mars 19 2024

Human Rights and the Environment: what to expect from the Corporate Sustainability Due Diligence Directive?


Following weeks of uncertainty, the Corporate Sustainability Due Diligence Directive ("CS3D") was finally adopted by the Council of the European Union ("Council") on March 15, 2024.1 While political agreement had been reached between the Council and the European Parliament ("Parliament") on December 14, 2023 (see our previous blog), the final text adopted by the Council represents a significant compromise from that position and notably reduces the scope of companies covered by CS3D and the extent of their diligence obligations.2 Subsequently, on March 19, 2024, the Legal Affairs Committee of the Parliament approved the text of CS3D.3 These votes pave the way for the formal adoption of CS3D and the introduction of binding, EU-wide rules on corporate accountability.  

CS3D will introduce mandatory human rights and environmental due diligence obligations for both EU and non-EU companies, including certain regulated financial undertakings, structured around three pillars:

  • Due diligence obligations regarding actual and potential human rights and environmental adverse impacts ("adverse impacts");
  • Obligations to implement a climate change mitigation transition plan; and
  • Supervision, sanctions and civil liability in case of violation of these obligations.

CS3D will however apply in addition to and without prejudice to stricter rules that may exist at the Member State or EU level.

I. Who will be subject to CS3D?

a. Companies covered

CS3D will apply to the following companies, provided they meet certain employee, turnover and/or royalties thresholds:

  • limited liability companies, whether constituted in or outside the European Union;4 and to
  • certain categories of regulated financial undertakings, which are listed by reference to EU legislation (including credit institution, (re-)insurance undertakings, payment institutions and crypto-assets service providers).
b. Phased-in application

The obligations contained in CS3D will apply in three phases:5

  • As from 2027:

- EU (parent) companies with more than 5,000 employees and a net worldwide turnover of more than EUR 1.5 billion;

- Non-EU (parent) companies with a net turnover in the European Union of more than EUR 1.5 billion.

  •  As from 2028:

- EU (parent) companies with more than 3,000 employees and a net worldwide turnover of more than EUR 900 million;

- Non-EU (parent) companies with a net turnover in the European Union of more than EUR 900 million.

  • As from 2029:

- EU (parent) companies with more than 1,000 employees and a net worldwide turnover of more than EUR 450 million;

- Non-EU (parent) companies with a net turnover in the European Union of more than EUR 450 million;

- EU or non-EU (parent) companies with a net turnover of more than EUR 80 million, worldwide for EU (parent) companies and in the European Union for non-EU (parent) companies, which have entered into franchising or licensing agreements with independent third-parties in the European Union in return for royalties exceeding EUR 22,5 million.6

The application of CS3D to companies based on lower turnover thresholds that operate in targeted high-risk sectors, such as textiles, agriculture, mineral resources, metal products or construction, foreseen in previous proposals of CS3D has been abandoned upon political push-back. Nevertheless, the adopted text provides for a review of the scope and effectiveness of CS3D to be conducted after six years to assess inter alia whether a sector-specific approach needs to be introduced in high-risk sectors.

c. Application at group level

Thresholds met at group level: Under CS3D, applicability thresholds can be met by the ultimate parent company, which would then be required to comply with due diligence and climate transition plan obligations.

However, if that ultimate parent company is a pure holding company with no operational activities and does not engage in taking management, operational or financial decisions affecting the group or one or more of its subsidiaries, the obligations arising from CS3D may be complied with by one of the ultimate parent company’s subsidiaries established in the European Union designated to perform the mandated due diligence measures on behalf of the ultimate parent company.

In such a case, the ultimate parent company would have to apply for an exemption to the competent EU supervisory authority, which will assess whether the designated subsidiary has been given all the necessary means and legal authority to fulfil the obligations arising from CS3D in an effective manner.

In any case, the ultimate parent company will remain jointly liable with the designated subsidiary for a failure of the latter to comply with its obligations under CS3D.

Implementation at group level: Subject to certain conditions, and to ensure effective compliance, ultimate parent companies may fulfil on behalf of its subsidiaries the obligations arising from CS3D.

Supervision and liability at company level: Those subsidiaries would however remain subject to the supervision and civil liability rules of the Member State which has competence over such subsidiaries.

d. Appointment of EU representatives for in-scope non-EU companies

Non-EU companies subject to CS3D will be required to appoint an authorized representative, established or domiciled in one of the Member States where they operate, to act as a single point of contact for competent supervisory authorities. The identity of this authorized representative and the fact that the non-EU company is subject to CS3D will have to be notified to competent supervisory authorities.

