Civil Liability in the EU Corporate Sustainability Due Diligence Directive Proposal

On June 1, 2023, the European Parliament substantially amended the European Commission’s proposal for the Corporate Sustainability Due Diligence Directive (CSDDD). Since my first comment on the Commission’s proposal, I have focused on Art. 22, establishing civil liability for failure to carry out due diligence. Functionally, this liability aims to counter multinational corporations’ strategic use of limited liability to avoid damage compensation for human and environmental degradation, which is under-deterred. In a recent paper, I analysed the CSDDD’s promise to make corporations internalize negative externalities on human rights and the environment, highlighting the Directive’s shortcomings in scope and conditions for due diligence liability. In what follows, I will discuss how the European Parliament’s amendments cope with these limitations.

From a law and economics standpoint, the CSDDD potentially ameliorates the deterrence of social harm stemming from corporate limited liability. As revealed by theory and confirmed recently by empirical evidence (see here, here, and here), corporations may establish subsidiaries and outsource activities to minimize liability risk. When firms face lower liability than the harms they produce, albeit through different corporate vehicles, social harms such as environmental and human rights violations are overproduced. By establishing due diligence obligations in dealing with subsidiaries and business partners and liability for failure to meet these obligations, the CSDDD functionally extends civil liability to the company’s operations within the group and throughout the value chain. Whether this approach effectively copes with the under-deterrence stemming from corporate limited liability depends on the scope of the due diligence. Reflecting different sensitivities to companies’ trouble monitoring their subsidiaries and value chains, the European Commission, Council, and Parliament have taken different approaches. The final version of the CSDDD will depend on the outcome of the trialogue between the EU co-legislators, which is difficult to predict.

The first issue in the scope of due diligence liability is the relevant perimeter of corporate groups. A parent company could escape liability for environmental or human rights violations by operating through controlled companies that do not qualify as subsidiaries for the CSDDD. Alternatively, a non-EU parent could operate in the EU through subsidiaries outside the Directive’s scope. The European Commission’s proposal defined corporate groups conservatively, allowing both strategies. First, subsidiaries were defined based exclusively on the Transparency Directive, which, apart from direct control of the board or the majority of voting rights, refers to the vague notion of ‘dominant influence’ to establish control. Second, the turnover thresholds for companies to be considered in scope are not consolidated. While the Council’s political compromise largely maintained this approach, the European Parliament introduced two innovations. First, indirectly controlled subsidiaries are included in the ultimate parent’s group. Second, wherever established, a company is considered in scope if it is the ultimate parent of a group with a worldwide turnover exceeding €150 million (of which €40 million is within the EU). Not only is this turnover consolidated, but it also includes the turnover generated by third parties with whom any group member has a vertical agreement in return for royalties. Functionally, the European Parliament’s approach comes very close to Hansmann’s and Kraakman’s plea for corporate unlimited liability towards tort victims with extraterritorial effect. It remains to be seen, however, whether the European Parliament’s extraterritorial claim will be maintained and, if so, effectively enforced by national courts.

A second key aspect of the CSDDD scope is the business partners that trigger due diligence obligations and, potentially, a value chain liability. Including indirect partners is problematic because a company may be liable for human rights and environmental damages occurring remotely, both geographically and in contractual terms. On the one hand, companies may object that their ability to monitor indirect partners and prevent them from doing damage is limited. On the other hand, as the empirical evidence suggests, companies may strategically outsource the most hazardous activities to indirect partners to minimize liability exposure.

The European Commission included indirect partners in the CSDDD scope, but only if they were part of ‘established business relationships.’ Moreover, liability for actions by indirect partners could be excluded by contractual cascading, namely by seeking from direct partners contractual assurances of compliance from their partners, and so forth. This box-ticking exclusion could have been overcome if this procedure was inadequate to meet the due diligence’s goals, but as I explained, it would have been virtually impossible for a victim to prove this inadequacy. The Council’s political compromise scrapped this approach entirely but also limited the scope of liability in two important ways. One was that it excluded the downstream indirect partners from the due diligence, establishing a supply chain instead of a value chain liability. Two, liability could only be imposed in the presence of intent or negligence on the company’s side and if the business partner did not exclusively cause the damage. Like the Commission, the Council left the question of the burden of proof to the member states (Recital 58). Considering the difficulty for a plaintiff not privy to the company’s procedures to prove fault and causation, this approach arguably makes liability ineffective.

The European Parliament’s version differs considerably in terms of scope and conditions for liability. The scope of due diligence includes the entire value chain, including indirect partners upstream and downstream. Because the scope of due diligence is no longer limited to established business relationships, the Parliament limited the extent of the due diligence duties, making them risk-based. This is to say, companies are expected to prevent or mitigate potential adverse impacts on human rights and the environment to the extent that these are ‘likely’ and ‘severe.’ Moreover, considering their scarce resources compared to potentially long value chains, companies can prioritize the adverse impacts on police based on the same criteria. Prioritization reflects the input from the Council. Although Parliament has beefed up the definition of likelihood and severity, these criteria remain vague and may enable companies to escape liability until courts develop proper standards.

The Parliament has been tougher than the co-legislator on liability. Art. 22 establishes liability for damages on the condition that the company caused or contributed to the adverse impacts on human rights or the environment by failing to take appropriate due diligence measures. The trigger of ‘contribution to an adverse impact’ significantly departs from the Council’s approach. It disallows the defence of exclusive causation by the business partner if the “company may have caused, facilitated, or incentivized” the business partner to cause the adverse impact, and the risk of adverse impact has increased substantially because of that. This approach could cope with the strategic outsourcing of hazardous activities discussed before. However, it is doomed to fail if the plaintiff must prove, in addition to the inappropriateness of due diligence and prioritization, that the company’s procedures ‘encourage or motivate an adverse impact by another entity’ because victims and their representatives are not privy to these procedures.

Therefore, the Parliament has also addressed the burden of proof. First, it overhauled Recital 58, somewhat encouraging member states (as the matter is subtracted from EU competence) to reverse the burden of proof. Second, in a daring amendment to Art. 22, the Parliament requested that member states enable national courts to order disclosure of additional evidence in the company’s control if the plaintiff ‘provides elements substantiating the likelihood of a company’s liability’ under the CSDDD.

In the European Parliament’s version of the CSDDD, civil liability is more aligned to ameliorate the under-deterrence of multinational corporations’ environmental and human rights violations. However, considering the far-reaching due diligence obligations and their extraterritoriality, it might be hard for the EU to adopt the Directive in its present form without more international coordination.

Alessio M. Pacces is Professor of law and finance at the Amsterdam Center for Law and Economics (ACLE) of the University of Amsterdam, a research member of the European Corporate Governance Institute (ECGI), and a fellow academic member of the European Banking Institute (EBI).