

• Sought contractual assurances to ensure compliance with the company’s policies and action plans (including through contractual cascading), and
• Put in place appropriate measures to verify compliance.

However, these actions will not shield the company if it was unreasonable to expect that the action taken would be adequate to address the adverse impact.

A company’s liability will further be assessed taking into account the company’s:

• Efforts to comply with any remedial action required of it by a national supervisory authority.
• Investments made and support provided to other entities to address adverse impacts in its value chains.

Companies will be given a reasonable time to remedy non-compliance before sanctions are imposed. Sanctions may include:

• Fines proportionate to a company’s turnover.
• Orders to cease or abstain from repeating conduct.
• Orders to undertake remedial action.
• Interim measures.

Member states may choose to provide for additional types of sanctions, such as exclusion from public procurement, which if implemented must be published.

Communication on Decent Work Worldwide

The adoption of the proposed directive coincided with other important developments in the EU ESG space. Also on February 23, 2022, the Commission published its Communication on Decent Work Worldwide, promoting decent work in global value chains and reaffirming the EU’s commitment to eliminate child labour and forced labour—including, at a later date, a proposal to ban products made by forced labour from entering the EU. This was followed, on February 28, 2022, by the EU Platform on Sustainable Finance publishing its Final Report for the development of a social taxonomy, spelling out what constitutes a “social” investment (in the same way as has been done in the case of environmental investments under the EU Taxonomy Regulation).

The Proposed directive will then be examined by the European Parliament and by the Council. The speed of adoption will depend, among others, on the extent of discussions on amendments. If adopted, the Proposed Directive gives Member States two years to transpose the Directive’s obligations on large companies into their national laws, and another two years in the case of the obligations relating to the smaller “high risk” companies.

The main EU directives remain which set the framework for public procurement are the Directive 2014/24/EU on public procurement a general directive and the Utilities Directive 2014/25/EU on procurement by entities operating in the water, energy, transport and postal services sector a specific directive for utilities. Public procurement rules for utilities cover the water, energy, transport and postal services. The oil and natural gas exploration, financial, logistic, electronic and philatelic services may be exempted from the rules. The general rules are applied in those sectors. These directives entered into force in 2014, transposed into national legislation by 18 April 2016.

A European Green Deal

1. Zero pollution package:
2. a) Revision of Regulation (EC) No 1272/2008 on classification, labelling and packaging (legislative, incl. impact assessment, Article 114 TFEU, Q2 2022)
3. b) Integrated water management – revised lists of surface and groundwater pollutants (legislative, incl. impact assessment, Article 192 TFEU, Q3 2021)
4. c) Revision of EU ambient air quality legislation (legislative, incl. impact assessment, Article 192 TFEU, Q3 2022)
5. Climate measures package:
6. a) Review of EU rules on fluorinated greenhouse gases (legislative, incl. impact assessment, Article 192(1) TFEU, Q2 2022)
7. b) EU framework for harmonized measurement of transport and logistics emissions (legislative, incl. impact assessment, Articles 91 and 100(2) TFEU, Q4 2022)
8. c) Review of the CO2 emission standards for heavy-duty vehicles (legislative, incl. impact assessment, Article 192(1) TFEU, Q4 2022)
9. d) Carbon removal certification (legislative, incl. impact assessment, Article 192(1) TFEU, Q4 2022)
10. Circular economy Initiative on the right to repair (legislative, incl. impact assessment, Q3 2022)
11. Plastics package:
12. a) Policy framework for bio-based, biodegradable and compostable plastics (non-legislative, Q2 2022)
13. b) Restriction on microplastics (non-legislative, Q4 2022)
14. c) Measures to reduce the release of micro-plastics in the environment (legislative, incl. impact assessment, Article 114 TFEU, Q4 2022)
15. Biodiversity and Farm to fork Sustainable use of pesticides – revision of the EU rules (legislative, incl. impact assessment, Article 192(1) TFEU, Q1 2022)

A Europe Fit for the Digital Age

6. Cyber resilience European cyber resilience act (legislative, incl. impact assessment, Q3 2022)
7. Semi-conductors European chips act (legislative or non-legislative, Q2 2022)
8. Security and defense Roadmap on security and defense technologies (non-legislative, Q1 2022) 

The French Law on the Duty of Vigilance of Parent and Instructing Companies (2017) effective in early 2018 provides a reference point on the law itself and its reach and informs how this is being used to structure and inform wider EU directives and legislation.

The guidance is divided into two parts:

1. The first part relates to the “cross-cutting principles” such as the content, scope and perimeter of the obligation, which must constantly guide companies" conduct in the exercise of the duty of vigilance. These principles should therefore be kept in mind and integrated into company plans.
2. The second part deals more specifically with the five measures announced by the Law (see below), it being specified that these measures are neither restrictive nor exclusive. The Law also provides that they may be supplemented by any further or amending decree that may be made subsequent to the act itself. Further, the expectation is that a company should take any additional measures necessary to meet its general duty of vigilance, namely the identification of risks and the prevention of severe impacts on human rights, the environment, health and safety of persons in its value chain.

Of significant importance is the drafting authors’ deliberate choice not to talk about “best practices”, but the quality of vigilance measures implemented for each company on its particular operating circumstances.

The implementable five measures are:

1. A risk mapping meant for their identification, analysis and prioritization.
2. Regular evaluation procedures regarding the situation of subsidiaries, subcontractors or suppliers with whom there is an established commercial relationship, in line with the risk mapping.
3. Appropriate actions to mitigate risks or prevent severe impacts.
4. An alert mechanism for the existence or materialization of risks, established in consultation with the trade unions considered as representative within the said company.
5. A system for monitoring the measures implemented and evaluating their effectiveness.