If a non-EU company does not appoint an authorized representative, competent supervisory authorities will be required to enforce the fulfilment of such obligation.

II. Which due diligence obligations will apply under CS3D?

a. Scope of due diligence obligations

CS3D requires in-scope companies to implement risk-based due diligence measures in order to identify, prevent, mitigate, bring an end to, minimize and remediate any actual or potential adverse impacts on (i) the environment or (ii) human rights.

Nature of adverse impacts: These adverse impacts are defined as breaches of prohibitions and obligations or abuse of rights contained in various international instruments ratified by all EU Member States, as listed in an Annex to CS3D.

Scope of due diligence obligations: In-scope companies' due diligence measures will have to address adverse environmental and human rights impacts that result from:

  • their own operations;
  • the operation of their subsidiaries, i.e., those they control within the meaning of Directive 2013/34/EU;7 and
  • the operations of their direct and indirect business partners,7 where related to their chains of activities.

The concept of "chains of activities" covers all upstream activities related to the production of goods or the provision of services by the in-scope company, whereas downstream activities are limited to the distribution, transport, and storage of products. Downstream activities are not covered insofar as they concern dual-use items, weapons, munition or war materials, the export of which is authorized.

b. Due diligence obligations

CS3D states that Member States shall ensure that companies conduct risk-based human rights and environmental due diligence based on the following eight principles.

1) Integrating due diligence into company's policies and risk management systems: A due diligence policy will have to be established in consultation with employees and their representatives and must contain:

  • a description of the company's approach to due diligence, including in the long term;
  • a code of conduct, describing rules to be followed by the company, its subsidiaries and business partners; and
  • a description of processes relating to the integration and implementation of due diligence.

This policy should be revised after any significant changes and at least once every two years, taking into account any adverse impacts identified, measures taken to address such impacts and their monitoring.

2) Identifying, assessing and prioritizing adverse impacts: In order to identify and assess adverse impacts, in-scope companies will have to:

  • conduct a risk mapping to identify general areas where adverse impacts are most likely to occur and to be most severe;9
  • conduct in-depth assessments in those areas where adverse impacts were identified during the risk assessment process as most likely to occur and to be most severe;
  • make use of appropriate resources, including independent reports or information collected through alert and complaint mechanisms; and
  • seek information obtained from business partners, prioritizing those where adverse impacts are most likely to occur.

Where risks identified cannot be addressed at the same time to their full extent, human rights and environmental risks identified have to be prioritized based on their severity and likelihood. Adverse impacts that were initially assessed as less severe or less likely shall be addressed once those that are assessed as most severe and most likely have been addressed.

3) Addressing and remediating adverse impacts: In-scope companies will be required to take appropriate measures to:

  • prevent or, at least, mitigate potential adverse impacts;
  • bring to an end or, at least, minimize actual adverse impacts; and
  • remediate any actual adverse impact they have (jointly) caused.

When determining which measures to adopt, in-scope companies will have to consider:

  • who may cause or has caused the adverse impact;
  • where the adverse impact may take place or has taken place; and
  • whether the company has leverage to influence its business partner.

It is important to understand that CS3D does not require in-scope companies to safeguard that no human rights- or environmental-related risks materialize in their supply chain. Instead these companies are required to take appropriate measures to avoid this happening. "Appropriateness" is pivotal to the entire CS3D and at the core of the obligations for in-scope companies. It, in fact, significantly limits their obligations. ‘Appropriate measures’ are measures that are capable of achieving the objectives of due diligence, by effectively addressing adverse impacts in a manner commensurate to the degree of severity and the likelihood of the adverse impact, and reasonably available to the company, taking into account the circumstances of the specific case, including the nature and extent of the adverse impact and relevant risk factors.

Appropriate measures to address adverse impacts would include:10

  • action plans, adapted to companies' operations and chains of activities, to define timelines, measures to implement and key performance indicators, possibly in consultation with industry or multi-stakeholders initiative;11
  • obtaining contractual guarantees from business partners, subject to compliance verifications, possibly carried out by an independent third-party verification;12
  • financial or non-financial investments or amendments to the company's business plan, strategies and operations;
  • communication of expectations to business partners and material or financial support, in particular for small and medium size enterprises ("SMEs");
  • collaboration with other entities to manage adverse impacts; and
  • monitoring of adverse impacts and periodic re-assessment of measures taken to address them.

