Begüm Kilimcioğlu and Ann-Charlotte Neumann

First Prevent, then if You Can’t, Remedy!

Taking a Closer Look at the Prevention and Remediation Mechanisms of the Corporate Sustainability Due Diligence Directive and the Loi de Vigilance 



About the authors: Begum Kilimcioğlu has completed her bachelor’s degree in law at Istanbul University, Faculty of Law. She is a nonpracticing lawyer of the Istanbul Bar Association. At the moment, she is working as a Phd researcher at University of Antwerp under the supervision of Prof. Thalia Kruger and Research Ass. Prof. Gamze Erdem Turkelli on investigating the use of private law tool in preventing human rights impact of environmental harms in global value chains in the extractive sector. She is affiliated with the Research Groups Law & Development and Personal & Property Rights. 

Ann-Charlotte is a law graduate in the field of European and International Law. She studied law at the University of Potsdam and specialized in the field of business and human rights as part of her LL.M. and wrote her master’s thesis under the supervision of Professor Dr Andreas Zimmermann on the topic of a Sustainability Due Diligence Directive and its relation to the national law of the member states. Simultaneously, she studied at the Université Paris-X (Nanterre), where she obtained her Bachelor’s degree, as well as her Master’s degree in French law. In Paris, she also focused on the topic of sustainable corporate governance and wrote her thesis on the constitutionality of the French due diligence law (Loi de Vigilance, 2017). She then worked in two consulting agencies in Berlin and Paris on the topic of business and human rights. 




The business & human rights world is shifting from voluntary company efforts to mandatory obligations for corporations to prevent, mitigate and/or remedy (possible) human rights violations across their operations and value chains. Spearheaded by France in 2017, followed by Germany in 2021 and following different proposals from other Member States of the European Union (EU), the EU has taken steps to create a level playing field. The European Commission started a legislative process by proposing a draft Corporate Sustainability Due Diligence Directive (Commission Proposal) in February 2022. In December 2022, the Council of the EU adopted its General Approach on the Commission Proposal. The legislative initiative represents a milestone in the business & human rights agenda and bears the potential to produce a model law for other countries. In our blog post, we take a closer look at the draft directive and the French Loi de Vigilance (LDV) seeking to find out what the European legislators can learn from France regarding the prevention of harm and legal liability. 


Preventing Harm in the CSDDD 

Preventing human rights and environmental harm is the primary goal of any legislation in the field of business & human rights because, in the majority of cases, such harm is irreparable (see Buhmann). The same holds true for the draft CSDDD. Our blog post focuses specifically on the notion of established business relationships and the use of contractual clauses as means of prevention as put forward in the Commission Proposal. 

The draft (Recital 18, Article 1) defines human rights and environmental due diligence (HREDD) obligations for companies that fall under its scope, regarding their actual and potential adverse impacts on human rights and the environment in their own operations, those of their subsidiaries, and both upstream and downstream value chain operations carried out by entities with whom the company has a direct / indirect established business relationship.  

The Commission Proposal is criticised for diverging from the United Nations Guiding Principles (UNGPs) by limiting due diligence to ‘established business relationships’. This limitation leaves out short, unstable or informal relationships, which also bear the risk of causing severe violations down the value chain. Consequently, the approach focuses more on certain types of business relationships rather than on the probability and severity of violations as foreseen in the UNGPs. Furthermore, this restriction of the scope of the value chain seems unnecessary, as evidenced here (pp 70-71), because companies possess adequate means to conduct HREDD over the lower tiers of their value chains. The Council has addressed this issue in its General Approach and recommends to abolish the limitation to established business relationships. Yet, it remains to be seen which position prevails in the final directive.  

