The EU Green Deal: an opportunity for better corporate governance that delivers value

 To help companies navigate the impacts of the Corporate Sustainability Reporting Directive (CSRD) and the Corporate Sustainability Due Diligence Directive (CSDDD), our Sustainability Legal thought leadership series aims to address key issues and practical steps to support business readiness for compliance with emerging compliance and reporting requirements.  

Our previous articles in this series focused on how legal teams can drive improved environmental performance across the value chain, while playing a crucial role in developing solid workforce policies and safeguarding workers’ rights. This time, we examine the ways in which two pillars of the EU Green Deal – the CSRD and CSDDD – reinforce existing statutory obligations and direct a new spotlight onto the role of directors and management bodies (Boards) by introducing enhanced disclosure and reporting obligations. 

While companies have been grappling with establishing new data architectures and adjusting their risk and compliance frameworks, a new sustainability rulebook has been emerging. Boards and their shareholders should be ready to address it through robust and pragmatic corporate governance, and changes at all organisational levels will be needed. 

The EU Green Deal, aiming to build a sustainable economy and meet Paris Agreement targets, has introduced new laws and regulations, including:  

1. EU TaxonomyOpens in a new window  
2. Carbon Border Adjustment Mechanism (CBAM) 
3. Corporate Sustainability Reporting Directive (CSRD)  
4. Corporate Sustainability Due Diligence Directive (CSDDD) 
5. Green Claims DirectiveOpens in a new window 

All of these examples reflect wider global trends, with countries outside the EU moving to introduce international sustainability standards, individual taxonomies, and supply chain due diligence. As a result, legal teams in companies with multinational operations need to keep abreast of a growing library of rules and regulations at a global and a local level. These create, new liabilities, risks, and necessitate changes in organisational and operating models. 

Mandatory supply chain due diligence requires reviewing and enhancing compliance frameworks, business relationships, procurement practices, and contractual bargaining. These regulations also incorporate explicit corporate governance requirements for Boards, reinforcing or adding to national legal frameworks on directors' duties.  

For example, the EU Taxonomy states that even if an activity supports at least one of the EU’s environmental objectives and does no significant harm to the others, it cannot be classified as environmentally sustainable unless the company’s Board can demonstrate that it follows good governance principles.  While the EU Taxonomy does not prescribe what good governance principles are, it refers to international standards. This creates a level of subjectivity that Boards of in-scope entities will need to determine in accordance with the national law and industry practices.  

We examine below the implications of these changes through the CSRD and CSDDD and how courts in key economies are tackling the challenges.

The CSRD creates disclosure obligations for directors of reporting companies, who need to disclose corporate governance arrangements, such as policies on remuneration and details on Board governance/oversight of sustainability impacts, risks, and opportunities. Recent court interventions on sustainability matters in the UK and the Netherlands have highlighted the importance of sound corporate governance at both parent and subsidiary levels. Courts are scrutinising corporate governance practices by Boards when determining liability for activities within the supply chain. Parent companies that fall short could be held liable for the operations of their subsidiaries.  

Under the European Sustainability Reporting Standards (ESRS)Opens in a new window, EU entities in the CSRD's scope must disclose corporate governance arrangements for overseeing and managing sustainability issues and risks (ESRS 2: Gov 1 and Gov 2). 

The CSRD offers reporting options, including consolidated reporting at an EU, global, or other level. Responsibility for these disclosures lies with the reporting entity. 

While not stipulated in the ESRS, the CSRD implies that directors must comply with statutory duties requiring sufficient oversight and responsibility over corporate sustainability matters. This increases liability risk for directors of subsidiaries without reasonable corporate governance measures in place.  

While the CSRD requires companies to report on corporate governance arrangements, the CSDDD mandates integrating due diligence into company policies and risk management systems, introducing a legal framework covering responsibilities and liabilities for in-scope companies.   

Large companies must conduct ongoing due diligence on their own business activities and their business partners’, in the ‘chain of activities’ (encompassing most upstream and some downstream supply chain activities), including subsidiaries, to identify, prevent, reduce, and terminate negative environmental and human rights impacts. It applies to large European companies and non-EU companies with significant EU operations. 

Companies’ civil liability remains unaffected by the EU legislative process, though proposed provisions creating a specific duty of care for directors have been removed. Directors' duties of care remain implied in the CSDDD, covered by directors' general duty of care as established in company law. Whether directors’ duties will be subject to more stringent regulation regarding sustainability is left to the discretion of the national governments of EU member states.  

Failing to comply with the CSDDD brings the following regulatory consequences:  

• Affected parties can file claims for damages from human rights violations or environmental harm, if the company intentionally or negligently failed to comply with obligations to cease, prevent or mitigate adverse impacts 

• If damage was caused only by business partners in its ‘chain of activities’, a company cannot be held liable 

• The CSDDD allows five years to bring claims and includes measures to make proceedings less difficult or costly for claimants  

• Competent authorities can fine companies up to 5% of their global turnover 

• Compliance is a component of award criteria for public contracts

Due diligence requirements 

Companies must conduct risk-based human rights and environmental due diligence by: 

1. Integrating due diligence into policies and risk management systems 
2. Identifying and assessing actual or potential adverse impacts 
3. Preventing and mitigating potential adverse impacts 
4. Engaging meaningfully with stakeholders 
5. Establishing and maintaining a notification mechanism and complaints procedure 
6. Monitoring the effectiveness of due diligence policy and measures; and 
7. Publicly communicating on their due diligence (unless already reporting or exempted under the CSRD)

To meet these requirements, in-scope companies need to assess their current corporate governance and determine if the right framework/processes are in place; including coordination between corporate functions (e.g. Procurement, Finance, Legal, Risk Management and Compliance).  