As a last resort, if measures described above cannot address the adverse impacts identified, in-scope companies will be:

  • required to refrain from entering into new or extending existing relations with a business partner in the chain of activities from which the adverse impact arises; and
  • entitled to (i) temporarily suspend the existing business relationship and (ii) if there is no reasonable expectation that the adverse impact can be addressed and if that impact is severe, terminate that business relationship.

Termination will only be possible if (i) adverse impacts linked to such termination are not manifestly more severe than the adverse impacts initially identified,13 (ii) measures are taken to minimize the effects of termination, (iii) prior notice is given to the business partner, and (iv) the decision to terminate is kept under review.

Remediation14 will be mandatory in the event an in-scope company causes, either solely or jointly, an actual adverse impact. Where an adverse impact is caused by an in-scope company's business partner only, remediation would be voluntary, although the in-scope company may also use its influence over the business partner to cause it to remediate the actual adverse impact.

4) Engaging with stakeholders:15 Meaningful stakeholder engagement will be mandatory for inter alia the identification of adverse impacts, the adoption of mitigating or remediation measures and the design of performance indicators for monitoring purposes. CS3D envisages that (i) relevant and comprehensive information must be provided to stakeholders, (ii) stakeholders will be entitled to request information, the refusal of which should be justified, and (iii) barriers to engagement should be addressed to ensure stakeholders can participate without retaliation or retribution.

If stakeholder engagement is not reasonably possible, companies may consult with appropriately-qualified experts. Likewise, companies will be able to rely on, industry or multi-stakeholder initiatives, although they would still be required to consult their employees and representatives.

5) Establishing and maintaining a complaints procedure and a notification mechanism: Companies will be required to set up an operational grievance mechanism that comprises both a complaints procedure and a notification mechanism.

The prescribed complaints procedure envisages that the following persons can submit legitimate concerns on adverse human rights or environmental impacts:

  • Persons affected by an adverse impact and their legitimate representatives, such as civil society organizations and human rights defenders;
  • Trade unions and other workers' representatives in the chain of activities; and
  • Civil society organizations active and experience with regard to the environmental adverse impact that is the subject of the complaint.

This complaint mechanism will have to be detailed in a dedicated procedure, of which workers' representatives and trade unions will be informed. This procedure should (i) ensure the participation and information of complainants; and (ii) guarantee their confidentiality to prevent retaliation. Where a complaint is well-founded, companies will be required to treat the adverse impact as identified and adopt corresponding measures to address this adverse impact.

In parallel, companies will be required to establish a notification mechanism, where any person can submit information or concerns relating to adverse human rights or environmental impacts. While this mechanism should also ensure the confidentiality of the notifying person(s), companies will be free to decide whether to inform such person of steps and actions taken.

These complaints and notification mechanisms may be implemented through collaborative procedures and mechanisms at group, industry or multi-stakeholder level.

Notifications or complaints will however not be a pre-requisite to raise concerns to national supervisory authorities or initiate civil claims.

6) Ongoing monitoring of the effectiveness of the due diligence measures: The adequacy and effectiveness of the identification of adverse human rights and environmental impacts and of measures taken to address them should be monitored, based on qualitative and quantitative indicators. Such monitoring should be conducted at least every 12 months, but also after a significant change occurs and whenever new risks of adverse impacts emerge.

The outcome of this monitoring, together with information received from stakeholders, will have to be considered in updating inter alia a company’s due diligence policy, risk assessment and due diligence procedures, as appropriate.

7) Publishing an annual statement on due diligence: Companies will have to publish annual reports on matters covered by CS3D, unless they are subject to sustainability reporting requirements under the Corporate Sustainability Reporting Directive.16 The content and criteria of such reporting will be defined in acts to be adopted by the Commission by March 31, 2027. These annual statements will, in addition, be made available in a harmonized format on a European Single Access Point to be established.

8) Keeping adequate records: Companies will be required to retain documentation regarding the actions taken to comply with CS3D for at least five years, and possibly more in the event of ongoing judicial or administrative proceedings.

c. Specificities for financial regulated undertakings

Exclusion of AIFs and UCITS: Alternative Investment Funds and Undertakings for Collective Investments in Transferable Securities are excluded from the scope of CS3D, although their manager or management company may be considered in-scope entities.