From the point of view the principles we can see there are six primary areas:

1. Normative content of the duty of vigilance
2. Company liable for the obligation of vigilance
3. Organizational perimeter of the obligation of vigilance: companies on which vigilance must be exercised
4. Substantial perimeter of the obligation of vigilance: impacts on which vigilance must be exercised
5. Temporal perimeter of the duty of vigilance: when to be vigilant
6. Interpersonal perimeter of the duty of vigilance: persons taking part in the duty of vigilance.

The impact of the legislation concerns all French headquartered entities and whilst it covers effectively the top 1% of companies, due to the size of company it captures the cascade down through the supply/value chain becomes quite extensive. I have chosen not to try and summarize the Articles applicable as they are complex and quite extensive as you can see set out below:

JORF n ° 0074 from March 28, 2017 - text n ° 1

LAW n ° 2017-399 of March 27th, 2017 on the duty of vigilance for parent and instructing companies

Article 1

After article L. 225-102-3 of the Commercial Code [Code de commerce], an article L. 225-102-4 is inserted and reads as follows:

"Art. L. 225-102-4.-I.-Any company that employs, by the end of two consecutive financial years, at least five thousand employees itself and in its direct or indirect subsidiaries whose registered office is located within the French territory, or at least ten thousand employees itself and in its direct or indirect subsidiaries whose registered office is located within the French territory or abroad, shall establish and effectively implement a vigilance plan.

"Subsidiaries or controlled companies that exceed the thresholds referred to in the first paragraph shall be deemed to satisfy the obligations provided in this article, if the company that controls them, within the meaning of

Article L. 233-3 of the French Commercial Code, establishes and implements a vigilance plan covering the activities of the company and of all the subsidiaries or companies it controls. "The plan shall include reasonable vigilance measures adequate to identify risks and to prevent severe impacts on human rights and fundamental freedoms, on the health and safety of individuals and on the environment, resulting from the activities of the company and of those companies it controls within the meaning of II of article L. 233-16, directly or indirectly, as well as the activities of subcontractors or suppliers with whom they have an established commercial relationship, when these activities are related to this relationship.”

"The plan is meant to be drawn up in conjunction with the stakeholders of the company, where appropriate as part of multi-stakeholder initiatives within sectors or at territorial level. It includes the following measures:

"1° A risk mapping meant for their identification, analysis and prioritization;

"2° Regular evaluation procedures regarding the situation of subsidiaries, subcontractors or suppliers with whom there is an established commercial relationship, in line with the risk mapping;

"3° Appropriate actions to mitigate risks or prevent severe impacts;

"4° An alert and complaint mechanism relating to the existence or realization of risks, drawn up in consultation with the representative trade union organizations within the company;

"5° A system monitoring implementation measures and evaluating their effectiveness.

Annexes

"The vigilance plan and the report concerning its effective implementation shall be published and included in the report mentioned in article L. 225-102.

"A decree issued by the Conseil d'Etat may expand on the vigilance measures provided for in points 1 to 5 of this article. It may detail the methods for drawing up and implementing the vigilance plan, where appropriate in the context of multi-stakeholder initiatives within sectors or at territorial level.

"II.-When a company receiving a formal notice to comply with the obligations laid down in paragraph I, does not satisfy its obligations within three months of the formal notice, the competent court may, at the request of any party with standing, order the company, including under a periodic penalty payment, to respect them.

"The case may also be referred for the same purpose to the president of the court in the context of summary proceedings.

Article 2

After the same article L. 225-102-3, it is inserted an article L. 225-102-5 and reads as follows:

"Art. 225-102-5.-Following the conditions provided in articles 1240 and 1241 of the Civil Code, a breach of the obligations defined in article L. 225-102-4 of this Code, establishes the liability of the offender and requires him to remedy any damage that the execution of these obligations could have prevented.

"The civil liability action is brought before the competent court by any person proving standing.

"The court may order the publication, dissemination or display of its decision or an extract thereof, according to the terms it specifies. The costs are borne by the person found liable.

"The court may order the execution of its decision under a periodic penalty payment."

Article 3

Articles L. 225-102-4 and L. 225-102-5 of the Commercial Code apply from the report mentioned in article L. 225-102 of the same code, relating to the first financial year opened after the publication of this Law. By way of derogation from the first paragraph of this article, for the financial year during which this Law was published, paragraph I of article L. 225-102-4 of the said Code applies, with the exception of the report in its penultimate paragraph.

This Law shall be executed as the law of the State.

However, it is widely recognized that the French vigilance Law had some shortcomings as well as strengths that require companies to act properly and not just simply report! Therefore, there has been a consensus on four additional sanctions that are needed, namely:

• Criminal sanctions for the most flagrant violations of the law, such as the lack of an established plan or monitoring process, or gross or willful misrepresentation in the plan or the report on its implementation.
• Disgorgement of profits made by the company through suppliers and subcontractors which are not compliant with the core humanitarian principles.
• Punitive damages in the event of gross or willful violation by the company of its duty of vigilance.
• Exclusion of access to the EU market for suppliers and contractors found to violate the core humanitarian principles.

Accordingly, this all feeds into the current dialogue and considerations within the EU in drafting the proposed new legislations that we can reasonably expect to be instituted in the next 12-18 months to supplement and extend the French Law of Vigilance and hence its catalytic role in the development of legislation. This was well summarized in the Etui Policy Brief referenced in the foot of this note.