Written by 12:16 pm European Union

Extraterritorial Reach Of Upcoming European ESG Rules – Securities

In Short

The Situation: Certain large companies
incorporated in the European Union (“EU”) are already
required to disclose nonfinancial information under the current EU
regulatory framework. Two upcoming EU directives—set to phase
in over the next several years and adopted in support of the
“European Green Deal”—will significantly expand the
scope of these rules and related liability regimes and will have
extraterritorial effect, imposing disclosure and governance
requirements not only on more EU companies, but also on non-EU
entities with significant operations in Europe.

The Result: Once these rules come into force,
many companies operating in the EU will be required to publicly
disclose a broad array of environmental, social, and governance
(“ESG”) information in considerable detail, and also
establish new governance procedures and benchmarks on ESG issues,
notably those related to climate change.

Looking Ahead: Companies should start
determining now whether these new rules may apply to them. If so,
taking an immediate, proactive approach to developing the required
reporting and governance procedures will be necessary to comply
with the EU’s proposed timeline.

As part of the so-called EU “Green Deal,” which seeks
to achieve “climate neutrality” in the EU by 2050, the EU
has rolled out two key new initiatives that will have a
far-reaching impact on certain companies’ ESG disclosure and
governance requirements—including companies that are not
incorporated in the EU. While the EU has been a trailblazer in this
space, other jurisdictions—notably the United States through
its Securities and Exchange Commission (“SEC”)—are
considering or have released proposed rules of their own on ESG
disclosures (see our comment letter to the proposed SEC rules). For
companies subject to more than one jurisdiction’s rules,
navigating overlapping disclosure requirements and maintaining
consistent reporting will be critical.

The risk of noncompliance with these new rules includes
potentially steep penalties and civil litigation exposure. There is
also, as we have seen in U.S. ESG-related litigation, an increased
risk of civil litigation where more detailed ESG reports and
disclosures are susceptible to claims of greenwashing or
socialwashing, among other allegations that a company has
overpromised on its ESG performance to regulators, investors, or
other stakeholders.

New Disclosure Requirements to Cover Non-EU Entities

Under existing disclosure rules, certain EU entities (and parent
entities of a group) are required to provide a nonfinancial
statement that includes a number of ESG disclosures. The EU seeks
to increase the scope of these requirements, both in terms of the
entities covered and the breadth of the disclosures. The European
Parliament and the Council of the EU agreed to a negotiated text of
the Corporate Sustainability Reporting Directive 2021/0104(COD)
(the “CSRD”) on June 30, 2022, which will take effect on
a phase-in basis from 2024 to 2026 and beyond (a final version of
the CSRD is set to be adopted later this year). If adopted as
proposed, the CSRD would expand disclosure obligations to include
detailed information on a variety of ESG factors and apply to a
wider group of entities, including those with a non-EU parent
company if the group generates significant income in the EU and has
an EU-based subsidiary or branch that meets certain criteria.

The CSRD will apply to an estimated 49,000 EU entities, which
will include: (i) large undertakings, defined as meeting two of the
following criteria on their last balance sheet date: balance sheet
total of €20 million, net turnover of €40 million,
average number of 250 employees during the financial year; (ii)
small-and-medium undertakings (“SMEs”) that are listed on
a regulated market of an EU Member State (i.e., excluding companies
listed on growth markets such as Euronext Growth in Paris) and
which are not micro-undertakings; and (iii) parent undertakings of
a large group, which is defined with the same criteria as a large
undertaking. Like any other EU company, the EU subsidiary of a
non-EU parent that otherwise qualifies under the above criteria
will be required to comply with the CSRD regime at the subsidiary

Groups with a non-EU parent will also be required to comply with
certain of the CSRD’s disclosure requirements on a consolidated
basis and provide an attestation over its ESG reporting if: (i) the
group on a consolidated basis generated a net turnover of more than
€150 million in the EU in each of the last two consecutive
financial years; and (ii) the group has either: (a) at least one
EU-based subsidiary that meets the requirements for an EU entity or
(b) a branch that generated more than €40 million in turnover
in the EU in the preceding financial year. There are only limited
exemptions to these reporting requirements, such as if an otherwise
covered company is a subsidiary of a parent entity that is already
reporting under the CSRD on a consolidated basis.

Covered entities or groups with a non-EU parent entity are
required to provide consolidated disclosures on a variety of ESG
topics, including:

  • The business model and strategy;

  • Targets related to sustainability and the progress made toward
    achieving these goals;

  • Policies relating to sustainability (including incentive plans
    relating to sustainability);

  • Implemented due diligence processes;

  • Actions taken to remediate or end actual or potential adverse
    impacts related to ESG issues; and

  • A description of the role of company management in
    sustainability matters.

