Business and human rights laws: CS3D and other important developments

Norton Rose Fulbright discuss the much-anticipated CS3D/CSDDD and how it will become the centrepiece of business and human rights laws in various jurisdictions.


Following a protracted legislative process, the much-anticipated EU Corporate Sustainability Due Diligence Directive (CS3D or CSDDD) was formally approved by the European Parliament in April. It will join a number of other laws around the world which require companies to conduct human rights and environmental due diligence (HRDD or HREDD) and report publicly on human rights impacts linked to their business operations and value chains.

While they vary in scope, these laws present an unprecedented compliance obligation for businesses, in circumstances where non-adherence may, depending on the law, lead to potential civil liability or regulatory enforcement action. Beyond these legislative requirements, companies globally face increased pressure from shareholders, financiers, customers and other counterparties to implement human rights policies and procedures.

The global picture

Once enacted, CS3D will become the centrepiece of business and human rights laws in various jurisdictions that include disclosure requirements, mandatory due diligence laws, and import bans:

1. Disclosure laws require companies to report publicly on human rights risks linked to their businesses and value chains and steps taken to address them. They may apply to specific issues, such as the UK, Canadian and Australian modern slavery laws, or form part of a broader set of sustainability disclosures, as seen in the EU Corporate Sustainability Reporting Directive.

2. Import bans have increased in prominence, notably in the US where Customs and Border Protection now frequently exercises statutory powers to prohibit the importation of products into the US on the grounds of forced labour concerns. The EU is set to enact similar legislation, with the EU’s legislative bodies reaching provisional agreement on the proposed Forced Labour Regulation in March.

3. Mandatory due diligence laws have risen to prominence in Europe, with a number of states including France (Loi Vigilance), Germany (Lieferkettensorgfaltspflichtengesetz), and Norway (Transparency Act) enacting such legislation. However, legislative proposals are also under consideration in other jurisdictions including South Korea. These laws differ in terms of specific requirements, but all oblige companies to take steps to identify how they may adversely impact rights-holders through their own operations and business relationships, and to implement measures to prevent or mitigate such impacts. At least within the EU, national HRDD legislation is likely to be harmonised by CS3D.


CS3D will oblige all EU Member States to adopt laws imposing HRDD obligations on certain EU and non-EU companies. The core focus of CS3D’s requirements is on identifying and limiting the human rights and environmental impacts of a company’s operations, and those of its subsidiaries and value chains.

Following its approval by the EU Council on 15 March 2024 and EU Parliament on 24 April, CS3D’s requirements will become binding on larger companies from 2027, with a subsequent extension to smaller companies. Once fully implemented, CS3D will apply to EU companies with more than 1,000 employees and a worldwide turnover of more than EUR€450m, and non-EU companies with a turnover of more than EUR€450m generated in the EU.

In-scope companies will be required to implement HRDD measures extending to their ‘chain of activities’, which includes the company’s own operations, as well as the activities of its ‘upstream’ business partners (related to the production of goods or the provision of services) and ‘downstream’ business partners (but only concerning the distribution, transport, and storage of products for or on behalf of the company).

CS3D also requires companies to adopt and put into effect a climate transition plan which aims to ensure, through best efforts, that the business model and strategy of the company are compatible with the limiting of global warming to 1.5 °C in line with the Paris Agreement.

A company that fails to meet its due diligence obligations under CS3D may face regulatory enforcement and/or civil liability, though importantly a company would not incur civil liability for ‘damage’ caused only by a business partner. Further, while CS3D prescribes potentially significant financial penalties of up to 5% of a company’s net worldwide turnover, any fine would need to take into account factors such as the gravity of the infringement and severity of impacts, as well as whether the company has taken remedial action.

Other EU legislation

Beyond CS3D, businesses in the EU or trading with EU counterparties need to respond to an array of distinct HRDD requirements imposed by other laws that apply in specific contexts and to individual sectors.

Notably, the Conflict Minerals Regulation, Batteries Regulation and Deforestation Regulation set out HRDD requirements within broader supply chain due diligence obligations that apply to companies placing products on the EU single market. While the Conflict Minerals Regulation entered into force in 2021, both the Batteries Regulation and Deforestation Regulation take effect in 2024, in February and December respectively.

The EU Critical Raw Materials Act, adopted by the EU Council in 2024, proposes a framework for strategic projects which may benefit from streamlined permitting and access to finance. One criterion for recognising a project as ‘strategic’ is whether it can be implemented sustainably, including concerning human rights.

Future developments

Many multinational companies have implemented and will continue to enhance HRDD programmes in response to various laws that may apply to entities in their corporate groups, as well as to give effect to their own voluntary human rights commitments. The global legal landscape continues to evolve; South Korea and the UK are amongst the jurisdictions where mandatory HRDD legislation has been proposed.

As far as the UK is concerned, the scope of any new due diligence requirements – and whether these will come in the form of amendments to the UK Modern Slavery Act or fresh legislation – will likely depend on the outcome of the general election, anticipated in late 2024.

While CS3D will largely harmonise existing EU HRDD obligations and serve as a point of reference for other countries looking to enact similar legislation, it is critical that companies take steps to assess the specific obligations of each law which may apply to them. Failure to understand the overlaps and divergences which exist in terms of the differing legislative requirements may present liability risks.