Practical Considerations to Enhance Legal Certainty of the CS3D

A2 and Paul Hastings have collaborated to develop a paper suggesting practical considerations for European regulators as they seek to finalize the terms of the Corporate Sustainability Due Diligence Directive (CS3D). The overarching challenge is how to balance the breadth of voluntary business and human rights standards with the certainty needed for effective law. We focus on three core elements of this challenge: (i) the definition of the wrongs that business must address; (ii) the scope of the value chain to consider; and (iii) the structure of civil liability. For each element, we explore the material uncertainties in the current drafts and suggest several considerations for regulators effectively to balance the CS3D’s need for legal certainty with the aim of translating the UN Guiding Principles on Business and Human Rights into law.

We copy below the paper’s Executive Summary. The full paper is linked at the end.


Since the UN Human Rights Council’s endorsement of the Guiding Principles on Business and Human Rights (“Guiding Principles”)[1] in 2011, governments have attempted different routes to regulate business-related human rights impacts across borders. The Guiding Principles, however, are not designed to be law. As Professor Ruggie and John Sherman have cautioned: “how human rights due diligence is translated into legislation and regulation is an iterative process that flows from the Guiding Principles but requires far more contextual and textual specificity.”[2]

In the iterative process of making voluntary standards enforceable, regulators across jurisdictions have generally sacrificed the Guiding Principles’ breadth for enforceable legal precision. That may now be changing with the EU Draft Corporate Sustainability Due Diligence Directive (CS3D or “Directive”)—the latest and most ambitious effort to translate the Guiding Principles into law. The Directive’s specific terms are in flux. Distinct EU institutions have published five different proposals in the last 20 months.[3] All of the proposals pursue a shared and noble end: building a more level playing field of legal corporate human rights accountability.

Achieving these aims, however, depends on the law itself being enforceable, which brings to the fore the central challenge facing regulators—how to draw the right balance between scope and precision. This paper seeks to wrestle with three key elements of the CS3D central to navigating the inherent tension between breadth of scope and certainty of expectations. First, what are the wrongs the Directive regulates? Second, how far does the scope of any business’s responsibility to address those wrongs extend? Third, how can we ensure that enforcement is practical, proportionate, and just?

Each of these challenges is nuanced and complex. We suggest some key considerations to help regulators in finding a balance that is legally certain and practically meaningful for stakeholders.

Challenge 1: What is an Adverse Impact?

The shared aim of all three CS3D drafts is to prevent, address and remedy “adverse impacts” on human rights and the environment. (Parliament’s Common Position would also add “good governance” to the CS3D’s substantive scope.) The certainty challenge in defining the wrongs under the CS3D is tripartite. First, for most international human rights, there is no law establishing the legal responsibilities of business as distinct from states. Second, there is no authoritative method to translate human rights instruments into the private context. Third, threshold: there is no clear distinction between legitimate and “adverse” impacts. (Further details at pp. 914.)

Key Considerations for Regulators

We suggest four considerations to help bring legal certainty to the Directive. The first three options below are alternatives to address the uncertainty in the current CS3D drafts regarding the breadth of relevant rights; they are ordered from narrowest to broadest in scope. The fourth consideration concerns threshold and is relevant no matter which scope regulators select.

  1. Scope Option 1: Limit the scope to a narrow range of harms. Given the inherent uncertainty of international human rights in a private context, a more tailored Directive—focused on a limited array of defined harms—may prove more effective in the long-term in driving consistent and meaningful benefits for stakeholders. (Further details at 12–13.)
  2. Scope Option 2: Ground the scope in the European Convention of Human Rights. If it is to be broader, the CS3D should be built around European constitutional law and accompanying jurisprudence rather than seeking to incorporate a multitude of international human rights instruments. (Further details at 13.)
  3. Scope Option 3: Develop principles to translate international human rights from a public to a private context. If the Directive aspires to incorporate all international human rights, we recommend drafting a general provision with an overarching method to translate international human rights responsibilities into a private context. (Further details at 13–14.)
  4. Set a clear and reasonable threshold for when an impact on a right is “adverse” to avoid unbridled scope. We suggest beginning with the OHCHR guidance and adding a modifier such as “significantly,” “materially” or “substantially” to focus on meaningful infringements. (Further details at 14.)

Challenge 2: Scope of Value Chain

The second certainty challenge relates to the extent of a business’s responsibility across its value chain. The CS3D drafts each endeavor to mirror the Guiding Principles’ scope in defining the corporate value chain for which any business is responsible. The certainty challenge raised by this value chain scope is more practical than conceptual. Few (if any) companies—particularly large enterprises—could identify more than a fraction of the entities in, and stakeholders affected by, a corporate value chain as envisioned in the Guiding Principles and CS3D. The challenge gets exponentially more complex in sub-tier or indirect value chains because identifying the relevant entities depends on the cooperation of all the entities in all prior tiers. Commercial reality imbues the CS3D with the risk of arbitrariness because of the implausible assumed knowledge underpinning company expectations. (Further details at pp. 14–20.)

Key Considerations for Regulators

We suggest five considerations to help bring legal certainty to the Directive.

