Name of Act: Directive on Corporate Sustainability Due Diligence*

Entry into force: 25 July 2024.

To which businesses will it apply? 

• EU companies and ultimate parent companies with more than 1,000 employees and a net worldwide annual turnover higher than €450 million in the last financial year.
• Non-EU companies and ultimate parent companies with more than €450 million net turnover generated in the EU in the financial year preceding the last financial year. Unlike the Corporate Sustainability Reporting Directive (“CSRD”), this will apply irrespective of whether the non-EU company has a registered entity domiciled in the EU.
• EU and non-EU companies that have entered into franchising or licensing agreements in the EU with third-party companies in return for royalties. The CSDDD covers EU franchising companies with more than €22.5 million in royalties and a net worldwide turnover of more than €80 million in the last financial year. The Directive covers non-EU franchising companies with more than €22.5 million in royalties in the Union and a net turnover in the Union of more than €80 million in the last financial year preceding the last financial year.

The Directive will apply to companies that meet those conditions for two consecutive financial years.

Although not covered by the Directive, small and medium enterprises (“SMEs”) could be impacted as contractors or subcontractors to covered companies, for example where a company within the scope of the CSDDD looks to flow down due diligence obligations to its suppliers and contractors.

What will businesses be required to do?
Conduct human rights and environmental due diligence in accordance with the UN Guiding Principles on Business and Human Rights and OECD Guidelines for Multinational Enterprises. This comprises:

• Integrating due diligence into policies and management systems
• Identifying and assessing adverse impacts
• Preventing, ceasing, or minimizing actual and potential adverse impacts
• Monitoring and assessing the effectiveness of measures
• Communicating how impacts are addressed
• Providing for or cooperating in remediation when appropriate

Publish a due diligence policy and account for due diligence in annual, public reports (in accordance with the separate Corporate Sustainability Reporting Directive). Companies that fall within the scope of the CSRD and CSDDD and report in accordance with the requirements set out in the CSRD are deemed to have complied with the reporting obligations under the CSDDD.

Put into effect a transition plan for climate change mitigation that complies with the Paris Agreement goal to limit global warming to 1.5°C and with the EU objectives to achieve climate neutrality by 2050. 

When will it come into effect?

EU Member States have two years from the entry into force of the Directive to enact transposition measures (i.e., by July 26, 2026). The measures will apply to the companies affected within three to five years from the entry into force of the CSDDD, as set out by the following staggered timetable: 

• EU companies and ultimate parent companies with more than 5,000 employees and an annual net turnover higher than €1,500 million: from July 26, 2027 (for due diligence obligations) and for financial years starting on or after 1 January 2028 (for reporting obligations);
• EU companies and ultimate parent companies with more than 3,000 employees and an annual net turnover higher than €900 million: from July 26, 2028 (for due diligence obligations) and for financial years starting on or after 1 January 2029 (for reporting obligations);
• Non-EU companies and ultimate parent companies that have generated a net turnover in the EU higher than €1,500 million: from July 26, 2027 (for due diligence obligations) and for financial years starting on or after 1 January 2028 (for reporting obligations);
• Non-EU companies and ultimate parent companies that have generated a net turnover in the EU higher than €900 million: from July 26, 2028 (for due diligence obligations) and for financial years starting on or after 1 January 2029 (for reporting obligations);
• EU companies and ultimate parent companies with more than 1000 employees and an annual net turnover higher than €450 million, and non-EU companies and ultimate parent companies with an annual net turnover higher than €450 million generated in the EU, as well as companies with a franchising or licensing business model that fall under the scope of the Directive: from July 26, 2029 (for due diligence obligations) and for financial years starting on or after 1 January 2029 (for reporting obligations).

Which rights are covered?
Specified human rights impacts derived from the core UN human rights treaties and International Labor Organization Core Conventions and any measurable environmental degradation, such as harmful soil change, water or air pollution, harmful emissions or excessive water consumption or other impacts on natural resources.

Does the due diligence obligation extend to the entire value chain?
No. Unlike the Commission’s original proposal (see K&S Client Alert), the approved text has opted for a narrower concept of “chain of activities”, covering only specifically listed parts of the value chain. The chain of activities covers activities of a company’s upstream business partners related to the production of goods or the provisions of services by the company, as well as activities of a company’s downstream business partners related to the distribution, transport and storage of the product for the company or on its behalf.

There is a specific carve out for the financial services sector, whereby their due diligence obligations do not need to extend to downstream business partners that are receiving their products and services.

The due diligence obligation also extends to the companies’ own operations and operations of their subsidiaries.

What are the sanctions for non-compliance?

• Administrative penalties imposed by Member States of no less than 5% of the net worldwide turnover.
• Public statements by the Member States indicating the company responsible for infringement and the nature of the infringement.
• Civil damages where the victim of an adverse impact can demonstrate that harm was suffered as a consequence of a failure to implement adequate due diligence. With respect to civil damages, a company would not be liable where damage was caused “only” by its business partners in its chain of activities (for example, suppliers).

Compliance with the Directive can be qualified as a criterion for the award of public contracts and concessions.

*External links

Directive (EU) 2024/1760 of the European Parliament and of the Council of 13 June 2024 on corporate sustainability due diligence and amending Directive (EU) 2019/1937 and Regulation (EU) 2023/2859. 
K&S Client Alert on the Directive on Corporate Sustainability Due Diligence.

