The implications of CSRD and CSDDD for organisations working on sustainability compliance.

On 5 July 2024, Minister Burke signed the European Union Corporate Sustainability Reporting Directive (CSRD) into Irish law via statutory instrument (S.I. No. 336 of 2024) ahead of the deadline day. The CSRD is the EU’s response to the global reframing of company sustainability reporting, including environmental, social and governance areas covered under the European Green Deal and EU Action Plan for Financing Sustainable Growth. Later in the month, on 25 July 2024, the EU Corporate Sustainability Due Diligence Directive (CSDDD) (Directive 2024/1760) entered into force in the EU and will transpose into Irish law in due course. While the CSRD is about transparency and disclosure, the CSDDD aims to foster sustainable and responsible corporate behaviour in companies’ operations and across their global value chains. The new rules will help to ensure that companies in scope identify and mitigate adverse human rights and environmental impacts (actual and potential) due to their activities inside and outside Europe. Companies not in scope of the directives (for now) they will likely be affected nonetheless owing to greater requirements for sustainability information and supply chain due diligence from customers and other stakeholders in multiple value chains. These directives are designed to change how we perform and report on sustainability, to bring to bear the same attention and rigour of financial reporting. The minimum acceptable threshold is proving to be a significant challenge for organisations, which is why the sustainability conversation is all about compliance.

Companies should immediately undertake a review of their organisation with legal counsel to determine its obligations in the new regulatory landscape, to assess the mandatory requirements from discretionary elements and to understand exceptions and transitionary arrangements over the 2024 – 2030 timeline. In this way will it become clearer as to what the organisation must do to be compliant and what it will need to do to deliver its commitments against 2030 climate and sustainability goals. It is also advisable to engage with customers and other value chain partners to learn if they are in scope of CSRD and CSDDD as their needs may become your requirements as part of doing business. In these conversations, it might be helpful to use substitute terms like “sustainability / ESG reporting” for CSRD and “supply chain impacts” for CSDDD. There’s a high use of acronyms when speaking in sustainability terms and more will come.  

Becoming ‘CSRD-Ready’ or ‘CSDDD-Ready’ is a significant task, requiring value chain and sustainability expertise to map activities in operational control and outside of it across the value chain. The process involves stakeholders from various departments – legal, finance, audit and risk, and external advisors. The initiative can be compared to past efforts like becoming ‘GDPR-Ready’ or ‘Sarbanes-Oxley-Ready’. However, this sustainability readiness exercise is more complex due to the broader range of sustainability impacts and the urgency of the environmental crisis.

The important questions are:

1.    Is your company in the scope of the sustainability directives?

2.    When is your first reporting year?

3.    What will it take to get ready to a limited assurance standard?

4.    What is the right project scoping to prioritise the necessary?

5.    Who will lead the work?

6.    What are the penalties and risks of non-compliance?

The last question is important when it comes to creating a sense of urgency in the organisation because up till now sustainability enforcement has been the missing piece of the puzzle. Organisations should learn about monitoring and sanctioning mechanisms. A European Network of Supervisory Authorities will be established and infringements will be penalised. Companies may also be subject to civil liability and may be liable to pay compensation to those affected if they intentionally or negligently failed to comply with obligations causing damage to a natural or legal person. Climate cases are expected to surge in coming years, where citizens have greater standing under the law to compel Government and businesses to act and comply with their obligations.

Making a compliance roadmap now for the next five years will provide direction to your organisation and help tie in the different sustainability regulations in the EU and across other regions. It will also identify opportunities or synergies, particularly on value chain work which will be significant and unprecedented. To this end, CSDDD deserves greater attention and a comparison with CSRD will bring greater understanding to leaders in organisations.

Companies within the scope of CSDDD are required to:

• Integrate value chain due diligence into their policies and enterprise risk management system.
• Identify and assess actual or potential adverse human rights or environmental impacts and take measures to prevent, mitigate or end them.
• Conduct meaningful stakeholder engagement to support the identification of actual and potential impacts, as well as to develop a due diligence policy.
• Map operations, those of their subsidiaries and, where related to their chain of activities, those of their business partners. This will identify where adverse impacts are likely to occur and liable to be the most severe.
• Establish and maintain a notification system and complaints procedures and provide remediation where actual impacts are identified.
• Monitor the effectiveness of measures taken.
• Ensure compatibility with the 1.5°C climate target and draw up a transition plan in line with EU emission reduction targets.

Companies already conducting due diligence in line with the United Nations Guiding Principles on Business and Human Rights, as well as the OECD Guidelines for Multinational Enterprises will be well prepared. Those not already applying these frameworks should take steps to embed them in their systems and processes.

The due diligence process should cover the six steps defined by the OECD Due Diligence Guidance for Responsible Business Conduct, which includes:

•  Embedding responsible business conduct into policies and management systems.
•  Identifying and assessing actual and potentially adverse impacts.
•  Ceasing, preventing and mitigating adverse impacts.
•  Tracking implementation and results.
•  Communicating how impacts are addressed.
•  Providing for or cooperating in remediation efforts when appropriate.

The CSDDD explicitly recommends the UNGP Reporting Framework, co-authored by Forvis Mazars (and Shift), as well as the UNGP Interpretative Guide as implementation guidance for companies. These resources are extremely useful in conducting value chain exercises for both CSRD and CSDDD. In practical terms, in workshops these pertinent sets of questions trigger responses in the room, to get value chain work “unstuck” and ground it in reality in people and places.

The European Commission publishes updates on sustainability regulations which help in making a compliance roadmap to 2030. In publishing news of CSDDD coming into force on 25 July 2024, it released a set of frequently asked questions and answers with good supporting evidence and references. These are already proving useful to sustainability leaders in CSRD and CSDDD-readiness projects, explaining the reasons for the directives to steering groups and working groups and providing guidance and direction 

In practice, the compliance mandate is working by empowering Chief Counsels and CFOs to lead on CSRD/CSDDD readiness and assurance work, giving sustainability the prominence it always deserved. The identification of impacts, risks and opportunities and high materiality areas are informing strategies. The one thousand data points or interesting things about a company’s people, products and places are being shared outside of silos in collaborative workshops as organisations learn about sustainability together. The early indications are good, the directives entering into law are having an effect, yet the real challenge is not to have an assured sustainability report, but to build a sustainable business model that is planet-positive and more than just being compliant.