On 24 April 2024, the European Parliament approved the Corporate Sustainability Due Diligence Directive ("CS3D"). This marks the end of a yearslong legislative process fraught with domestic and international political machinations at all stages of the negotiations. CS3D's scope also covers companies outside of the EU, including Swiss companies, subject to certain thresholds in revenue these companies generate in the EU.

SWISS COMPANIES CS3D COVERS

CS3D covers Swiss companies, if at least one of the following conditions is satisfied in two consecutive financial years:

  • In the financial year preceding the last financial year the Swiss company has generated net revenues in the EU in excess of EUR 450 million (art. 2(2)(a)).
  • The Swiss company is the ultimate parent company of a group that in the financial year preceding the last financial year has on a consolidated basis generated net revenues in the EU in excess of EUR 450 million (art. 2(2)(b)).
  • The Swiss company has entered into or is the ultimate parent company of a group that entered into franchising or licensing agreements with independent third parties within the EU in return for royalties, and these agreements ensure a common identity, a common business concept and the application of uniform business methods and the royalties within the EU amounted to more than EUR 22.5 million in the financial year preceding the last financial year, provided that the Swiss company generated or is the ultimate parent company of a group that generated a net turnover of more than EUR 80 million in the EU in the financial year preceding the last financial year (art. 2(2)(c)).

If the ultimate parent company is exclusively a holding company of shares in operational subsidiaries, it may apply for an exemption from the obligations under CS3D, provided that one of its subsidiaries established in the EU is designated to carry out these obligations. The holding company remains jointly liable with the respective subsidiary for the latter's failure to carry out these obligations (art. 2(3)).

BY WHEN COVERED SWISS COMPANIES MUST COMPLY

Swiss companies satisfying any of the above conditions have different times from the entry into force of CS3D by which they must comply with CS3D:

  • Three years (likely in the second half of 2027): Net revenue of EUR 1.5 billion in the EU.
  • Four years (likely in the second half of 2028): Net revenue of EUR 900 million in the EU.
  • Five years (likely in the second half of 2029): Companies or ultimate parent companies with EUgenerated royalties of EUR 22.5 million from franchising or licensing agreements, and companies and ultimate parent companies of a group with net revenue of EUR 450 million in the EU.

CS3D IS A DIRECTIVE, NOT A REGULATION

CS3D is a Directive, not a Regulation. It does not apply directly, but requires transposition into each EU Member State's domestic law. CS3D will enter into force twenty days from its publication in the EU's official journal. From the entry into force, EU Member States have two years for transposing CS3D into their respective domestic laws. This period will thus likely expire between end of May and mid-June 2026.

CS3D is of substandard quality in terms of its drafting and legislative technique. Its vagueness, its – in part material – deviations between different language versions, and its opaque interplay with other EU instruments and adjacent areas of law (e.g. data protection law, competition law, criminal law, civil procedure law) present domestic legislators with a significant challenge in the transposition process. Accordingly, there will be considerable legal uncertainty in the market in the years to come.

CHAIN OF ACTIVITIES

CS3D addresses the business activities of a company's upstream business partners related to the production of goods or provision of services by the company. It further addresses the business activities of a company's downstream business partners related to the distribution, transport and storage of the products for or on behalf of the company.

DUE DILIGENCE

CS3D requires EU Member States to ensure that covered companies conduct risk-based human rights and environmental due diligence. Such due diligence should cover the steps defined by the OECD Due Diligence Guidance for Responsible Business Conduct and requires, among others, identifying and assessing actual or potential adverse impact, preventing and mitigating potential adverse impact, remediating actual adverse impact, engaging meaningfully with stakeholders, establishing and maintaining a notification system and monitoring the effectiveness of their due diligence policy and measures.

