The Extraterritorial Impact of the Proposed EU Directive on Corporate Sustainability Due Diligence: Why Corporate America Should Pay Attention
On 23 February 2022 the European Commission issued its long-awaited proposal for a Directive on Corporate Sustainability Due Diligence (the Proposed Directive). Under the Proposed Directive, large companies operating in the EU market must identify, prevent, and mitigate any actual or potential adverse human rights and environmental impact in their own operations, in their subsidiaries, and at the level of their established direct or indirect business relationships in their value chain. Adverse human rights and environmental impacts are keyed to violations of a thick list of human rights and environmental obligations laid out in international conventions and declarations, irrespective of whether they are ratified or recognized in the jurisdiction in which the alleged violation takes place.
One of the most ground-breaking aspects of the Proposed Directive is its extraterritorial reach. Companies must monitor adverse human rights and environmental impacts not only by them and their subsidiaries, but also by entities that are part of their value chain and with which they have an established business relationship, in each case wherever incorporated or located.
In this post we focus primarily on the extraterritorial effects on US companies, in part because of their relevance in global commerce and in part because of past controversies relating to the 'Brussels effect' on US business. To give a sense of the Brussels effect of the Proposed Directive, this table contains the list of conventions and declarations annexed to the Proposed Directive and notates what the position of the US is in relation to each. But there is an additional reason to focus on the US, namely that the implications of this new piece of EU legislation for US companies would be particularly intense, given the liability regime applying to their directors and how frequently derivative suits are brought there.
US Companies Affected by the Proposed Directive
The Proposed Directive potentially affects various categories of US companies. Here are the main cases:
(i) US Companies with Significant EU Business. First, if a US company’s own, as opposed to its EU subsidiaries’, activities cross the threshold requirements (namely, if its net turnover within the EU is above €150 million or €40 million if it operates in critical sectors), the Proposed Directive will directly apply to it.
(ii) US Companies in the Value Chain of a Company subject to the Proposed Directive. Second, US companies that are parts of the value chain of a company subject to the Proposed Directive (think of a manufacturer of auto components in the Rust Belt selling products to an EU car maker) would be pressured by such company to comply with international conventions setting forth rules that are not otherwise present in the US. Unlike other companies mentioned in this list, this category would encompass US firms of whatever size, so long as they do business with, or are otherwise involved in the value chain of, affected European companies.
(iii) US Parents of an EU Subsidiary subject to the Proposed Directive. Third, whenever one or more of the European subsidiaries of a US parent meet the quantitative turnover and employment criteria and are therefore subject to the Proposed Directive, the US parent would be impacted as well, as the next section explains. In this post we focus mainly on this case, considering how US multinationals are structured.
The Impact on US Parents
The most striking implication for US multinationals is that if an EU subsidiary of a US parent is subject to the proposed Directive (the “CSDD Subsidiary”), the parent itself is effectively subject to it, albeit indirectly.
More precisely, the Proposed Directive affects a US parent company in two ways. We have already mentioned the first one: the US parent must have safeguards in place for purposes of the Proposed Directive also as to the ways it conducts its own business so long as its business is part of the value chain of the CSDD Subsidiary. An action of the parent contrary to the underlying international conventions might reverberate downstream and cause a compliance failure at the CSDD Subsidiary. Think for example of Amazon US’s labor practices, which may fail to meet the stricter labor law requirements under some of the conventions listed in the annex to the Proposed Directive (for example, the right to organize and/or to collective bargaining). Amazon labor practices in the US might affect its EU subsidiaries’ compliance with the Proposed Directive: if such practices were deemed a material human rights impact, its CSDD Subsidiaries would face sanctions (which would ultimately affect the US parent, as explained immediately below).
Secondly, a failure by a CSDD Subsidiary (including the failure just described) to comply with the Proposed Directive would reverberate upstream, especially if such failure gives rise to losses for the CSDD subsidiary resulting from the enforcement system of the Proposed Directive, which contemplates both administrative sanctions and civil liability. All such losses would be consolidated by the US parent and may be litigated as Caremark claims in the US. Caremark is the standard for director oversight duties under Delaware law: it requires taking proactive measures to facilitate compliance and to detect, mitigate, and remedy any failure. While Caremark claims require evidence of bad faith and, therefore, seldom succeed, Caremark litigation has in recent years experienced a surge in cases finding for the plaintiffs, including the recent Boeing case. Given how frequent derivative litigation is in the US, the due diligence duties of the Proposed Directive may, strikingly, have even more bite for US companies than for their EU peers.
