The EU’s Human Rights Due Diligence Directive is expected next year – and other countries could introduce their own legislation. How should companies prepare?

The EU’s proposed new Directive would mandate large companies in the EU or doing business there to implement strict new due diligence obligations. The regulation is now close to being finalized, which would start the clock ticking for individual countries to change their laws. We analyse what companies should expect from the Directive, as well as the wider trend towards global human rights due diligence regulations. We then look at the best way to adapt your due diligence approach­ to thrive in this new era–with help from Nexis® Solutions.

The Corporate Sustainability Due Diligence Directive is entering the final stages of negotiations between the EU’s institutions, and experts believe it will be concluded within months. Although member states will then receive more time to implement the Directive into their legislative framework, it no longer seems to be an option for companies to wait and see. Instead, they should already be working hard to ensure their due diligence process includes screening third parties against human rights and environmental factors.

The Directive will mandate regulated companies operating in EU member states to ensure activities by the business and its suppliers comply with strict human rights and environmental sustainability criteria.

Crucially, it will introduce obligations on large companies in the EU–or large non-EU firms doing business on the continent–which may require a significant change in how they currently approach compliance and due diligence. This includes:

• Identifying actual or potential adverse human rights and environmental impacts by the company’s own operations, or by its third parties and suppliers.
• Implementing policies to prevent or mitigate potential impacts of human rights and environmental abuses.
• Imposing duties on company directors to oversee the implementation of these due diligence requirements and integrating them into the firm’s strategy.
• Monitoring the effectiveness of the firm’s due diligence policy and publicly communicating about the findings of any monitoring.
• Ensuring that any decisions made by directors “take into account the human rights, climate change and environmental consequences”.

EU member states will be responsible for implementing the Directive’s requirements into their laws and regulations by a certain date, as well as setting the fines or enforcement actions to be taken if a firm is found to be in breach.

Significant effects on companies are expected, and not just on those in the EU

The new Directive does not just have implications for European-based companies, but it applies extra-territorially to any global firm above a certain size that is doing business within the EU. The US Treasury Secretary Janet Yellen warned earlier this year that the US is concerned about potential “negative, unintended consequences” of the Directive for US firms.

Another concern raised is that the Directive in its current form will not prevent any EU member state from going further in requiring more stringent due diligence than the Directive prescribes. Yukako Kinoshita, vice-chair of the Japanese Business Council’s committee to represent Japanese companies operating in the EU, said this is particularly worrying for Japanese firms. “It will be an enormous challenge for companies like our members to meet all slightly different legislation across EU member states,” he said.

Further legislation may follow as “retaliation” by other countries

The EU’s Directive is likely to prompt other countries to follow in imposing their own due diligence requirements on companies. Some of these could target EU companies in particular, as an official at the US Chamber Institute for Legal Reform predicted that “the US and other foreign countries may retaliate or implement rules of their own”.

Even setting retaliatory motivations aside, it has already become clear that the move towards human rights due diligence requirements is a growing global trend. Other recent or upcoming examples include:

• Japan issued corporate accountability guidance in 2022.
• Brazil is moving towards the passage of a due diligence bill, which was introduced in March 2022.
• Germany’s Supply Chain Due Diligence Act came into force in January this year, requiring companies with at least 3,000 employees to carry out human rights and environmental due diligence on suppliers. It will be expanded in January 2024 to include companies with at least 1,000 companies.
• The Netherlands adopted the Child Labor Due Diligence Act of 2019, which mandates companies selling or supplying to Dutch consumers to investigate whether child labor has been involved in the production process.
• There are active discussions in Hong Kong of mandating climate reporting by financial institutions and listed companies by 2025.

How should companies respond?

Companies need to realize that we have entered a new era of due diligence. The traditional model of considering only financial and legal risks of third parties is no longer sufficient. Regulators increasingly expect companies to screen third parties for human rights and environmental risks. While more and more consumers, investors and employees want to buy from, invest in or work for companies that can demonstrate they are ethical.

The best way for companies to thrive in this new era is to acquire reliable data on suppliers and third parties, including:

• ESG data, which indicates a company’s impact on the environment, its reputation for social issues, and any failures in governance.
• Legal data including court cases involving a company, and any mention of them on sanctions lists, PEP lists and other watch lists.
• News data, which can flag perceived and alleged risks involving a company or individual–especially if the data comes with an archive of historic news.

With ever-growing volumes of information available in the modern world, it is not easy to surface that data which is most relevant for assessing a supplier’s human rights and environmental impact. The best compliance operations leverage technologies which instantly screen multiple entities against high volumes of trustworthy data in all the areas outlined above. Given regulators’ expectations that companies carry out ongoing monitoring, these systems should also be able to flag any changes to a risk assessment of an entity when new information arises.

Nexis® Solutions is a leading example of such a system. It helps firms to implement a more efficient and effective due diligence process to identify and mitigate third party risk by providing companies with authoritative data from the most relevant sources.