On 23 February 2022 the European Union (EU) released its long-anticipated draft EU Directive on Corporate Sustainable Due Diligence, also known as the mandatory human rights and environmental due diligence Directive (mHREDD or the Directive). On 21 March 2022 the US Securities and Exchange Commission (SEC) announced similar changes proposed to harmonise climate-related disclosures for investors.
The Directive is the most ambitious business and human rights directive to date and the first of its kind in the world. It will uniformly compel companies to identify adverse human rights and environmental impacts in its value chains through cross-sector corporate due diligence by harmonising disclosure laws to reduce fragmentation and increase certainty. It imposes duties for companies to mitigate and prevent human rights abuses and a failure to do so will attract civil penalties.
It will also facilitate a level playing field for companies operating in the cross-border EU single market to reduce a duplication of requirements, which creates a distortion of competition, and minimise divergent financial and reputational risks due to inequitable civil liability regimes for damages claims due to harm arising in its value chain. If approved by the European Commission, the Directive will serve as the benchmark globally for human rights related diligence and provide consistency across financial markets as to model clauses and duties moving forward. The recent SEC announcement takes a similar approach to the Directive’s stance on climate disclosures and its requirement to articulate the material impacts and consequential risks of climate related issues, which the SEC has couched as climate-related risks.
What ‘human rights’ are included in the Directive?
Given the absence of a federal human rights regime in Australia, the concept of ‘human rights’ due diligence may appear ambiguous or confusing, but for our European counterparts these conventions and rights are well understood, robust and already implemented at both a supranational, single-market and domestic level.
In a bid to be explicit, the drafters have annexed to the Directive a comprehensive list of international human rights agreements and conventions in respect of which the Directive will apply (broadly concerning adverse environmental impacts and adverse human rights impacts). These include:
- violations of specific rights and prohibitions included in international human rights agreements, for example a violation of the prohibition of arbitrary or unlawful interference with a person's privacy, family, home or correspondence and attacks on their reputation, in accordance with Article 17 of the Universal Declaration of Human Rights;
- a list of human rights and fundamental freedoms conventions more broadly, including the United Nations Declaration on the Rights of Indigenous Peoples; and
- violations of internationally recognised objectives and prohibitions included in environmental conventions, including violation of the obligation to take the necessary measures related to the use of biological resources in order to avoid or minimise adverse impacts on biological diversity, in line with Article 10 (b) of the 1992 Convention on Biological Diversity.
Comparative breaches of human rights norms under Australian law range from underpayment of employees, to discrimination in the workplace or other spheres of public life, to a breach of the right to a fair trial (a common law norm in Australian courts). With that said, the duty to avoid workplace safety incidents, and director personal liability for such incidents that exists in some Australian States might be considered a comparison however the duty to provide a safe workplace arises out of a statutory regime rather than an international human rights convention.
A catalyst for change
The Directive delivers the teeth through which to administer, in a bite-like fashion, the Sustainable Development Goals and the EU’s transition to a neutral green economy in line with the European Green Deal. The explanatory memorandum provides a succinct description of the Directive, its purpose being:
“comprehensive mitigation processes for adverse human rights and environmental impacts in their value chains, integrating sustainability into corporate governance and management systems, and framing business decisions in terms of human rights, climate and environmental impact, as well as in terms of the company’s resilience in the longer term.”
The Directive will underpin a number of existing EU directives in the ESG and business and human rights space, including the Sustainable Finance Disclosure Regulation (SFDR). It will also complement the Taxonomy Regulation, introduced to grapple with greenwashing by categorising environmentally sustainable investments that also meet a minimum social safeguard to assist investors to allocate capital to responsible and sustainable companies.
Who’s caught?
The Directive applies to EU and non-EU companies based on size, economic power and sector, as defined below.
Size and economic power
The EU companies caught are:
- Group 1: all EU limited liability companies of substantial size and economic power (with 500+ employees and EUR 150 million+ in net turnover worldwide).
- Group 2: Other limited liability companies operating in defined high impact sectors (defined below), which do not meet the Group 1 thresholds, but have more than 250 employees and a net turnover of EUR 40 million worldwide or more. For these companies, rules will start to apply two years later than for Group 1.
Non-EU companies active in the EU are also caught if they have a turnover threshold aligned with Group 1 and 2, generated in the EU.
‘High impact sectors’
The selection of ‘high impact sectors’ for the purposes of the Directive is based on existing sectoral OECD due diligence guidance, with the following sectors defined as ‘high impact’:
- the manufacture of textiles, leather and related products (including footwear), and the wholesale trade of textiles, clothing and footwear;
- agriculture, forestry, fisheries (including aquaculture), the manufacture of food products, and the wholesale trade of agricultural raw materials, live animals, wood, food, and beverages;
- the extraction of mineral resources regardless of where they are extracted from (including crude petroleum, natural gas, coal, lignite, metals and metal ores, as well as all other, non- metallic minerals and quarry products);
- the manufacture of basic metal products, other non-metallic mineral products and fabricated metal products (except machinery and equipment); and
- the wholesale trade of mineral resources, basic and intermediate mineral products (including metals and metal ores, construction materials, fuels, chemicals and other intermediate products).
