Towards a Framework for Effective Regulatory Supervision of Sustainability Governance in Accordance with the EU CSDD Directive. A Comparative Study

1. Sustainability and Regulatory Supervision: The Challenge

In 2023, sustainability governance is becoming a buzzword both in corporate circles as in the public domain. Dominant in that debate will be the quickly expanding EU legislation. In January 2023, not only delegated regulations based on the EU Sustainable Finance Disclosure Regulation (“SFDR”) came into force but, even more important, also the EU Corporate Sustainability Reporting Directive 2022/2464 (“CSRD”) became effective. In addition, major steps have been taken in the process to agree on an EU Corporate Sustainability Due Diligence Directive (“CSDDD”).

All these regulations stem from the EU Green Deal (“Green Deal”), with the intention that sustainability “should be further embedded into the corporate governance framework, as many companies still focus too much on short-term financial performance compared to their long-term development and sustainability aspects”. This thinking on the relationship between sustainability, long-term strategy and corporate governance has since been captured under the heading “Sustainable Corporate Governance” or “Sustainability Governance”. In addition to the CSRD, the CSDDD aims to further “due diligence” duties in the value chain (particularly the supply chain) (i) to safeguard human rights and limit/prevent adverse environmental impacts and (ii) to take measures to combat global warming and related climate change.

All these newly created legal obligations have to be monitored and supervised by regulators. This is, however, much easier said than done. Due diligence duties are fundamentally different from traditional rules and regulations as they are both broad and indeterminate. That will make it inevitable that new concepts of regulatory supervision have to be explored and developed.205

In this article, the key question is what requirements and characteristics should be fulfilled to create effective and efficient regulatory supervision of companies in contributing to sustainability policies. To that end, the framework in the draft CSDDD will be analysed against the background of national legislation already in force or being debated in EU Member States (such as France, Germany and the Netherlands) and non-EU states (such as the UK and Norway) and the supervision strategies and practices that have been developed in these jurisdictions. From this analysis I will try to draw lessons and formulate recommendations on how the CSDDD might be best implemented to realize the goals which it envisages to achieve.

This article concludes that effective and efficient regulatory supervision of sustainability legislation and the realization of sustainability goals as articulated in the CSDDD firstly, will require that regulatory supervisors adopt a policy approach and set policy goals and be fully transparent on what they intend to achieve year on year. Secondly, it will be crucial that regulatory supervisors assist companies by providing them with the information and instruments to implement and to realize the policy goals. Traditional instruments such as civil liability, fines and penalties are not particularly apt to achieve this. Much more is to be expected from setting guidelines and, if necessary, issuing orders and injunctions to encourage companies to develop policies in accordance with the CSDDD. This is in line with key provisions of the CSDDD. It is, however, not evident that this will be reflected in national law. As is demonstrated in this article, national legislation related to corporate sustainability and supervision of this legislation still is diverse and divergent.

It will be a challenge for all EU Member States to implement the CSDDD in such a way that the policy goals of the CSDDD are realized effectively and efficiently. A key element here is how supervisory authorities will perform their task. To coordinate how due diligence duties are being implemented and supervised in the various EU Member States, the CSDDD provides for a Network of Supervisory Authorities (Article 21 CSDDD). That does not, however, answer the question which principles the supervisory authorities should be guided by in executing their role. This article aims to provide an answer to that important question. To that end, I will analyse and compare the various tools supervisory authorities have at their disposal.

2. Sustainable Governance: State of Play

Sustainability has moved to the centre of the corporate debate after the 2008 economic crisis. There are a number of reasons for this. In part, these are linked to that economic crisis. It has raised pressing questions about the attention that exists for aspects other than economic gain. It stimulated thinking about a 206more sustainable economic model with attention for all stakeholders, in which the long rather than the short term should be decisive. This has coincided with an increased awareness of ecological limits in terms of environmental pollution, biodiversity and, in particular, climate change. This is illustrated, for example, by the adoption of the UN Guiding Principles on Business and Human Rights in 2011. In the EU, too, the focus on human rights and the importance of the environment and climate has increased significantly. This has resulted in the Green Deal as presented by the European Commission on 11 December 2019, which made sustainability an EU priority. Rightly so. The elaboration of that theme has resulted and will result in important EU legislation in the near future.^[1]