Given that such due diligence will have touchpoints with data protection as well as competition laws, CS3D obliges Member States to ensure that companies may freely share information and resources within their group and other legal entities for the purposes of human rights and environmental due diligence, except where trade secrets in the sense of EU Directive 2016/943 are concerned. In such case a legal entity must not be obliged to disclose such information to a company conducting its due diligence under CS3D.

Companies must incorporate their due diligence obligations under CS3D into all areas of company policy and devise a strategy for ensuring compliance with their due diligence obligations. Such strategy must lay out the principles the company applies, also long-term, with respect to due diligence obligations, set forth a code of conduct, and contain a description of the process for implementing due diligence obligations, including measures for monitoring compliance with the code of conduct and the expansion of its application to established business relationships.

As part of preventing adverse impact, CS3D contemplates contractual assurances from a company's direct business partners that they will comply with the company's code of conduct and ensure that their business partners will do so as well. CS3D's German version obliges companies to obtain such assurances, whereas the French and the English version oblige companies merely to seek such assurances. Companies must supplement such assurances or the contract with measures appropriate to monitor the business partner's compliance. The EU Commission adopts guidelines for model contractual clauses. This has not happened yet. It is to be expected that industry associations will have a particularly active role in devising such model clauses. The interplay with applicable domestic and international contract law will present further challenges and require careful consideration and analysis in the choice of contractual instruments and their drafting.

As part of remediation, companies must neutralize or mitigate actual adverse impact, among others by paying damages to affected individuals and communities. Such financial compensation must be proportionate to the extent of the adverse impact and the contribution of the company's conduct to the adverse impact. Companies must further establish plans for corrective action setting forth specific means and specific timetables for implementing such measures. Also in this context CS3D contemplates contractual assurances from the company's direct business partners as described above. With respect to potential negative impact that cannot be remediated or mitigated, the company must not enter into new business or expand existing business with partners causing the impact. As far as applicable law allows, the company must suspend business with such partners and terminate the relationship in case of severe adverse impact. EU Member States must ensure that their respective domestic law provides for corresponding suspension and termination rights.

Finally, EU Member States must ensure that companies provide for a notification system allowing potentially affected individuals and stakeholders to file complaints with the respective company. Companies must establish procedures to handle complaints, including procedures to inform the relevant employees and unions in case it finds the complaint unfounded.

SMALL AND MEDIUM SIZED BUSINESSES

CS3D does not directly cover small and medium sized businesses ("SME"). However, as part of a covered company's value chain they may be subject to a company's due diligence measures and may provide contractual assurances to companies that they will comply with such companies' respective codes of conduct.

Under CS3D it is part of a company's due diligence obligations to provide targeted and proportionate support to SME with whom they have established business relationships, if compliance with the company's code of conduct would otherwise overburden the SME. Furthermore, where a company seeks or obtains contractual assurances from an SME or contracts with an SME, the conditions of such assurances and contracts must be fair, reasonable and non-discriminatory. Where a company audits an SME's compliance with such company's code of conduct, the company must bear the costs for any thirdparty auditor.

LIABILITY OF COVERED COMPANIES

CS3D provides for a regulatory and civil liability regime.

SUPERVISORY AUTHORITIES AND COMPANY REPRESENTATIVE

EU Member States must designate a supervisory authority competent to monitor companies' compliance with their due diligence obligations. CS3D states that existing authorities supervising financial institutions may be designated for the purposes of CS3D. EU Member States must ensure that natural persons and legal entities are entitled to submit substantiated concerns to any such authority when they have reason to believe that a company fails to comply with domestic provisions adopted in the transposition of CS3D.

EU domiciled companies that CS3D covers are subject to the supervision of the authority in the EU Member State where they have their registered seat. For Swiss companies the competent supervisory authority is that of the EU Member State where such Swiss companies have affiliates. In case a Swiss company has no affiliates or several affiliates across several EU Member States, the competent supervisory authority is that of the EU Member State where the Swiss company generated the greatest net turnover. In case a Swiss company's greatest EUgenerated net turnover is generated in different EU Member States between financial years, the Swiss company may file a request to the previously competent supervisory authority to be subjected to the supervision of the authority in the EU Member State where the Swiss company now generates its greatest net turnover.

