Mandatory human rights and environmental due diligence in practice: key insights from France and Germany
Céline da Graça Pires
Business & Human Rights Advisor
cdg.pires@outlook.fr
Daniel Schönfelder
Responsible Contracting Project
schoenfelder@outlook.com
On 25 July 2024, the Directive on corporate sustainability due diligence (Directive 2024/1760) entered into force. According to the European Commission, Member States have to transpose the Corporate Sustainability Due Diligence Directive (hereinafter «CSDDD» or «Directive») into national law and communicate the relevant texts to the Commission by 26 July 2026. Meanwhile, member states of the UN have been gathering for the 10th time to discuss a potential international treaty on BHR that would, essentially, oblige the states that sign to implement mandatory human rights and environmental due diligence (hereinafter «mHREDD») laws. Potential legislative initiatives on mHREDD are being discussed worldwide, including in Canada, Brazil, Colombia, South Korea, Tunisia and Mexico. This makes it an ideal time to evaluate the experiences of countries that have already implemented mHREDD laws. As BHR practitioners from France and Germany, our analysis highlights the experiences in these two countries: France, the global pioneer with its Duty of Vigilance Law (LdV) enacted in 2017, and Germany with the more recent implementation of its Supply Chain Due Diligence Act in 2021 (hereinafter «LkSG»). We publish a first summary of the most important aspects from our view, based on a larger article we published recently, that will be updated and complemented with new insights.
I. Introduction
Both the LdV and the LkSG mandate HREDD measures. The CSDDD builds on these efforts by further strengthening requirements and aligning them more closely with the UN Guiding Principles on Business and Human Rights (UNGPs) and the OECD Guidelines for Multinational Enterprises (OECD Guidelines). However, similar to the LkSG and LdV, the CSDDD takes a more focused approach: its scope applies primarily to larger corporations, and its due diligence obligations center on companies’ own activities and their upstream suppliers, with less emphasis on the downstream side.
In France, inspired by the UNGPs and the OECD guidelines, the LdV requires large companies headquartered in France from all sectors which have, over the course of two reporting periods, at least 5,000 employees in France either in their own company or in their direct or indirect subsidiaries, or 10,000 globally (including subsidiaries), to draw up and effectively implement a vigilance plan. The plan has to include reasonable monitoring measures to identify risks and prevent serious harm to human rights and fundamental freedoms, to the health and safety of persons and the environment. The vigilance plan, which is intended to be made public annually and to be developed in partnership with the company’s stakeholders, includes 1) risk mapping, 2) subsidiaries, subcontractors, and suppliers’ evaluations (with which the company has an established business relationship), 3) mitigation actions, 4) an alert mechanism, and 5) a monitoring system to evaluate effectiveness.
In Germany, the Act on Corporate Due Diligence Obligations in Supply Chains obliges companies with more than 1000 employees and a seat or branch in Germany to conduct HREDD. The HREDD obligations are focused on a list of mainly human rights but also some environmental aspects (climate and biodiversity are notably not explicitly included). They are oriented on the UNGPs and focused on own operations and the upstream supply chain, with complex rules establishing an obligation to analyze tier n risks only in exceptional cases. The Law contains a mechanism of administrative enforcement via controls and fines, and the competent authority BAFA has been very active, hiring a personnel of more than 100, putting over 400 control questions to obliged companies and publishing guidance on many aspects of the law.
II. Putting human rights on the table
The laws already had a big impact on internal governance procedures in companies from both countries. Most big companies introduced HREDD governance systems. These typically set up cross-functional systems, similar to compliance management systems, with formal and often substantive support from the high levels of the corporate hierarchy. They are anchored in internal human rights policies and procedures and internal and external codes of conduct that oblige employees and suppliers to uphold them. Many companies set up cross-functional teams to set up implementation projects and integrate human rights aspects in the working of sustainability compliance, HR and, most importantly, procurement. For this, companies also hire internal human rights experts, also with NGO and/or development cooperation backgrounds, and external consultancy projects. Advice on HREDD is today not only offered by specialist boutique consultancies with long-term expertise but has come to the mainstream, with most actors of the big four and big law offering their clients advice on compliance with the new laws. Human rights have definitely been put on the table by the laws and are more and more becoming part of the business world. However, an upticking of action and investments in advice and tools does not necessarily translate in the effective HREDD that, required by both LdV and LkSG, needs to ensure measures that actually have the chance to improve the situation for rights holders. Some argue that the laws have primarily led to increased bureaucracy («bureaucracy monster»), generating documentation without delivering a significant positive impact. In our view, this is mainly due to a tick boxing approach that overlooks the importance of shared responsibility and the pursuit of continuous improvement through effective prioritization.