Basically, the EU regulations pursue two goals, namely (i) far-reaching transparency of the effects of actions by companies on people, the environment and the climate, and at the same time (ii) tightening of due diligence obligations of companies in this respect. With regard to transparency, this concerns both the reporting of sustainability risks due to the company’s actions or omissions and the risks to the company (“double materiality”). The EU also has imposed obligations on financial institutions to be transparent about the actual ‘greenness’ of companies (and avoid greenwashing) when offering their shares or bonds to clients. This is an important objective of the SFDR, which entered into force on 10 March 2021.^[2]

This SFDR requires financial institutions to highlight aspects of sustainability aspects and related risks (“Principal Adverse Impacts”) when offering certain financial products (e. g. if these are pension-related). Closely related to this is what is known as the ‘taxonomy’ (literally: classification), i. e. the determination of what does or does not qualify as a ‘green’ investment (in EU terminology: “environmentally sustainable activities”).^[3] This is elaborated in the EU Taxonomy Regulation 2020/852, which came into force on 12 July 2020. Very briefly, its basic principle is that a ‘green’ activity exists if sustainability is promoted in a particular respect (e. g. air or water quality or biodiversity) without harming other aspects of sustainability. One interesting discussion in this area was whether the use of nuclear power or gas could count as ‘sustainable’. The EU has since decided it does. Both the SFDR and the Taxonomy Regulation provide for detailed delegated (implementing) regulations. Regarding the 207SFDR, important rules contained in Commission Delegated Regulations entered into force on 1 January 2023.^[4]

The main legislative projects in this area, however, remain the CSRD and the CSDDD. The CSRD includes strict reporting rules on a broad range of sustainability and human rights issues, which rules are supplemented by very detailed standards developed by the European Financial Reporting Advisory Group (“EFRAG”).^[5] According to Article 33 CSRD, directors have a “collective responsibility” that such reports are drawn up and made public by the relevant companies. This is also captured by the general obligation that information provided by the company is “to the best of their knowledge” correct.^[6] The CSRD came into force on 6 January 2023 and has to be transposed in national law not later than 18 months after that date (i.e. mid 2024). The compliance of companies with these obligations is in the hands of the company auditors as is the case with all reporting obligations companies have.

The CSDDD originates from the Green Deal, with the intention that sustainability “should be further embedded into the corporate governance framework, as many companies still focus too much on short-term financial performance compared to their long-term development and sustainability aspects”. This thinking on the relationship between sustainability, long-term development and corporate governance has since been captured under the heading “Sustainable Corporate Governance”. The CSDDD aims to further formulate duties of “due diligence” in the value chain (particularly the supply chain) in respect of both human rights violations and adverse environmental impacts and to take measures to combat global warming and related climate change.

3. The Proposal for a CSDDD as Amended by the EU Council of Ministers on 1 December 2022

The European Commission’s original proposal, introduced in February 2022, had a very broad and indeterminate scope, especially in terms of the extent of responsibility for the entire chain of both suppliers and customers as well as sanctions (including far-reaching civil liability). This has been widely criticized not only by companies and others but also by the EU Regulatory Scrutiny Board. The latter body is tasked with reviewing all proposed legislation in the 208EU. It concluded twice that the proposal should not go through. The EU Commission, however, largely ignored the criticism, citing “the political importance of this initiative” and the “urgency of action” (italics in the original).^[7]

However, the EU Council of Ministers was much more receptive to the criticism. This has resulted in an amended (compromise) proposal for the CSDDD dated 30 November 2022^[8] and adopted by the Council on 1 December 2022 with a qualified majority.^[9] This amended proposal will be subject to negotiations with the European Parliament and the European Commission (a “trilogue”) with the aim of reaching agreement. That will probably involve some conversations back and forth as the European Parliament wants to go further concerning a number of issues.^[10] While the EU Council of Ministers would be willing to tighten up on certain parts, I do, however, not expect that the ministers would be willing to concede much on fundamental issues as highlighted below. Given the qualified majority reached by the EU ministers, I will take the amended proposal of 30 November 2022 as approved by the EU Council of Ministers on 1 December 2022 as a starting point.^[11]