Companies may not need to reinvent their governance framework. Similar processes to those required by the CSDDD may already exist in local legislation (e.g. German Supply Chain Due Diligence Act and French Duty of Vigilance Act), depending on the companies’ activities. These could be adjusted to enable CSDDD compliance.  

Like the CSRD and ESRS, the CSDDD imposes and reinforces statutory duties on directors and management bodies to ensure effective governance in the required processes. Some duties, such as identifying and assessing actual and potential adverse impacts on human rights and the environment, are introduced by the CSDDD, while other duties, such as integrating sustainability due diligence in the risk management framework, reinforce general existing duties of directors and management bodies.  

This raises challenges for leadership, particularly regarding a company’s own operations and group structure: subsidiaries may be in scope, even if the parent company is not.  

Considerations for parent companies and subsidiaries 

Assessing the Directive’s application, and potential differences in local implementation, may not be a homogenous exercise throughout the organisation. Parent companies and subsidiaries should clarify how they’re affected individually.  

The CSDDD allows parent companies and subsidiaries to share responsibility for compliance, but subsidiaries may still retain civil liability. Consideration should be given to distinct differences between Board responsibilities in parent companies and subsidiaries.  

1. Responsibilities of parent Boards 

Under the CSDDD, parent Boards have substantial responsibilities to ensure compliance across the corporate group. This includes implementing due diligence processes that cover their own and subsidiaries’ operations, and value chain operations carried out by business partners. Robust governance frameworks will be essential for monitoring and managing sustainability impacts. 

Parent Boards are responsible for setting the strategic direction for sustainability and ensuring due diligence processes are effectively integrated into the governance structure, including establishing clear reporting lines, providing resources for compliance, and ensuring subsidiaries adhere to group-wide sustainability policies. The Directive emphasises parent Boards’ obligation to take a proactive role in preventing and mitigating negative impacts, including terminating relationships with partners.  

2. Responsibilities of subsidiary Boards 

Although operating under the strategic direction of their parent company, subsidiary Boards have distinct responsibilities under CSDDD. They must implement due diligence processes mandated by the parent Board and ensure that local operations comply with group-level sustainability policies. This involves conducting regular assessments of their activities, identifying potential risks, and taking appropriate measures to address negative impacts. 

Subsidiary Boards must ensure that their reporting is accurate and comprehensive, providing parent Boards with the information needed to fulfil their oversight responsibilities. This requires close alignment between the parent and subsidiary Boards to ensure sustainability objectives are met and any discrepancies promptly addressed. 

Interplay between parent and subsidiary Boards 

Relationships between parent and subsidiary Boards under the CSDDD are characterised by the need for close coordination and alignment. The Directive assumes that parent companies possess the legal and organisational capabilities required to oversee their subsidiaries (including the ability to enforce compliance with group-wide policies and take actions when necessary).  

Practical implementation may be complex. Subsidiaries may operate in different regulatory environments, with varying local expectations, and face distinct operational challenges. This requires a flexible approach, with parent Boards providing strategic oversight while giving subsidiaries the autonomy needed to address local issues effectively. This requires parent Boards to have a nuanced understanding of local regulatory landscapes, cultural differences, and market dynamics. 

Preparing for a new regulatory environment 

Unlike the CSRD, the CSDDD is not an amendment to an existing regulatory framework. It’s a groundbreaking new articulation of the fundamental values on which society expects companies to conduct business. From a legal point of view, it is imperative for companies to obtain an overview of their legal risks and opportunities, as well as how they distribute responsibility in the governance structure.  

While compliance with the CSDDD is a multidisciplinary exercise, legal functions should support leadership teams in: 

• Assessing which companies are in scope 

• Reviewing contracts (including whether standard contract terms are fit for purpose) 

• Updating jurisdiction clauses from assignment to a court (and public outcome) to arbitration (outcome not public) 

• Embedding CSDDD-defined ways of working into companies via Board knowledge and upskilling 

• Updating policies and procedures and 

• Ensuring effective monitoring, all via appropriate governance mechanisms and functions

Together with other corporate functions, management bodies and directors must be enabled to perform the following key steps in preparation for the CSDDD: 

• Obtain a comprehensive understanding of issues in their operations and chains of activities, at parent company and subsidiary level, and embed the outcomes in policies and practices  

• Determine appropriate actions 

• Define KPIs and monitoring systems

In summary there is a lot for parent and subsidiary Boards to contend with. Although some may see it as negative, it's important not to overlook the opportunities these changes offer. Having sound and clear corporate governance at all levels of the business will reduce risk and mitigate potential liabilities. But it may also support decision-making, create business development opportunities, facilitate enterprise-wide engagement, and help to retain existing talent while attracting new skills and expertise.    

Key questions for legal teams:

1. Do you fully understand the regulatory and reporting environment in which all of your legal entities operate?  
2. What framework or agreement is required to support better dialogue and engagement between management teams and subsidiary Boards? 
3. Are plans in place to support upskilling of parent and subsidiary Boards?  
4. What incremental support needs to be established to support subsidiary teams and Boards   
5. Is the legal entity structure fit-for-purpose? Could it be streamlined to enhance regulatory compliance?