While companies that are active in these high impact sectors will be caught by the Directive, it appears that financial investors, funds, asset managers and the like, will not. However, market expectations of compliance with the Directive (once enacted) is likely to drive policy and investing / lending criteria across the financial investor community.
What about smaller companies?
Small to medium sized enterprises (SME) are excluded from the scope of the Directive, as the European Commission viewed the financial and administrative burden of setting up and implementing these due diligence requirements as relatively high and not proportionate to the resources available to these companies. Nevertheless, given that SMEs form part of the value chain of the larger companies within the ambit of the Directive, SMEs are likely to find compliance imposed upon them by market conditions and by lender / investor requirements.
Directors duties created & supplier disruptions likely
Per Article 4, companies to which the Directive applies must do the following:
- integrate human rights and environmental due diligence into their policies
- identify actual or potential adverse human rights and environmental impacts
- prevent or mitigate potential impacts
- bring to an end or minimise actual impacts
- establish and maintain a complaints procedure
- monitor the effectiveness of the due diligence policy and measures
- and publicly communicate on due diligence
EU Member States must ensure that companies take appropriate measures to identify actual or potential adverse human rights and environmental impacts in their own operations, in their subsidiaries and at the level of their established direct or indirect business relationships in their value chain. Article 7 then requires Member States to ensure that companies take appropriate measures to prevent potential adverse impacts identified, or to adequately mitigate those impacts, where prevention is not possible or requires gradual implementation.
Member States are also required to ensure that companies take appropriate measures to bring to an end actual adverse human rights and environmental impacts that they have or could have identified. Where an adverse impact that has occurred at the level of established direct or indirect established business relationships cannot be brought to an end, Member States should ensure that companies minimise the extent of the impact.
Per Article 8(6) if a company cannot bring actual adverse impacts to an end, the Directive states:
“the company shall refrain from entering into new or extending existing relations with the partner in connection to or in the value chain of which the impact has arisen and shall, where the law governing their relations so entitles them to, take one of the following actions:
(a) temporarily suspend commercial relationships with the partner in question, while pursuing efforts to bring to an end or minimise the extent of the adverse impact, or
(b) terminate the business relationship with respect to the activities concerned, if the adverse impact is considered severe”.
As a result of the new obligations for companies to prevent human rights, climate change and environmental consequences of corporate decisions, to the extent linked to the due diligence under the Directive, corporate directors’ duties and corporate management systems have necessarily expanded. Directors must set up and oversee the implementation of the due diligence processes and their integration into corporate policy and strategy across the company’s (potentially cross-border) value chain. These new duties will be enforced through existing Member States’ laws, following implementation of the Directive by the EU and transposing into Member States’ legislation.
Usefully, Article 12 notes that the European Commission will adopt guidance about voluntary model contract clause to assist companies to facilitate their compliance with article 7(2)(b) and article 8(3)(c) (as provisions that compels the creation of clauses).
With respect to climate change, Article 15 expressly requires Member States to ensure that certain companies adopt a plan to guarantee that the business model and strategy of the company are compatible with the transition to a sustainable economy and with the limiting of global warming to 1.5°C in line with the Paris Agreement. This would see harmonisation across Member States and potentially reduce the risk of adverse climate change litigation which individual jurisdictions have disproportionately been grappling with across Europe. Interestingly, following the Directive’s release the SEC announced on 21 March 2022 its proposed rule change in relation to climate related disclosures for investors, noting that investors would benefit from the “clear rules of the road” as proposed in the release. Clearly there is a shift towards harmonising reporting in this space to help regularise financial performance in this space.
Sanctions may be imposed on companies that fail to comply, and under Article 22, civil liability provisions have been proposed to enable an action for damages arising due to a failure to comply with due diligence obligations under specific conditions – liability cannot be disclaimed on the sole ground that the law applicable to such claims is not a law of a Member State.
Parallels with Australia: regulators shifting gears?
Recent trends in public statements and actions by Australian regulators demonstrate that duties affecting human rights, climate and sustainability (and related disclosures) are very much expected and considered by directors and organisations in the Australian market, even if not always couched as such. Additionally, once mHREDD is implemented by the EU, Australian companies will no doubt be affected given the global reach of the Directive, its likely market impact and the interconnectedness of the supply and value chains of conglomerates internationally.
