On 26 October 2020, the European Commission (the Commission) launched a public consultation[1] on sustainable corporate governance (the Consultation), soliciting responses from stakeholders on a possible EU sustainable corporate governance initiative with the aim of ensuring “that environmental and social interests are embedded in business strategies”. The Consultation will, according to the Commission, complement the findings of two recent studies commissioned by the Commission on directors’ duties and sustainable corporate governance, and due diligence requirements through the supply chain, both published earlier this year.

The Consultation also comes just weeks after the European Parliament’s Committee on Legal Affairs (JURI) published a draft report[2] in September 2020 recommending that the Commission submit a legislative proposal on “corporate due diligence and corporate accountability”. Of most interest to businesses will be the text of a proposed directive prepared by JURI, annexed to the draft report, which would introduce mandatory human rights and environmental due diligence obligations for businesses (the Directive). There is close alignment between the due diligence components expressed in the Directive and the principles of “human rights due diligence” as formulated in the UN Guiding Principles on Business and Human Rights (“UN Guiding Principles”). This is evidently deliberate: the Directive refers extensively to the UN Guiding Principles, and Article 16 would require the Commission to prepare further guidance on the Directive’s due diligence obligations which “takes due account” of the UN Guiding Principles, as well as other international instruments.

If the JURI’s recommendation in favour of a new law is followed, which seems likely, the Commission will submit a formal legislative proposal for consideration by the EU Parliament and EU Council of Ministers. How closely any proposal follows the Directive remains to be seen. Clearly the Commission will look to take into account the views of stakeholders arising from the Consultation, which closes on 8 February 2021.

However, as we have previously reported, the Commission has already committed to tabling a legislative proposal by 2021 which would require businesses to conduct due diligence in relation to the human rights and environmental impacts of their operations and supply chains. As such, the Directive provides a valuable insight into the sort of obligations a future human rights due diligence law is likely to impose.

Scope and Application

The key aim of the Directive, according to Article 1, is to ensure that businesses “operating in the [EU] internal market fulfil their duty to respect human rights, the environment and good governance and do not cause or contribute to risks…in their activities and those of their business relationships.”

Notably, under Article 2, the Directive would apply both to undertakings incorporated and/or domiciled in an EU Member State, and limited liability undertakings established outside the EU selling goods or services in the internal market.

Due Diligence Requirements

Under Article 4, the Directive would oblige EU Member States to legislate to require that undertakings carry out due diligence with respect to human rights, environmental and governance “risks” in their operations and business relationships. Businesses would be required to perform ongoing monitoring to identify and assess whether their operations and business relationships cause or contribute to any human rights, environmental or governance risks. Article 3 defines “risk” here as any “potential or actual adverse impact on individuals, groups of individuals and other organisations in relation to human rights, including social and labour rights, the environment, and good governance”.

Pursuant to Article 4, if an undertaking were to conclude that it does not cause or contribute to any relevant risks, it would be obliged to publish a statement to this effect, along with its risk assessment; this would be subject to review if new risks emerge. However, where risks are identified, the undertaking should establish a due diligence strategy which: (i) specifies the risks (and their assessed “level of severity and urgency”); (ii) publicly discloses “relevant and meaningful” information regarding the undertaking’s value chain, including details of subsidiaries, suppliers and business partners; (iii) indicates the policies and measures to be adopted to cease, mitigate or prevent such risks; (iv) sets up a prioritisation policy for addressing the risks, bearing in mind the assessed level of severity / urgency ascribed to the different risks; and (v) indicates the methodology underpinning the strategy (including regarding stakeholders consulted).

Additional obligations include requirements on undertakings to conduct value chain due diligence (proportionate to the corporate’s circumstances, such as its size and resources) and the adoption of contractual clauses and mandatory codes of conduct to ensure business partners’ policies are aligned with the undertaking’s own due diligence strategy (accompanied by “regular” compliance verification).

Building on the ongoing monitoring theme, Article 8 requires undertakings to evaluate the effectiveness and appropriateness of their due diligence strategy at least annually. Further, Articles 5 and 8 provide that undertakings shall consult with stakeholders such as trade unions when establishing, implementing and reviewing their due diligence strategy.

