2025 will be a watershed moment for companies operating in the EU. New and strengthened EU due diligence legislation at cross-sector and sector level, forced labour bans and new product rules relating to sustainability will all likely be in force, or likely to come into force by 2025.
Companies need to avoid falling into the trap of preparing for this by tackling individual regulatory requirements in a piecemeal fashion. Preparing for the new regulatory landscape will require companies to undertake a strategic remapping of their corporate governance and risk management.
These are the most cross-cutting strategic and impactful steps that companies can start to take now to ensure they are set up for success:
- Board matters. Companies should ensure that their governance structure sets accountability for human rights and environmental due diligence at board level and contains clear reporting to the board on these issues, including due diligence policy, processes and outcomes. This is regardless of whether the final draft of the Corporate Sustainability Due Diligence Directive (CSDD) includes directors’ duties. The forced labour ban and Ecodesign Sustainable Product Regulation will set sustainability criteria that have to be met in order for products to be imported into the EU. The risk of civil liability as a result of the CSDD will mean that human rights and environmental risks are issues requiring board and director level oversight.
- Internal management systems and controls. Companies should ensure they have clearly articulated and documented internal systems for managing human rights and environmental risks. External assurance requirements mean that companies will function most effectively if they have clear control documentation and control points. Most companies do this already for other risks such as business integrity risks – managing human rights and environmental risks should be treated in the same way.
- Double materiality. For the first time, companies will be required to consider negative material impacts from the perspective of the company’s impact on stakeholders upon people and the environment. This is a shift from the status quo of only thinking about materiality in relation to the risks and impacts which affect the value of the company (such as financial, legal, operational, and reputational risks).
- Traceability. Having traceability for all operations and services, all value chains, and all business relationships will be vital. Robust traceability information will be required for regulations addressing high-risk commodities, forced labour, and product sustainability, and when subject to investigations under the forced labour ban, companies will be required to provide traceability information to authorities in as little as 15 days.
- Severe and foreseeable risks. Companies will want to prioritise how they will address high risk, severe and foreseeable human rights and environmental impacts and risks. This may mean de-risking from some value chains and business relationships, or at a minimum ensuring the board is aware of the consequences of not doing so. Products and services which use forced labour, commodities related to deforestation, and any severe risks which are foreseeable (meaning that the risk is known and likely well documented) are likely to be prioritised as part of a company’s required risk mapping.
- Disclosure. Companies should be putting in place systems and processes now that will be sufficient and sophisticated enough to the increase in disclosure requirements. Companies operating in high impact sectors with complex value chains are more likely to have multiple levels of disclosure from annual disclosures to individual commodity and product disclosures.