On February 23, the European Commission released its long-awaited draft regulation on human rights and environmental due diligence, a critical component of its sustainable corporate governance initiative. The draft regulation requires large EU companies, and some non-European companies doing significant business in Europe, to assess their actual and potential human rights and environmental impacts throughout their operations and down their supply chains and to take action to prevent, mitigate, and remedy identified human rights and environmental harms. Companies that fail to conduct effective due diligence or to implement preventative or remediation measures face both administrative penalties and civil liability.

The commission took nearly two years to release its proposal, after EU commissioner for justice Didier Reynders announced his intention to draft such a rule, and nearly a year after the European Parliament signaled its support for the initiative in 2021. As the headquarters of some of the world’s largest companies and an importer of  €223.3 billion worth of goods, the European Union’s influence on global business practices with respect to human rights, including through its supply chains, is nearly unmatched. The 2020 Corporate Human Rights Benchmark analyzed 225 serious allegations of human rights abuse associated with the 229 major global companies it assessed; although 78 percent of those companies were based in Organization for Economic Cooperation and Development (OECD) countries, 85 percent of alleged human rights impacts took place in developing countries. The 2018 Global Slavery Index estimated there are 24.9 million victims of forced labor around the world and $354 billion worth of products from the technology, apparel, fishing, and agricultural industries produced with forced labor and imported by G20 countries. The proposed EU directive builds on earlier efforts by the European Union to make business practices in this area more transparent, including the EU Non-Financial Reporting Directive and the Conflict Minerals Directive. If the European Parliament and European Council approve this directive—a process expected to take a year or more—EU member states will have two years to transpose the directive into national law and begin enforcement.

Q1: What is mandatory human rights due diligence and why is it important?

A1: The concept of requiring companies to undertake human rights due diligence draws from the UN Guiding Principles on Business and Human Rights (UN Guiding Principles) as well as the OECD’s Guidelines for Multinational Enterprises and Due Diligence Guidance for Responsible Business Conduct. The UN Guiding Principles, adopted unanimously by the UN Human Rights Council in 2011, outline the corporate responsibility to respect human rights and require companies to undertake due diligence to identify, prevent, mitigate, and account for any human rights harms they may cause, contribute to, or be linked to. Although not legally binding, the UN Guiding Principles have been widely accepted by governments and the world’s largest companies.

In the absence of an international legal obligation to address human rights impacts and with a patchwork of national laws in place, companies have adopted a wide range of voluntary approaches to fulfill their human rights responsibilities. The European Union found that these initiatives have largely failed to generate widespread improvement in corporate human rights practices, a conclusion backed up by many years of analysis of corporate efforts to prevent forced labor in supply chains and human rights abuse more generally. Similarly, earlier efforts by governments to require transparency in corporate supply chains failed to change corporate behavior on their own, absent parallel requirements to take action to stop abuses and to impose penalties for corporate failure to do so. As of 2020, nearly half of the largest companies had yet to take any public action to address human rights issues within their supply chains. These failings have led to widespread calls from civil society, and even companies, for governments to mandate corporate action to address human rights and environmental impacts—and to impose legal consequences if they do not.

Q2: What does the proposed directive require?

A2: The directive will apply to approximately 13,000 EU companies and about 4,000 non-EU companies in the following categories:

• EU companies with at least 500 employees and a global net turnover of over €150 million
• EU companies working in sectors at high risk of human rights abuse, including agriculture, apparel, extractives, with at least 250 employees and €40 million in global net turnover (with a two-year phase-in period before the directive applies)
• Non-EU companies with a net turnover of at least €150 million from their operations within the EU, or operating in a high-risk sector, with at least €40 million in net turnover from their EU operations

Covered companies are required to carry out human rights and environmental due diligence to identify existing and potential negative impacts on human rights and the environment that occur within their own operations and from their “established business relationships” and to take steps to prevent, end, and minimize the extent of those impacts. This includes consulting affected stakeholders, adopting codes of conduct and human rights and environmental due diligence policies, and investing in internal infrastructure to ensure compliance. Where abuses are found, remediation is required, including financial compensation for affected individuals and communities.

Member states are required to establish both administrative penalties and a civil liability regime to ensure company compliance with the directive. The directive imposes responsibility for oversight of companies’ due diligence activities with corporate boards of directors and requires national securities regulators to incorporate this board member obligation into national law. Incorporating corporate human rights due diligence into directors’ duty of care provides a particularly powerful tool to ensure personal responsibility for implementation of the directive.