Reporting Obligations

Article 6 would require undertakings to publish their due diligence strategies on their websites. Member States would be required to establish a centralised platform to which enterprises should upload their due diligence strategies and statements.

Grievance Mechanisms

Under Article 9, enterprises must “establish a grievance mechanism, both as an early-warning risk-awareness and as a remediation system”, to allow any stakeholder to voice their concerns (with the option of anonymity) in relation to any human rights, environmental, or governance risks. Such grievance mechanisms would need to comply with the “effectiveness criteria” set out in UN Guiding Principle 31.[3]

Non-Judicial Remedy

Article 10 would require Member States to ensure that any undertaking, that identifies that it has caused or contributed to “harm”, has to provide for or co-operate with remediation. Potentially appropriate remedies would be determined in consultation with the affected stakeholders, and could include both financial and non-financial compensation, public apologies, and restitution, as well as the prevention of additional harm through guarantees of non-repetition. Notably, Member States would also be obliged to ensure that such remedies would not prevent those affected from bringing civil proceedings under national laws.

Competent Authorities: Supervision and Investigations

Under Article 14, Member States would be required to designate one or more competent authorities to supervise the “application” of the Directive and dissemination of best practices. Pursuant to Article 15, such competent authorities would also need to be empowered by Member States under national law to carry out investigations to ensure compliance with the Directive. Such authorities should take a risk-based approach when conducting their investigations, or investigate where substantiated complaints are made by a third party. In fact, the Directive provides that Member States should take steps to facilitate the submission of such complaints.

Penalties and Civil Liability

Member States would have discretion in terms of the penalties to be adopted for non-compliance by undertakings with the Directive. Article 19 provides that such penalties shall be “effective, proportionate and dissuasive”, and includes the stipulation that repeated infringement will constitute a criminal offence if committed intentionally or with “serious negligence”. It is notable that under Article 20, compliance with the Directive would not absolve a business of any potential civil liabilities under national law.


Under Article 21, Member States would have two years to transpose the Directive into national law, once it comes into force.

Next Steps

Time will tell how closely the draft text of the Directive resembles any eventual EU law promulgated by the Commission. The Commission’s approach will at least partly be informed by its conclusions distilled from stakeholder responses in connection with the ongoing Consultation.[4] While the Consultation is linked more broadly to the Commission’s sustainable governance initiative, and addresses a wide range of issues including (most notably) directors’ duties, the notion of a ‘due diligence duty’ for businesses is a key focus. The Consultation closes on 8 February 2021, with the results and a subsequent legislative proposal expected in Q2 2021.


As readers will be aware, the UK left the EU on 31 January 2020. The UK remains subject to EU law during the transition period, which is currently scheduled to end on 31 December 2020. It is currently unclear whether any new EU-wide human rights due diligence law would apply in the UK, as the Directive is only expected to be introduced by the EU in 2021 or later. Depending on the outcome of negotiations on the future UK-EU relationship, the UK could accept the obligation to apply the new legislation in the UK after the end of the transition period and if it does not, the UK is likely to face calls to pass similar legislation of its own. Indeed, a coalition of UK-based NGOs has prepared a draft UK human rights due diligence bill to facilitate their lobbying efforts. In the meantime, companies domiciled the UK (and other non-EU countries) should take note of the proposal that the EU law would apply extra-territorially to non-EU entities selling goods and services in the single market.

The author would like to thank Fran Garvey, of Norton Rose Fulbright LLP, for her assistance in preparing this article.

[1] https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/12548-Sustainable-corporate-governance/public-consultation

[2] https://www.europarl.europa.eu/doceo/document/JURI-PR-657191_EN.pdf

[3] UN Guiding Principle 31 states that, in order to ensure their effectiveness, non-judicial grievance mechanisms should be: (a) legitimate; (b) accessible; (c) predictable; (d) equitable; (e) transparent; (f) rights-compatible; (g) a source of continuous learning; and (h) based on engagement and dialogue. Further clarity on the meaning of these terms is set out in UN Guiding Principle 31 and its accompanying commentary.

[4] The Consultation compromises 26 questions across five sections: (1) Need and objectives for EU intervention on sustainable corporate governance; (2) Directors’ duty of care – stakeholders’ interests; (3) Due diligence duty; (4) Other elements of sustainable corporate governance; and (5) Impacts of possible measures.