Last June 18th, we had the pleasure of speaking with Jones Day Partners in London and Madrid, Vica Irani and Blanca Puyol, as well as their Counsel in Paris, Seth Engel, about the Corporate Sustainability Reporting and Due Diligence Directives (CSRD/CS3D). During our conversation, we discussed their applicability, scope, key disclosure concepts, compliance plan, reporting strategy, and comparison with U.S. regulations, all under a compliance approach for multinational groups.

1. What is your experience preparing and assisting your clients on the matter (for example in the food & beverage, industrial products, oil & gas, automobiles, aviation industries and materials that we are preparing for their CSRD/CS3D compliance processes)

We are counseling many large, multinational clients in connection with their global compliance requirements. Our experience reveals two basic truisms: First, every company is at a different stage in their preparation efforts and has different levels of resource allocation devote to compliance issues; so there is no one-size-fits-all approach. Every company is at a different place on their compliance journey. Therefore, it is important to engage the company where it is now and develop a plan going forward. Second, all companies can benefit from a global, comprehensive and consistent approach that involves key stakeholders, including internal and external legal, in their compliance efforts.

Preparing for CSRD/CS3D is a major issue for our U.S. based clients and teams are very much in the process of gearing up and equipping themselves with the appropriate tools to get in place a work plan for CSRD/CS3D compliance. These include building up internal teams in particular the sustainability and legal, outside advisors such as law firms and ESG consultants, and obtaining the appropriate data collection software and data control processes and procedures.

As mentioned above, we are seeing that levels of preparedness in response to these regulations vary widely between clients. Some teams are coming to us with very specific questions on some of the requirements under CSRD, others are still grappling with understanding which parts of their business are in scope for the CSRD, and consequently what their projected reporting deadlines are.

Many of our clients are realizing the importance of looking at these directives holistically, taking into account the potential impacts of over- or under-disclosure under the CSRD in particular. Our clients come to us for guidance on navigating these risks and ensuring compliance whilst minimizing potential greenwashing claims, which is an avenue for litigation that NGOs are increasingly pursuing.

In addition, as Directives, both the CSRD and CS3D need to be transposed into national law by each E.U. member state by July 2024. This comes in addition to pre-existing national laws. This potential interplay is an additional complexity that needs to be taken into consideration.

2. Could you please briefly speak about CSRD including the applicability, scoping, key disclosure concepts or reporting strategy. What we are seeing in the Firm including EU and US markets?

The CSRD will apply in phases, with the first wave of reports due in 2025 for large E.U. companies meeting certain revenue and employee number thresholds, and will require in-scope companies to disclose over 1,000 specific data points across a number of topics, with a requirement to undertake a double materiality assessment, meaning that reporting is required if the disclosure topic in question has either a financial or environmental (or social) impact on the business, including its upstream and downstream value chain. Companies can make certain strategic reporting choices, but this requires a thorough understanding of the structure of the business and the directive.

Scoping needs to be conducted based on each group’s organizational chart and with regard to the financial and headcount thresholds. There are also special criteria to consider such as if any group entity has securities that are listed on EU regulated market.

3. What is the status of CSRD Transposition in Spain. Do we know (based on the draft CSRD transposition law/consultation or the laws transposing NFRD) whether Spain will again “gold plate” the applicability requirements and extend the scope of CSRD reporting to other companies?

The draft consultation bill implementing the CSRD establishes that companies and groups of companies obliged to prepare the non-financial information statement in accordance with Law 11/2018 (NFRD), will continue to comply with said obligation until the new provisions regarding the presentation of the sustainability report in accordance with the rules implementing the CSRD become applicable to them. Therefore, if a company were to be covered in a CSRD report starting 2025 (based on 2024 data), in principle, it would still need to report under NFRD in 2024 based on 2023 data.

4. Availability of Exemptions: when a Spanish company needs to publish a standalone report under the CSRD, even if it was to be covered by a parent company’s report? Typically the CSRD permits exemptions for subsidiary companies’ reporting requirements if they are covered by a parent company’s compliant report, as long as the subsidiary does not have listed securities on an EU regulated market and is not otherwise a “public-interest entity.”

The draft consultation bill implementing the CSRD, a company that is included in a group will be exempt from sustainability reporting obligations if the parent company of its group publishes a sustainability report at a consolidated level that complies with the CSRD. This exemption will also apply to companies that are public interest entities, unless they meet the thresholds for large companies. Such exempt companies must include in their management report:

(i) the name and registered office of the parent company reporting sustainability information at group level;

(ii) the website where the consolidated management report is included;

(iii) a reference to this exemption in their own management report.

Where significant differences are identified between the risks and impacts of the group versus the individual companies considered, the parent company should provide an adequate understanding of the risks and impacts of the group's components, including information on due diligence processes where applicable.

The exemption should also apply when the parent company is a company established in a third country that issues sustainability information reports in accordance with European or equivalent sustainability reporting standards. As the assessment of the equivalence of sustainability reporting standards will be carried out at a later stage, transitional provisions have been established in such draft law.

5. What do you want to tell about CS3D? How it is evolving. Do you think a company can be caught by CS3D and not CSRD?

The CS3D is a little further away, with the first wave of reports due in 2027 and high revenue and employee number thresholds. However, the indirect impact of the CS3D may be significant, with out-of-scope companies potentially needing to respond to disclosure requests by in-scope companies where they form part of the in-scope company’s supply chain.

But despite the fact that we are still a few years away from the reporting deadline, there is no question that CS3D may be a significant source of potential liability for companies. The substantive obligations under this Directive are varied and onerous, going further than mere reporting, and include prevention and mitigation of adverse impacts, up to terminating a business relationship where an issue is not being adequately addressed by a supplier for example. Accordingly, the fact that other companies are part of our your due diligence reporting process will undoubtedly create more uncertainty for companies.

6. Can you explain a little bit the applicability of both Directives and requirements and implementation of both? What is the relevance of risk assessment and risk mitigation (high level summary) including in M&A context?

The full extent of the impact of these directives in M&A has yet to be seen, but currently we are seeing some concerns around acquisitions resulting in companies being caught in an earlier wave of reporting under the CSRD due to meeting lower revenue and employee thresholds, as well as concerns around the complexity of thorough supply chain diligence- it can be an onerous requirement ahead of a transaction to understand whether a target’s supply chain presents potential ESG issues for example.

This highlights the importance of ESG risk assessments for all companies, including but not limited to the M&A context, as non-compliance with the Directives (and pre-existing national laws) can result in penalties for businesses.