European Parliament votes to adopt Omnibus proposal amending CSRD and CS3D

EU Corporate Sustainability Reporting Directive (CSRD)

• Scope: The adopted proposal will increase the application thresholds of CSRD to companies with over 1,750 employees and €450 million net turnover. This is a significant increase, compared to the current thresholds which are set at €50 million in net turnover, €25 million on the balance sheet and 250 employees. For context, the original Omnibus proposal, which raised the employee threshold to 1,000 and excluded SMEs, was estimated to exclude 80% of companies from the scope of CSRD, and these amendments would expand this reduction even further.
• The amendments would also exempt parent financial holding companies which act only as holding companies, without being involved in the management of other undertakings and which do not have any EU subsidiaries with an operating business.
• Where a company has recently acquired a previously out-of-scope subsidiary it will have a 24-month transition period before being required to integrate such subsidiary’s information into its consolidated sustainability report.
• Limit on seeking information: Companies will be prohibited from seeking to obtain information from undertakings in their value chain which have less than 1,750 employees and a net turnover of €450 million, except for the information to be specified in the sustainability standards for voluntary use. The Commission will be required to adopt these standards by delegated act within four months after the Omnibus Directive enters into force.
• However, this prohibition will not apply to information requests made for purposes other than CSRD reporting, including other EU laws requiring due diligence. In this way, the prohibition will not limit companies’ ability to continue their supply chain due diligence for the purposes of, for example, the EU Deforestation Regulation (EUDR) or the EU Forced Labour Regulation (EUFLR).
• Inability to obtain information: Where a company cannot obtain information regarding its value chain because “the legal framework of a third country prevents a business partner to do so”, the company shall inform the relevant supervisory authority, which will in turn inform the Commission. In this case, the company should (where possible) replace the missing information with a “default value, which represents an estimation of the average value for an indicator for a specific country and sector”.
• The relevant sustainability reporting standards (the European Sustainability Reporting Standards or ESRS) should take account of the difficulties that undertakings may encounter in gathering information from actors throughout their value chain, especially those that are not subject to CSRD, or based in emerging markets and economies. Undertakings in the value chain may also choose to use a template for reporting sustainability information.
• The proposed amendments include a requirement that an auditor’s opinion is prepared “in full respect of the possibility” that undertakings in the value chain may omit to provide information in exceptional cases where “an undertaking established under legislation of a third-country could be sanctioned due to third-country legislation simply by transmitting sustainability data”.

EU Corporate Sustainability Due Diligence Directive (CS3D)

• Scope: The amendments adopted would increase the thresholds that determine which companies are caught by CS3D to:
  • EU companies with more than 5,000 employees and a net worldwide turnover of more than € 1.5 billion; and
  • Non-EU companies with more than €1.5 billion in net turnover in the EU.
• It is worth noting that the increases to the CSRD thresholds proposed by the original Omnibus were aimed at aligning them with the existing CS3D thresholds, so that the same companies would be caught by both Directives. However, this new proposal would move away from alignment by not only significantly raising the CSRD thresholds (as noted above), but also raising the CS3D thresholds even further.
• Risk-based assessment: CS3D requires companies to identify and assess actual or potential adverse impacts. The proposed amendment would require this to consist of a risk-based approach taking account of risk factors such as “geographical and contextual risk factors, such as the level of law enforcement; sectoral, product or service risk factors” and “business operation or business partners risk factors”, including whether the business partner is covered by CS3D.
• For this risk-based assessment, the amendment describes a two-step process:
  • Step one: A scoping to identify general areas across the company’s own operations, subsidiaries and, where related to their chains of activities, those of their business partners where, based on reasonably available information, adverse impacts are most likely to occur and to be most severe.
  • It defines “reasonable available information” as information which can be obtained by the company from its own, or from existing or secondary sources without contacting a business partner. For this purpose, companies should not seek to obtain the information from their business partners but “rely solely on the information that is already reasonable available, including risk factors”.
  • Step two: Based on the results of the above scoping and where based on “relevant and verifiable information” the company has grounds to believe that adverse impacts have arisen or may arise, the company should carry out a further assessment “only in the areas” where the most severe and likely adverse impacts have been identified.
  • For this purpose, companies should not seek to obtain information from business partners “unless this is necessary”. Where a business partner has less than 5,000 employees, the company shall only seek such information as “a last resort” and where it could not reasonably be obtained by other means, such as “existing or secondary sources”. The information request shall be “targeted, reasonable and proportionate”.
  • Where such information can be obtained from more than one business partner it should be sought directly from the partner(s) “where the adverse impacts are most likely to occur”.
• The amendments propose that where companies still do not have the necessary information despite having taken appropriate measures to identify adverse impacts, “they shall be able to reasonably explain why such information cannot be obtained”. If the result is that they are not able to prevent, mitigate, bring to an end or minimise the adverse impact they “shall not be penalised”.
• Prioritisation: CS3D provides for the prioritisation of those impacts that are most severe and most likely, which aligns with the UN Guiding Principles on Business and Human Rights (UNGPs) on which the CS3D concept of due diligence is based. The adopted amendments would ensure that companies which are prioritising their most severe and likely adverse impacts under this provision are not “penalised”, either through regulatory action or civil liability, for “any harm stemming from any less significant adverse impacts that have not yet been addressed”.
• Temporary suspension: Where a business partner is associated with adverse impacts, the company can, as a “last resort”, temporarily suspend the business relationship. Where the business partner’s preventative or corrective action plan is reasonably expected to succeed, the “mere fact of continuing to engage with the business partner” should not expose the companies to regulatory or civil liability.
• A company will not be required to temporarily suspend a business relationship where, after consultation with relevant stakeholders, it has assessed that: (a) no available alternative to that business partner exists that could provide a “raw material, product or service essential” to the company; and (b) the suspension would cause substantial prejudice to the company or be manifestly more severe than the identified adverse impact.
• Corporate groups: Parent companies may carry out the due diligence obligations on behalf of their in-scope subsidiaries, although such subsidiaries would still be subject to regulatory oversight and potential civil liability.
• Where a company acquires a company that was not previously in scope, the acquiring company will have two years in which to integrate the processes of the purchased company into its own due diligence practices.
• Parent companies that are holding companies without involvement in management, operational or financial decisions affecting the group or any subsidiaries may be exempt, on condition that one of its EU subsidiaries is designated to fulfil the obligations.
• Removal of climate transition plans: The European Parliament adopted an amendment to remove Article 22 entirely, which relates to the adoption of climate transition plans. The original Omnibus proposal retained the provision but removed the requirement to put an adopted transition plan into effect.
• Harmonisation: In order to achieve harmonisation across the EU, the proposed amendments would prevent Member States from adopting laws that exceed the relevant due diligence obligations (so-called “gold-plating”).
• Dedicated digital portal: The proposal also introduced the establishment of a dedicated digital reporting portal to serve as a “one-stop-shop” for companies on templates, guidelines and information.

Next steps

The amended Directive has been referred to the Committee of Legal Affairs under Rule 60(4) of the European Parliament’s Rules of Procedure. It will need to pass through the trilogue process involving inter-institutional discussions and be adopted and published in the Official Journal of the European Union before any amendments to the existing CSRD and CS3D are to take effect.

Given that CSRD and CS3D are already enacted, the Commission urged Member States to accelerate the usual legislative timeframes for the Omnibus process. We will keep monitoring the developments.