EU Mandatory Human Rights Due Diligence Law Takes Shape

Earlier this year we reported on a European Commission proposal to introduce mandatory human rights due diligence legislation for the EU.  The European Parliament's Committee on Legal Affairs has now published a draft report which includes the text of a proposed Directive, giving a sense of the shape a final legislative instrument could take.   

For some enterprises which have already implemented human rights due diligence processes in accordance with the United Nations Guiding Principles on Business and Human Rights (the “UNGPs”), the draft Directive may be seen as a relatively incremental development, notably in introducing a requirement also to assess and act with due diligence in relation to environmental and governance risks.  The draft does, of course, imply an additional level of scrutiny, both by regulators and external stakeholders and it introduces a potential threat of civil of criminal penalties. To this extent, the draft can be seen as imposing a significant new compliance burden and it may encounter resistance as a result.  The biggest challenge, however, will be for enterprises which will be within the scope of the new Directive but which do not already have due diligence processes in place.

In addition, the publication of the draft Directive at an EU level may give a push to national discussions in relation human rights due diligence laws. In particular, in Germany, the government had previously announced that it would publish the key points of its new human rights due diligence law, but has, in recent weeks, repeatedly postponed that announcement.

Overview and next steps

Some of the key articles of the draft Directive are summarised below. By way of overview, it is notable that the draft Directive (including the recitals) draws heavily on the UNGPs and that the draft Directive is intended to cover not just human rights, but also environmental and governance issues.  

The Commission is the only EU institution formally empowered to initiate EU legislation. The next step therefore will be that the draft report will be sent to the Commission, with a request that the Commission submits a formal legislative proposal following the recommendations set out in the draft report. The draft report will also be sent to the Council of Ministers and the Governments and national parliaments of Member States at the same time.

If the Commission submits a legislative proposal, it will then be subject to debate by both the EU Parliament and the Council before such proposal can be finalised or enter into force.

Directives require Member States to transpose the relevant obligations into national law and the present draft envisages that this should be done within two years of the Directive entering into force.

Subject matter covered

Article 1 provides that the Directive is aimed at ensuring that undertakings operating in the internal market fulfil their duty to respect human rights, the environment and good governance and that they can be held accountable for their adverse impacts in any of those three areas throughout their value chain.

Scope of application

Article 2 provides that the Directive shall apply to all undertakings governed by the law of an EU Member State or established in an EU territory (essentially business enterprises incorporated in the EU and other legally recognised forms of enterprise established or domiciled in the EU) and to limited liability undertakings governed by the law of a non-Member State when they operate in the internal market selling goods or providing services (essentially non-EU incorporated enterprises selling goods or services in the EU). 

It is also provided in this article that individual EU Member States will have discretion to exempt "micro-undertakings" from the new law (the definition of a micro-undertaking is set out in Article 3 of Directive 2013/34/EU).

Risk assessment and due diligence obligations

Article 4 requires EU Member States to introduce rules to ensure that business enterprises "carry out due diligence with respect to human rights, environmental and governance risks in their operations and business relationships".   For these purposes, 'risk' is defined in Article 3 as a potential or actual adverse impact on individuals, groups of individuals and other organisations in relation to human rights, the environment or good governance.

The extent of the due diligence obligation is further elaborated in Article 4 as requiring an enterprise:

• to identify and assess, on an ongoing basis, whether their operations and business relationships cause or contribute to any human rights, environmental or governance risks;
• if the enterprise concludes that it does not cause or contribute to any such risks, it shall publish a statement to that effect, including its risk assessment, which shall be reviewed in the event of new risks emerging, including in the context of new business relationships;
• if the enterprise identifies risks, it shall establish a due diligence strategy which must
  1. specify the risks identified and their level of severity and urgency;
  2. publicly disclose "detailed, relevant and meaningful information" about its value chain "including names, locations and other relevant information concerning subsidiaries, suppliers and business partners";
  3. indicate the policies and measures which the enterprise intends to adopt with a view to ceasing, preventing or mitigating the identified risks;
  4. establish a prioritisation policy if it is not in a position to deal with all the risks at the same time; and
  5. indicate the methodology followed for the definition of the strategy, including the stakeholders consulted by the enterprise.
• to ensure by means of contractual clauses and codes of conduct that the human rights, environmental and governance policies of their business partners are aligned with their own due diligence strategy; and
• to "regularly verify" compliance of subcontractors and suppliers with relevant contractual provisions or codes of conduct.

