A Coherent Approach to Sustainability Due Diligence and Reporting: Making Sense of CSDDD and CSRD

Photo by Mesut Dogan on iStock

June 17, 2024
Authors
  • Anna Zubets-Anderson portrait

    Anna Zubets-Anderson

    Associate Director, Transformation, BSR

  • Alison Berthet portrait

    Alison Berthet

    Associate Director, Human Rights, BSR

  • Paloma Muñoz Quick portrait

    Paloma Muñoz Quick

    Director, Human Rights Standards, BSR

  • Beth Richmond portrait

    Beth Richmond

    Director, Transformation, BSR

Key Points

  • The EU’s Corporate Sustainability Reporting Directive (CSRD) and Corporate Sustainability Due Diligence Directive (CSDDD) are complementary. They establish a coherent regulatory framework covering the full sustainability due diligence lifecycle, from identifying and assessing adverse impacts to addressing and reporting on them.
  • CSDDD covers all due diligence steps while CSRD focuses on reporting. Both laws adopt a risk-based approach grounded in internationally recognized responsible business conduct standards, with some differences such as value chain activities in scope. CSRD goes beyond reporting on adverse impacts by also looking at positive impacts and financial risks and opportunities.
  • A pragmatic approach—that capitalizes on synergies while recognizing the specificities of each law—is key to compliance that delivers on the transformational potential of emerging sustainability regulations.

Voluntary frameworks for companies to assess, address, and report on their sustainability impacts on people and the planet have existed for decades. Nevertheless, mandatory EU requirements are bringing new attention to the governance and robustness of these processes and demanding companies harmonize their approaches across issues and teams.

CSRD and CSDDD requirements are aligned in spirit, with a clear overlap in their scopes and obligations. However, some differences exist. Implementation raises practical questions, and we recommend a pragmatic approach that capitalizes on efficiencies while acknowledging the unique requirements of each directive.

Key Similarities and Differences of CSRD and CSDDD

Obligation

CSRD requires companies to disclose impacts on people and the environment, as well as financial risks and opportunities. CSDDD establishes an obligation to conduct due diligence, i.e. to identify, assess and account for how they address (prevent, mitigate or remediate) adverse impacts.

Scope of Companies

Only a subset of the largest companies in scope of CSRD—an estimated 50,000 companies operating in the EU—are required to comply with CSDDD.

Scope of Impact

Both laws cover actual and potential adverse impacts on human rights and the environment across value chains, but the universe of topics under CSRD is broader and covers positive as well as adverse impacts.

Scope of Activities

CSRD covers impacts of own operations and across the full value chain. CSDDD covers the company’s own operations and full upstream supply chain, but only downstream activities related to transport, distribution and storage, excluding impacts connected to the use of products and services by consumers or end-users.

Affected Stakeholder Engagement

CSDDD requires meaningful engagement with affected stakeholders at every step of the due diligence process. CSRD does not require it but acknowledges that assessing materiality should be informed by due diligence and stakeholder perspectives and implicitly encourages it by requiring disclosure of such engagement (or lack thereof) across stakeholder categories.

Prioritization Criteria

Companies must prioritize their attention based on the severity and likelihood of impacts. However, CSDDD requires companies to act on all their impacts on people and the environment, while under CSRD companies set a threshold below which issues are not required to be reported on.

Five Questions for A Coherent Approach to Complying with CSRD and CSDDD 

As we work to help companies comply with these regulatory requirements, five considerations stand out:

1) How and when should companies identify actual and potential adverse impacts on people and the environment? 

The first step for companies in addressing and disclosing their impacts on people and the environment is identifying them. CSRD and associated guidance clarify that the materiality assessment of negative impacts is informed by the due diligence process defined in the UN Guiding Principles on Business and Human Rights (UNGPs) and the OECD Guidelines for Multinational Enterprises. Due diligence can help a company identify impacts and affected stakeholders, whose perspectives should inform the materiality assessment of impacts.

The OECD Guidelines and UNGPs, which also form the foundation of CSDDD, call for meaningfully assessing actual and potential impacts at various levels of the business, across operational contexts, and throughout the value chain on an ongoing basis (e.g. in supplier management systems). This iterative approach to assessment expects companies to progressively deepen their understanding of their most severe and likely impacts for management and disclosure and provides increasingly granular input for regularly updated double materiality assessments required by CSRD. 

In practice, efforts to identify impacts as part of due diligence and as part of materiality exercises can overlap. For example, nascent due diligence processes may start with a corporate-level scan of likely impacts based on industry, geography, and business model. This resembles the high-level view of likely impacts developed as part of a materiality assessment. These processes often include conversations with a similar set of internal and external stakeholders.

