Corporate Sustainability Due Diligence Directive (CSDDD or the EU Supply Chain Law): A Comprehensive Analysis and Review of its Implications on Vietnam-based Companies

1. H:CSDDD (updated)_DB.docx
Corporate Sustainability Due Diligence Directive (CSDDD or the EU Supply Chain Law): A Comprehensive
Analysis and Review of its Implications on Vietnam-based Companies
In recent years, the European Union has increasingly prioritized sustainability, recognizing its fundamental
role in addressing global challenges. Various legislative frameworks have been put in place to integrate
environmental, social, and governance (ESG) considerations into corporate strategies, including the Non-
Financial Reporting Directive (NFRD), the Sustainable Finance Disclosure Regulation (SFDR), the EU
Taxonomy Regulation, the Corporate Sustainability Reporting Directive (CSRD), etc.
Recent developments have also seen individual EU Member States enact their own supply chain laws,
varying in scope and legal consequences. Seeking to establish a common baseline across Member States,
the European legislator aims to complement existing regulations with the Corporate Sustainability Due
Diligence Directive (CSDDD), commonly referred to as the "EU Supply Chain Law".
The Directive aims to establish a comprehensive due diligence framework, requiring companies to identify,
prevent, and mitigate adverse impacts on human rights, the environment, and good governance throughout
their supply chains. If enacted as expected, the CSDDD would impose substantial responsibilities on
companies, including those operating in Vietnam and linked to the EU, necessitating compliance with the
Directive's provisions and engaging in effective due diligence practices.
As the legislative landscape evolves, companies should remain vigilant and be prepared for potential
changes to their sustainability and due diligence obligations.
Below, you will find an overview of the relevant provisions of the CSDDD for companies based in Vietnam.
CSDDD – Overview
Status
After extensive discussions behind closed doors and multiple delays in the European Council's vote, on 15
March 2023 the majority of EU member states have agreed on a draft overall compromise package of the
CSDDD, paving the way for its adoption by the European Parliament. Parliamentary approval is expected
to follow suit. As a next step, should the Parliament adopt its position at first reading in accordance with
the compromise package, the European Council would approve the Parliament's position, resulting in the
adoption of the act in the wording corresponding to the Parliament's position.
Achieving this breakthrough, however, required several significant changes to the original Draft Directive.
While the concept of corporate civil liability as set out in the Draft Directive remains intact, the scope of
the Directive has been narrowed, significantly reducing the number of companies affected, including
companies in Vietnam. This was reached by raising the employee and turnover thresholds for companies,
and by removing the original list of "specific sectors" (e.g. textile and leather production, agriculture,
forestry and fisheries, and extractive industries) that were considered to have an inherently higher risk of
human rights violations, potentially affecting companies with smaller staff and turnover. Additionally, a
new aspect compared to the previous Draft is the introduction of a tiered approach, establishing transition
periods ranging from three to five years based on the number of employees and global turnover for
companies concerning CSDDD provisions.
Scope
General Scope

2. H:CSDDD (updated)_DB.docx
As a compromise solution, the Directive has been delineated with a flexible scope of application. It provides
that it will only apply to companies meeting the specified conditions in two consecutive financial years.
Conversely, the Directive will cease to apply to companies if the conditions outlined in the Directive are
not met for each of the last two relevant financial years.
Addressees of Obligations
If the Directive – as set forth in the compromise package – comes into effect and is implemented by the
Member States, the obligated entities would include companies, irrespective of their legal form and size,
including SMEs and certain regulated financial undertakings outlined in the Directive.
The obligations set out in the Directive should apply to companies established under the laws of a Member
State meeting the following criteria ("Category 1"):
(i) the company had, on average, more than 1000 employees and had a net worldwide turnover of
more than EUR 450 million in the last financial year for which annual financial statements have
been or should have been adopted;
(ii) the company did not meet the above thresholds but is the ultimate parent company of a group that
reaches the thresholds in the last financial year for which consolidated annual financial statements
have been or should have been adopted; or
(iii) the company entered into or is the ultimate parent company of a group that entered into franchising
or licensing agreements in the Union in return for royalties with independent third-party companies,
where these agreements ensure a common identity, a common business concept and the application
of uniform business methods, and where these royalties amount to more than EUR 22,5 million in
the last financial year for which annual financial statements have been or should have been adopted,
and provided that the company had or is the ultimate parent company of a group that had a net
worldwide turnover of more than EUR 80 million in the last financial year for which annual
financial statements have been or should have been adopted.
In addition, obligations apply to companies established under the laws of a third country fulfilling one of
the following conditions ("Category 2"):
(i) the company generated a net turnover of more than EUR 450 million in the Union in the financial
year preceding the last financial year;
(ii) the company did not reach the above thresholds but is the ultimate parent company of a group that
on a consolidated basis reaches the thresholds in the financial year preceding the last financial year;
or
(iii) the company entered into or is the ultimate parent company of a group that entered into franchising
or licensing agreements in the Union in return for royalties with independent third-party companies,
where these agreements ensure a common identity, a common business concept and the application
of uniform business methods, and where these royalties amount to more than EUR 22,5 million in
the Union in the financial year preceding the last financial year; and provided that the company
generated or is the ultimate parent company of a group that generated a net turnover of more than
EUR 80 million in the Union in the financial year preceding the last financial year.
Exemptions