Among other things, the EU Council of Ministers reduced the obligations for companies in the financial sector. The concern that led to this is that it is not very feasible for banks, for example, to effectively monitor whether all those to whom they lend money comply with human rights and environmental obligations. Following in the footsteps of the provision that already allowed EU Member States to exempt pension institutions from the CSDDD (Art. 2(6)), on the initiative of France and Italy in particular, a provision was included that leaves it up to the EU Member States themselves to decide whether and to what extent the CSDDD will apply to financial institutions.209

A second important limitation introduced by the EU Council of Ministers is that the initially very broad concept of (any) “impact” on human rights and the environment in the whole ‘value chain’, has been changed to “chain of activities” and, in principle, therefore the “supply chain” (Art. 3 sub (g)). Again, France and Italy, as well as Spain and Portugal and others, have reportedly insisted on this. This is no coincidence. As we will see below, all countries where human rights due diligence has been introduced have, for now, limited its operation to the supply chain.^[12] This therefore means that the use of products by customers generally will fall outside the scope of the CSDDD (e. g. weapons supplied in accordance with the applicable rules and (export) licences). The company’s responsibility (and possible liability) therefore primarily applies to its suppliers (“upstream” business partners) and not its customers (“downstream” business partners).

A third fundamental change made by the EU Council of Ministers relates to the provisions on liability of companies and their directors. In its original proposal, the EU Commission included rather firmly formulated rules on the liability of companies and their directors in Articles 22, 25 and 26 of that proposal. Articles 25 and 26 provided that directors, in fulfilling their duty to act in the best interest of the company, should take into account the consequences of their decisions for sustainability matters, including, where applicable, human rights, climate change and environmental consequences, including in the short, medium and long term and would be responsible for putting in place and overseeing the due diligence actions. This was perceived by some commentators as a basis for personal liability of directors.^[13] These provisions were partly inspired by an EY Report commissioned by the EU Commission,^[14] which suggested that personal responsibility and liability of directors would be a good instrument to promote compliance with the rules set out in the CSDDD. The 210EY report, however, has been received extremely critically not only by business but also by the academic community.

The EU Council of Ministers has amended these liability provisions heavily. In the proposal as adapted by the EU Council of Ministers, the original Articles 25 and 26 of the CSDDD are deleted because of “strong concerns” among many EU Member States that this would introduce a great amount of legal uncertainty and was perceived as “inappropriate interference” with national law. The Netherlands also supported the deletion of these provisions partly out of “opposition to personal civil liability for directors”.^[15] The proposal to make such obligations “personal” has not found any supporters in other countries. An example is the German Lieferkettensorgfaltspflichtengesetz (“LkSG”), which explicitly determines that this law cannot serve as a basis for civil liability (“begründet keine zivilrechtliche Haftung”).

Article 22 now restricts liability of companies explicitly to situations in which all customary conditions for liability are fulfilled. The EU Council of Ministers underlines that this requires that the company acted knowingly or at least clearly negligently (“intentionally or negligently”), and that there is a direct causal link with the act. As a starting point, the company is not liable if adverse impacts on human rights and the environment are exclusively attributable to actions of a business partner in the supply chain. The background of all these considerations is that the EU Council of Ministers explicitly wants to guard against “overcompensation” (as explicitly mentioned in Art. 22 CSDDD). That, for example, implies that punitive damages should be out of the question. As is elaborated below, these changes made by the EU Council of Ministers can be applauded.

All this is not to say that liability may not be appropriate under circumstances, but it will then be an avenue to recoup damages, not the dream tool to implement a policy. If all the customary requirements for liability have been met, a company definitely may be held liable for damages if its actions qualify as a tort and a causal link between the actions and the damages can be established. Under specific circumstances such liability may extend to directors if an act or omission can be attributed to them in which they neglected their responsibilities and it was foreseeable that damages would occur. In practice, this will be relatively rare, but it cannot and should not be excluded. Although the law for good reasons acknowledges and respects the complexity of their role and the discretion that comes with it, they may be held to account if the role is not fulfilled with the appropriate level of diligence.211

4. The CSDDD Is in Need of a Strong Policy Framework and Effective Policy Instruments. Liability Rules are not that Instrument

From the perspective of supervisory strategies available to monitor that human rights are being respected, the debate on liability is highly relevant. It highlights the key question of what are effective and efficient instruments to realize policy goals, such as increasing sensitivity to human rights violations in the supply chain and the question of how to develop a corporate policy and a corporate culture which can be instrumental in detecting and addressing human rights violations. This ties in with a broader debate on liability as a policy instrument.

