The European Due Diligence Directive: What Startups and Scale-Ups Need to Know Now

From reporting to actual action

For years, European sustainability legislation has mainly focused on transparency. Companies had to make more and more public about non-financial issues, ESG and sustainability, but the step from reporting to concrete intervention in their own organization and chain remained limited. The proposed directive for corporate sustainability due diligence changes that.

The core of the proposal is that certain companies are required to exercise due care with regard to negative consequences for human rights and the environment. So it's not just about what a company does itself, but also about what happens at subsidiaries and in parts of the value chain with which there is a permanent business relationship.

This makes this proposal legally and practically relevant. It is not a system that is solely about reporting afterwards. It pushes companies towards active policy, monitoring, complaint handling, contract management and strategic choices. For directors and supervisors, this is an essential difference. Sustainability thus explicitly becomes part of governance.

For startups and scale-ups, that may seem like a show far from your bed at first glance. After all, the direct barriers focus on larger companies. However, it would be a mistake to deduce that young growth companies remain out of the picture. Especially in the value chain of larger customers, investors, producers and international partners, this development can quickly take effect.

Why the European Union wants to take this step

The proposal is in line with the European Union's wider ambition to make the economy more sustainable and achieve climate goals. According to the European legislator, the behavior of companies plays an important role in this. Voluntary standards and separate initiatives are apparently not considered sufficient to enforce structural improvements in the areas of human rights and the environment.

In addition, national due diligence rules were under development or had already been introduced in several countries. This quickly leads to a fragmented playing field. This is impractical for companies that operate across borders. A harmonised European framework should provide greater legal certainty and prevent companies from facing different national regimes.

Interestingly, the proposal also shows that Europe no longer sees reporting obligations as an end point. Sustainability reporting arrangements, such as the extension of reporting frameworks for companies, are in fact supplemented by material obligations. In other words: not only tell us what you do, but also demonstrate that you are identifying risks and acting accordingly.

That is an important shift. For the practice of Startup Law, this means that sustainable business is less and less an informal policy document and is increasingly becoming a legal issue that affects internal processes, contracts and administrative responsibility.

Which companies does the proposed directive apply to?

The proposed directive does not focus on every company. It works with threshold values. For EU companies, the proposal in the first category applies to companies with more than 500 employees and more than 150 million euros in turnover. In addition, there is a second category for companies with more than 250 employees and more than 40 million euros in turnover, provided that at least 50 percent of that turnover is achieved in certain risk sectors.

For non-EU companies, the proposal looks at the turnover generated within the EU. There, too, turnover thresholds apply, with a separate category for companies that are active in risk sectors.

These risk sectors are broad, but not unlimited. In summary, it concerns sectors such as textiles and footwear, agriculture, forestry, fishing, food production and certain commodity and metal-related activities. This makes it clear that the proposal mainly targets companies whose economic size or sectoral position means that the potential impact on human rights and the environment can be significant.

For startups and scale-ups, it is particularly important that SMEs do not fall directly below these thresholds, but can indeed be affected. This happens through the chain. A young company that is a supplier, development partner, manufacturer, distributor or other permanent business relationship to a larger company may face new contractual requirements, requests for information, audits, codes of conduct and remedial measures.

This indirect effect should not be underestimated. Those who are now working with or growing towards larger companies are likely to get questions about chain risks, internal procedures and compliance sooner than before.

What exactly does the due diligence obligation mean?

The due diligence obligation is the core of the proposal. One nuance is important here: it is not about an absolute guarantee that negative consequences will never occur. The obligations are mainly in the nature of best efforts obligations. Companies must take appropriate measures that can reasonably be expected to contribute to preventing, mitigating or ending adverse effects.

That may sound abstract, but the proposal elaborates this care quite concretely in six steps.

1. Embedding due diligence into policy

Companies must integrate due diligence into their policies and establish separate due diligence policies. This policy should be reviewed periodically, at least annually, and adjusted where necessary. This includes the due diligence approach, a code of conduct for employees and subsidiaries, and the processes for implementation and control.

There is an important practical point here. This is not a separate ESG section on the website. The proposal focuses on an internal system of rules, responsibilities and verification. For growing companies, this is a signal that sustainability is not only a subject of marketing or investor relations, but also of operations and legal.