Potential exclusion of institution for occupational retirement provision: CS3D does not apply to pension institutions operating social security systems under EU law. Where a Member State chooses not to apply to Directive (EU) 2016/2341 to an institution for occupational retirement, such institutions will not fall within the scope of CS3D.

No requirement to conduct due diligence with regard to downstream activities: Given the definition of downstream activities covered by the value chain, the due diligence obligations of financial regulated undertakings are limited to their activities, those of their subsidiaries and those of their upstream, direct or indirect, business partners.

Consistency of annual statements requirements with existing reporting requirements: When defining the content and criteria of annual statements, the Commission will have to ensure that information to be reported under CS3D by regulated financial undertakings does not duplicate reporting requirements under rules governing sustainability‐related disclosures in the financial services sector.17

Review clause: The Commission is to report within two years from the entry into force of CS3D on whether additional sustainability due diligence requirements tailored to regulated financial undertakings with respect to the provision of financial services and investments activities should be laid down.

d. Tools supporting compliance with CS3D

Accompanying measures for companies: In order to support in-scope companies' due diligence requirements, the Commission will be required to:

  • adopt guidance on model contractual clauses, to be adopted, in consultation with Member States, within 30 months from entry into force of CS3D;
  • adopt practical, general and sector- or adverse impact-specific guidelines on due diligence obligations, to be adopted, in consultation with Member States, stakeholders, various EU agencies and, as appropriate, international organizations or bodies, within 36 months from entry into force of CS3D and periodically reviewed thereafter; and
  • establish a single helpdesk to provide information, guidance and support to companies in fulfilling their obligations under CS3D.

Furthermore, Member States will be required to set up dedicated websites, platforms or portals, either individually or jointly, to inform and support in-scope companies, their business partners and stakeholders, as to their obligations under CS3D.

Member States may also, in accordance with State aid rules, provide financial support to SMEs or to stakeholders, possibly supported by the Commission, inter alia to facilitate joint stakeholder initiatives.

Cooperation within the private sector: In order to support the implementation of their obligations under CS3D, companies may:

  • participate in industry and multi-stakeholders initiatives, which may help to inform the identification of risk and development of due diligence processes; and
  • use independent third-party verification on and from companies in their chain of activities. Any such verification should be carried out by independent, objective and competent verifiers. Verifiers may be either companies or industry or multi-stakeholder initiatives.

The Commission will be empowered to adopt guidance to assist in-scope companies in determining the appropriateness of relying on such private sector initiatives.

However, the use of such private sector tools will not shield in-scope companies from potential civil liability claims.

III. What are the expected obligations with regard to climate transition plans?

In-scope companies, with the exception of those already required to present a climate transition plan as part of their obligations under CSRD, will be required to adopt and put into effect a transition plan for climate change mitigation.

This plan, based on an ‘obligation of means’, is aimed to ensure that the business model and strategy of the company is compatible with the transition to a sustainable economy, the limiting of global warming to 1.5°C and the achievement of climate neutrality targets by 2050. To that end, the plan should provide for (i) time-bound targets related to climate change, (ii) a description of decarbonization levers and actions planned to reach climate change targets, (iii) an explanation and quantification of investments and funding supporting the plan, and (iv) a description of the role of administrative, management and supervisory bodies with regard to the plan.

The plan will have to be updated every 12 months to assess progress towards the targets set out therein.

IV. How will CS3D be enforced and how will in-scope companies be held liable?

a. Public enforcement

Appointment of supervisory authorities: Member States will be required to designate one or more independent and impartial supervisory authorities, responsible for ensuring compliance with both due diligence and climate transition plan requirements under CS3D.17

A Member State's supervisory authority will be competent over EU companies which have their registered office in that Member State and non-EU companies which have a branch in that Member State or otherwise generate most of their net turnover in the European Union in that Member State. Even if obligations under CS3D are complied with at group level, competent supervisory authorities will remain competent over EU subsidiaries established in their jurisdiction.

Cooperation between supervisory authorities: A European Network of Supervisory Authorities (“the Network”) will be established to facilitate cooperation, coordination and alignment between supervisory authorities. The Network will notably (i) assist in identifying non-EU companies that should be subject to CS3D, and (ii) serve as a forum to facilitate collaboration, including information sharing and requests for assistance, with regard to the enforcement of obligations under CS3D.

Finally, the Network will act as a ‘one-stop-shop’ for the publication of decisions imposing penalties and an indicative list of non-EU companies subject to CS3D.