3. H:CSDDD (updated)_DB.docx
It is remarkable that the amended version of the Draft CSDDD significantly restricts its scope, as it now
includes a provision for exemptions. Namely, if the primary activity of the ultimate parent company is
holding shares in operational subsidiaries and it does not engage in making management, operational, or
financial decisions affecting the group or any of its subsidiaries, it may be exempted from fulfilling the
obligations under the Directive. However, this exemption is contingent upon one of the ultimate parent
company's subsidiaries, established in the Union, being designated to fulfill the CSDDD obligations on
behalf of the ultimate parent company, including its obligations regarding its subsidiaries' activities. In such
instances, the designated subsidiary is granted the necessary means and legal authority to effectively fulfill
these obligations, particularly in ensuring it receives relevant information and documents from the group's
companies to meet the ultimate parent company's obligations under the CSDDD. The ultimate parent
company must seek this exemption from the competent supervisory authority. If the above-mentioned
conditions are met, the competent supervisory authority will grant the exemption. Nevertheless, the ultimate
parent company remains jointly liable with the designated subsidiary for any failure of the latter to comply
with its obligations.
Additionally, determining whether a company falls under the CSDDD is intended to be subject to ongoing
assessment: Where a company has met the Category 1 or 2 criteria, the Directive shall only apply if this
occurs in two consecutive financial years. Conversely, the Directive shall no longer apply to a company
where the conditions laid down in the relevant Category cease to be met for each of the last two relevant
financial years.
Temporal Scope of the Provisions
Moreover, the transposition periods for the CSDDD provisions vary depending on the size and formation
of the companies. For companies falling under Category 1 (i) and (ii) with more than 5000 employees and
a net worldwide turnover of over EUR 1500 million, the Directive will apply three years after its entry into
force. Similarly, for companies meeting the same criteria but with more than 3000 employees and a net
worldwide turnover of more than EUR 900 million, the Directive will apply four years after its entry into
force. Companies falling under Category 2 (i) and (ii) with a net turnover exceeding EUR 1500 million in
the Union, will be covered by the Directive three years after its entry into force, while those with a net
turnover exceeding EUR 900 million fall under it four years after. All other companies in both Categories
will be subject to the Directive five years after its entry into force. However, the measures necessary to
comply with reporting obligations under the CSDDD will be applied to these companies starting on from
January 1, 2028 or January 1, 2029.
Content – What Vietnam-based Companies Must Know?
Key Obligations
Companies are expected to fulfill their due diligence obligations through the following measures and
exchange resources and information with their respective groups of companies and with other legal entities
in accordance with applicable competition law:
 Integration of risk-based human rights and environmental due diligence into all their relevant
policies and risk management systems, developed in prior consultation with the company’s
employees and their representatives, and including an annually (or promptly following significant
changes) updated due diligence policy containing a description of the company’s (long term)
approach, a code of conduct (CoC) for employees, subsidiaries and (in)direct business partners,
and a description of processes and measures taken to integrate and implement due diligence and to
verify compliance with the CoC and to extend its application to business relationships.