The concept of liability as an effective tool to implement policy does not have a strong track record. Generally, realizing liability claims will require long and complex legal proceedings. Liability can be a useful additional instrument in addition to a set policy if concrete damages have been sustained and such damages are attributable to specific perpetrators whose actions are evidently wrongful under civil law and there is a direct causal link between the actions and the damages.

When human rights are violated, this is often not the case. For example, if child labour is used in the supply chain or working conditions do not meet decent standards and therefore involve significant dangers, it does not mean that a failure to end such situations constitutes a claim for damages. Child labour in a factory does not necessarily imply damages if the alternative is that children not working in a factory will be confronted with even deeper poverty and no available education (and even may end up in criminal networks). Let me be very clear: this is in no way a defence of child labour! The point I want to make is that where a supplier uses child labour, the challenge for a CSDDD-compliant company goes much further than only monitoring that child labour is being banned. Such a company should also feel bound to do everything possible to ensure that the supplier pays wages to adults such that their children do not have to work and that education is available locally. That, however, clearly requires a broad, policy-oriented, approach. Civil law claims for damages will not bring about these kind of actions.

This holds also true in the case of environmental adverse impacts. The well-known Shell / Nigeria case is just one example. After more than ten years of complicated litigation, a limited number of farmers who sustained damages due to oil spills from pipelines used by a Shell Nigeria subsidiary, ultimately reached a settlement and received relatively modest compensation for damages sustained.^[16]212The key in this case was, however, that such oil spills should be prevented. Therefore much more relevant was that Shell was ordered to oversee that the Nigerian subsidiary installed a leak detection system on its pipelines. This would stop the transport of oil once a leak is detected and therefore prevent the pollution of farmlands.

Even more strongly, this point can be made in relation to actions aimed at limiting climate change through reduction of greenhouse gas (“GHG”) emissions. Although there is no doubt that exceeding a certain level of GHG in the atmosphere will have disastrous consequences, it is impossible to attribute such consequences to GHG emissions by specific businesses or other institutions and even if this were possible it will be inevitable that very complicated questions will arise as to who actually should and should not be expected to reduce emissions. It would seem for example pretty inconceivable that all institutions emitting GHG are held to reduce emissions proportionally, independent of whether the institution is a hospital or a year-round speedskating arena in the desert. Moreover, the issue of climate change is fundamentally different from environmental adverse impact events where emission of hazardous agents directly impact the health of persons affected by being exposed to those agents. GHG, including CO2 and methane, are not such agents. This can be put even more strongly: without emitting GHG, life would simply not be possible. In a police novel it would be referred to as a corpse with no perpetrator or, more fitting, a corpse with all others being the perpetrators. It is quite clear that civil law liability is not effective or efficient in addressing the climate problem.

Even the well-known and much debated decision of the The Hague District Court rendered on 26 May 2021 in the Shell climate case^[17] did not result in liability of Shell, but boiled down to an order for Shell to have reduced its emissions by 45% by 2030. Although ‘climate litigation’ certainly is a topic of the day and generates many publications, the conclusion is generally that claims against governments (as in the Netherlands in the well-known Urgenda case) sometimes are successful, but that private law claims against companies tend to get stuck in private law limitations as discussed above.^[18]213 The Shell climate case is no exception to this rule as liability issues were avoided.^[19]

What might be more important, and seems to be gaining wider recognition, is that the case illustrates the role of the parent company and its corporate policy. As the Court itself articulated (4.1.1): “This case revolves around the question whether or not RDS has the obligation to reduce [...] CO2 emissions [...] through the corporate policy of the Shell group”. It is no longer an exception that also the parent company is deemed to have a “duty of care” independent from the subsidiary. The impact of the CSR debate on the law of corporate groups has not gone unnoticed.^[20] In this article I will, however, not expand on this issue.

Even if we were to decide to resort to alternative theories on tort and causality, such as ideas of alternative and/or proportional causality, it will not be possible to make a convincing connection between acts or omissions of specific actors and damages sustained by specific parties. In all jurisdictions, on the continent as well as in the Anglo-US world, this is identified as a huge stumbling block in 214using private law as an instrument for change.^[21] Some have suggested that therefore one should ignore the requirement of a causal link all together, and hold companies liable on the grounds of reasonableness and fairness. I am, however, convinced that opening up that Pandora’s box and granting the courts the authority to decide at will what amounts should be paid is a bad idea. The consequence of such an approach could easily lead to what Spier refers to as the threat of “crushing liability”, where companies are held liable for damages in such magnitude that bankruptcy will be unavoidable. The uncertainty that would be created by such an approach would only exacerbate the problem, not contribute to its solution.