Article 8 requires that the undertaking shall review the effectiveness and appropriateness of its due diligence strategy at least once a year.

Stakeholder consultation and public reporting

The draft Directive provides in Articles 5 and 8 that enterprises shall consult with stakeholders, including trade unions when establishing, implementing and reviewing their due diligence strategy. 

Article 6 provides that the due diligence strategy should be made public (e.g. on the enterprise's website) and also communicated to employees and business partners. This article also provides for reporting to the national competent authority in the relevant EU Member State (deisgnated pursuant to Article 14, see below). It also provides for the establishment by Member States of a centralised platform for due diligence strategies.

Grievance mechanisms, remedies, supervision and investigations

Article 9 provides that enterprises shall establish grievance mechanisms, allowing stakeholders to "voice concerns regarding the existence of human rights, environmental or governance risks". 

This article makes express reference to the criteria set out in Principle 31 of the UNGPs in establishing a requirement that the grievance mechanisms shall be legitimate, accessible, predictable, safe, equitable, transparent, rights compatible and adaptable. It is further provided in this Article that grievance mechanisms may be established through collaboration with other enterprises or organisations, and that they should be developed and managed based on consultation and cooperation with stakeholders, including workers' representatives.

Article 10 provides that Member States should ensure that an enterprise which identifies that it has caused or contributed to harm should "provide for or cooperate with remediation", which may include financial or non-financial remedies. 

Article 14 provides that Member States shall designate one or more competent authorities responsible for supervision and for the dissemination of best practice and Article 15 provides that the competent authorities shall have power to carry out investigations to ensure compliance with the Directive.  Investigations may be initiated under this article based on third party complaints and it is further provided that Member States should take steps to facilitate the submission of such complaints. In this regard, it is notable that recital 36 states that the national authorities are encouraged to cooperate and share information with their OECD National Contact Point.

Responsibility for the due diligence process

Article 11 provides that Member States shall ensure that members of the administrative, management and supervisory bodies of an enterprise have "collective responsibility" for ensuring compliance with the due diligence obligation.  This article also appears to envisage that managers or directors may be held individually liable for breaches of the due diligence obligation.

Article 12 provides that large enterprises shall set up an advisory committee tasked with advising the governing body of the enterprise on due diligence and that the advisory committee shall include stakeholders and experts.

Penalties and civil liability

Article 19 provides that Member States shall introduce penalties for non-compliance with the national regulations introduced to implement the Directive, to take all measures necessary to ensure that penalties are enforced and that penalties shall be "effective, proportionate and dissuasive".  This article further provides that repeated infringements shall constitute a criminal offence if committed intentionally or with serious negligence.

There had been some speculation on the possibility that the EU would introduce a civil liability regime where enterprises might be liable for harm caused to third parties if they failed to undertake due diligence.  Article 20 of the draft Directive, however, provides only that compliance with the due diligence obligations established under the Directive shall not absolve an enterprise for any civil liability which it may otherwise incur pursuant to national law. 

Due diligence guidelines, sectoral and EU cooperation

Article 16 provides that the Commission, in consultation with Member States, the OECD and other organisations shall prepare non-binding guidelines for undertakings on how to fulfil the due diligence obligations.  As anticipated, it is expressly provided that these guidelines should be developed taking account of other relevant international standards including the UNGPs and the OECD Guidelines for Multinational Enterprises.

Article 13 gives Member States discretion to encourage the adoption of "sectoral due diligence action plans aimed at coordinating the due diligence strategies of undertakings within an economic sector" and that such action plans may provide for a joint grievance mechanism.

Article 18 makes provision for the establishment by the Commission of a committee of EU competent authorities to facilitate "coordination and convergence of regulatory and supervisory practices".

Transposition

Article 21 provides that Member States shall bring into force laws, regulations and administrative provisions necessary to comply with the Directive within 24 months from its entry into force.

More on Business and Human Rights