Due Diligence: What do NGOs Think of France’s 2017 Duty of Vigilance Act?

Introductory Remarks to the Study

At a time when the European Commission is addressing the issue of due diligence, and given the crucial impact of this reform on European companies and the continuation of various international commercial exchanges, the think tank SKEMA PUBLIKA considered it vital to carry out an in-depth study with the main stakeholders – non-governmental organisations (NGOs) and companies affected by the regulation – to get their feedback on the application of France’s 2017 Duty of Vigilance Act and its impact in economic and commercial terms, and find out their views on this new EU draft directive.

On 23 February, the European Commission presented its proposal for a directive on Corporate Sustainability Due Diligence (CSDD), geared to oblige companies to manage social and environmental impacts throughout their supply chain, including when these arise from their own business operations.

The proposal aims to foster companies’ sustainable and responsible behaviour throughout the global value chain, as these companies play a key role in building a sustainable economy and society. The Directive requires companies to identify and, where appropriate, prevent, end or mitigate the adverse impacts of their activities on human rights and the environment.

The companies and sectors targeted by the Directive are divided into two groups:

• All large, limited liability EU companies with significant economic power (employing more than 500 people and with a net worldwide turnover of over EUR 150 million). (Group 1).
  
  
• Other limited liability companies operating in defined high impact sectors, which fall below the two previous thresholds, but employ over 250 people and have a net turnover of EUR 40 million or more worldwide. (Group 2).
  
  
• Non-EU companies operating in the EU with a turnover threshold aligned with that of the above companies (Groups 1 and 2) and with a turnover in the EU.

Lastly, the Directive specifies that micro, small and medium-sized enterprises (SMEs) do not fall directly within the scope of this proposal. This highly ambiguous wording could imply that they are indirectly involved.

The proposal applies to the operations of companies, their subsidiaries and their value chains (commercial relations established directly and indirectly).

To comply with corporate due diligence duties in terms of sustainability, companies will have to integrate due diligence into their policies, identify actual or potential adverse impacts on human rights and the environment, prevent and mitigate potential adverse impacts, end and minimise actual adverse impacts, set up and maintain a complaints procedure, monitor the effectiveness of their due diligence policies and measures, and publicly communicate on due diligence.

The directive stipulates that national supervisory authorities must monitor the situation, and that fines will be imposed for non-compliance with the new rules. Legal sanctions are planned in addition to current reputational sanctions, with the possibility for victims to sue for damage that could have been avoided by appropriate due diligence measures.

In addition, Group 1 companies will have to introduce a plan to ensure that their business strategy is compatible with limiting global warming to 1.5°C in accordance with the Paris Agreement.

Finally, a requirement is introduced for directors to introduce and oversee the integration and deployment of due diligence into their corporate strategy, factoring in the consequences of their decisions on human rights, climate change and the environment.

In many respects, this directive is far more demanding than the national rules addressing this issue, which in most cases were limited to acting on specific human rights violations, as in the Netherlands, where child labour was targeted, or in the United Kingdom, where modern slavery was targeted.

Only France’s Act No. 2017-399 of 27 March 2017 on the duty of vigilance of parent and contracting companies had a comprehensive approach with highly extensive requirements. Most of these are taken up in the directive.

Although SMEs (which account for 98.8% of French companies) do not fall directly within the scope of this European proposal, it could impact them indirectly. This is why the proposal also includes accompanying measures designed to support all businesses that could be indirectly affected, including SMEs.  

Given the increasing legal requirements imposed on companies, it seems essential to consider the relevance of these rules as regards both the inner workings of companies and international competition. Concerning the now central issue of due diligence, a survey needed to be carried out with both NGOs and the companies directly and indirectly targeted by the Acts of 2017 and the European Directive of February 2022, so that an approach could be initiated with stakeholders to start a constructive dialogue in view of implementing commonly agreed good practices.

The first phase of the study involved pinpointing the main NGOs working on this issue of the duty of vigilance. When they were interviewed, the following four questions were put to them:

1. In your view, is the 2017 Act adequate (the scope of application, the monitoring of its application and sanctions) and sufficiently effective?
   
   
2. Should the Act only apply to very large companies (as is currently the case)? Wouldn’t it be better if it covered all companies of any size (mid-cap companies, SMEs)?
   