Let me, however, be very clear (again): by no means should the huge consequences of global warming be played down. On the contrary, the fact that this is a very serious threat should imply that legal instruments should be developed which can effectively stop global warming. However, liability rules are no such instrument. What the climate crisis does call for is a well-designed policy framework supplemented by an effective legal system and regulatory supervision. Such a framework in essence has been created by the EU Emissions Trading System (“ETS”).

5. Human Rights and Climate Change. The Interplay between the CSDDD (and the CSRD) and the ETS

For the reasons set out above, the CSDDD includes only limited rules in relation to climate change and GHG emissions. The issue is covered by Article 15 of the draft CSDDD. The principal obligation (in Article 15 CSDDD) is that EU Member States secure that companies subject to the CSDDD “shall adopt a plan to ensure that the business model and strategy of the company are compatible with the transition to a sustainable economy and with the limiting of global warming to 1.5° C in line with the Paris Agreement” (italics added). That plan should indicate “the extent to which climate change is a risk for, or an impact of, the company’s operations”. If climate change is a “principal risk” for the company or if the company has a “principal impact” on the climate (both aspects are relevant: “double materiality”), the company must include “emission reduction objectives” in the plan. This is in line with what the CSRD already requires as a reporting obligation.215

As to the role of the Competent Supervisory Authority (“CSA”), Article 18 (1) CSDDD provides the important limitation that as regards obligations related to climate change, the national CSAs will only have the authority to supervise that companies have adopted the plan. Consequently, the designated CSA is not the competent authority to monitor whether a company is doing enough to limit its contribution to global warming. In line with this, the provision on corporate civil liability (Art. 22) is also limited to the violation of obligations relating to respect for human rights and environmental damage within the meaning of Articles 7 and 8 CSDDD.

Here one should realize, as already mentioned above, that the CSRD does provide for detailed reporting rules on climate change which are further specified in the European Sustainability Reporting Standards (“ESRS”) articulated by EFRAG. According to Article 19a CSRD, companies must report “plans [...] to ensure that its business model and strategy are compatible with the transition to a sustainable economy and with the limiting of global warming to 1.5° C in line with the Paris Agreement”. In that context (see Article 29b (2)(a)(1) CSRD), the company is also bound to report on its GHG emissions including emissions related to its Scope 1, 2 and 3 context (and therefore all emissions in the value chain) and on projects which aim to decrease its emissions and the releated costs and benefits. Furthermore, a calculation must be published of the amount of CO2 emitted divided by turnover. This provides a standard to determine a company’s CO2 efficiency. At a number of large companies this reporting with respect to Scope 1, 2 and 3 is already taking place, and sometimes already quite extensively. Although Shell, of course, is often heavily criticized, and for a reason, it should be acknowledged that when it comes to reporting these emissions, Shell provides a very detailed overview with regard to Scope 1, 2 and 3.^[22] These reporting obligations will be audited by professional auditors and, therefore, there is no need for an additional supervisory role as provided for in the CSDDD.

As a consequence, the CSDDD is of limited relevance in addressing issues of climate change. I would argue that this is a good choice. Climate change has fundamentally different characteristics, and therefore requires other remedies than provided for in the CSDDD. Climate change is literally a collective problem. The only effective way to tackle it will necessarily require a far-reaching form of coordination and regulation at a significantly higher level than individual companies or even individual states. That collective goal is impossible to achieve by letting each individual company fill it in by itself. Like a sports team 216will not win games if players may themselves individually decide their position and role, addressing climate change will require coordination and a ‘blueprint’ that also secures a level playing field, preferably on a supranational level. I refer to former Advocate-General, Professor Jaap Spier, who has discussed this concept in a number of important publications.^[23] As Spier rightly points out, such a ‘blueprint’ will be impossible to realize through judicial decisions.^[24]