EU Member States must provide their respective supervisory authorities with adequate powers and resources to carry out investigations into companies regarding their compliance with their obligations under CS3D, including investigations of their own motion. Should such investigations reveal compliance failures, the authorities will have a range of instruments to address such failures, including agreeing with the company on a remedial action plan, making direct orders and imposing penalties.

Conversely, Swiss companies must designate a legal or natural person as its authorized representative established or domiciled in one of the EU Member States where the Swiss company operates.

REGULATORY PENALTIES

Supervisory authorities may impose penalties on companies in case of failure to comply with domestic provisions adopted in the transposition of CS3D. This includes pecuniary penalties. Such penalties must be effective, proportionate and dissuasive. Among the factors to be considered in determining the specific penalty is the financial benefit a company gained from the failure to comply. CS3D provides that pecuniary penalties shall be based on the company's net worldwide turnover, with the maximum penalty being not less than 5% of the company's net worldwide turnover in the financial year preceding the authority's decision.

Any decision by supervisory authorities imposing a penalty must be published, remain publicly available for at least five years and must be submitted to the European Network of Supervisory Authorities. The published decision shall not contain any personal data within the meaning of article 4(1) of the General Data Protection Regulation (Regulation 2016/679). Consequently, the name of the fined company will be made public, but not the names of relevant individuals.

CIVIL LIABILITY

In addition to regulatory penalties imposed supervisoryby authorities, companies CS3D covers are exposed to civil liability towards individuals and legal entities in case companies

  • breach their obligations to prevent potential adverse impact or remediate actual adverse impact;
  • the impacted right, prohibition or obligation listed in Annex 1 to CS3D is aimed at protecting the plaintiff individual or legal entity;
  • the company's compliance failure was intentional or negligent; and
  • there is a damage to the plaintiff individual or legal entity as a result of the company's compliance failure.

In case of such liability there must be full compensation under the applicable domestic law. CS3D explicitly excludes means of punitive, multiple or other types of damages.

EU Member States may subject such damages claims to limitation periods. However, limitation periods must not be shorter than five years and shall not begin to run before the company's infringement has ended and the plaintiff knows or can reasonably expected to know of

  • the behavior;
  • the fact that the behavior constitutes an infringement;
  • that the infringement caused harm to the plaintiff; and
  • the identity of the infringer.

Under CS3D there is no liability of companies for damages, if the damage was caused only by its business partners in its chain of activities. Conversely, civil liability of a company under CS3D's liability regime is without prejudice to the civil liability of the company's subsidiaries and any of its direct and indirect business partners in the company's chain of activities. In case of joint causation, companies, their subsidiaries as well as their direct and indirect business partners will be jointly and severally liable, but without prejudice to domestic rules on the conditions for joint and several liability and recourse claims.

CS3D clarifies that its liability regime shall not limit companies' liability under EU or EU Member States' legal systems and shall be without prejudice to other civil liability causes of action available to plaintiffs in case of adverse human rights impacts or adverse environmental impacts that provide for liability in situations outside of CS3D's scope or for stricter liability than CS3D. Further, CS3D requires Member States to ensure that its domestic provisions transposing its article on civil liability are of overriding mandatory application where the law applicable to claims is not the law of an EU Member State.

Procedurally, EU Member States must ensure that the plaintiff may authorise a stakeholder to bring the claim on its behalf. These may include trade unions, non-governmental human rights or environmental organisations and national human rights organisations per the relevant domestic law. All of this is, however, subject to domestic rules of civil procedure.

