Inside the EU’s Corporate Sustainability Reporting Directive
After months of deliberation, Europe’s new series of laws regarding due diligence and corporate sustainability for supply chains has finally passed.
The EU’s Corporate Sustainability Due Diligence Directive (CSDDD), currently in process, was preceded by France’s Duty of Vigilance Law in 2017 and similar laws in Norway in 2021 and Germany in 2023. This shift from private voluntary regulation—a form of soft law—to hard law reflects widespread acceptance of the failure of the former. The shift heralds a new era of international regulation of labor and environment practices in the global supply chains of some of the world’s largest firms.
More from Sourcing Journal
Among other changes, due diligence requirements for these “lead firms”—including many of the world’s largest fashion brands and retailers—could mean that companies are responsible for a share of the legal liability for harms to workers and the environment perpetrated by their suppliers.
How will European regulators, corporations and the rest of us know which firms are running the highest risks? The EU’s new Corporate Sustainability Reporting Directive (CSRD) is a companion law to CSDDD. It is meant to provide regulators as well as “investors and other stakeholders with relevant, reliable and comparable information on the sustainability performance, risk and impact of companies.” What’s reported under the new rule will inform the choices that due diligence regulators make and, therefore, how firms, workers and their employers behave.
How is it designed?
The new reporting requirements build on the Non-Financial Reporting Directive (NFRD) adopted by the EU a decade ago for large, publicly-listed companies. CSRD expands the scope of the earlier rule in four significant ways. It applies the new reporting requirements to all listed companies in the EU (except micro-enterprises) and to large non-listed companies that satisfy at least two of these three criteria: annual net turnover exceeding 50 million euros, a balance sheet exceeding 25 million euros, and a workforce of at least 250 employees.
Some non-EU companies are also included: those with securities listed in the EU, those with annual net turnover exceeding 150 million euros for two years, and those with a qualifying EU subsidiary or branch that generated an annual turnover exceeding 40 million euros. This means that major U.S. public companies like Nike are covered, but so too are private firms like Patagonia as its revenues in Europe exceed the threshold.
Additionally, CSRD significantly expands the areas covered by sustainability reporting requirements. The new reporting requirements are found in the European Sustainability Reporting Standards (ESRS), drafted by a technical body called the European Financial Reporting Advisory Group (EFRAG) and adopted by the European commission. ESRS’s 12 standards are organized into four groups: a cross-cutting category and three topical categories including environmental, social and governance.
CSRD also clarifies the meaning of “double materiality”—defined vaguely in NFRD. Firms covered by the new rule “shall include in the management report information necessary to understand the [firm’s] impacts on sustainability matters, and information necessary to understand how sustainability matters affect the [firm’s] development, performance and position.”
For the first time, companies are to report on “financial materiality”—sustainability matters that create financial risks or opportunities for them—and on “impact materiality,” which includes matters linked to their operations, including those along the value chain, expected to have positive or negative impacts on people or the planet. Thus, if a buyer’s final product makes use of an intermediate good which may be produced through child labor, the impact should be assessed as material by the company given its business relationship with the supplier, even if it is not directly responsible.
Finally, CSRD requires that firms’ reports appear as a separate section in Corporate Annual reports, which should be verified by a third party. This is a new level of public disclosure for many of these firms.
Will it work?
For all its new scope and ambition, we see several gaps that indicate that the project is unfinished or incomplete. We believe the plan’s holes will impact its ability to adequately inform CSDDD and advance the accountability of lead firms when due diligence failures contribute to harm to workers or the environment.
First, reporting on the cross-cutting standards (ESR1 and ESR2) is compulsory but not for the five environmental, four social and two governance standards. Firms are only expected to report on these issues if they deem their risks to be material, and they have wide latitude to determine what is material and what is not.
In all sustainability areas other than climate change, the company may provide a brief explanation of the conclusions of its materiality assessment, but is not required to do so. In assessing climate change, firms must provide a detailed explanation for why they’ve chosen to assess their impacts as non-material, but if a firm decides that widespread sexual harassment in a supplier factory is not material, it neither has to report it nor explain its decision, for example. So while firms are mandated to collect data to determine whether issues are material or not in the supply chain, the reporting is largely voluntary.
Second, there are separate reporting requirements for a firm’s own workforce and for workers along its value chain. Concerning their own workforces, companies must report, for example, on the percentage of employees covered by collective bargaining agreements, the number of work-related accidents involving its workforce and metrics covering pay and social protection. These indicators are far from perfect, but they allow stakeholders to see whether corporate policies have an impact on their employees. These firms’ workforces are mostly based in Europe, where several of these issues are governed by national law and also enforced through collective bargaining agreements.