Powers of supervisory authorities: Supervisory authorities will be entitled:

  • require information and carry out investigations to ascertain compliance with due diligence obligations; and
  • supervise the adoption and design of climate transition plans.

Investigations may be initiated by supervisory authorities on their own initiative or following the submission of any 'substantiated concerns', i.e., complaints, which any person will be entitled to file, possibly under guarantees of confidentiality.19 In the latter case, supervisory authorities are required to inform the complainants of decisions taken with regard to such complaints, with such decisions being subject to review by an independent and impartial public body.

As part of their investigations, supervisory authorities will be entitled to conduct on-site inspections, including in other Member States, usually with prior warning, except if such warning hinders the effectiveness of the inspection.

Where a company is found to have failed to comply with its due diligence obligations under CS3D, supervisory authorities may:

  • grant the company a period of time to take remedial actions, without this precluding the adoption of penalties or potential civil liability claims;
  • order the cassation of infringements, the abstention from any repetition and/or the provision of remediation;
  • impose penalties; and/or
  • adopt interim measures in case of imminent risk of several and irreparable harm.

Decisions by supervisory authorities will have to be subject to effective judicial remedies.

Penalties for breach of due diligence obligations under CS3D: CS3D would require Member States to impose "effective, proportionate and dissuasive" penalties, including a minima:

  • pecuniary penalties of up to 5% of the net worldwide turnover of the company or, as applicable, the group;20 and
  • public statements referring to the company and the nature of its infringement ("name & shame").

The imposition of penalties should consider both aggravating and mitigating factors, such as (i) the nature, gravity, duration and severity of the breach, (ii) mitigating and remediation measures implemented, (iii) whether prioritization took place, (iv) prior infringements, and (v) benefits and losses arising from the breach.

Potential exclusion from public procurement: Compliance with CS3D and the voluntary implementation of similar measures is one of the factors that may be considered by contracting authorities as part of the award criteria for public and concession contracts and as one of the conditions relating to the performance of public and concession contracts.

b. Private enforcement

Introduction of a civil liability mechanism: Member States will be required to ensure that a company can be held liable where it:

  • intentionally or negligently fails to comply with its obligations under CS3D, thereby affecting a claimant's rights, prohibitions or obligations protected under CS3D
  • causes damage to a claimant's legal interests protected under national law.

Such claims can be made by:

  • natural or legal persons that suffered a damage linked to rights, prohibitions or obligations covered by CS3D; or
  • trade unions, NGOs and other national human rights' institutions.

Companies, however, cannot be held liable for damages caused solely by its business partners in its chain of activities.

Stand-alone nature of civil liability: Civil liability claims can be raised independently of decisions adopted by supervisory authorities in respect of in-scope companies' compliance with CS3D and independently of such in-scope companies' participation to industry or multi-stakeholder initiatives.

Procedural safeguards: Damages awarded should result in full compensation, but not overcompensation.

In order to facilitate access to these civil liability mechanisms, CS3D requires Member States to provide for specific rules to ensure that:

  • time limits do not unduly hamper the bringing of actions for damages, with notably a minimum limitation period of five years;
  • costs of proceedings are not prohibitively expensive;
  • claimants can seek injunctive measures, including to perform an action or cease a conduct;
  • conditions to authorize trade union, NGOs and other national human rights' institution to bring claims are reasonable; and
  • the disclosure of evidence by the defendant can be ordered, subject to conditions, if the claimant has evidenced the plausibility of its claim.

Joint and several liabilities: The civil liability of a company will not shield its subsidiary or direct and indirect business partners, which may be held jointly and severally liable.

Harmonization a minima: The civil liability regime foreseen under CS3D is without prejudice to other EU or national rules on civil liability that may apply.

Overriding nature of the civil liability mechanism: The civil liability mechanism must be considered as an overriding mandatory requirement, which applies even where the law applicable to claims is not the law of a Member State.

c. Protection of whistleblowers

CS3D provides that Member States must ensure that the protection afforded to whistleblowers under EU laws20 applies to the reporting of breaches of obligations under CS3D.

V. Next steps

CS3D must now be formally adopted by the Parliament, which is expected to do so during its plenary session in April 2024. It will then be published in the Official Journal of the European Union and enter into force on the 20th day following that publication. Member States will then have two years to adopt the regulations and administrative provisions necessary to comply with CS3D, with substantive requirements to start applying, in accordance with the phased approach outlined above, as from 2027.