To make substantial progress in addressing climate change, a fundamentally different structure, with specialized supervisors, other than the CSDDD is needed. That structure is provided by the ETS, as recently refined by the Carbon Border Adjustment Mechanism (“CBAM”). In the ETS, we fortunately already have a mechanism to impose emission reduction obligations on (large) companies in a coordinated manner. The amount of such emissions is reduced annually. At the same time, a trading system is set up whereby a company that successfully invests in reducing emissions can sell the excess allowances to another entity which has not yet achieved a similar result. In effect, this creates an incentive to do more than meet the quotas. That is not to say that the ETS system is perfect, but it is a system that can be well refined. Such refinement is embodied in the agreement reached in late 2022 between the EU Council of Ministers and the European Parliament on supplementing the ETS with a mechanism that taxes CO2 emissions from companies from non-EU countries in the EU when an economic activity takes place within the EU. This CBAM aims to prevent CO2 ‘leakage’ that may occur when goods are produced outside the EU without emission limits and then sold in the EU internal market.^[25] For the underlying information I refer to the EU website on this subject.^[26] As recently as 18 April 2023, the European Parliament also approved this climate change package (which is known as the “Fit for 55” package) including the stricter ETS rules.^[27]

Ultimately, this structure should also be extended outside the EU. In this context, with regard to promoting internationally coherent regulation, see recently, for example, the 2022 report of the UN High Level Expert Group on 217the Net Zero Emissions Commitments of Non-State Entities.^[28] This is another step towards a system that can lead to a blueprint for reducing greenhouse gas emissions globally.

6. The Regulatory Framework as Provided for by the CSDDD and the Crucial Role of the Competent Supervisory Authority (“CSA”)

Just as complicated as the question how to legislate ‘due diligence’ is the question how to supervise compliance with such legislation once adopted in view of the relatively open norms and broad policy goals in relation to alleged violations of human rights. As argued above, traditional legal concepts as tort, causality and liability for damages may not fit well in an area where issues and legislation are not black or white but to a large extent policy-oriented. In that perspective, there is not only a need, but also a necessity to develop new instruments and associated legal notions. The attempts at regulation and implementation so far (as discussed below) illustrate that this will not only be a major challenge for EU Member States individually but will also raise the question how a level playing field in the EU can be realized and maintained.

As discussed above, these issues have so far received relatively little attention. In exploring this further I will first explain how according to the CSDDD, supervision of the CSDDD is supposed to function. Subsequently, I will discuss in a comparative context what kind of supervision for the various categories of obligations would seem to be appropriate. Lastly, I will focus on what we have learned so far from jurisdictions which already have enacted human rights due diligence legislation.

7. Human Rights and Adverse Environmental Impact. In Search of Effective Strategies and Complementary Regulatory Supervision

Discussing the obligation of human rights due diligence means discussing corporate policy. This is already clear from the draft CSDDD where the CSDDD itself notes that respect for human rights violations must be integrated in the policy and the “risk management” of the business. Subsequently, companies are expected to monitor the effectiveness closely “whenever there are reasonable grounds to believe that significant new risks [...] may arise” (Articles 4 and 10). The “due diligence policy” should include a “code of conduct” which lays down the rules and principles that apply to all those involved in the company, and a description of the measures for complying with them (“compliance”). At least every two years, the policy must be reviewed and adjusted if necessary (Article 5). A “prevention plan” must also be drawn up. Actual action must be taken to identify and address “actual and potential adverse impacts” (Article 6). This may involve prioritization based on the severity and likelihood of the (potential) breach (Article 6a). Action may include explicit contractual ar222rangements with business partners to prevent or end infringements (Articles 7 and 8). To this end, the European Commission may draw up guidelines, including model contract clauses (Articles 12 and 13).

The focus will therefore be on human rights violations and adverse impacts on the environment by polluting land, water and air with hazardous substances (which is fundamentally different from climate change as GHG emissions in themselves are not hazardous). In the literature the first category, human rights violations, seem to be dominant, although it is clear that pollution may also infringe human rights if it leads to unhealthy conditions of the population living in the vicinity of a site where the pollution originates. At the same time, there are clear differences. If hazardous substances are being discharged, this is something that generally can be measured and quantified and therefore a direct causal link can be established with adverse health consequences. Moreover, in many cases there are established standards on what is acceptable from a health perspective and what is not. All these factors make it relatively straightforward – though not necessarily simple – to conclude whether legal norms have been violated and damages are due. This becomes much more complicated when discussing broader human rights obligations companies may have on the basis of the OECD Guidelines and/or the UN Guiding Principles and/or the CSDDD.