4. H:CSDDD (updated)_DB.docx
 Identification and assessment of actual or potential adverse human rights and environmental
impacts arising from the company's operations (or those of their subsidiaries and – where related
to their chains of activities – from their business partners) through "appropriate measures." In
essence, companies are required to (a) map their own operations, their subsidiaries', and, if
applicable, their business partners' operations in order to pinpoint areas prone to adverse impacts;
(b) carry out an in-depth assessment of these operations based on the mapping results. Furthermore,
if essential information for the in-depth assessment can be obtained from business partners at
different levels of the chain of activities, companies should prioritize requesting it directly from
partners operating in areas most susceptible to adverse impacts.
If it's not possible for companies to address all identified adverse impacts simultaneously and to
their fullest extent, companies shall prioritize addressing of identified adverse impacts when
fulfilling their obligation to prevent, mitigate, bring them to an end or minimize them. Prioritization
should be determined based on the severity and likelihood of adverse impacts. Once the most severe
and likely adverse impacts are addressed within a reasonable timeframe, companies shall then
address less severe and likely adverse impacts.
A tiered regulatory concept follows the identification, distinguishing between potential and actual adverse
impacts:
 Potential adverse impacts shall primarily be prevented and – if not (immediately) possible –
adequately mitigated. To determine the appropriate measures companies have to take in this regard,
consideration must be given to (a) whether the potential adverse impact stems solely from the
company, jointly from the company and its subsidiary or business partner, or solely from the
company’s business partner in the chain of activities; (b) whether the potential adverse impact may
arise in the operations of the subsidiary, direct business partner, or indirect business partner; (c) the
company's ability to influence the business partner responsible for or contributing to the potential
adverse impact.
Depending on the latter, the appropriate measures may include:
o the development without undue delay of a "prevention action plan" (in cooperation with
industry or multi-stakeholder initiatives) adapted to company’s operations and chain of
activities and containing defined timelines and indicators to measure improvement;
o establishing contractual assurances from direct business partners – and from their partners,
to the extent that their activities are part of the company’s chain of activities – ensuring the
compliance with the company’s CoC and and, as necessary, a prevention action plan;
o necessary financial or non-financial investments, adjustments or upgrades, such as into
facilities, production or other operational processes and infrastructures;
o necessary modifications of, or improvements to, the company’s own business plan, overall
strategies and operations, including purchasing practices, design and distribution practices;
o targeted and proportionate support for an SME which is a company’s business partner, as
needed considering the SME's resources, expertise, and limitations. This may involve
providing or facilitating access to capacity-building, training, or upgrading management
systems. If compliance with the CoC or the prevention action plan would jeopardize the
SME's viability, the company shall provide targeted and proportionate financial support,

5. H:CSDDD (updated)_DB.docx
such as direct financing, low-interest loans, guarantees for continued sourcing, or
assistance in securing financing;
o collaboration with other entities compliant with Union law for the purpose of increasing
the company’s ability to prevent or mitigate the adverse impact, in particular where no
other measure is suitable or effective;
 Actual adverse impacts should be primarily brought to an end or – if not immediately possible –
minimized in their extent. Again, this should be based on appropriate measures to be determined
according to the above-mentioned criteria regarding potential adverse effects. Such appropriate
measures may include:
o neutralizing/minimizing the extent of impacts through actions appropriate to the severity
of the adverse impact and to the company’s implication in the adverse impact;
o developing and implementing a “corrective action plan” without undue delay (in
cooperation with industry or multi-stakeholder initiatives) adapted to the company’s
operations and chain of activities and containing defined timelines and indicators to
measure improvement, if the adverse impact cannot be immediately brought to an end;
o establishing contractual assurances from direct business partners – and from their partners,
to the extent that their activities are part of the company’s chain of activities – ensuring the
compliance with the company’s CoC and, as necessary, a correction action plan;
o making necessary financial or non-financial investments, adjustments or upgrades, such as
into facilities, production or other operational processes and infrastructures;
o making necessary modifications of, or improvements to, the company’s own business plan,
overall strategies and operations, including purchasing practices, design and distribution
practices;
o providing targeted and proportionate support for an SME which is a company’s business
partner, as needed considering the SME's resources, expertise, and limitations. This may
involve providing or facilitating access to capacity-building, training, or upgrading
management systems. If compliance with the CoC or the prevention action plan would
jeopardize the SME's viability, the company shall provide targeted and proportionate
financial support, such as direct financing, low-interest loans, guarantees for continued
sourcing, or assistance in securing financing;
o collaborating with other entities compliant with Union law for the purpose of increasing
the company’s ability to bring to an end or minimize the extent of such impact, in particular
where no other measure is suitable or effective;
o providing remediation when the company is responsible for or contributes to an actual
adverse impact. In cases where the adverse impact solely stems from the company's
business partner, the company may choose to offer voluntary remediation or utilize its
influence over the partner to facilitate remediation.
Companies may, where relevant, implement additional measures beyond those outlined above.
These may include engaging with business partners regarding expectations for preventing and
mitigating potential adverse impacts or bringing actual adverse impacts to an end or minimize the
extent of such impacts, as well as providing or facilitating access to capacity-building, guidance,