The Commission Proposal includes six phases of HREDD (see Article 4(a)-(f)), the third consisting of, preventing potential impacts and, if not possible, bringing an end to actual impacts (Articles 7 and 8). As an integral part of this step, companies are required to seek contractual assurances from their direct business partners ascertaining that they comply with the company’s code of conduct and that they seek the same assurance from their business partners (so-called contractual cascading). Such assurances are to be accompanied by appropriate measures to verify compliance. On this matter, the draft directive has been criticised heavily for over-relying on contractual clauses and third-party verification for prevention, as it bears the risk of reducing HREDD to a mere box-ticking exercise, only to shirk liability. However, as argued here and here, contractual clauses are only one of many measures, though the most frequently used one by companies (see p. 63). Yet, if they are complemented by other measures, such as inserting buyer obligations into contracts that limit practices of pressuring suppliers, contracts can serve as an effective prevention mechanism. 

It is also argued that the Commission Proposal is too prescriptive and that, instead of prescribing detailed duties for companies, the general duty of prevention, mitigation and remediation should be strengthened in a future CSDDD to render it more effective. Thus, it is important to emphasise that the ultimate aim is to prevent/mitigate harm and that the necessary actions of a HREDD process may go beyond those listed in the draft directive (Article 4), which should not be seen as exhaustive but rather as indicative. 


Preventing Harm in the Loi de Vigilance  

In 2017, France became the first EU Member State to adopt a law imposing due diligence on multinationals to prevent serious human rights abuses and environmental impacts in supply chains. According to the LDV, the companies falling within its scope must establish and implement an effective vigilance plan (Article L. 225-102-3). The plan should include reasonable vigilance measures to identify and prevent severe violations of human rights, bodily or environmental damage and health risks resulting directly or indirectly from the operations of the company, other entities in the corporate group and its subcontractors/suppliers with whom it has an established commercial relationship. The Commission Proposal defines a broader scope in contrast to the LDV, by not pinpointing the covered violations one-by-one. Furthermore, the draft goes further by covering both upstream and downstream relations, in contrast to the LDV, which only takes upstream relations into account.  

Notably, the Commission Proposal takes on the concept of established business relationships from French Law. However, the French precedent must be taken with a grain of salt. Although the concept has been used in the Commercial Code and substantiated by case-law, it is still unclear how it relates to the LDV, as the relevant case-law concerns the protection of commercial parties in case of abrupt terminations of established relationships (see here, here and here). Consequently, non-experts in the field tend to determine the ambit of the vigilance plan based on improper criteria. 

The LDV details vigilance as identifying, analysing and ranking/prioritising risks (risk mapping), having procedures to regularly assess the situation of subsidiaries, subcontractors and suppliers with whom the company has an established business relationship in line with the risk mapping, taking appropriate action to mitigate risks or prevent violations, having an alert mechanism to collect reports of existing/actual risks and establishing a monitoring scheme to follow up the measures taken (see here pp. 27-30). The vigilance plan must also be publicly disclosed. As such, the LDV goes into less detail in terms of implementation, unlike the Commission Proposal, leaving more room to companies to develop best practices. It can be discussed which approach is better for prevention (see also the German example of a very detailed law). The LDV, however, leaves room for many questions for companies, such as how to come up with a robust methodology for risk mapping or what are the appropriate measures to prevent or mitigate risks in their operations 


Civil Liability in the CSDDD 

Article 22 of the draft CSDDD establishes rules on civil liability. Companies are liable for damages if they fail to comply with their obligations to take preventive and remedial measures (Articles 7 and 8) and if that failure has caused an adverse impact that should have been identified, prevented, terminated or minimised. Eventually, and for the company to be held liable, the adverse impact must have resulted in harm. However, the company ‘shall not be liable for damages caused by an adverse impact arising as a result of the activities of an indirect partner with whom it has an established business relationship‘ if it has entered into sufficient contractual agreements. It has, furthermore, to be reasonable to expect that the actions taken would be adequate to prevent, mitigate, end or minimise the extent of the adverse impact. This so-called ‘due diligence defense’ (Article 22(2)), which has been again strongly criticised, implies that the efforts made by a company to counter negative impacts must be considered when assessing the existence and extent of civil liability.  

According to Article 22(5), the national provisions on civil liability should be overriding mandatory provisions in accordance with Article 16 of the Rome II-Regulation. The conceptualisation of national due diligence laws as overriding mandatory provisions provides, à priori, for a more effective enforcement of Member State due diligence rules, but it may also prove problematic as argued here. Therefore, a more comprehensive solution would be to rely on Article 7 Rome II-Regulation, that is, to rephrase the provision to allow the claimant to base his/her claims on the law of the country where the damage has occurred, if it is more favourable to him/here. Another solution would be to offer plaintiffs even more options when it comes to the choice of applicable law to better facilitate access to justice.  