On 3 March 2022 both ASIC and ACCC announced regulatory priorities for the 2022-2023 period in similar vein to the previous year. ASIC has confirmed that it is paying special attention to governance failures relating to ‘non-financial risk’ that result in significant harm to consumers and investors, which includes:
- directors failing to identify and manage the risk attaching to a company’s business activities;
- failing to ensure that appropriate resources are allocated to deal with risks; or
- failing to respond to indicators that risks are not being properly managed.
The term ‘non-financial risk’ may be counterintuitive in the sense that a failure to consider it may lead to significant financial risks. ASIC adopted the following definition of ‘non-financial risk’ in 2019, as first coined by APRA during its prudential inquiry into the Commonwealth Bank of Australia. This definition of ‘non-financial risk’ captures:[1]
- operational risk – the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events and includes legal risk but excludes strategic and reputational risk
- compliance risk – the risk of legal or regulatory sanctions, material financial loss, or loss to reputation an organisation may suffer as a result of its failure to comply with laws, regulations, rules, related self-regulatory organisation standards and codes of conduct applicable to its activities
- conduct risk – the risk of inappropriate, unethical or unlawful behaviour on the part of an organisation’s management or employees.
ASIC’s priorities, announced earlier this month, refines its approach. Of the three broad definitions listed above ASIC identifies two priority ‘non-financial risks’ for 2022 – 2023 as:
- significant reputational harm caused to a company through its conduct, and that may impact upon its license to operate; or
- where a company engages in breaches of the law that attract significant monetary penalties.
In this way, ‘non-financial risk’ is a window into Australian equivalent human rights considerations in governance.
ASIC also announced that climate change disclosure for listed companies is a core focus, acknowledging the rapid change in this area, for example the establishment of the International Sustainability Standards Board Board and, following ASIC’s announcement, the SEC’s proposed introduction on guidance for climate-related disclosure for investors. ASIC’s purpose is developing high-quality, global baseline climate and sustainability disclosure standards to meet investors’ information needs, potentially borrowing from the Task Force on Climate-related Financial Disclosures for disclosure that is:
- clear, balanced and understandable
- consistent over time and provided on a timely basis
- reliable, verifiable and objective.
Separately, the ACCC announced that a key consumer and fair trading priority for the coming year is environmental claims and sustainability, particularly where some businesses stand to gain an unfair advantage by making misleading or deceptive claims in relation to environmental or green credentials to capitalise on this consumer preference. This scrutiny will extend to claims made in the manufacturing and energy sectors and the ACCC has highlighted its commitment to work with ASIC and the Clean Energy Regulator to identify which regulator is appropriate to deal with these issues and guard against any unfair advantage through making misleading claims about the carbon neutrality of production processes.
Importantly, the gaze of the ACCC’s keen eye has been widened with the recent formation of the ‘Five Eyes’ working group consisting of the ACCC and its counterparts in the United Kingdom, United States, Canada and New Zealand, formed with the purpose of sharing intelligence to uncover collusion and other illegal conduct during the current pandemic – thereby giving regulators greater oversight into the international structures and operations that may fall foul of domestic laws.
What next?
The Directive will be presented to the European Parliament and the Council of Ministers for debate and approval. Once adopted, Member States will have around two years to transpose the Directive into national law and communicate the relevant texts to the European Commission.
The Directive makes clear that companies must integrate human rights and environmental due diligence into all corporate policies and introduce a standalone due diligence policy containing a description of the company’s approach (short, medium and long term) to due diligence – which should be updated annually.
As part of the best practice shift, companies are expected to introduce a code of conduct describing the rules and principles to be followed by employees and subsidiaries, a description of the processes put in place to implement human rights and environmental due diligence, including the measures taken to verify compliance with the code of conduct and to extend its application to established business relationships. The code of conduct should apply in all relevant corporate functions and operations, including procurement and purchasing decisions.
For Australian businesses, this Directive marks a decisive shift by a key trading partner towards corporate business and human rights accountability, responsibility and equality in the value chains of financial markets. However, compliance with the Directive (where Australian companies are either within its scope on its terms or required to comply due to counterparty or supply chain pressure) may be challenging, given Australia’s relative lack of experience in human rights and environmental due diligence obligations at a federal level. Time will tell whether the usual Australian focus on reporting obligations is expanded to include personal and corporate liability (for directors, officers and organisations) in the same way as the Directive seeks to do. Australia will similarly need to monitor the consequences of the SEC’s announcement on its rule change in relation to climate disclosures, and in particular its disclosure requirements for greenhouse gas emissions (capturing scope 1, scope 2 and scope 3 emissions) and climate transition risks.
Globalisation of the world’s financial and equity markets has tended to shift compliance standards even where governments do not, and so Australian companies would do well to skill up and assess these core non-financial risks now, and adjust their counterparty and supply chain due diligence, since a “wait and see” approach risks adverse action to compel a company to confront non-financial risks as contextualised in both EU and US markets.
[1] ASIC Report 631: Corporate Governance Taskforce ‑ Director and officer oversight of non-financial risk report, October 2019.