6. H:CSDDD (updated)_DB.docx
administrative and financial support such as loans or financing, while considering the resources,
knowledge, and constraints of the business partner.
In case the adverse impacts could not be prevented/adequately mitigated/brought to an
end/minimized by the measures listed above, companies may seek contractual assurances with
indirect business partners (including SMEs) accompanied by appropriate measures to verify
compliance (e.g. independent third-party verification, including through industry or multi-
stakeholder initiatives). To lighten the burden on SMEs, the CSDDD stipulates that the terms used
shall be fair, reasonable and non-discriminatory, and costs of verification measures – if considered
as necessary upon assessment – shall be borne by the company; In case the SME requests to pay at
least a part of the cost, or in agreement with the company, it shall be able to share the results of
verifications with other companies.
If the measures stated above are ineffective, the company shall – as a last resort – refrain from
entering into new or extending existing relations with the business partner in connection with or in
the chain of activities of which the impact has arisen; If permitted by law and after assessing
whether the impacts of suspension or termination would outweigh those of the adverse impact, the
company must then: (a) adopt and implement an enhanced prevention/corrective action plan
without undue delay, by using or increasing the company’s leverage through the temporary
suspension of business relationships with respect to the activities concerned, including a specific
and appropriate timeline for actions, during which the company may seek alternative business
partners; (b) terminate the relationship if there is no reasonable expectation that the efforts would
succeed or the implementation of the plan fails to prevent/mitigate the adverse impacts. In this
regard, Member States shall ensure that contracts allow for suspension or termination, except where
mandated by law. The company shall prevent/mitigate/bring to an end the impacts of
suspension/termination, provide notice to the business partner, and review its decision regularly. If
the company opts not to suspend/terminate, it must monitor and reassess potential impacts and
appropriate measures available periodically.
 Companies must also designate a legal or natural person established or domiciled in an EU Member
State as an authorized representative to facilitate effective cooperation with the supervisory
authority responsible for monitoring compliance obligations. Companies established in Vietnam
will be subject to supervisory scrutiny, with the competent authority being that of the Member State
in which the company has a branch. If the company has no branch in a Member State or has
branches in different Member States, the authority of the Member State in which the company
generated most of its Union net turnover in the financial year preceding the last financial year,
preceding a certain date to be specified by the Member States or the time when the company first
met the Category 2 criteria, whichever comes last, will be responsible. In the event of a significant
change in circumstances, the company may request to change the competent supervisory authority.
 Member States must ensure that parent companies covered by the CSDDD and meeting certain
conditions set out in it can fulfill the obligations outlined there on behalf of their subsidiaries under
the Directive's scope, provided it ensures effective compliance. However, this doesn't affect
subsidiaries' supervision or their civil liability.
Other Relevant Provisions
The directive includes the following additional provisions the application of which must be ensured by
Member States:

7. H:CSDDD (updated)_DB.docx
 Companies shall effectively engage with stakeholders, providing relevant information and allowing
stakeholders to request additional information if needed. Stakeholder consultation should occur at
various stages of the due diligence process; however, if effective engagement with stakeholders is
not reasonably possible, companies shall consult additionally with experts who can provide credible
insights into potential or actual adverse impacts. Companies must identify and address barriers to
engagement, ensuring participants are protected from retaliation and retribution, including by
maintaining confidentiality or anonymity. Companies shall also be allowed to fulfill these
obligations through industry or multi-stakeholder initiatives; the latter, however, shall not replace
consultation with employees and their representatives, which must comply with relevant EU and
national legislation.
 Companies shall establish and maintain a “fair, publicly available, accessible, predictable and
transparent” complaints procedure, in which companies shall take reasonably available measures
to prevent any form of retaliation by ensuring the confidentiality of the identity of the person or
organization submitting the complaint. Individuals and organizations (and their representatives)
with legitimate concerns about the actual or potential adverse impacts of a company’s operations,
operations of its subsidiaries or business partners in the company’s chain of activities can submit
complaints to the company, demand appropriate follow-up actions, meet with company
representatives for discussions, and shall be provided with the reasoning as to whether a complaint
has been considered founded or unfounded. In the case of a well-founded complaint, they are to be
provided with information on the steps and actions taken or to be taken, the adverse impact that is
the subject matter of the complaint is deemed to be identified, and the company shall take
appropriate measures.
Furthermore, companies shall establish an accessible mechanism for individuals and organizations
to submit notifications regarding actual or potential adverse impacts related to their operations,
subsidiaries, and business partners in their chains of activities. Notifications can be made
anonymously or confidentially as per national law, and companies must prevent retaliation by
maintaining the confidentiality of the notifier's identity. Additionally, companies may inform
notifiers about actions taken or planned. Companies shall also be allowed to fulfill these obligations
through collaborative complaints' procedures and notification mechanisms, provided they meet
specified requirements. Submitting a notification or complaint does not affect access to other
procedures or mechanisms.
 Companies shall assess the implementation and monitor the adequacy and effectiveness of their
own operations and measures, those of their subsidiaries and, where related to the their chains of
activities, those of their business partners regarding the identification, prevention, mitigation,
bringing to an end and minimization of the extent of adverse impacts; the assessments shall be
carried out without undue delay after a significant change occurs, but at least every 12 months and
whenever there are reasonable grounds to believe that significant new risks regarding adverse
impacts may arise. The company shall update its due diligence policy, the identified adverse
impacts and the derived appropriate measures accordingly.
 Companies not subject to reporting requirements under the Accounting Directive (2013/34/EU)
shall report on matters covered by the CSDDD by publishing an annual statement on their website.
The statement must be published in at least one official language of the EU Member State of the
supervisory authority designated pursuant to the CSDDD and, where different, in a language
common in the sphere of international business. It should be published within 12 months after the