Name of Act: Duty of Vigilance Law

Entry into force: 2017

To which businesses does it apply? 
French registered companies with over 5000 employees in France or 10,000 employees worldwide

What are businesses required to do?
Establish, publish and implement a vigilance plan, including:

• Mapping that identifies, analyses and prioritises risks
• Procedures to regularly assess risks associated with subsidiaries, subcontractors and suppliers
• Appropriate action to mitigate risks or prevent serious violations
• An alert mechanism (involving trade unions and other external stakeholders) and

A monitoring system for the measures implemented and the evaluation of their effectiveness

Which rights are covered?
Human rights, serious bodily injury, environmental damage or health risks

Does the due diligence obligation extend to the entire value chain?
Yes, subject to a materiality threshold. The duty extends to adverse impacts resulting directly or indirectly from the operations of:

• the company and its subsidiaries; and
• the operations of the subcontractors or suppliers with whom it maintains an established commercial relationship

What is the required connection between the business and an adverse impact?
Must result directly or indirectly from the operations of a relevant company

What are the sanctions for non-compliance?

• Administrative penalties of up to €10 million
• Civil liability where harm could have been prevented by implementation of adequate vigilance plan

External links
Unofficial English translation of the legislation

Name of Act: German Supply Chain Due Diligence Act

Entry into force: 1 January 2023

To which businesses does it apply? 
German registered / seated companies with over 3000 employees on 1 January 2023 (falling to 1000 on 1 January 2024)

What are businesses required to do?
Fulfil due diligence obligations, i.e.:

• Set up a risk management system
• Perform regular risk analysis, including prioritisation
• Take preventative measures in relation to identified risks
• Take corrective action in relation to actual impacts
• Establish a reporting system
• Annual reporting on fulfilment of due diligence obligations

Which rights are covered?
Specified human rights impacts and environmental harms

Does the due diligence obligation extend to the entire value chain?
No, extends to adverse impacts in operations and supply chain only (Tier One and, where there is substantiated knowledge, Tier Two and beyond)

What is the required connection between the business and an adverse impact?
Cause or contribution

What are the sanctions for non-compliance?
Administrative penalties of up to €8,000,000 or 2% of annual turnover

External links
Unofficial English translation of the legislation
K&S Commentary

Name of Act: Norwegian Transparency Act

Entry into force: 1 July 2022

To which businesses does it apply? 

• Norwegian public limited and listed companies; and
• Foreign companies that pay tax in Norway and meet 2 of the following criteria:
• Annual sales revenue of at least NOK 70 million (approximately USD 7 million);
• A balance sheet total of NOK 35 million (approximately USD 3.5 million); or
• At least 50 full time employees

What are businesses required to do?
Conduct human rights due diligence in accordance with the OECD Guidelines, i.e.:

• Embed the respect for human rights into its policies
• Identify, assess and prioritise actual and potential adverse impacts
• Implement suitable measures to cease prevent or mitigate adverse impacts
• Track the implementation and results of these measures
• Communicate with affected stakeholders
• Provide for or co-operate in remediation.

Account for due diligence in annual, public reports

Respond to requests for information from members of the public

Which rights are covered?
Fundamental human rights and decent working conditions

Does the due diligence obligation extend to the entire value chain?
Yes, consistent with the UNGPs and OECD Guidelines, extends to adverse impacts in operations, supply chain (Tier One and beyond) and downstream value chain

What is the required connection between the business and an adverse impact?
Cause, contribute or direct link through operations, products or services

What are the sanctions for non-compliance?
Administrative penalties

In cases of repeated infringements of the duty to conduct due diligence, the size of the penalty imposed will reflect the severity, scope, and effects of the infringement

External links
English translation of the legislation
K&S Commentary

Name of Act: Ordinance on Due Diligence and Transparency in relation to Minerals and Metals from Conflict-Affected Areas and Child Labor (DDTrO)

Entry into force: 1 January 2022

To which businesses does it apply? 

• Undertakings (= natural persons, legal entities, partnerships with seat/domicile/head office/office/principal place of business in Switzerland and that operates a business) Exception to the due diligence and reporting obligations in relation to Minerals and Metals: if the quantities imported or processed are below the minimum annual quantities set out in Annex 1.
• Exception to the due diligence and report obligations in relation to Child Labour; small and medium-sized undertakings that meet at least two of the following criteria:
• Total assets of CHF 20 million (approximately $21.7 million)
• Revenue of CHF 40 million per annum (approximately $43.5 million)
• 250 or more full-time equivalent employees
• Exemptions from the due diligence and reporting obligations in relation to Child Labor w-risk undertakings where there is no reasonable suspicion of child labour (UNICEF Children Rights Atlas)
• Exemptions for Undertakings that adhere to internationally recognized equivalent regulations.

What are businesses required to do?
Fulfil due diligence and reporting obligations, i.e.

• Adopt a supply chain policy on minerals and metals and integrate into contracts with suppliers
• Implement a supply chain traceability system
• Implement suitable measures to cease, prevent or mitigate the impact
• Track the effectiveness of measures
• Implement a reporting procedure
• Annual third party audit of conflict minerals and metals

Account for due diligence in an annual report

Which rights are covered?
Prohibition of child labour and adverse impacts associated with conflict minerals and metals

Does the due diligence obligation extend to the entire value chain?
No, extends only to the supply chain.

What is the required connection between the business and an adverse impact?
Cause, contribute or direct link through operations, products or services

What are the sanctions for non-compliance?
Criminal penalties of up to CHF 100,000 for intentionally providing false information in the report; or up to CHF 50,000 for negligent acts

External links
Unofficial English translation of the legislation provided by the Swiss Government.