The EU’s new CS3D: Opportunities and Challenges in Brazil

This article was originally published by LEC.

In recent years, increasing concerns regarding environmental, social and governance (ESG) compliance have led to corporations facing ever-growing scrutiny. Although the true impact of ESG on the environment, society and business world remains nebulous—primarily due to the various ways to evaluate their effectiveness—U.S. and UK regulators have initiated proactive measures to discern between real, substantive ESG efforts and those that are purely cosmetic. ESG has become a relevant topic in Brazil in the last decade, so it is important to establish similar measures to appropriately measure ESG’s effectiveness in light of the country’s exposure to European Union (EU) regulations.

In April 2023, the EU Parliament’s Legal Affairs Committee endorsed a draft of the Corporate Sustainability Due Diligence Directive (CS3D). The directive seeks to increase ESG-related corporate accountability for environmental and human rights impacts, including the actions of subsidiaries and value chains. Although the legal framework of the CS3D is new territory, its foundation can be traced back to certain national laws focused on human rights scrutiny into a corporation’s subsidiaries or associated third- and fourth-party risks. These include Germany's January 2023 Supply Chain Due Diligence Act and France’s March 2017 Potier Law. Both laws signify progress, but they fail to address the proportionality of a company's responsibility to the size of its turnover, rather than its workforce.

The CS3D lays out a roadmap for corporate responsibility, which entails identifying, preventing, mitigating and accounting for the impacts of a company's operations, including those of their subsidiaries and value chains, on human rights and the environment. By requiring enhanced due diligence, the CS3D obliges companies to integrate sustainability into their agendas, operations and supply chains. Under the CS3D, violations may incur punitive measures including fines, sanctions and compliance orders. In addition, it enables victims of corporate impact on human rights and the environment to seek damages through civil liability claims against the offending companies.

Brazil’s regulatory framework is comparably comprehensive in terms of ESG-related corporate accountability but fails to address the actions of subsidiaries and supply chains. The law regulating Brazilian corporations (Law No. 6.404/1976) requires companies to disclose ESG-related information in their annual reports. The Brazilian Securities Exchange Commission (CVM) has also created specific regulations aiming to increase ESG transparency; a 2009 rule (CVM No. 480/2009) requests companies to publicly disclose their environmental, sustainability and social responsibility initiatives. This particular CVM instruction resonates with Brazil’s long-term commitment to lead in global climate change discussions.

Brazil’s compliance rules have been historically influenced by the EU, one of Brazil’s largest commercial partners. For Brazilian companies to succeed in EU member countries, Brazil has learned to adopt aspects of European compliance standards, which include strict environmental and labor laws. For example, Brazil's General Personal Data Protection Law (LGPD; Law No. 13709/2018) was inspired by the EU’s General Data Protection Regulation (GDPR; EU Regulation No. 2016/679). Central legal definitions, such as the meaning of personal data, were directly replicated by Brazil from the European version.

Despite these apparently robust regulations, incorporating ESG principles remains challenging to corporations in Brazil. Laws and regulations, including the aforementioned examples, clearly establish corporate responsibility on shareholders and administrators; however, they also indicate that shareholders and administrators should act in the interest of all stakeholders of a company, a group not clearly identified and therefore harder to legally hold responsible. Moreover, Brazil’s LGPD, for example, lacks certain existing parameters present in the EU’s GDPRs, such as the type of data considered sensitive and considerations on when to identify an individual. These somewhat-common conceptual gaps allow for legal interpretation, frequently hindering the consistent monitoring and enforcement of laws and regulations.

Historically, EU directives have helped Brazil define its own regulatory framework. Yet measuring the effectiveness of ESG-related rules is still an obstacle. However, EU directives require robust institutions, making their global applicability difficult, particularly for jurisdictions in which enforcement measures are not as rigorous. Brazil's ESG regulatory framework still needs to catch up with the country's reality; environmental issues stemming from limited enforcement, as well as ongoing governance issues and social inequalities, showcase a second gap, between corporate compliance and the life of most Brazilians. Brazil's political instability further challenges the effectiveness and consistency of ESG rules due to ever-changing priorities.

As such, joint efforts from regulators and companies are a central requirement to create models that both align with those of international regulatory regimes and also address Brazil’s specific challenges. While it is still early to understand the CS3D’s possible influence on companies without a European footprint, the directive’s detailed roadmap for companies—as well as its focus on identifying issues further along the supply chain—may allow Brazil to fill in lingering gaps, thus facilitating enforcement from authorities to effectively incorporate ESG rules.