EC Corporate Governance Initiative Series: What the Commission’s Proposal for the Review of the EU’s Non-Financial Reporting Directive Reveals about the Future of Corporate Accountability

On April 21st, the European Commission published yet another package of corporate sustainability regulation proposals. Possibly the most awaited element of this release concerns the review of the EU’s Non-Financial Reporting Directive (NFRD, an overview of which can be found here)—soon to become the Corporate Sustainability Reporting Directive (CSRD, an overview of which can be found here).

One of the interesting angles to the Commission’s CSRD proposal is perhaps what it borrows from the other forthcoming draft Directive, governing Corporate Due Diligence and Corporate Accountability (which was originally due in Q3 2021, but has now reportedly been parked until at least next fall). The overlaps between the two texts and their possible future misalignments are the object of this post.                                          

The kind of ‘sustainability’ impacts that companies should worry about

The CSRD preserves the wide ESG focus of its predecessor, the NFRD—which covers ‘environmental, social and employee matters, respect for human rights, anti-corruption and bribery’. In its premises, the CSRD in fact recognises the need for its scope to be coherent with the ‘sustainability factors’ that are used in other key corporate sustainability regulations (such as the Sustainable Finance Disclosure Regulation).

By contrast, in its recommendations of March this year the European Parliament proposed that for purposes of the Corporate Due Diligence and Corporate Accountability Directive the Commission develop three separate lists of the adverse impacts on the environment, human rights and state governance, for which undertakings could be held liable. If the Commission follows this advice, the CSRD’s and the Corporate Due Diligence and Corporate Accountability Directive’s definition of sustainability factors will diverge. This divergence could perhaps be a policy choice—motivated for instance by a desire to isolate a well-defined subset of (presumably more grievous) sustainability impacts which could lead to corporate liability. But the perspective of a misalignment between the scope of companies’ mandatory sustainability reporting and the scope of their (equally public) mandatory sustainability strategy and risk assessments seems odd and, if confirmed, would require an explanation.

The concept of a company’s ‘value chain’

One of the native concepts of the Corporate Due Diligence and Corporate Accountability Directive that we see resurfacing under the CSRD proposal is the corporate ‘value chain’.

The overarching idea behind the value chain is that undertakings should acquire knowledge and take some degree of responsibility over the damages that their overall operations (not just themselves directly) may inflict on sustainability factors. This concept—which breeds an entirely new kind of vicarious or joint corporate liability—would have profound implications on the way in which companies (and in particular large multinational groups) operate.

The definition of value chain that was proposed by Parliament in connection with the Corporate Due Diligence and Corporate Accountability Directive is remarkably comprehensive. It extends to ‘all activities, operations, business relationships and investment chains of an undertaking, counting also all entities with which the undertaking has a direct or indirect business relationship, whether upstream and downstream’, and which either supply or receive goods or services from the undertaking. The term ‘business relationship’ further incorporates a reference to a company’s subsidiaries and commercial relationships, including (direct and indirect) suppliers and sub-contractors. Further, the idea of a value chain including investment links would have enormous implications for financial sector firms but also minority interest holdings generally.

The CSRD does not include an exhaustive definition of the term ‘value chain’, although it is stated that this should include a company’s ‘own operations, its products and services, its business relationships and its supply chain’.

This narrower definition of value chain will likely be the one that the Commission will retain (for both regimes). Notwithstanding the mismatch, while the Corporate Due Diligence and Corporate Accountability Directive’s proposed approach might seem overly expansive (in particular for companies of a certain size), the CSRD’s is too vague. If companies are to report to the public with the degree of detail that will be required of them under the CSRD, and then to monitor and bear responsibility in case of damages, there should be no uncertainty as to what a value chain should comprise.

Scope

Lastly and as expected, in addition to bringing a considerable reinforcement of the NFRD’s reporting requirements, the CSRD represents a significant enlargement of their scope. The new regime will apply to the annual reports of all large undertakings (the size threshold was lowered compared to the NFRD) plus all SMEs with securities listed on a EU regulated market. Only companies governed by the laws of a EU Member State will fall in scope.

According to the European Parliament’s proposal, the Corporate Due Diligence and Corporate Accountability Directive would instead capture all companies that are either large, listed or operate in ‘high risk sectors’, as long as they sell goods or provide services on the internal market (and so regardless of their nationality). This extraterritorial ambition characterises other recent sustainability-related reforms (most notably the Sustainable Finance Disclosure Regulation).

Of course the exact consequences of this misalignment will depend on the actual contents of the Corporate Due Diligence and Corporate Accountability Directive (of which we have not yet seen a proper draft). But the essence of it is that many non-EU (now including UK) multinationals would be subject to its due diligence and accountability obligations (which themselves include a requirement to disclose ESG policies and risk assessments to the public) but not the CSRD’s. It is by no means clear that this is (or should be) a policy choice. If this really was the regulators’ intention, the line between what is demanded under each Directive should be drawn explicitly.

The ‘reporting’ directives

As the name suggests, the current Non-Financial Reporting Directive lays down a series of reporting obligations that are applicable to large listed companies and large credit and insurance institutions. Due to the ‘comply-or-explain’ principle that broadly governs the NFRD, this directive is effectively centred on a requirement for companies to disclose. And so it fits well where it was nested: within the Accounting Directive, which disciplines the way in which companies must disclose their financial and (since 2017) non-financial performance to the public.

Despite its name, on the other hand, the CSRD marks once more the EU regulation’s clear shift away from a supervisory model based on corporate duties to disclose to one that creates substantive obligations for companies to act as regards sustainability. The ‘reporting’ requirements of the draft CSRD hide trailblazing new duties for companies. Among these are the duty to maintain a sustainability strategy, to implement a due diligence of actual or potential adverse sustainability impacts down their value chain, to prevent, mitigate or remediate such impacts, and to attribute a role to the management, administrative and supervisory bodies with respect to sustainability matters.

It is perhaps surprising to find all these notions resurfacing here, almost as if retrieved from the European Parliament’s recent recommendations to the Commission as regards the Corporate Due Diligence and Corporate Accountability Directive, where they had first appeared. The relocation is everything but meaningless, and (as further clarified below) the confusion it may generate is vast.

Corporate reporting and corporate accountability

Corporate reporting requirements have been in place for decades. What information should be disclosed, who it should be shared with, in what manner, with what frequency, and the extent to which it should be verified by independent parties have certainly evolved over time. The NFRD is a modern child of this evolution: it expanded the scope of what should be considered as a company’s ‘performance’ (to also include certain types of non-financial information) and accordingly extended the related transparency regime.

Corporate accountability is conceptually different: it solves agency problems other than those addressed by corporate reporting requirements, and hardly belongs in an accounting directive. Perhaps this confusion (between imposing new corporate reporting requirements and expanding the boundaries of corporate accountability and liability) and the regulatory transparency problems that it implies should be one of the issues placed at the centre of the upcoming institutional debate on the CSRD.

Clara Cibrario Assereto is an associate at Cleary Gottlieb Steen & Hamilton LLP.

Toon Dictus is a stagiaire at Cleary Gottlieb Steen & Hamilton LLP.

This post is part of the OBLB series: ‘European Commission Initiative on Directors' Duties and Sustainable Corporate Governance’.