III. Hredd in supply chains - taking a shared responsibility
Both the LdV and the LkSG require firms to analyze risks in their supply chains and take preventive measures to address them after prioritisation (Art. L. 225-102-4.-I.of the French Commercial Code for the LdV and Sec. 5 and 6 LkSG). Practice shows that many companies have adopted an approach that could be described as relying on two main mechanisms: One involves sending out one-size-fits-all questionnaires to tier 1 suppliers, while the other involves sending out supplier codes of conduct (hereinafter “SCoC») to tier 1 suppliers that shift all responsibility for HREDD to them. While this strategy is aimed at raising awareness among suppliers and encouraging the trickling down of HREDD requirements across supply chains, a closer examination reveals significant shortcomings and potential risks of non-compliance with legal obligations.
The questionnaires normally contain superficial questions about typical human rights aspects, such as «Do you have a child labour policy?» or even «Do you respect the freedom of association of your workers?». There is often no differentiation between different products or levels of capacity. Suppliers of T-shirts will receive the same standard questionnaire as suppliers of bananas. A micro-enterprise of less than 10 employees will receive the same questions like a multinational market-leading giant with a budget bigger than many states. The questionnaires produced a big political backlash, with small enterprises claiming to be overwhelmed and many actors rightfully questioning if this approach actually produces relevant data that can be used to then make decisions on how to address identified issues. The practical experience is that it mostly does not because the superficial information received cannot enable a company to decide if a supplier really has risks to human rights and what should be done about it. Instead, companies should be both more minimalistic and more ambitious: they should use the prioritization criteria to focus on smaller numbers of suppliers and supply chains, and they should use the time they gain by this to prepare measures of risk analysis that are sector—tailored, and SME—empathetic instead of one size fits all. This would mean first thinking about the typical risk scenarios in the banana and T-Shirt supply chain, then prioritizing them, and then asking banana and T-Shirt suppliers about these indicators and measures related to the specific risk scenarios, taking into account the smaller capacity of smaller firms, and working together on improving the situation.
The work together to improve the situation is hindered by responsibility-shifting SCoCs. These SCoCs typically oblige suppliers to meet human rights and environmental standards, often using an approach that requires them to guarantee to uphold «no human rights risks,» often even in their supply chains, and ignores the role the buyers’ behaviour, especially purchasing practices, play in enabling suppliers to meet the standards. This is harmful because it obliges suppliers to promise something impossible: human rights risks are present in most companies and supply chains, as even in the EU, for example, racist discrimination or unequal pay still prevails. The supplier obliged to legally pretend otherwise would be strongly incentivised to hide problems and not answer honestly in questionnaires, audits, or supplier talks. At the same time, creating a legal reality between parties where only the supplier is at fault ignores that responsible purchasing practices and cooperative behaviour by buyers is essential to address human rights risks and disincentivizes suppliers to speak on them. A more realistic and effective approach is basing Codes of Conduct on shared responsibility, recognizing the obligations of both parties to continuously improve the human rights situation collaboratively. Because of the requirements on effectiveness (Sec. 4 (2) LkSG, Art. L. 225-102-4.-I.of the French Commercial Code for the LdV) of both laws, this approach has always been insufficient to ensure compliance. This has also been emphasized by the BAFA in the guidance on collaboration in supply chains. In the EU context, an even stronger and explicit emphasis on shared responsibility, effectiveness, and appropriateness underlines this (Articles 3(o), 5, 7, 8, 10, 11, 13, and 15; Recitals 40, 41, 45, 46, 50, 53, 53, 54, 55, 56 and 57). Companies will have to start sharing the responsibilities and costs fairer and cooperating as partners with their suppliers to improve the situation.
IV. Meaningful stakeholder engagement
Meaningful stakeholder engagement is a cornerstone of effective human rights and environmental due diligence (HREDD). The LdV made history by, for the first time, emphasizing collaboration with stakeholders in the development of vigilance plans, including consultations with trade unions for setting up alert mechanisms. This has had positive impacts, encouraging companies to better understand the importance of stakeholder mapping while strengthening relationships and collaboration with trade unions. Similarly, the LkSG requires companies to consider the interests of workers and individuals impacted by their activities when designing and implementing risk management systems, enhancing the inclusion of affected voices (Sec. 4 (4) LkSG). However, both laws lack explicit and detailed provisions and specific criteria to ensure engagement can qualify as «meaningful» in line with the UNGPs and OECD Guidelines and not reduced to a tick-box exercise in practice, leaving room for improvement.