   
3. What are NGOs’ minimum requirements for companies to be considered “on the right road”?
   
   
4. What actions should be taken so that companies and NGOs can work together for the “common good”?

Is the 2017 Act Adequate and Sufficiently Effective?

In response to the first question on the adequacy and effectiveness of the 2017 Act, NGOs expressed a number of converging views on the relevance of the 2017 act and its application.

All the NGOs welcomed the adoption of this text as a basic and necessary tool to ensure the respect of fundamental freedoms, the health and safety of individuals, human rights and the environment.

The 2017 Act resulted from the powerful mobilisation of NGOs and a lengthy fight, aided by various parliamentarians. William Bourdon, a lawyer and the founder of Sherpa, who was highly active in this preliminary work, believes that fighting the impunity of major economic players is one of the biggest challenges of the 21st century. In his view, soft law is not enough to protect the general interest; It is crucial to combat the purely financial, short-termist rationale that drives multinationals. From this point of view, the NGOs saw the adoption of the Act as a real victory.

One of the main strengths of the Act is the wide scope of violations covered.

The definition is broad. The obligation of vigilance imposed on companies exceeding the above-mentioned thresholds must make it possible to identify the risks and prevent serious violations of human rights, fundamental freedoms, the health and safety of individuals and the environment caused by their own activities, those of their subsidiaries and controlled companies, and those of subcontractors or suppliers with which they have established commercial relationships.

As the NGO Les Amis de la Terre points out, these terms, which may seem vague to some, enable the Act to cover “all possible situations and any violations that occur over time.“

Nonetheless, there are still several unsatisfactory aspects criticised by the NGOs concerned by this issue.

The Scope of the Act Is Not Necessarily Adequate

The chief weakness of the Act according to the NGOs interviewed – Les Amis de la Terre, Collectif Ethique sur l’Etiquette, CCFD-Terre Solidaire, Sherpa and Mighty Earth – lies in the thresholds it has set. It applies to companies with over 5,000 employees in France, or over 10,000 employees both within and outside France. These NGOs believe that the thresholds defined and the opacity of companies make it difficult to identify the firms concerned by these obligations. The text applies to SAs (public limited companies), SEs (European companies), SCAs (limited stock partnerships) and SASs (simplified joint stock companies).

While the corporate form of a company can easily be found in the SIRENE (National Identification System and Directory of Companies and their Establishments), it is far more complex to determine the number of employees in a company and its subsidiaries. It means identifying all the direct and indirect subsidiaries of a French company within and outside France and knowing how many people are employed in each of these entities. As pointed out by Les Amis de la Terre, this is a major challenge given the opacity surrounding corporate activity in a globalised economy.

Moreover, the text does not include all companies. This is because Article L 225-102-5 of the Commercial Code is inserted into Chapter V of the Commercial Code on SAs (public limited companies). As no such article is reproduced in Chapter III on limited liability companies (SARLs), it could easily be deduced that the latter are not covered. This could lead some companies to make use of strategies to sidestep the Act, said CCFD-Terre Solidaire. On the basis of French law, given their corporate form (SARL: limited liability company), the multinationals ZARA and H&M, regularly challenged by civil society for the environmental and ethical consequences of their production model, need have no fears if any violations of social or environmental standards in their production chain are identified.

All corporate forms should thus be covered by the Vigilance Act so that circumvention strategies can be foiled.

Another weak point of the text is that for a company to be held liable in terms of the duty of vigilance, an established commercial relationship must be proved.

The NGOs consider that some companies will slip through the legislative net, which is not necessarily right. This is because the terms used in the Act are very vague.

As emphasised by the NGO Mighty Earth, the idea of “established business relationship” can be interpreted in various ways. Most companies believe that this relationship should only be understood as strictly limited to the N-1 link in the chain, whereas the NGO maintains, citing the impact of cattle farms on deforestation (for which action has been brought against the CASINO group) that this relationship should apply to the entire chain, as the most serious impacts are often at the production level, which involves indirect suppliers.

For the NGO, the crucial point is an end-player’s responsibility for its chain as regards practices. At present, there are too few sufficiently robust legal elements to be able to quantify the impacts and define the extent of an end-player’s responsibility for an entire chain.

