New requirements for sustainability reporting by companies

New sustainability requirements for companies – direct and indirect

The new EU Corporate Sustainability Reporting Directive requires companies to report in detail on how they deal with social and environmental challenges in their annual financial statements in future.

The revised Directive (EU) 2022/2464 has been in force since the beginning of 2023 and must be transposed into national law by the EU member states by mid-2024. The new version is intended to give sustainability information the same status as a company’s financial information.

On 22 March 2024, the German Federal Ministry of Justice published a draft bill to implement the EU directive in Germany. The draft bill plans a 1:1 implementation of the European requirements for sustainability reporting. On the one hand, it regulates who is obliged to provide sustainability reporting, when and with what content, as well as who has to issue an audit opinion and according to what standards.

The aim is to make companies’ handling of sustainability risks and sustainability impacts more transparent across the entire value chain. The information is ultimately to be audited by auditors.

Affected companies / timeline

From 2024, capital market-oriented corporations with more than 500 employees must prepare a sustainability report. From 2025, this will apply to all large corporations and companies in which all partners with unlimited liability have the legal form of a corporation (KapCo). From 2026, capital market-oriented small and medium-sized companies will be obliged to do so. From 2028, subsidiaries and branches of companies based in a third country must also prepare a report.

These obligations also apply to the group (group sustainability report). No report is required at the level of the individual company if it is included in the group sustainability report and fulfils certain requirements. According to § 289b (2) HGB-E, this applies if the parent company is based in the EU or the EEA. § 289b (3) HGB-E applies to third-country subsidiaries. The parent company itself is also not required to prepare an additional sustainability report at individual financial statement level when preparing a group sustainability report (§ 289b (5) HGB-E). In practical legal terms, sustainability reporting will therefore focus on the group.

Even before 2025, non-capital-market-oriented companies or generally not large corporations may be indirectly affected by sustainability reporting if they are part of the value chain of one of the aforementioned companies as a customer or supplier. The indirect impact results from the fact that, according to § 289c HGB-E, the most important actual or potential negative impacts associated with the value chain of the corporation and the measures taken to identify and monitor these impacts must also be reported. According to Art. X1 para. 4 EGHGB-E, the party primarily obliged to report on sustainability is exempt from providing information on the value chain in its first year of application and the two subsequent years, but only if it 1. explains what measures were taken to obtain the necessary information on the value chain, 2. explains why it was not possible to obtain all the necessary information and 3. explains the plans to obtain the necessary information in future.

Recourse to these reasons may run counter to the image of a consistently sustainable corporate policy and may therefore not be utilised, or only in extreme cases. The result will be pressure on customers and suppliers to provide appropriate sustainability information. This does not imply that those indirectly affected have to prepare, have audited and publish a sustainability report themselves. However, it does mean that they must implement systems to determine sustainability information that is relevant for the business partners in the value chain who are required to report.

On 15 March 2024, the final version of the Corporate Sustainability Due Diligence Directive (CSDDD) was adopted by the EU Council, with Parliament’s approval effectively taking place as a formality on 24 April 2024. This represented the last decisive milestone in a multi-year development history of the establishment of due diligence obligations for companies. Particular attention is being paid to the interaction with the reporting requirements already in force under the Corporate Sustainability Reporting Directive (CSRD) – as well as the implications this has for European companies.

In accordance with the aforementioned international instruments, the processes to be set up must go through certain phases, the purpose of which is to continuously address the interests of stakeholders and, above all, to avoid, minimise or compensate for negative effects on these stakeholders. Accordingly, forward-looking risk management in ESG matters must be established. The companies addressed by the CSDDD are not only responsible for their own business activities, but also for those of their business partners in the so-called “activity chain”. This is a section of the value chain, i.e. upstream suppliers and downstream customers – whereby direct and, in some cases, indirect business relationships (e.g. sub-suppliers) are also included. The final version of the CSDDD now available specifies these sections further and restricts them to a few activities (transport, distribution and storage of products), particularly with regard to the downstream value chain; the financial sector is also largely exempted – at least for the time being – from including its customer-side value chain in the analysis.

The companies addressed by the CSDDD must pass on the obligations that apply to them along the relevant activity chain – e.g. through corresponding contractual assurances. External bodies must verify that these assurances are subsequently honoured by the business partners; in addition to external service providers such as auditors, industry initiatives or NGOs can be considered for this purpose. However, the companies addressed by the CSDDD must also offer their business partners support (e.g. in the form of donations or in the organisation of their business relationships) if their economic existence is threatened by the abundance of (i.e. indirect) obligations passed on. The latter is of particular practical relevance with regard to SMEs, which can represent a large proportion of the business relationships of large companies.

Conclusion:

Companies that are not directly affected by the directives described above may nevertheless feel indirect consequences:

– Requirements from business partners:

Companies covered by the CSRD must report information on their entire value chain. They will therefore request sustainability data from their suppliers and customers in order to include it in their reports. Companies that are indirectly affected must therefore also implement systems to collect this data.

– Competitive disadvantages:

Companies that are unable to provide any or sufficient sustainability information risk being at a competitive disadvantage compared to suppliers that do. Large companies could favour more sustainable suppliers.

– Reputational risks:

Lack of transparency on sustainability aspects can lead to reputational damage and loss of trust among stakeholders such as customers, investors and the public.

– Possible future regulation:

The CSRD and CSDDD could be harbingers of a future extension of reporting obligations to smaller companies. Early preparation can be advantageous here.

In summary, companies that are not directly affected must also set up sustainability reporting systems in order to fulfil the requirements of business partners, remain competitive and avoid reputational risks. A proactive approach to the topic is advisable.