This can be illustrated by the reference to the 17 Sustainable Development Goals (“SDG”) formulated by the UN. Basically those 17 SDGs picture an ideal world where everybody has work, earns a good salary, standards of living are high, energy is abundantly available and at the same time people live in a healthy environment where nature is fully respected and undisturbed. Such ideal situations will not come into existence overnight. Industries will have to be set up to secure work but that will lead to adverse effects such as people being expropriated, relocated, being confronted with a loss of nature and other impacts on the environment. Human rights in this broader context will therefore always be, at least to a certain extent, aspirational and policy oriented. Obviously, there are minimum standards that are non-negotiable. Slavery is out of the question. Exposing workers to hazardous agents that knowingly pose serious threats to their health is not acceptable. However, here already questions may arise. Working as a miner clearly is not a healthy profession. At the same time, the mining of rare materials does create jobs and may have beneficial effects on the economic development of a certain area and its people (not to mention that it will be necessary to develop electric cars etc.). Another example is child labour. This is a subject that, quite rightly, evokes strong emotion and rejection. At the same time, it is widely accepted that children are helping their parents on their farms or in their businesses. As long as that is kept within limits, and children are permitted to go to school, this will not by definition qualify as fundamental human rights violations.223

Clearly there is much more to say on all the dilemmas that may arise in this respect. However, there is already a wide-ranging literature available and the aim of this article is not to contribute to that literature. What this article does aim for is to explore how supervisory authorities could best fulfil their roles given that promoting human rights and caring for the environment in many instances will not be a black-and-white issue and, contrary to what the terminology may suggest, only to a limited extent is a legal issue as human rights cannot be equated with traditional ‘subjective’ rights. Therefore human rights debates may also entail complicated policy questions. This will by definition also impact the role of regulatory supervisors. In exploring what would be the best approach in this respect a lot can be learned from jurisdictions which have already introduced human rights and environmental due diligence legislation.

8. Comparative Overview of National Laws on Sustainability Objectives and Strategies of Supervisory Authorities

As set out in the preceding paragraph, the draft CSDDD does not provide much guidance on how the supervision of the CSDDD rules should take place. However, we may learn from the experiences of countries which have introduced human rights due diligence legislation. When we look at how such countries have organized the regulatory supervision, we see considerable differences. There does not seem to be a consensus on what would be the best approach. In a way this may be a blessing in disguise as it offers the opportunity to learn from the experiences.

As part of this learning experience I will review and analyse the supervision structure around the UK Modern Slavery Act, which came into force in 2015, the French Loi relative au devoir de vigilance, enacted in 2017, the German LkSG (Lieferkettensorgfaltspflichtengesetz) and the Norwegian Åpenhetsloven, which were adopted in 2022 as well as the discussion in the Netherlands (where a Child Labour Act was adopted but never came into force). I will conclude by summarizing the lessons we have learned from national experiences and the recommendations which may be drawn from this.

9. Lessons Learned and Recommendations

The above holds some powerful lessons and findings in relation to the crucial role of supervisory authorities in realizing the policy goals enshrined in sustainability legislation.

First and foremost, it is clear from the analysis, and the French experience illustrates this point, that relying on a regime of liability is not effective. Civil law litigation may be the preferred instrument if parties have sustained damages which can be attributed to acts or omissions of another (legal) person and the causality between the one and the other is clearcut. If that is not the case, liability is not the fast track to realizing policy goals. Liability cases will by definition focus on specific circumstances of a specific company in a specific situation, and will only be decided after time- and money-consuming procedures have been conducted. Moreover, the legal effect of judicial decisions in individual cases will always be limited. It is telling that the French parliamentary working group evaluating the 2017 Loi de vigilance concludes that there is a pressing need to set up a regulatory supervisor. It is also telling that the parliamentarians underline that such a supervisory authority should not only have the powers to impose fines and make orders, but should assist companies in providing them with tools to discharge their responsibilities. The working group explicitly refers to, and recommends, the German approach (discussed above in 8.3).

