EU Corporate Human Rights Due Diligence Obligations: From Means to Results

[Panagiota Kotzamani is a post-doctoral researcher on corporate obligations and liability for international crimes and human rights violations at the Centre for Law, Sustainability and Justice (CLS&J), at the Department of Law, University of Southern Denmark (SDU).]

The adoption of a Directive on the expected human rights due diligence (HRDD) standards for EU and EU-active corporations has been in the agenda of the EU institutions since 2020. In the last year, this initiative started to bear fruits with the Corporate Sustainability Due Diligence Proposal of the European Commission (Commission’s Proposal), followed by the European Parliament’s non legislative report (Wolters Draft Report) and the European Council’s ‘general approach’ proposal. The contents of these proposals have already initiated a growing scholarly discussion (e.g., here, here, and here). One of the most interesting points is that, for the first time since its conception in the UN Guiding Principles on Business and Human Rights, HRDD is linked to corporate civil liability for damages. However, it is not yet sufficiently clear how corporate HRDD as a managerial process corresponds to corporate duties of care in national civil law. It seems that the EU institutions are prepared to leave the task of drawing the relevant links to the member states’ discretion.     

That said, the content and scope of HRDD as described in Articles 6-8 of the Commission’s Proposal provides an indirect guideline on the nature of corporate human rights-related duties in national law. Article 6 requires the corporations to monitor their activities, as well as those of their subsidiaries and to a certain extend the activities of their suppliers, to evaluate any risks on human rights. The principal way of doing so is by drafting a HRDD policy including as a minimum a description of the corporation’s HRDD approach, a relevant code of conduct, and a process to monitor compliance. Additionally, corporations can use a mix of other methods to make their HRDD policy more effective, such as independent reports and consultations.

To start with, this duty presents itself as a duty of vigilance. It establishes a general obligation to the corporation to introduce a human rights due diligence policy and implement a monitoring mechanism that would allow it to predict, to the extend feasible, potential human rights violations. As such, the duty to identify potential adverse human rights impact does not entail harm-based civil liability. It is an obligation of result, and non-compliance has certain consequences for the corporation. These can take the form of administrative sanctions/remedial action by the monitoring body established pursuant to Articles 17-18 of the Commission’s Proposal; or sanctions/ remedial action ordered by a civil court if the national civil /torts law allows for such a procedure, as is the case with the French Loi de Vigilance. 

The Dutch case of Milieudefensie offers a good example of the legal consequences of violating the corporate duty of vigilance. Shell argued before the Hague District Court that, even in case its environmental policy is found inadequate, the corporation has no duty of limiting its CO2 emissions, as ‘the mere adoption of a policy does not cause damage’. However, the court ruled that, for the corporation’s own activities, Shell’s duty of vigilance is an obligation of result and not of best efforts. Conclusively, Shell has been required to reduce its CO2 emissions by at least 45% by the end of 2030 to mitigate the climate and health risks of its activities.

It goes without saying, however, that a failure to establish and/or effectively implement a human rights monitoring mechanism can indeed lead to human rights abuses in the course of corporate activities. Article 22 of the Commission’s Proposal states that, under certain circumstances, a corporation can be found responsible in torts for the harm done. In this direction, Article 6 not only establishes a monitoring duty/ a duty of vigilance but also a harm-based corporate duty of care. That is a corporate duty not to violate human rights, which consists of a corporate duty to prevent or end the human rights violations. According to Article 7, the corporation is responsible for knowingly/intentionally or negligently failing to prevent human rights violations that have occurred in the context of its activities. Article 8 renders the corporation responsible for failing to end the human rights violations that are already happening in relation to its business activities. 

Conclusively, the Commission’s proposal seems to establish two categories of legal duties: a) duties of vigilance, the violation of which does entail damage and does not have civil liability consequences stricto sensu, and b) duties of care, in the sense of (common law/statutory or continental civil law) duties not to cause a specific harm, where legal liability is attached if certain requirements are met. The advantage of establishing a separate duty of vigilance is that it works precautionary- the corporation can be ‘forced’ to establish a HRDD plan and surveillance mechanism before any harm occurs, and as a result be in a better position to avoid such harm in the future. 

The duty of vigilance can also be used to prove corporate knowledge of the human rights violations in terms of corporate responsibility for a violation of a duty of care (harm-related duty). In this direction, Article 7 ensures that the HRDD policy and monitoring is effective, by requiring that corporations identify the human rights risks of their activities with the purpose of preventing potential adverse human rights impacts or at least adequately mitigate them. This makes it clear that duty of vigilance cannot be fulfilled by a tick box exercise. Along these lines, Article 9 requires that the corporation sets a complaint mechanism for legitimate concerns regarding the adverse human rights impacts of the corporation’s activities.

As for the duty of care counterpart of HRDD in the Commission’s Proposal, concerns have been raised on the nature of the obligation it establishes. Indeed, national law considers duties of care as obligations of means/best efforts: if the defendant proves that they were diligent enough, they cannot be found responsible despite the fact that a tortious act has indeed taken place. Article 8 sets the necessary measures a corporation shall implement to bring adverse impacts to an end and a corporation can claim that, by doing so, they have fulfilled their duty of care irrespectively of the outcome. Nevertheless, Article 22(4) underlines that the member states are at liberty to establish stricter rules on corporate liability attribution, if they so wish. This could be done by requiring a higher standard of care for corporations to fulfil their HRDD-based duty. 

National judges have already followed this approach when interpreting civil law duties (of care). The common law cases of Vedanta and Okpabi are two of the most straightforward examples when it comes to corporate tortious liability for human rights violations. In these cases, the judges introduced a presumption of negligence element into the fault-based duty of care. They argued that when a corporation introduces a policy framework to avoid human rights abuses, it could be safely assumed that it has knowledge and control over the ‘risky’ corporate activities, without the need to look for proof of actual knowledge and control. By rendering actual fault inconsequential, corporate civil liability becomes stricter, and the (harm-based) corporate duty of care comes closer to an obligation of results: if the corporation has a HRDD scheme (and the future EU Directive would oblige it to have one, under specific ‘quality’ standards), it is considered liable for the human rights violations that this scheme was supposed to protect from happening. 

Ultimately, the presumption of negligence element in the corporate human rights violations scenario allows for the court to accept a lower level of corporate control over the tortious act, opening the road for attributing civil liability to parent corporations for the human rights violations of their subsidiaries. Besides common law, this trend can also reach continental law jurisdictions. In this direction, German courts tend to approach the reasonable care defence in relation to liability for the act of others under a high level of care requirement (for example, § 831 of the German Civil Code on the liability of anyone who has employed another person for a task is applied by the courts as a rule of strict liability, even though German civil law does not per se recognise strict liability for the acts of others). However, the European Parliament draft on HRDD seems to obstruct a lower control interpretation in the parent-subsidiary scenario. Amending Article 3 and Article 22 of the Commission’s Proposal, it defines control as the parent corporation’s exercise of decisive influence on the composition, voting or decisions of the subsidiary’s decision-making bodies, based on a specific (exhaustive?) list of factors. This definition of control comes closer to the high control threshold of alter ego liability followed by the US case law, rather than the group policies and guidelines standard proposed by their European counterparts.