Thus, as well as the risk mapping provided for in the text, direct and indirect impacts should also be mapped throughout the chain.

NGOs Point to the State’s Failure to Verify its Application

Danielle Auroi of the Collectif Ethique sur l’Étiquette, who was a member of parliament at the time and introduced the Act, believes, like other NGOs (CCFD-Terre Solidaire, Sherpa, Amis de la Terre), that the State has failed in its duty to check the proper implementation of the text since its adoption.

The departments of the Directorate of Competition, Consumer Affairs and Fraud Control do not check sufficiently or at all that the multinationals targeted by the law comply with its provisions – which, in her view, is not always the case.

Furthermore, some companies that should be bound by this Act are evading it, mainly because the French government has not provided the necessary means to draw up a list of the companies concerned, which should be its responsibility.

The NGOs deplore that a commission to assess the application of the act has not been set up to guarantee its effectiveness. They feel it is crucial for a dedicated structure to be created to ensure that the entire value chain complies with legal requirements, including subsidiaries located on the other side of the world.

This situation led them to join forces to create the “Duty of Vigilance Radar”, a kind of observatory for the application of the act, chiefly to identify any shortcomings in its application – thus standing in for what really ought be a public service mission. According to the Duty of Vigilance Radar which currently acts as a citizens’ watchdog: “some large companies escape analysis because of the opacity in which companies operate and the lack of consistency in the public data available.” 

The NGOs believe that it is the State’s responsibility to implement laws and say that France should take inspiration from Germany, whose due diligence act of 16 July 2021 provides that an authority, the BAFA (Bundesamt für Wirtschaft und Ausfuhrkontrolle, or “Federal Office for Economic Affairs and Export Control”), is responsible for checking that the companies concerned actually meet their obligations.

The NGOs participating in the Duty of Vigilance Radar are calling on the public authorities:

• To draw up, publish and annually update the list of companies subject to the duty of vigilance.
  
  
• To make all vigilance plans accessible on a public database.
  
  
• To strengthen transparency requirements in order to make financial and extra-financial data on companies more accessible.
  
  
• To lower and simplify the thresholds for the application of the Act and extend its scope to all commercial companies, to ensure that French companies really respect human and environmental rights throughout their value chain.
  
  
• To change the assessment of the duty of vigilance, which should be dictated by the type of activity and risks inherent to operations, not a company’s size.

NGOs Consider that the Allocation of the Burden of Proof Is Unsatisfactory

The Duty of Vigilance Act provides for two types of recourse.

The first type can apply if the obligation to draw up, publish and implement a vigilance plan is breached. A two-stage procedure applies in this case: formal notice and injunction.

Firstly, after noting the breach, the interested party (an employee, trade union organisation, NGO, etc.) can send written notice to the company to comply with its obligation within three months.  If the company has not yet drawn up or implemented a vigilance plan, it is required to comply with this obligation promptly.

If it does not comply within three months, “any person with a legitimate interest in this regard” can then submit the matter to the courts, requesting it to order the company to meet its obligations, subject to a fine if necessary, i.e. by ordering it to pay a sum of money for each day of delay.

A second action can be taken, this time to incur the liability for tort of the company at fault. More specifically, the latter may be held liable if damage caused by a subsidiary or subcontractor has been observed and could reasonably have been avoided with an effective vigilance plan, i.e. one that includes reasonable vigilance measures to identify and prevent risks, and which has actually been implemented. The liability in question here is civil liability for fault under ordinary law, as laid down in Articles 1240 and 1241 of the Civil Code.

The burden of proof lies with the victim, who must demonstrate three things.

Firstly, the existence of a fault. According to the 2017 Act, the event giving rise to the damage corresponds to the failure to draw up, publish and effectively implement a vigilance plan. Consequently, it has to be proved that the absence of a plan, its failure or its non-implementation constituted the cause of the damage suffered.

Secondly, the victim must provide proof of the damage. The Act refers to serious damage as well as certain specific types of offences. Thus, the damage must correspond to a serious infringement of human rights and fundamental freedoms, or the health and safety of individuals or the environment.

Lasty, the victim must establish that there is a causal relationship between the fault and the damage suffered. The failure to comply with the obligations of vigilance incumbent on parent and contracting companies must have led to the damage caused. In this respect, the Constitutional Council has specified the need to establish a direct causal link between breach and damage (Cons. Const. 23.03.17, decision no. 2017-750 DC, §27).