One stimulating question in this area then becomes whether Caremark duties applicable to the parent directors will morph over time to adapt to the potentially more taxing oversight duties under the Proposed Directive. Consider that the nature itself of the EU due diligence obligations implies that the US parent will have to monitor, in connection with its oversight function to escape or minimize Caremark liability, that its CSDD Subsidiaries have all the procedures in place to fulfil the due diligence requirements under the Proposed Directive. Hence, to adequately exercise its oversight duties the US parent will have no choice but to essentially engage in the same due diligence exercise that the CSDD Subsidiary is directly responsible for; failure to do so may trigger Caremark liability. One can see how procedural duties set once and for all by the EU legislature could potentially reshape the very contours of fiduciary duties of directors of a Delaware corporation. From a different angle, while on paper the Proposed Directive seems not to clash with the internal affairs doctrine by limiting to EU companies the express duties it otherwise imposes on directors (see Article 25), if a US firm does business in Europe via (CSDD) subsidiaries, it is de facto subject to the same duties.
And that is not all: not only would a US parent have to monitor its CSDD subsidiary’s compliance with duties arising from the Proposed Directive, but it would also have to comply with such duties itself if it qualifies as an existing business relationship in such subsidiary’s value chain. Notice that this might have instant repercussions once the implementing measures by the Member States come into force, because if the parent’s work practices on labor rights amount to violation of an underlying international convention (as it is likely the case for US companies because of the looser umbrella of US labor law), such practices would represent an actual adverse impact for purposes of the Proposed Directive.
A couple of important caveats. First, as Mariana Pargendler and Alessio Pacces have pointed out, the Proposed Directive provides that the relevant thresholds be calculated on a stand-alone basis and not on a consolidated one. Thus, the current text offers a relatively easy opportunity for firms to avoid the Proposed Directive: it would suffice that they by-segment their operations through separate entities, none of which crosses the applicable thresholds. If the Proposed Directive is to have any bite, this apparent loophole will clearly have to be taken care of in the next phases of the legislative process.
Second, like all analyses to date on the Proposed Directive, ours deals with an incomplete picture. Crucial pieces, such as the size of sanctions and the effectiveness of enforcement, are left for Member States to determine. If expected penalties are substantial, then the Proposed Directive will have significant bite as described throughout this note. On the other hand, if companies expect to face low penalties and/or weak enforcement, the Proposed Directive will have an immaterial impact on how business is structured and conducted. Only time will tell if Member States will race to the bottom with respect to corporate sustainability due diligence.
By indirectly imposing the EU-accepted standards in a number of key areas of a firm’s operations, including environmental obligations and worker rights, on any firm being part of an EU-connected value chain, the Proposed Directive would expand the extraterritorial reach of EU law in areas that are both highly politically sensitive and key to any country’s choices on how to ensure its firms’ international competitiveness. Firms doing business with EU companies might come to face a choice: either stop doing business with those companies or make sure to adapt their own work practices and policies to the EU standards. The European Commission’s approach here is much more aggressive than in the case of the celebrated extraterritorial reach of the General Data Protection Regulation. After all, technology companies are free to maintain different privacy arrangements outside the EU, as many of them, including giants such as Amazon (as Jens Frankenreiter reports), have done. On the contrary, by design, the Proposed Directive would require adaptation to EU standards across the globe from any firm that wants to be part of the value chain of any large company operating in the European market (ie, the largest trade area in the world).
The European Commission’s intentions are unquestionably good: most people sharing the values of liberal democracies will consider the rights it aims to protect as quintessential to the very concept of human dignity. Yet, the Proposed Directive attempts to de facto impose Europe’s values and political preferences on the ways business should be transacted practically in every other country, an aspiration that looks particularly precarious given the nationalistic spree in modern-day geopolitics. Even if one accepts that this would be a positive development, one cannot ignore how ambitious this is. At a minimum, because the devices and mechanics of how to achieve its underlying goals are novel and untested, several aspects of the Proposed Directive will require careful assessment and refinement.
Luca Enriques is Professor of Corporate Law at the University of Oxford.
Matteo Gatti is Professor of Law at Rutgers Law School
This post is published as part of the OBLB series on ‘The Corporate Sustainability Due Diligence Directive Proposal’.