In terms of evidence supporting civil claims, EU Member States must ensure that plaintiffs are only required to bring a reasoned justification containing reasonably available facts and evidence sufficient to support the plausibility of the claim. Courts must be able to order production of evidence that is in the control of the defendant company, but such production order shall be limited to what is necessary and proportionate to support a claim for damages. Courts shall prevent non-specific searches for information unlikely to be of relevance. Yet, courts may order the disclosure of evidence containing confidential information where they consider it relevant to the action for damages. EU Member States must ensure that there are effective measures available to courts to protect such information.

SUMMARY

CS3D brings significant changes for Swiss companies operating in the EU both in terms of their operations as well as their regulatory and civil liability as well as reputational risk landscape. Legal uncertainty will feature prominently during the transposition processes within the individual EU Member States as well as subsequently in determining the compliance of domestic laws with CS3D's requirements and the interpretation and application of such domestic provisions.

Given current operational practices in many Swiss companies, however, it will in many instances not be necessary to start from scratch. First, companies subject to the Swiss due diligence and transparency obligations in relation to minerals and metals from conflict-affected areas and child labour (cf. art. 964j ff. of the Swiss Code of Obligations and the respective Ordinance) have established or are in the process of establishing a due diligence process as well as e.g. a whistleblower system that is similar to the requirements of CS3D. Second, most large Swiss companies have already set-up and published a code of conduct, typically setting forth whistleblower systems. Swiss companies subject to the due diligence and transparency obligations regarding conflicts minerals and child labour are further also required to include their supply chain policy in contracts and agreements with suppliers. Additionally, many Swiss companies also require their direct business partners to comply with their codes of conduct and to pass them along the supply chain on a voluntary basis.

That being said, experience also shows that in particular existing codes of conduct are often phrased rather generically in terms of the supplier's obligations and are light on legal consequences in case of breach. Supply agreements also often do not set forth particular measures for enforcement of codes of conduct or supply chain policies. Similarly, codes of conduct, supply chain policies and supply agreements frequently are silent or only vague on remediation measures to be taken by the business partner in case of breach. In these respects CS3D brings the need to review company policy documentation, contract templates and standard terms of sale and purchase as well as general instructions to business partners regarding company human rights and environmental protection policies.

Of particular note for immediate action is CS3D's requirement to seek contractual assurances from direct business partners and agreeing on measures to monitor and enforce compliance. The negotiating and drafting of such assurances will always have to be made against the backdrop of the applicable contract law, which may diverge considerably in terms of freedom and flexibility the parties enjoy. This applies in particular to standard terms and conditions, penalty and liquidated damages clauses and termination rights.

Swiss law provides particular broad latitude to companies in drafting their contracts and hardly ever interferes with standard terms and conditions (in stark difference to, e.g., German law). The choice of Swiss law will therefore often provide the greatest amount of legal certainty in terms of the validity of the terms agreed, especially in standardized contractual documents, as will typically be used against the backdrop of CS3D's requirements. Whether the exclusion of the 1980 United Nations Convention on Contracts for the Sale of Goods is advisable in a particular situation must be assessed carefully under the circumstances of the specific business relationship. Where parties fail to agree on the required assurances, the company will have to be able to demonstrate that it made serious endeavors to obtain the assurances as envisaged in CS3D.

To ensure proper application of terms drafted under Swiss law, a forum selection clause designating Swiss courts (the cantons of Aargau, Berne, St. Gall and Zurich have introduced commercial courts), or an arbitration clause providing for a Swiss seat and composition of the tribunal with Swiss based arbitrators is advisable. Whether in a given case state court litigation or arbitration is the preferable way of dispute resolution in turn depends on the circumstances of the specific business relationship. The same applies to the use of mediation and multi-tiered dispute resolution clauses.

Finally, Swiss companies' exposure to regulatory and civil liability as provided for in CS3D brings financial and reputational risks. The cross-border cooperation with EU authorities in the course of their potential investigations will face similar challenges as in the past, in particular with respect to Swiss blocking statutes and business secrecy protection.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.