Private security firms and the EU Corporate Sustainability and Due Diligence Directive
Ian Lyons discusses the EU’s new Corporate Sustainability and Due Diligence Directive and its surprising impact on the UK security industry with barrister Jamas Hodivala KC from Matrix Chambers, London.
Q. Hi Jamas, thanks for taking the time to discuss all of this. I suspect most people in the security industry haven’t heard about the EU’s Corporate Sustainability and Due Diligence Directive (CSDDD). Doesn’t it just affect EU companies?
A. Hi Ian, I’m happy to answer any questions about all of this as it’s quite complicated. It’s a common misunderstanding that EU laws only impact EU companies. Recently, the EU has passed several significant laws that directly apply to both EU companies and non-EU companies that do business in Europe to make sure that all companies doing business in Europe are competing on a level playing field. But importantly, the CSDDD also indirectly affects a vast number of companies around the world, including UK security companies, because those companies that are directly affected will require information from other companies in their value chains that are not directly caught by the new law.
Q. I didn’t know that! So what’s this new law all about?
A. The European Commission is very worried about the impact that global trade is having on the world, with some companies causing serious environmental harm and also profiting from very poor ethical standards in their own supply chains and the value chains of their business partners. Without going into too much detail, Environmental, Social and Governance (ESG) has become a globally important issue and CSDDD requires certain “large” companies to not only adopt climate change plans but also to identify and mitigate what’s called “adverse impacts” from environmental and human rights risks and events in supply chains.
Q. So how does any of this impact on UK security companies?
A. Good question, I did say this was complicated! The CSDDD requires “large” companies that are directly caught by the new law to carry out due diligence on the environmental and human rights risks in their entire supply chains, as well as the value chains of their business partners. That is an enormous task and to help focus resources, the CSDDD includes a list of specific risks that large companies must examine in their supply and value chains. Significantly for the UK security industry, this list includes the risk of inhuman or degrading treatment or death from private or public security guards protecting the company’s resources and facilities. It’s currently unclear whether the CSDDD also requires due diligence checks on all the security companies used in a large company’s supply chains and value chains, so we’ll have to see how each of the Member States responds to the CSDDD.
Q. I see. So to put it simply, “large” companies who are either EU companies or non-EU companies that do business in the EU will need to conduct due diligence on the risks of harm that their security companies present?
A. Exactly. And that’s regardless of the size or location of the security company.
Q. What amounts to a “large” company?
A. It’s any EU company that has 1,000 employees and has a global net turnover of €450m. It’s also any non-EU company that has an EU net turnover of €450m regardless of the number of employees. So any UK security company contracted to a company that ticks either of these boxes would definitely be subject to due diligence checks. It’s unclear at the moment whether UK security companies that provide guards to businesses in the supply chain or value chain of a “large” company will also be subject to due diligence checks.
Q. How will all this affect my UK security company?
A. That’s a good question. A UK security company that is likely to be affected should prepare a due diligence pack for anyone likely to request this information. That due diligence pack may not be substantially different from evidence currently required to be submitted to the Security Industry Authority for licensing purposes, and will probably need to include evidence that all security guards are trained in restraint techniques where appropriate, that such training is maintained, any other risk assessment addressing inhuman or degrading treatment or risks to life along with measures taken to mitigate those risks.
Q. Is it going to be expensive for security companies to comply?
A. It depends. A “large” company must take “appropriate measures” to prevent or mitigate the relevant risks, otherwise it may have to pay compensation to any victim as well as pay a financial penalty to regulators in the Member States. In reality, if a large company thinks there is a risk from its security company it will either require changes to be made or, more likely, it will just change its security provider. So it’s probably better for UK security companies to be clear on whether they are affected and what they must do sooner rather than later.
Q. What else do you think might change?
A. I think there might be two changes. First, because large companies are liable to pay damages to victims and penalties if there is an “adverse impact” in their supply chains, I expect new contractual clauses that require security companies to indemnify the “large” companies for whom they are contracted against such liability. This may also have an impact on insurance premiums for security companies providing services to large companies. Secondly, the supervisory authority in a Member State has broad investigatory powers. Although UK security firms are unlikely to be themselves subject to investigation (unless they are themselves a “large” company), as any investigation will focus on the due diligence conducted by large companies into their value chains rather than a granular investigation of the security company itself, new contractual requirements for security companies to co-operate with any such investigation into a “large” company seem likely.
Q. It all sounds pretty complicated, so thanks for the quick explanation.
A. No problem. I think the best suggestion is for anyone who may be impacted to get advice on their position.
For more information on how we can help please reach out to us on ian@verticalevolves.co.uk for more information.