  1. Scope Option 1: Limit the scope to focus on critical elements of corporate supply chains. Section 1502 of the Dodd-Frank Wall Street Reform and Consumer Protection Act, regarding conflict minerals, provides a model: covered metals and minerals must be “necessary to the functionality or production of a product.” (Further details at 18.)
  2. Scope Option 2: Consider proximity-tiered responsibilities to enable targeted and effective human rights due diligence. The LkSG provides a helpful model, with company responsibilities calibrated by presumed proximity and control, in three categories: a company’s own operations and subsidiaries; direct suppliers; and indirect suppliers. If the CS3D is to be more closely modeled on the Guiding Principles, proximity tiers should track established legal concepts, falling into two categories (i) cause (inherently capturing contribution) and (ii) material benefit. (Further details at 18–19.)
  3. Include a clear risk-tiering formula to enable principled prioritization. No matter how the CS3D brings scope certainty, it should also include clear and prescriptive guidance on how companies are expected to prioritize risks based on “salience” for identification and response. (Further details at 19.)
  4. Be precise regarding what reasonable assessment steps entail. Those should not be highly formulaic, as different assessment activities will be appropriate in different sectors and circumstances. They should be commensurate with the level of risk identified, such that the higher the yield from the formula used to identify salient risks and their likelihood of occurrence, the more in-depth the assessment. (Further details at 19–20.)
  5. Avoid disincentivizing rigorous due diligence. Tying due diligence responsibilities to what a company “should have identified” is reasonable. But tying responsibility to actual knowledge could inhibit innovation to develop best-in-class due diligence. The CS3D could address this challenge by: (i) tracking the Guiding Principles in removing reference to knowledge as a requirement of responsibility and liability; (ii) removing reference to actual knowledge—while keeping presumed knowledge—as a determinant of company responsibility; or (iii) creating a safe harbor for actual knowledge gained through due diligence that substantially exceeds peer practice. (Further details at 20.)

Challenge 3: Liability and Enforcement

From the perspective of driving alignment with the Guiding Principles, the structure of civil liability regimes is thorny for two reasons. First, as a matter of substance, there is no international tort law; nor is there a recognized tort of violating international human rights norms in EU law. Conventional tort law is thus tied to the law in the place of injury or wrongdoing and is materially distinct from international human rights law. Second, as a matter of scope, conventional tort regimes generally base corporate liability on fault, proximity, and causation. The Guiding Principles are inherently far more expansive, extending corporate responsibility extraterritorially and through unrelated corporate entities. Creating a civil liability regime that matches the scope and intent of the Guiding Principles while aligning with established tort principles is a herculean, and perhaps impossible, task. (Further details at pp. 20–25.)

Key Considerations for Regulators

We advance four key considerations for regulators. The first concerns the right structure to balance legal coherence, precision, and practicality with the CS3D’s desired scope. The next three concern effective implementation to avoid embedding perverse incentives in law.

  1. Omission liability that stretches across corporate value chains and across the globe is inherently unpredictable. A calibrated combination of causal and vicarious liability could address the certainty challenge while maintaining the CS3D’s value chain scope. It would be comprised of four elements: (i) liability for harms caused by the business and subsidiaries; (ii) vicarious liability for benefiting from harms by value chain entities; (iii) a reasonable due diligence defense; and (iv) remedy focused on restitution. (Further details at 23–24.)
  2. Specialized courts or administrative bodies should be empowered to assess corporate due diligence. Applying and implementing the CS3D’s accountability expectations will be an arduous task. Building that capacity in national or EU-level centers of expertise—administrative or judicial—will be essential to drive consistent improvements in corporate responsibility. The more dispersed such expertise and interpretive authority, the more likely it is that uncertainty will creep into practice, possibly leading to market fragmentation. (Further details at 24.)
  3. Civil and administrative liability regimes should be harmonized for efficiently delivering remedy to injured stakeholders. The challenge with dual liability regimes—administrative and civil—related to the CS3D is that companies may face parallel and overlapping claims in multiple jurisdictions for the same failure, while stakeholders will be left to shop for jurisdictions and venues, fueling divergent jurisprudence. (Further details at 24.)
  4. Liability structures should incentivize best-in-class due diligence and direct attention to laggards rather than the most prominent brands. Removing actual knowledge as a determinant of responsibility could help address this risk. In addition, the CS3D might consider offering benefits to companies that can demonstrate that their human rights due diligence in general substantially exceeds peer practice. (Further details at 24–25.)

[1]    John Ruggie (Special Representative of the Sec’y-Gen. on the Issue of Hum. Rts. & Transnat’l Corps. & Other Bus. Enters.), Guiding Principles on Business and Human Rights: Implementing the United Nations “Protect, Respect and Remedy” Framework, U.N. Doc. A/HRC/17/31, annex (Mar. 21, 2011).

[2]   John Gerard Ruggie & John F. Sherman III, The Concept of ‘Due Diligence’ in the UN Guiding Principles on Business and Human Rights: A Reply to Jonathan Bonnitcha and Robert McCorquodale, 28 Eur. J. Int’l. L. 921, 926 (2017).

[3]   EU Parliament has released three of these. As detailed below, we treat the last of these—Parliament’s Common Position from June 2023—as superseding the others. See infra note 18.