Human-Rights Due Diligence: Companies’ Preparedness for the EU’s CSDDD
Key findings
- The EU’s proposed CSDDD could substantially up the stakes in human-rights law for companies and investors. It mandates due diligence — versus just disclosure — with non-compliance fines of up to 5% of a company’s total annual turnover.
- The European Parliament voted in June that financial institutions should be covered by the directive. Although this provision may be amended, it means investors could have to carry out human-rights due diligence on their investees.
- Companies have a big gap to close. We found that many of those in scope for CSDDD fell short on baseline practices to prevent human-rights abuses — including those in high impact sectors identified by the legislature.
Human-rights violations in companies' value chains can damage their reputation and public image. Such offences may soon also become a regulatory violation for both companies and financial institutions.[1,2] Although not the first, the EU's Corporate Sustainability Due Diligence Directive (CSDDD) could be game changing for firms with a global footprint and enforced as early as 2026.[3]
A landmark law with risk of hefty fines
The CSDDD would not only be a reporting requirement, but an obligation to undertake human-rights and environmental due diligence in line with well-established standards such as the UN Guiding Principles on Business and Human Rights and the OECD Guidelines for Multinational Enterprises.[4] Such standards recommend the development of a human-rights policy, impact assessments, stakeholder engagement, mechanisms to track programs' effectiveness, grievance and remediation processes in companies' own operations and value chains. On top of these cross-sector requirements, the CSDDD has identified high impact sectors such as mining and agriculture as priority with additional sector-specific due diligence guidelines forthcoming.
The proposed legislation covers EU companies as well as non-EU companies active within the region.[5] Failing to comply with any of these rules could lead to civil liabilities and hefty fines of up to 5% of a company's total annual turnover. We estimate that the CSDDD may affect as much as 26% of the constituents of the MSCI ACWI Investable Market Index (IMI) (2,309 out of 9,051) and a third of the constituents of the MSCI ACWI Index (931 out of 2,837), as of Aug. 31, 2023.
Companies have a long way to go
Compliance with the CSDDD may prove challenging for companies. Assessing potentially in-scope MSCI ACWI IMI constituents, we found that only half had some grievance mechanisms in place, and only 14% tracked the effectiveness of their human-rights policies and set related human-rights targets. Meanwhile, a quarter of companies covered by the directive had been subject to allegations of human-rights-related violations in the past three years, with 4% of them evaluated as severe or very severe by MSCI ESG Research, with no evidence of remediation responses, as of September 2023.[6]
Companies in scope of the CSDDD: Sector-agnostic evaluation of human-rights performance
Universe: constituents of the MSCI ACWI IMI that we estimated in scope of the CSDDD (n=2,309) as of Aug. 31, 2023. Source: MSCI ESG Research, company disclosures
Based on our initial mapping,[7] 49 sub-Global Industry Classification Standard (GICS®)[8] industries were included in the high-impact sectors identified by the EU. This represented about a third of the likely in-scope constituents of the MSCI ACWI IMI that we identified (746 issuers out of 2,309).
Among companies in high-risk sectors, only 13% had processes in place to monitor the effectiveness of their human-rights policy. Less than half (45%)[9] had robust sectoral mitigation practices, likely to be requested by the CSDDD, such as providing free, prior and informed consent to indigenous peoples for extractive companies or ensuring greater control and rights to data subjects for social media.
In the interactive chart below, we aggregate MSCI ESG Research issuer-level data to show how high impact sectors stack up on both baseline and sector-specific human-rights practices.
Coupling companies' performance on both fundamental and sectoral due diligence practices may help investors evaluate alignment with international norms and regulatory requirements and identify companies' most significant human-rights issues.
Companies in scope of CSDDD: A focus on high-risk sectors and sector-specific risks
Loading chart...
Please wait.
1 Amendments adopted by the European Parliament on June 1, 2023.2 The European Council had a different position with regards to the inclusion of financial institutions and thus this prerogative may continue to be a contention point in the interinstitutional negotiations and could change until the CSDDD is formally adopted.3 The tripartite negotiations between the European Parliament, Commission and Council are ongoing and not expected to be concluded before 2024. Subjects of negotiation include the scope of the regulation, its applicability to the financial sector, directors' duty of care and civil liability. After its official adoption, the member states will have two years to translate the CSDDD into domestic law.4 The CSDDD follows a risk-based approach where identification, prioritization and mitigation efforts should be commensurate to the actual adverse impacts on people, if not possible to address all simultaneously.5 This includes EU companies with over 250 employees and EUR 40 million global net turnover as well as non-EU companies generating at least EUR 40 million within the EU and over EUR 150 million global net turnover. Different implementation periods are considered to accommodate the size of companies.6 In this analysis, we included all MSCI ESG controversies related to human rights, labor rights and privacy rights as of July 19, 2023. Refer to “MSCI ESG Controversies and Global Norms Methodology,” MSCI ESG Research, August 2023.7 This indicative mapping is provided “as is” and does not constitute legal advice or binding interpretations of the said regulation. MSCI's mapping to the indicators are based on assumptions. Given the uncertainty and current interinstitutional negotiations around the inclusion of financial institutions, we did not include them into our high-risk sector analysis.8 GICS is the industry-classification standard jointly developed by MSCI and S&P Global Market Intelligence.9 Robust performance is defined by a management score above 5 out of 10, 10 representing best practice. Management scores in MSCI ESG Ratings are indicative of a company's strategy, programs and proven track record on the specific key issue, leveraging a dozen of policy, programs and performance KPIs as well as presence and severity of controversies. Sector or company-specific human rights risks where selected based on their weighting within the MSCI ESG ratings model. The following key issues were considered relevant for this analysis: community relations, supply chain labor standards, labor management, health and safety, controversial sourcing, and privacy and data security. The social key issues in MSCI ESG Ratings are selected by industries based on the extent to which the business activities of the companies in each industry generate large social-related externalities. Refer to “ESG Ratings Methodology,” MSCI ESG Research, June 2023.
The content of this page is for informational purposes only and is intended for institutional professionals with the analytical resources and tools necessary to interpret any performance information. Nothing herein is intended to recommend any product, tool or service. For all references to laws, rules or regulations, please note that the information is provided “as is” and does not constitute legal advice or any binding interpretation. Any approach to comply with regulatory or policy initiatives should be discussed with your own legal counsel and/or the relevant competent authority, as needed.