1 See the final text adopted by the Council.

2 In addition, the compromise text adopted by the Council (i) provides for a more phased application over time and (ii) clarifies the application of due diligence measures within groups.

First green light to new bill on firms’ impact on human rights and environment, European Parliament Press Release, 19 March 2024, available at:

4 The forms of companies covered by CS3D is defined by reference to those referred to in Annexes I and II of the EU Accounting Directive (Directive 2013/34/EU) and, for non-EU companies, comparable forms.

5 Dates provided assume that CS3D will be adopted in 2024. Public reporting requirements will apply one year later.

6 Those franchising or licensing agreement would be covered where they ensure a common identity, common business concept, and the application of uniform business methods.

7 This article refers to (i) having a majority of voting rights; (ii) having the right to appoint or remove a majority of the members of the administrative, management or supervisory body while being a shareholder; (iii) being a shareholder a controlling a majority of voting rights pursuant to an agreement with other shareholders; and (iv) having the power to exercise or actually exercising dominant influence or control.

8 Direct partners are those with whom an in-scope company has a commercial agreement related to its operations, products or services or to whom the company provides services. Indirect business partners are those that are not direct business partners but which perform business operations related to the operations, products or services of the in-scope company.

9 The severity of an adverse impact is to be assess by reference to the scale, scope or irremediable character of the adverse impact, taking into account the gravity of an adverse impact, including the number of individuals that are or may be affected, the extent to which the environment is or may be damaged or otherwise affected, its irreversibility and the limits on the ability to restore affected individuals or the environment to a situation equivalent to their situation prior to the impact within a reasonable period of time.

10 Appropriate measures are generally defined as measures that are capable of achieving the objectives of due diligence by effectively addressing adverse impacts in a manner commensurate to the degree of severity and the likelihood of the adverse impact, and reasonably available to the company, taking into account the circumstances of the specific case, including the nature and extent of the adverse impact and relevant risk factors.

11 Industry or multi-stakeholder initiatives are defined as a combination of voluntary due diligence procedures, tools and mechanisms, developed and overseen by governments, industry associations, interested organizations, including civil society organizations, or groupings or combinations thereof, that companies may participate in in order to support the implementation of due diligence obligations.

12 Independent third party verification is defined as verification of the compliance by a company, or part of its chain of activities, with human rights and environmental requirements resulting from CS3D by an expert which is objective, completely independent from the company, free from any conflicts of interests and from external influence, has experience and competence in environmental or human rights matters, according to the nature of the adverse impact, and is accountable for the quality and reliability of the verification.

13 Should this be the case, no suspension or termination would be required, but a duly justified report would have to be made to supervisory authorities.

14 Remediation is defined as restitution of the affected person or persons, communities or environment to a situation equivalent or as close as possible to the situation they would be in had the actual adverse impact not occurred, proportionate to the company's implication in the adverse impact, including financial and non-financial compensation provided by the company to a person or persons affected by the actual adverse impact and, where applicable, reimbursement of the costs incurred by public authorities for any necessary remedial measures.

15 Stakeholders are defined broadly as the company's employees, the employees of its subsidiaries, trade unions and workers' representatives, consumers; and other individuals, groups, communities or entities whose rights or interests are or could be affected by the products, services and operations of that company, its subsidiaries and its business partners, including the employees of the company's business partners, trade unions and workers' representatives, national human rights and environmental institutions, civil society organizations whose purpose includes the protection of the environment, and the legitimate representatives of those individuals, groups, communities or entities.

16Directive (EU) 2022/2464 of the European Parliament and of the Council of 14 December 2022 amending Regulation (EU) No 537/2014, Directive 2004/109/EC, Directive 2006/43/EC and Directive 2013/34/EU, as regards corporate sustainability reporting, OJ L 332, 16.12.2022, p. 15.

17 Regulation (EU) 2019/2088 of the European Parliament and of the Council of 27 November 2019 on sustainability‐related disclosures in the financial services sector, OJ L 317, 9.12.2019, p. 1.

18 Those authorities may be the same as those responsible for supervising regulated financial undertakings.

19 Such complaints do not require the internal notification or complaint mechanism of the company to have been triggered.

19 In addition, decisions imposing penalties will have to be made publicly available for at least five years.

20 Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law, OJ L 305, 26.11.2019, p. 17.

Compétences et Secteurs liés

Domaines de compétences

Stay Up To Date With Our Insights

See how we use a multidisciplinary, integrated approach to meet our clients' needs.