The subject matter of these disclosures will be further
specified in acts to be rolled out over the next several years,
covering, among other disclosures, climate change mitigation and
adaptation and use of natural resources, respect for human rights,
and governance matters, such as internal control and risk
management. The specific reporting standards for non-EU companies
will be different from those required for EU companies, and SMEs
will have more limited reporting requirements. All reported
nonfinancial information will need to be subject to a limited
assurance attestation, which may in the future be required on a
reasonable assurance basis.

Due Diligence and Governance Requirements

The European Commission has proposed a draft Corporate
Sustainability Due Diligence Directive COM(2022) 71 (the
“CSDDD”), which, if adopted as proposed, would have
far-reaching due diligence and governance requirements relating to
ESG matters for non-EU companies with significant operations in the

Covered entities would be required to, among other things:

  • Integrate due diligence practices into all corporate

  • Identify actual and potential adverse human rights and
    environmental impacts arising from the company’s operations or
    those of their subsidiaries and, where related to their value
    chains, from their established business relationships;

  • Prevent and mitigate potential adverse impacts, and actively
    take steps to end any actual adverse impacts identified; and

  • Adopt a plan to ensure that the business model and strategy of
    the company are compatible with the transition to a sustainable
    economy and with limiting global warming to 1.5°C in line with
    the Paris Agreement.

If adopted as proposed, the CSDDD would apply to non-EU
companies that either: (i) generated at least €150 million of
net turnover in the EU in the preceding financial year; or (ii)
both (a) generated at least €40 million of net turnover in the
EU in the preceding financial year and (b) generated at least 50%
of the non-EU company’s worldwide turnover in a sector
considered as being particularly vulnerable to adverse impacts
(such as agriculture, textile manufacturing, and mineral

Entities covered by the CSDDD will be required to conduct
diligence on ESG matters throughout their “value chain,”
a broad concept under the current text. Therefore, even if a non-EU
entity is not strictly covered by the CSDDD, this is likely in
practice to require non-EU entities to provide significant ESG
information to covered entities seeking to comply with the

New Liability Regime for Non-EU Companies

Companies subject to the new EU rules are also exposed to a new
liability regime that includes, in some cases, collective
responsibility for managers as well as new regulatory penalties and
private rights of action. As litigation surrounding ESG has
expanded, especially in the United States—where claims that
companies are “greenwashing” and
“socialwashing” in ESG disclosures have exploded in
recent years (see our Commentary on ESG liability
)—the new EU liability regimes add another layer
of potential exposure for reporting entities. For companies with
reporting obligations across multiple jurisdictions, it will be
critical to coordinate not only the consistency of ESG disclosures
made to various regulators but also to guarantee that any
information presented in company-issued sustainability reports is

Within the proposed EU regime, the CSDDD contemplates a specific
administrative sanction that would be imposed by each EU Member
State’s regulator in the event of a breach. Similar to the EU
General Data Protection Regulation regime, potential penalties
could include heavy financial sanctions based on the company’s
turnover. The CSDDD further provides for civil liability, requiring
that Member States provide private rights of action for a
company’s failure to prevent or mitigate potential adverse
impacts on the environment or human rights, if, as a result of this
failure, the adverse impact that could have been avoided in fact
occurred and caused damage. If alleged damages are the result of
the activities of an indirect partner, the company may be able to
assert a defense that it took appropriate measures to avoid these
risks, including performing due diligence on the activities of the
partner, among other arguments.

As proposed, the CSDDD would also enhance the fiduciary duties
of directors by, for example, expanding the definition of acting in
the company’s “best interest” to include weighing the
consequences of the board’s decisions on sustainability
matters, including human rights and environmental consequences in
the short, medium, and long term.

Under the CSRD and ultimately the CSDDD, directors and officers
of EU subsidiaries with non-EU parent entities, and potentially
non-EU parent companies of groups with significant EU operations,
will have significant new responsibilities and will be required to
implement ESG disclosure and governance practices to comply with
these new requirements.

Three Key Takeaways

  1. The CSRD disclosure requirements (once the agreed text is
    finally adopted later this year) will phase in from 2024 (for
    entities already meeting the previous Non-Financial Reporting
    Directive reporting requirement) through 2026 (for SMEs). The CSDDD
    phase-in remains subject to negotiation. ESG reporting for the
    fiscal year 2024 may be due as early as the first half of

  2. If the new rules are adopted as proposed, non-EU companies may
    have sweeping new group-level reporting obligations if they have a
    branch or subsidiary that does business in the EU, and may face
    substantial new penalties and civil litigation exposure for
    supposed noncompliance with ESG reporting and expected norms.

  3. Companies, including non-EU groups, should quickly analyze
    whether their activities in the EU trigger the new disclosure
    and/or due diligence requirements. If so, the company and, if
    required to report on a consolidated level, the group should
    incorporate relevant processes to comply with the expanded
    obligations on an expedited basis and consider how best to
    coordinate a global ESG messaging strategy across reporting as well
    as company statements.

The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.

Source link