2. Identify negative consequences

Then, companies must take appropriate measures to identify potential and actual negative effects on human rights and the environment. This concerns our own activities, those of subsidiaries and, insofar as relevant to the value chain, to permanent business relationships.

The proposal therefore makes a clear choice for chain responsibility. Not the entire global chain without borders, but a relevant circle of activities and permanent business relationships. Whether a relationship is considered permanent depends on factors such as the intensity and duration of that relationship and whether that relationship represents an essential part of the value chain.

This is an important lesson for startups and scale-ups. Those who are structurally part of a larger party's value chain become more legally relevant than just a random contractor. The permanence of the relationship counts.

3. Prevent, limit and terminate

When risks or actual adverse effects have been identified, companies should take appropriate measures to prevent or mitigate potential effects and to eliminate actual effects. If complete termination is not possible, the company must limit the extent of those consequences.

In doing so, the proposal distinguishes between potential and actual consequences. Potential consequences include drawing up and implementing a prevention plan, making contractual agreements, making necessary investments, supporting SME relationships when compliance would otherwise jeopardize their viability, and collaborating with other entities.

In case of actual consequences, it goes further. Then a correction plan must also be used and the company may be obliged to neutralize or limit the consequences, for example through compensation.

A striking nuance is that the proposal talks about consequences that have been or should have been identified. This increases the pressure on the quality of the identification process. Bad due diligence cannot therefore be easily repaired by saying that a risk was simply not seen.

4. Set up a complaints procedure

Companies should also set up a complaints process for justified concerns about negative consequences in their activities, subsidiaries and value chains. People who are or may be affected, employee representatives and social organizations should be able to make use of this.

This obligation shows that due diligence is not just internal. External signals are given a formal place. This also makes the subject more sensitive to escalation. A complaint is no longer just an operational issue, but potentially the beginning of supervision, remedial action or civil liability.

5. Monitors or measures work

Policies and measures should be reviewed periodically for effectiveness. In any case, this happens annually and more often when there are reasonable grounds to assume that new significant risks exist. Due diligence is therefore not a one-off exercise, but a cyclical process.

This is familiar to companies in a growth phase. As a company scales up faster, enters markets or changes the supply chain, so do the risks, and the proposal matches this by requiring continuous evaluation.

6. Communicating about due diligence

Finally, companies must communicate about due diligence. For companies that already fall under sustainability reporting, this runs through the relevant reporting frameworks. For other companies, they must communicate about this via an annual report on their website.

Here, too, the message is clear: policy without documentation is insufficient. Companies must not only act, but also make that action known and verifiable.

Contracts are becoming an important tool of control

One of the most practical parts of the proposal lies in the contractual effect on business relationships. Companies must negotiate contractual guarantees from direct business relationships that they comply with the code of conduct and prevention plan. This should also promote the implementation of similar guarantees further down the chain.

This so-called contractual cascading is extremely relevant in practice. Large companies will translate part of their due diligence obligations into contracts with suppliers, manufacturers, distributors and other chain partners. In concrete terms, for startups and scale-ups, this means that standard terms and conditions, supplier agreements and compliance provisions can become more stringent.

It is important, however, that the proposal does not only focus on downward pressure. If an SME should run into problems due to compliance, the larger company must provide support in certain cases. Contract conditions towards SMEs must also be fair, reasonable and non-discriminatory. And when compliance control takes place in an SME relationship, in principle, its costs should not simply be transferred to that smaller party.

At the same time, the stick behind the door is sturdy. If negative consequences cannot be prevented, terminated or sufficiently limited, a company must refrain from entering into or extending the relationship. In serious cases, temporary suspension or termination of the business relationship may be appropriate.

This is a harsh reality for young companies. This makes chain position not only commercially relevant, but also in terms of compliance. A startup that does not have answers to questions about its processes, suppliers or risk management can simply become too great a legal risk for larger customers.

Governance and supervision will have a heavier sustainability role

The proposal is not limited to operational due diligence. It also touches on corporate governance. For EU companies, it clarifies the role of directors and supervisory directors. When acting in the company's interests, they must take into account the short, medium and long term consequences of their decisions for sustainability aspects, including human rights, climate change and the environment.

