U.S. business owners and their accounting professionals may be surprised to learn about a proposed European legal regime that will have a major impact on global business. Their surprise might turn to shock when they learn that businesses they own or serve will become subject to legal obligations or supply chain problems they never contemplated. Who, for example, would have expected that a company might lose a long-standing export customer because of a wasteful production process upstream in its supply chain, or because of trade union disputes?

This new legal regime will come from a European Union Directive on Mandatory Human Rights, Environmental and Good Governance Due Diligence (see the European Parliament Resolution of March 10, 2021). For the sake of convenience, it will be referred to below as European Union Mandatory Due Diligence (EUMDD).

This article first summarizes the provisions and status of EUMDD, then presents a few scenarios of possible problems and responses, and concludes with suggestions for what to do at this time.

Provisions and Status of EUMDD

The scope and reach of this regime will be unprecedented. As currently planned, the proposed directive will apply to

  • Companies operating in the EU with:
    • more than 250 employees,
    • more than €50 million in annual revenues, or
    • a balance sheet total exceeding €43 million; and
  • Companies that sell products or provide services in the EU internal market, provided they are (i) publicly listed, (ii) “high-risk” small or medium-sized, or (iii) providers of financial services and products, even if they are based outside the EU, including the United States.

This legislation goes far beyond what most people think of as “due diligence.” The proposal states:

Due diligence should be understood as the obligation of [companies] to take all proportionate and commensurate measures and make efforts within their means to prevent adverse impacts on human rights, the environment, or good governance from occurring in their value chains, and to address such impacts when they occur. In practice, due diligence consists [of] a process put in place by [a company] in order to identify, assess, prevent, mitigate, cease, monitor, communicate, account for, address, and remedy the potential and/or actual adverse impacts on human rights, including social, trade union and labour rights, on the environment, including the contribution to climate change, and on good governance, in its own operations and its business relationships in the value chain.

Under the proposal, an affected company will be required to:

  • Take measures to prevent adverse impacts on:
    • human rights—including social, trade union, and labor rights;
    • the environment—including production of waste, sustainable use of natural resources, pollution, greenhouse gas emissions, deforestation, biodiversity, and ecosystems; and
    • good governance—including combatting bribery, corruption, and illegal campaign contributions.
  • Identify participants in its “value chain,” including suppliers and subcontractors—not limited to first tier downstream or upstream—that pose major risks. The value chain comprises all of a company’s activities, operations, business relationships, and investment chains, including entities with which the company has a direct or indirect business relationship, upstream and downstream, and which either: (a) supply products, parts of products or services that contribute to the company’s own products or services, or (b) receive products or services from the company”);
  • Ensure that value chain partners have policies in line with its due diligence strategy, by means of contract clauses, codes of conduct, certified independent audits, or otherwise; and
  • Verify that subcontractors and suppliers are and remain in compliance with these obligations.

Unless an affected company believes it is risk-free, it will be required to produce a “due diligence strategy document” in which it will publicly map its value chain and state the following:

  • its potential or actual adverse impacts on human rights, the environment, and good governance;
  • how it will cease, prevent or mitigate them; and
  • how it will prioritize such matters.

Not all companies will be required to take the same actions. Some flexibility will be allowed, but this flexibility will be subject to complicated rules.

This new regime will have teeth. EU member states will have broad enforcement powers. Sanctions may include large fines, being barred from government contracts, and import bans. The proposal also contemplates extra-judicial remedies and civil liabilities.

This proposed directive enjoys broad political support. The European Parliament adopted the March 10 resolution by a large majority. The directive is intended to create a degree of uniformity—and a level playing field—among the EU member states. There are already similar laws on the books in France, Germany and the Netherlands, and other member states have been considering them.

The proposed directive will probably be fully enacted and in force sometime between next year and 2025. Sources indicate that the European Commission (the EU executive branch) and European Parliament will probably adopt the directive in 2022 or 2023. Each EU member state will then be tasked with transposing the directive into its national law, which should be accomplished within two years— that is, by 2025.

Hypothetical Examples

Here are some hypothetical examples of the impact of EUMDD:

Scenario 1. A publicly held U.S. social media company has customers, perhaps called “members,” in the EU, but no other presence there. It will be directly subject to EUMDD and required to comply with all the duties imposed by EUMDD.

Scenario 2. A large Spanish food processor buys palm oil from a U.S. company, which it sources from Indonesia. The Indonesian supplier has an ongoing history of deforestation. EUMDD would likely require the Spanish company to investigate the deforestation (and related effects if any on climate change) and take appropriate action. Although the U.S. company is not directly subject to EUMDD, it will be indirectly affected, because of the Spanish company’s supply chain duties under EUMDD. As a practical matter, the U.S. company will be required to assist the Spanish company in order to keep its business.

Scenario 3. A U.S. footwear company exports shoes to a large Italian retail clothing and footwear chain. The U.S. company buys those shoes from a factory in Asia that employs unfair labor practices, perhaps pursuant to local government policies that suppress ethnic minorities. The Italian company would likely be required by EUMDD to investigate and take appropriate action, and the U.S. company would find itself involved accordingly.


EUMDD is a matter of compliance and also of potential opportunity. Companies that will be directly affected by this “due diligence” regime, and companies that want to do business with them, should begin preparing for it now.

The starting point for a company is to reach a preliminary judgment whether it will be affected by EUMDD. Clearly, a company that exports goods or services to the EU will need to consider the matter, as will any company in the supply chains of such exporters. It is important to remember that EUMDD targets “value chains,” not just supply chains.

If a company concludes that it has potential EUMDD exposure, then it deserves high-priority attention. Taking a cue from risk and compliance management, the best EUMDD practice will be to establish a program. If the company has a serious board of directors, EUMDD will deserve their attention. If the company already has a risk management or sustainability committee, EUMDD can be assigned to it. (If it does not, EUMDD can provide the impetus for creating one.)

If a company will be affected by EUMDD, it can choose to do the least possible to be in compliance, or it can make a strategic decision to find ways to gain a competitive advantage from EUMDD.

A formal plan will be in order. In fact, if a company is directly affected by EUMDD, a “due diligence strategy document” will likely be required by law.

In the spirit of best practices, a company is well advised to install and implement a digital program to manage EUMDD, as is used for managing governance, risk, and compliance.

All of this will benefit from the advice and guidance of CPAs and consultants.

Allen Campbell, JD, is the founder and CEO of McAlan LC, providing information, advice, and solutions with respect to governance, risk, and compliance (GRC) and environmental, social, and governance (ESG). He can be reached at AC@McAlan.com or http://www.McAlan.com.