By contrast, reporting requirements for firms’ impacts to workers and the environment in their value chains are much looser. Among the general disclosure requirements—mandatory irrespective of the materiality assessment—a firm is required to report the main features of its upstream and downstream value chains: descriptions of its suppliers, costumers, distribution channels and end-users, as well as a brief description of material impacts, risks and opportunities linked to its value chain. Its assessment should include also workers’ rights protections. But the framework does not require that companies disclose those metrics when it comes to the workers in their supply chains. Instead, companies should report, in narrative style, on their value chain due diligence approach and their human rights commitments, on stakeholder engagement, and so on.
This is what lead firms have been doing for the last twenty years with regard to their value chains. It is possible that as the reporting requirements take hold and the returns come in, we will find we are still standing in the same place.
Third, the requirements lean heavily towards reporting based on firms’ policies, processes and inputs, and training for employees or contract suppliers is a classic input. But reporting largely avoids clear measures of outcomes or impacts on workers. This has been the norm in voluntary corporate reporting schemes such as the Global Reporting Initiative (GRI). Firms can describe, for example, the various policies and programs they have enacted to ensure that weekly working hours are kept within legal requirements, but they do not have to report on working hour outcomes—that is, actual hours worked per week.
Firms often complain—and rightly—of the enormous increase in the volume of reporting asked of them in recent years. On the upside, the new requirements will likely look familiar; the EU appears to have used the Global Reporting Initiative template liberally and has highlighted the inter-operability of CSRD and GRI reporting systems.
Nothing forbids companies from presenting outcome measures to accompany the description of their policies or inputs to show that they are effective. As the NGO Shift notes, companies should not be spending resources on actions that don’t result in changes or improvements to a material impact or risk. But few, if any, firms do that today, and if not required to do so, they are likely not to report on outcomes.
Firms might also slice or aggregate data in ways designed to burnish their brands, making analysis and comparison almost impossible. This underlines the importance of a standard, mandatory scheme in which data collection, analysis and disclosure is uniform across an industry. This would allow regulators to compare outcomes across firms and learn where to focus their attentions. Companies that take due diligence and reporting seriously will not be at a disadvantage. Disclosure-shy firms that have flown been below radar for decades will be exposed.
What are the prospects for serious outcomes-based reporting on labor issues for the supply chain?
ESRS alludes to the importance of outcome or impact measures of labor practices in global value chains. They note that “risks related to the undertaking’s [a firm’s] impact on value chain workers may include the reputational or legal exposure where value chain workers are found to be subject to forced labor or child labor.” And it is possible that the sector-specific reporting requirements might include outcome measures for supply chain workers (EFRAG value chain guidelines note that “sector-specific ESRS [due in 2026] will cover the inclusion of value chain data in its impact metrics when relevant.”). In a sector like apparel, which is among those the EU considers at high-risk for human rights abuses, outcome-oriented metrics should be key to ensuring the effectiveness of the legislation.
If CSRD and, by extension, CSDDD’s analyses of due diligence efforts are to help improve working conditions and advance workers’ rights in global value chains, they must require that firms collect and report clear, quantitative measures of labor and climate outcomes.
These should resemble those data that ESRS requires firms to report for their own workforces. For instance, not paying minimum wages in the supply chain is a material risk for companies and hence, the the difference between actual wages and the minimum wage for supplier factories in each country should be reported. Similarly, gender discrimination in the supply chain constitutes a material risk for companies. The ESRS requires that apparel firms like H&M and Bestseller report on gender pay gaps in their own workforces, but not for the women workers who make many of their products. A similar outcome measure would be relevant for supply chain workers, especially in sectors like apparel production, which is highly gendered, and where the available evidence shows that women workers are paid less than men.
These and twenty other quantitative labor outcome measures developed by Cornell University’s Global Labor Institute would be a relief to firms swimming in reporting waters that now stretch to the horizon. Regulators would be signaling what matters most, firms would manage what they are required to measure, and regulators would have a robust means of comparing firms and tracking changes over time. Using these proposed outcomes metrics, both firms and regulators could put their time and powers to their best uses.
The Cornell Global Labor Initiative will present a complete set of these proposed outcomes metrics in our forthcoming conference on Feb. 2 in New York City. For more information, click here.