This is legally interesting, because the proposal does not define sustainability as a completely separate goal, but links it to the performance of company management. This explicitly makes sustainability part of the administrative consideration.

This is extra relevant for Dutch practice because directors and supervisory directors already operate within open standards. The proposal therefore appears not only to introduce a compliance obligation, but also to strengthen the argument that sustainability aspects are part of careful decision-making.

In addition, the proposal states that directors and supervisory directors are responsible for setting up due diligence and monitoring compliance. This means that this topic cannot be safely delegated to just a sustainability officer or legal counsel. The board must be demonstrably on top of this.

Strategy and climate plan: sustainability moves to the core of the company

Perhaps even more important than the administrative duty of care is that the proposal also intervenes directly on strategy. Certain companies must establish a plan to ensure that their business model and strategy are compatible with the transition to a sustainable economy and with limiting global warming to 1.5 °C.

If climate change poses a relevant risk or impact for the company, that plan must also include reduction targets. In addition, this must be taken into account in the case of variable remuneration, insofar as that remuneration is linked to the contribution of directors or supervisory directors to strategy, long-term interests and sustainability.

In doing so, sustainability is moving from a precondition to a strategic benchmark. Not only whether risks are being mitigated somewhere in the chain, but also whether the business model and the chosen course are compatible with it.

This is a relevant signal for startups and scale-ups, even if they are not directly covered by the scheme yet. Investors, larger customers and future buyers will increasingly want to know how a company connects its growth strategy, chain choices and climate impact. Especially for tech companies that are rapidly internationalizing or are dependent on international suppliers, this can become a commercial precondition rather than a purely legal issue.

Supervision, fines and liability

The proposal does not opt for voluntary compliance. Member States must appoint one or more supervisors to monitor compliance with obligations. These supervisors will have powers, among other things, to request information, carry out investigations, impose corrective measures and issue fines.

It is also important that complaints or well-founded objections can play a role in supervision. Anyone who has objective reasons to believe that a company is not complying with its obligations can bring this to the attention. This makes the proposal sensitive to signals from stakeholders, social organizations and other stakeholders.

In addition to administrative enforcement, the proposal also includes a civil law component. Companies can be held liable for damage if they have failed to fulfil their obligations to prevent, limit or terminate adverse consequences and damage has occurred as a result. Ultimately, this makes due diligence not only a policy or governance issue, but also a liability risk.

For contractual chains, it is still relevant that the provision of contractual guarantees can in principle protect against liability for damage caused by indirect, permanent business relationships. But that is not a license. Contracts only help if the company seriously fulfills its wider obligations.

Why this proposal is also relevant for startups and scale-ups

The immediate target group of the proposal consists mainly of larger companies. Nevertheless, the relevance for startups and scale-ups is real and often practical. There are three reasons for this.

First, the scheme works through the chain. Those who deliver to a large company may face codes of conduct, questionnaires, contractual guarantees, controls and recovery obligations. This also applies if you do not exceed the threshold values yourself.

Secondly, sustainability shifts towards governance and strategy. For growth companies that raise capital, expand internationally or work towards an exit, it is increasingly important to be able to show how risks in the chain are managed and how those considerations are administratively embedded.

Thirdly, legal sensitivity is increasing. Where sustainability used to be in the realm of reputation and stakeholder management, here we see a model emerging in which governance, contracts, supervision and liability come together. For founders and management teams, that means that sustainability is not only a story for the pitch deck or website, but also for the boardroom, supplier documentation and internal policy.

At Startup-Recht, we see that young companies in particular benefit from thinking about these questions early. Not because every startup will fall under a European due diligence regime tomorrow, but because mature contract parties and investors increasingly expect the basics to be in order.

Lastly

The European directive proposal for due diligence in the field of sustainability marks a clear shift. Companies must not only report on sustainability, but also demonstrably act on risks in their own organization, subsidiaries and relevant value chain.

For large companies, this means an extensive compliance and governance issue. For startups and scale-ups, it mainly means raising the bar in the chain. Those who work in a timely manner on clear policies, good contract agreements, insight into business relationships and administrative assurance will soon be legally and commercially stronger.

‍