Q3: What might this legal regime look like in practice?

A3: The scope of the directive is broad in terms of the list of abuses companies would be responsible for preventing, mitigating, or remedying, requiring companies to examine impacts on workers—including worker health and safety, living wage, and right to organize—as well as on communities and society at large in the countries where they operate and where they have long-term business relationships. However, as proposed, the EU law directly applies to only about 1 percent of EU-registered companies that could be held administratively or civilly liable for failure to carry out or implement effective human rights due diligence. To reach abuses that are likely to occur further down the supply chain, those covered companies are expected to introduce contractual clauses requiring partners with whom they have “established business relationships” to carry out their own human rights due diligence and to cascade those requirements down their own supply chains. By defining “established business relationships” as those that are “lasting,” this approach may inadvertently encourage companies to distance themselves from suppliers they could have significant influence over. In addition, in a significant concession to business, companies can rely on third-party auditors or industry initiatives to verify business partners’ compliance with these requirements, despite substantial research demonstrating the limited effectiveness of such audits and voluntary initiatives in preventing abuses.

Although a handful of countries have already adopted laws requiring companies to carry out human rights due diligence and providing for civil or criminal liability for companies that fail to do so, it is too early to tell if their practices will serve as effective models. Still, early cases in those countries could provide important signals for broader EU practice. Four lawsuits are currently pending in France under the French Duty of Vigilance Law, which generally resembles the European Union’s draft in its structure. How the French courts interpret the scope of required due diligence will be instructive, particularly in cases where a “vigilance plan” was adopted, but any company action taken was insufficient to prevent company-linked abuse from occurring. The Netherlands, Norway, and Germany are all in the process of putting in place similar legislation. The German Supply Chain Due Diligence Act, which passed in the summer of 2021 and will take effect on January 1, 2023, provides significant penalties—up to 2 percent of a company’s global turnover for large companies, and an exclusion from public procurement for up to three years—in cases of significant violation, and other countries may adopt this penalty approach to implementation of the EU directive, in line with its call for turnover-based financial penalties.

More than a dozen other countries have indicated a commitment to adopting corporate accountability legislation within their national action plans on business and human rights. An even broader set of countries made written commitments at the 2021 Summit for Democracy to adopt more effective business and human rights policies under the auspices of the UN Guiding Principles.

Q4: Will the United States adopt a similar law?

A4: Legal options to hold U.S. companies accountable for human rights abuses they commit overseas or are connected to through their supply chains are currently limited. The U.S. Supreme Court has repeatedly narrowed the scope of the Alien Tort Statute, which in principle allows non-U.S. citizens to file civil suits based on harm that occurs overseas, but in practice is extremely difficult to apply to corporations. In 2018, the U.S. Department of Justice gained the ability to prosecute companies for utilizing forced labor in their operations or supply chains outside the United States under some circumstances, but there have been no prosecutions thus far for conduct outside the United States. Companies can receive fines or penalties or have their shipments seized for attempting to import goods made with forced labor into the United States, which has resulted in some companies changing their business practices. But enforcement of this prohibition remains limited to a relatively narrow list of sectors and producers.

These limitations have led to calls for a mandatory corporate liability scheme similar to the draft EU directive. One such proposal gaining steam is the adoption of an equivalent to the Foreign Corrupt Practices Act (FCPA) for human rights, which would create criminal and civil liability for an enumerated set of abuses, in much the same way the FCPA prohibits bribery by U.S. companies overseas. Such an approach could require companies to document efforts taken to prevent abuse through due diligence (the equivalent to the FCPA’s “books and records” requirement) or use evidence of due diligence as a mitigating factor in determining civil or criminal penalties.

Apart from these proposals from nongovernmental organizations and academics, however, there have been no moves from the U.S. government to adopt mandatory due diligence or other broad forms of corporate accountability. Updates to the U.S. National Action Plan on Responsible Business Conduct, expected later this year, provide an opportunity for the administration to make a stronger commitment to corporate accountability for human rights abuses, while the eventual application of the EU directive to potentially thousands of U.S. companies provides a significant incentive for alignment between U.S. and EU law on this topic.

Marti Flacks is the Khosravi Chair in Principled Internationalism and director of the Human Rights Initiative at the Center for Strategic and International Studies (CSIS) in Washington, D.C. Madeleine Songy is an intern with the Human Rights Initiative.