The CSDDD’s art. 13 builds on these existing frameworks and requires meaningful stakeholder engagement. Under the Directive, stakeholder engagement is expected to occur at multiple critical junctures of the due diligence process: during the initial information-gathering stage, in the development of prevention and corrective action plans, when making decisions about terminating or suspending business relationships, during the adoption of remediation measures, and, where relevant, in the creation of qualitative and quantitative indicators. Importantly, while the CSDDD does not explicitly define «meaningfulness» or «effectiveness» of the engagement with stakeholders, it provides safeguards to address barriers to engagement and ensures the protection of stakeholders—particularly vulnerable groups—against retaliation. Despite some gaps still remaining in the CSDDD (e.g., no explicit requirement of stakeholder engagement in human rights policy and due diligence strategy development, no continuous engagement required to monitor the effectiveness of the due diligence processes, no requirement for stakeholder engagement in the design and implementation of grievance mechanisms): it still provides a strong foundation for fostering meaningful dialogue with stakeholders, enabling companies to build more responsible and resilient supply chains while ensuring that those most potentially or actually affected by corporate actions are actively involved in raising risks and shaping solutions to address them.
V. Accountability and monitoring mechanisms
The accountability mechanisms under the LdV and the LkSG differ significantly in structure and effectiveness, with both facing key challenges.
The LdV relies solely on judicial oversight, as France lacks an administrative body to monitor enforcement. Compliance is enforced through two legal actions: a preventive judicial injunction (mise en demeure) and an ex-post civil liability action under common law for damages caused by non-compliance (Art. L. 225-102-4.-I.of the French Commercial Code for the LdV). The LdV has been criticized for its lack of “teeth” and limited effectiveness in holding companies accountable. Since its adoption, the law has struggled with procedural delays, including years spent determining jurisdiction, resolved only in 2021 when sole jurisdiction was granted to the Paris Judicial Court (Tribunal Judiciaire de Paris - via the law n° 2021-1729 pour la confiance dans l’institution judiciaire). Available in French at: https://www.legifrance.gouv.fr/jorf/id/JORFTEXT000044545992. The first substantive ruling under the LdV came only on December 5, 2023, in the La Poste case (RG n° 21/15827) brought by SUD PTT, where deficiencies in the vigilance plan were identified. However, the decision has been appealed, and its final impact remains uncertain. The recent creation of the specialized Chamber 5-12 for emerging litigation in January 2024 offers hope for improved enforcement. Further progress was made on June 18, 2024, when Chamber 5-12 of the Paris Court of Appeal issued its first rulings on the admissibility of duty of vigilance cases involving TotalEnergies, EDF, and Vigie Groupe (formerly Suez).
Despite these hurdles, these recent cases signal progress in the judicial application of the LdV. On these three cases, on June 18, 2024, the new Chamber 5-12 of the Paris Court of Appeal delivered its first three rulings on the admissibility of actions based on the duty of vigilance (Paris, 18 juin 2024, pôle 5 - ch. 12, TotalEnergies, RG n ° 23/14348; EDF, RG n° 21/22319; Suez (Vigie Groupe), RG n° 23/10583). These decisions provided critical clarifications on key procedural issues, including admissibility criteria for actions, the requirement of prior formal notice («mise en demeure»), pre-litigation dialogue, and the possibility of combining such actions with claims for cessation of environmental damage. By harmonizing jurisprudence on the admissibility of vigilance-related actions, the Court of Appeal has laid a foundation for greater legal clarity moving forward. Decisions on the merits in the EDF and TotalEnergies cases, which are still pending, are expected to provide further insights and shape the future interpretation and implementation of the LdV.
The LkSG is very unclear on the issue of civil liability, with contradictory Sec. and explanatory memorandum seeming to both exclude and require it. In contrast, the LkSG benefits from administrative oversight by Germany’s Federal Office for Economic Affairs and Export Control (BAFA), which is responsible for monitoring compliance and guiding companies in their due diligence obligations (Sec. 14 ff. LkSG). BAFA has actively monitored compliance by conducting both general reviews and specific investigations into alleged violations, sending inquiries to companies to ensure adherence to due diligence and grievance obligations. In its first year of enforcement, BAFA conducted 486 general compliance checks and investigated 78 specific cases of potential violations. However, BAFA has not yet issued fines, opting instead to take a cooperative approach to enforcing and monitoring the law. This approach reflects the understanding that companies, the authority, and advisors are still navigating the complexities of the law and its implementation, emphasizing a focus on guidance and collaboration during this early phase.
The CSDDD adopts a two-tier enforcement framework: Articles 24 to 28 focus on administrative oversight, while Article 29 mandates a civil liability system for breaches of due diligence obligations.