As a result, practical questions may arise as to how to integrate and sequence these high-level assessments, noting that human rights and environmental assessments generally go further than impact identification and evaluation, and include an assessment of the measures taken to address these impacts.  Teams can benefit from a consistent approach that reflects a unified understanding of the value chain and stakeholder landscape and ensures efficient use of the information gathered.

2) How should companies prioritize impacts for action and reporting? 

CSRD and CSDDD adopt the same criteria—severity and likelihood—for prioritizing impacts, though the aim of the prioritization exercise is different: determining topics for disclosure under CSRD versus sequencing actions to address impacts under CSDDD. Companies will need to determine how best to understand the severity and likelihood in service of both objectives across a diverse range of topics. While prior corporate efforts to align with the UNGPs and OECD Guidelines provide experience in applying these criteria to human rights impacts, this approach is new for environmental teams, and it is less clear how criteria should be applied to these topics. Companies also need to determine how to consistently understand inherent (gross) and residual (net) impacts, the former being the basis for prioritizing action and disclosure on adverse impacts under CSDDD and CSRD. The assessment criteria will need to be harmonized across the organization to prevent inconsistencies in communication and action. 

The lack of data on a particular topic does not mean that an impact does not exist or is not severe, particularly if the means to collect the data are lacking. Where impacts are unclear, a risk-based methodology—that seeks to assess the likelihood and severity of impacts using proxy data and/or expert judgment—should be used to inform the company’s approach. 

3) Why and how should companies engage affected stakeholders?

CSRD and CSDDD stress the need to consider the perspectives of affected stakeholders (e.g., people impacted by the business, environmental defenders) and to communicate to them how impacts relevant to them are managed. While CSRD does not require stakeholder engagement, CSDDD requires—and provides criteria for—meaningful engagement. This includes providing stakeholders with relevant and comprehensive information, ensuring ongoing consultation, considering barriers to engagement, and ensuring stakeholders are free from retaliation and retribution.

Engagement can range from formal channels (e.g., consultations, interviews, surveys, and grievance mechanisms) to informal day-to-day interactions (e.g., regular meetings with customers, town halls, or community roundtables). Companies should also engage stakeholders through their legitimate representatives (e.g., trade unions or civil society organizations) and ensure engagements are tailored for specific groups. For instance, where Indigenous Peoples may be impacted, engagement may involve good faith processes of free, prior, and informed consent

An effective stakeholder engagement approach should build trust and avoid the need for duplicative information gathering. Engagement with affected stakeholders should be integrated at each step of due diligence (as required by CSDDD), and insights from engagements should inform a company’s reporting (under CSRD), closing the due diligence lifecycle by accounting for its impact management to stakeholders.

4) How should companies address impacts? 

While CSRD does not require companies to act on material impacts, it does require them to report on how they manage impacts in some detail. CSDDD requires companies to act on impacts and provides a clear operational framework to help them understand what appropriate action looks like based on the company’s involvement in harm, such as ceasing this activity and providing remedy. It points to governance and management systems that should be deployed to prevent, mitigate, and remediate adverse impacts (e.g., policies, effective grievance mechanisms) as well as ways they should use leverage (e.g., supplier contracts, industry and multi-stakeholder initiatives). Recognizing the vast differences between companies, industries, operating contexts, and issues, CSDDD leaves flexibility for companies to tailor their actions to address impacts.

5) Who should be responsible for oversight and execution of sustainability due diligence, including reporting? 

Through CSRD and CSDDD, sustainability due diligence has become a legal responsibility for management and for board oversight with penalties for companies who fail to comply. Ensuring an effective response calls for clear governance structures, cross-organizational collaboration, and access to expertise. Boards may need to add members with relevant subject matter expertise or establish advisory bodies. Senior management should have formalized responsibilities and likewise draw on internal and external sustainability expertise to deepen their understanding of the company’s sustainability impacts and what good compliance looks like.

We hear from companies that new compliance pressure has the potential to become an overwhelming distraction. While this is understandable, our experience helping companies implement each step of due diligence and impact-based materiality reporting gives us hope that the regulatory baseline can become a springboard for ambitious yet pragmatic action on corporate impacts on people and the environment.

BSR’s multidisciplinary team takes a holistic approach to CSRD and CSDDD compliance strategies, helping companies to develop approaches that are aligned and integrated across the value chain. If you’d like further information, please don’t hesitate to reach out.

Let’s talk about how BSR can help you to transform your business and achieve your sustainability goals.

Contact Us