Only the fault of the parent or contracting company can incur its liability.

Action for liability may be brought by “any person with a legitimate interest in this regard”.

For Les Amis de la Terre, Notre Affaire à Tous, FIDH and CCFD-Terre Solidaire, the reversal of the burden of proof is one of the key elements lost in the battle against lobbies during the adoption process for the Duty of Vigilance Act. It would have obliged companies to demonstrate that they are not responsible for the actions of which they are accused, thus re-establishing a form of equality of arms between the parties affected and the multinationals.

 Les Amis de la Terre believe that: “Without this reversal of the burden of proof, access to justice continues to be a positive assault course, as it is very difficult for the people and civil society affected to gather the evidence needed to incur a multinational company’s legal responsibility, as much of the key information is held by the company itself – even more so when such companies are located abroad. Added to this are the dangers and difficulties of collecting evidence and testimonies in the field in countries like Uganda.”

The NGOs would like to see the burden of proof reversed for greater effectiveness.

Highly Inadequate Sanctions

Some NGOs, including Les Amis de la Terre, believe that one of the Act’s strong points is that any person with a legitimate interest is able to take legal action before any damage occurs, enjoining the company to respect its obligations, if necessary subject to a fine. However, they have considerable reservations about the sanctions provided for.

From the NGOs’ point of view, the 2017 text stipulates merely minimum sanctions: if the civil liability of the parent or principal company is incurred, it only permits the courts to order a parent or contracting company to pay damages as compensation for the loss suffered, and to order the publication, dissemination or posting of its decision.

The initial bill stipulated far heavier sanctions than those adopted in the final text. In the event of a breach of obligations, the act provided for a triple mechanism. Firstly, a formal notice to comply with these obligations was to be sent to the company concerned. Secondly, the courts applied to by the party sending the formal notice could issue an injunction and impose a civil fine on the company of €10 million, “reflecting the seriousness of the breach, and giving due consideration to the circumstances of the breach and the personality of its perpetrator.” Lastly, the fine could be increased to €30 million if the damage caused was considered highly significant.

The measure concerning the fine was censured by the Constitutional Council, which indicated that “the imprecision of the terms used by the legislator to define the obligations it was creating” did not allow for such a heavy penalty. In view of these imprecisions, the Constitutional Council declared the provisions of the Act stipulating these fines to be contrary to the Constitution. This was because it considered the terms used by the legislator in drafting the text, such as “reasonable vigilance measures” and “appropriate risk mitigation actions”, to be too general. Meanwhile, the reference to “human rights” and “fundamental freedoms” was broad and undefined and, lastly, the scope of companies concerned by the offence was very extensive.

The NGOs interviewed, including Sherpa and the Collectif Ethique sur l’Étiquette, argued that the fines “would have created a stronger incentive for companies to comply with this Act”.

In this respect they consider this position disappointing, because it was a strong inducement for companies.

The NGOs and the presenter and rapporteur of the act, member of parliament Dominique Potier, who deplore the censure of the civil fine, are calling for a reform of this point during the next term of office.

Conclusion and NGOs’ Recommendations

In conclusion, as regards the adequacy and effectiveness of the 2017 Act, the recommendations of the NGOs are as follows:

• The thresholds defined must be lowered as they are too high and exclude companies that should legitimately be covered by the Act by virtue of their activities.
  
  
• All companies, regardless of their corporate form, must be covered by the Vigilance Act when they exceed the thresholds so as to prevent circumvention strategies.
  
  
• The notion of an established commercial relationship must be redefined more clearly by taking the entire value chain into account, including indirect suppliers.
  
  
• Assessment of the duty of vigilance needs to be changed by including a map of the type of activity and risks inherent to operations as well as a risk map, thus going beyond the sole criterion of a company’s size.
  
  
• The public authorities must set up an appropriate body in charge of drawing up, publishing and annually updating a list of companies subject to the duty of vigilance, making all vigilance plans accessible on a public database, and strengthening transparency requirements, so as to make financial and extra-financial data on companies more accessible.
  
  
• A reversal of the burden of proof must be implemented for the Act to be truly effective.
  
  
• A dissuasive civil fine should be introduced.