Civil Liability in the Loi de Vigilance  

Under Article 2(1) and (2) of the LDV, provision is made for liability under civil law. Accordingly, if a damage occurs that compliance with the LDV could have prevented, any affected party with legal standing can seek reparation of her damage under French tort law.  

The LDV provides for two types of legal actions, depending on whether damage has occurred. The first action can be brought in the event of a breach of the obligation to establish, publish and implement a vigilance plan. If the company did not comply with its legal obligations within three months after it has been noticed, it can be condemned to pay a penalty per day of delay. This approach is similar to the complaint’s procedure in Article 9 of the Commission Proposal. However, it only presupposes an internal procedure for the complaint’s procedure, so that companies judge the merits of a complaint – and consequently the existence of a negative impact – themselves. As an example, Total Energies was given formal notice in March 2022 because of its alleged lack of risk assessments in the Russia-Ukraine conflict. The second action, by contrast, intervenes in the event of damage occurring. A company can be held liable if a damage is caused by a subsidiary, or a subcontractor has been noticed, and if it could have reasonably avoided through a vigilance plan, including reasonable vigilance measures to identify and prevent the impact. 

The LDV also specifies the conditions (fault, damage and causal link between the damage and the fault) necessary to establish civil liability, whereby the burden of proof lies with the plaintiff. However, the French National Assembly raises this point in its information report on the evaluation of the law and advises that the system of civil liability should be reshaped by reversing the burden of proof. According to recital 58 of the CSDDD[t]he liability regime does not regulate who should prove that the company’s action was reasonably adequate under the circumstances of the case, therefore this question is left to national law’. Thus, the draft directive does not offer harmonisation regarding key barriers for rights holders’ access to justice. 

Furthermore, the LDV was not designed as an overriding norm, so that in the event of a conflict of norms in transnational human rights cases, it does not necessarily take precedence over the legal system of the state in which the damage occurred. As already emphasised, the conceptualisation of national laws as overriding norms does not present a satisfactory legal solution. In this regard, the Rome II-Regulation could be amended with the introduction of a new provision dedicated exclusively to human rights law enforcement in the context of transnational economic relations. This solution was proposed by the draft report with recommendations to the Commission on corporate due diligence and corporate accountability of the European Parliament in 2020, which, however, has encountered criticism in the literature as well (see here). 

In case of the adoption of a CSDDD, the French legislator would have to transpose it into national law and would need to adapt the LDV accordingly.  



The legal comparison between the two instruments clearly shows that the Commission Proposal closely follows the LDV, builds on it but also takes on some of its shortcomings, such as implementing the established business relationships concept, which significantly limits the reach of the proposal. On the other hand, France, who has been the first EU Member State to adopt a due diligence law, has been accused by various NGOs of being too reticent regarding the elaboration of a directive and of excluding the financial sector from its scope of application. In this regard, France has been quite vocal and managed to mobilise other Member States, which was decisive for the Council’s positioning. However, in late 2022 the French Ministry of Economics and Finance countered the criticism emphasising that ‘France is the pioneer country in terms of corporate due diligence’; that ‘[i]t is very ambitious in its support of the draft European directive on due diligence’; and thatFrance would like the draft European text to include the banking sector, as already provided for in French law, which cannot be called into question under any circumstances.’ 

It remains to be seen what form a final CSDDD will take at the end of the legislative process and how extensive and comprehensive it will be to actually prevent, mitigate and remedy harm to human rights and the environment. 



Suggested citation: B. Kilimcioğlu and A. Neumann ‘First Prevent, then if You Can’t, Remedy! Taking a Closer Look at the Prevention and Remediation Mechanisms of the Corporate Sustainability Due Diligence Directive and the Loi de Vigilance’, Nova Centre on Business, Human Rights and the Environment Blog, 15th February 2023.