EU sustainability reporting requirements pose issues and opportunities for general counsel

The CSRD regime is still developing and is unprecedented in its scope. GCs and in-house legal teams will want to be able to respond to CSRD-related legal issues, satisfy themselves as to legal compliance with the regime, and understand what the legal risks and opportunities are arising from it, so any risks can be managed and mitigated, and opportunities identified and pursued.

Scope and requirements of the Corporate Sustainability Reporting Directive

A first step is to determine if the company, or group of companies, falls within the scope of CSRD. As the CSRD applies to consolidated reporting as well as single entity reporting, it will be necessary to assess the implications for any parent companies and subsidiaries, especially in complex corporate structures. It will also be necessary to consider any applicable CSRD exemptions and transitional arrangements.

In-house counsel should familiarise themselves with the CSRD regime even if the company is found not to be directly in scope, because it is likely to fall within the value chain of an in-scope entity and be required to provide information to enable a full report from the in-scope entity.

Compliance with the regime involves compliance with the CSRD, delegated regulations, including the regulation annexing the European Sustainability Reporting Standards (ESRS), and applicable implementing legislation and regulations in relevant EU member states.

It is important to consider resources, budget, and requirements for external counsel to support in-house legal teams with legal compliance. Training for staff to ensure understanding of requirements may be needed, with robust processes in place to collect necessary data from across the business and value chain.

Legal risk management of the Corporate Sustainability Reporting Directive

The regime will present a number of legal risks for GCs and in-house legal teams to consider, manage, and mitigate.

These will include uncertain interpretation of CSRD legislative provisions due to, for example, ambiguous terms or inconsistency between the CSRD and member states implementing legislation.

Navigating the CSRD alongside other sustainability regulations and standards impacting different areas, both within and outside the EU, and aligning CSRD requirements with such regulations could be challenging and result in legal risks if inconsistencies arise.

To manage these risks, companies can consult external legal sustainability experts to help navigate the complex regulatory landscape.

Failure to comply with CSRD requirements could result in significant fines and regulatory sanctions for the company. In some member states this could even lead to criminal sanctions for company directors. Regulatory bodies are increasing their scrutiny of sustainability disclosures and may take enforcement action against non-compliant companies, leading to investigations, legal proceedings, and subsequent penalties.

A breach of the reporting requirements may damage contractual relationships with suppliers and partners who require adherence to sustainability standards. There may also be a risk of reputational damage, loss of trust among stakeholders, potential financial losses, and negative publicity. This could in turn affect a company’s market position and competitiveness, impacting long-term business prospects.

Training and external advice can help mitigate these risks. It is important for companies to keep staff updated on regulatory developments related to the CSRD and other EU sustainability-related legislation as well as establishing a timeline for reporting, along with a reporting strategy, and action plan for CSRD implementation.

Ensuring proper policies are in place, and engaging with departments across the business, is important when collecting and reporting the relevant information for CSRD compliance. Inaccurate, incomplete, or misleading sustainability disclosure, or disclosures, which do not follow anti-greenwashing rules, could lead to legal liability. This includes lawsuits from investors, stakeholders, and regulatory bodies.

Any intentional misrepresentation or exaggeration of sustainability performance could result in allegations of fraud and associated legal and reputational consequences. Investors could claim for damages if they suffer losses due to reliance or incorrect or misleading sustainability information. Stakeholders, such as customers or employees, might also seek to initiate legal action based on inaccurate or misleading sustainability reports.

It is vital for rules, regulations, and guidance on greenwashing to be regularly reviewed to ensure full understanding. Staff and executives should be trained on the risks of misleading disclosures, greenwashing, and mitigating greenwashing risk.

Companies should also perform regular legal and greenwashing risk reviews, with independent reviews from external advisors also an option to reduce risk.

Board members and company executives could face personal liability, as well as potential legal challenges, regulatory action, and reputational damage due to reporting failures. The board of directors should be informed and engaged in overseeing sustainability reporting and compliance with the CSRD.

It should also be determined whether board members require advice as regards to their duties as directors in ensuring sustainability reporting is accurate and complies with regulatory requirements. A review of the internal authorisation and approvals process for stages of CSRD implementing may also be required.

Implementing accurate and reliable data collection and reporting systems is key. This may mean amendments to company contracts or standard terms to ensure these enable receipt of relevant sustainability-related data from parties such as suppliers.

Collecting and reporting detailed sustainability data might involve handling sensitive information, raising data privacy and confidentiality concerns. It is therefore important to ensure compliance with data protection regulations, such as the General Data Protection Regulation (GDPR).

The CSRD also requires companies to disclose how they engage with stakeholders, such as employees, incorporating their perspectives into sustainability reporting. Inadequate engagement with stakeholders could result in non-compliance, omission of material information and incomplete reporting. There is also a risk of loss of stakeholder trust, and potential legal challenges, including from dissatisfied customers. Working with other internal departments is necessary to ensure stakeholders are identified and engaged as required.

By proactively addressing these risks, GCs and in-house legal teams can help ensure that their companies comply with the CSRD, maintain stakeholder trust and avoid legal challenges.  Done well and proactively, the CSRD processes will transform the way businesses measure and report their performance and enable them to gain competitive advantage by leveraging the opportunities identified by the reports such as a better incorporation of the effect they have on the environment and people and vice versa.