In the German approach, the choice unequivocally has been made for supervisory authorities which not only, and not primarily, impose fines or other penalties but are expected to assist and to some extent coach companies in discharging their responsibilities. This has materialized inter alia in a helpdesk organization which provides a pretty impressive set of documents and guidance for companies on how to address the responsibilities as set out in the German LkSG). It is interesting, as well as realistic, and very much in point, that the helpdesk organization explicitly states that it is impossible for companies (but that also applies to supervisors) to have reviewed the whole supply chain at the time the LkSG comes into force. Moreover, it acknowledges that it is legitimate (“legitim”) to set priorities and address the responsibilities over time in a step-by-step approach.238

The same approach, but even articulated more strongly, has been laid down in the Norwegian Transparency Act. As already highlighted above (see 8.4), both the Act itself and the supervisory authority make clear that the supervisory authority primarily aims to assist companies in achieving the broader policy goals and is not focused on fines or other sanctions. Of course that leaves unaffected that, if companies do not move in the right directions, the supervisory authority may and will certainly resort to the use of sanctions.

From those experiences we can draw a number of lessons and formulate recommendations for the implementation of the CSDDD in national law. First, it is clear that civil liability is not an instrument to achieve the goals set out in the CSDDD. That is not to say that companies should not be held liable if damages have been sustained by specific parties due to actions of companies. But taking into account that damages will be difficult to attribute and assessing damages will require complex and prolonged litigation and in itself will not lead to structural changes, civil liability cannot be the prime instrument of choice to make the CSDDD work.

A fundamentally different structure of oversight is required to incentivize and assist companies in developing the right instruments to improve their human rights policies and actual impact, and to prevent and minimize environmental adverse consequences.

Obviously this commences with a due diligence investigation. First, it should be noted that investigating whether each and every actor in the supply chain fully respects the whole catalogue of human rights and does not cause any negative environmental impact will require a vast amount of time and resources. This work can only be done over time. In that respect it may be helpful if supervisory authorities, in close consultation with businesses, issue guidance and develop best practices setting out which actions companies could undertake and up to what level of detail, and in which manner, information should be gathered. Clearly, companies may benefit greatly from the assistance of specialized governmental agencies sharing information on foreign countries or regions and the risks associated with having suppliers in those countries or regions, as the German Helpdesk is doing. In addition, also setting up other mechanisms and processes in which information could be gathered collectively by companies active in certain countries or regions, and allowing companies to rely on that information, at least up to the point a company would receive information contradicting earlier findings, would be very helpful.

Second, and the term has been mentioned already in this article, it will be inevitable to prioritize areas of investigation, whether geographically or per sector as well as actions to be undertaken to remedy situations which have been uncovered. Here regulatory supervisors could also play an important role. 239One could very well imagine that supervisors would determine prior to a fiscal year what specific areas of human right violations or adverse environmental impact companies are expected to focus on. When a regulatory supervisor has announced what companies are expected to focus on in a certain fiscal year, this also facilitates the actual oversight and supervision by the supervisors on the various plans and, if necessary, taking measures against companies which have clearly performed below par. Such prioritization by supervisory authorities may be more effective than leaving the prioritization to companies, as is now anticipated in the CSDDD.

Third, upon the phases of investigation and reporting being completed, companies will need to meet the challenge to remedy situations in which human rights or the environment have been found to be negatively affected. As set out above, the CSDDD itself in Articles 6-8 recognizes that this may not be as simple as it sounds. Also, setting priorities by supervisory authorities could help both companies and the supervisors. For example: in a certain year the focus could be on addressing child labour and education in a certain region and another year on labour conditions and fair wages.

The fundamental lesson that in my view can be drawn from this article is that realizing the ambitious goals set out in the CSDDD does require that supervisory authorities are willing to engage in an open and fair discussion with companies on what they reasonably can be expected to do in practical terms but also in terms of feasibility and in terms of the financial impact of measures on companies, in order to achieve the ultimate goals the CSDDD strives to realize. This will, and will need to, diverge from what until now generally is expected from regulatory supervisors, i. e. securing strict compliance with specific rules through the levy of fines or other sanctions. Furthering the goals set out in the CSDDD requires something different.

In this respect the CSDDD both signifies and requires a fundamental change in legal thinking and transcending traditional legal practices and legal techniques. From that perspective we are witnessing the beginning of a paradigm shift. We do not know yet what the ultimate impact of this shift will be. But what we do know is that in implementing the CSDDD, national governments and supervisory authorities would misinterpret the signs of the times if they were to be guided by traditional ideas of how regulators should operate.

* * * *