8. H:CSDDD (updated)_DB.docx
financial year's balance sheet date or, for companies voluntarily reporting under the Accounting
Directive, by the annual financial statements' publication date. Companies formed under third-
country legislation – thus, also companies established under Vietnamese law – must include
information about their authorized representative. By March 31, 2027, the Commission will adopt
delegated acts specifying detailed reporting content and criteria, aligning them with sustainability
reporting standards under the Accounting Directive and ensuring no duplication with reporting
requirements for companies subject to the Disclosure Regulation (EU) 2019/2088.
From January 1, 2029, companies shall, when publishing their annual statement, simultaneously
submit it to a collection body specified in the CSDDD. The purpose is to make the statement
accessible on the European Single Access Point (ESAP) established under Regulation (EU)
2023/2859. Member States shall also ensure that the submitted information meets certain
requirements: it must be in a data-extractable format as defined in Regulation (EU) 2023/2859 or,
if required by Union or national law, in a machine-readable format. Metadata accompanying the
information should include the company's names, legal entity identifier, company size, industry
sector, type of information, and an indication of whether personal data is included. Furthermore,
Member States shall ensure companies obtain a legal entity identifier and, by December 31, 2028,
designate at least one collection body and notify ESMA thereof, to make the information accessible
on ESAP. The European Commission is empowered to adopt implementing measures to specify
additional metadata, data structuring, and the required machine-readable format for information
submission.
 Planned guidelines, including general guidelines and for specific sectors or specific adverse
impacts, by the EU Commission will include model contract clauses.
 Member States shall, furthermore, establish dedicated websites, platforms, or portals to provide
information and support to companies, their business partners, and stakeholders. These platforms
should particularly cater to SMEs involved in companies’ chains of activities and provide access to
reporting criteria, Commission’s guidance, a single helpdesk (through which companies may seek
information, guidance and support about how to fulfil their obligations), and information for
stakeholders on how to engage throughout the due diligence process. Member States may
financially support SMEs and stakeholders, and the Commission may supplement these measures,
including through joint stakeholder initiatives. Companies can participate in industry initiatives and
use third-party verification to support due diligence obligations, ensuring independence and
accountability. Guidance will be issued by the Commission to assess the suitability of such
initiatives and verifiers.
 Companies shall adopt and implement a transition plan for climate change mitigation, aligning with
the goals of the Paris Agreement and EU regulations. The plan must be updated annually, detailing
progress towards time-bound targets and should include decarbonization strategies, investment
details, and roles of administrative bodies. Companies already reporting a transition plan under
relevant EU directives are considered compliant.
 Supervisory authorities shall be equipped with adequate powers and resources to enforce
obligations outlined in the CSDDD, including to request information and conduct investigations.
Supervisory authorities should be able to initiate inspections – without prior warning to the
company where this hinders the effectiveness of the inspection – on their own motion or upon
substantiated concerns. If non-compliance is identified, companies are given a chance to remedy
the situation; however, measures imposed by the supervisory authority do not preclude

9. H:CSDDD (updated)_DB.docx
administrative sanctions or civil liability in case of damage. In this context, supervisory authorities
shall also have powers to order cessation of infringements, impose penalties, and take interim
measures. These powers can be exercised directly, in cooperation with other authorities, or through
judicial application. Inversely, individuals shall have the right to effective judicial remedies against
decisions made by supervisory authorities. Supervisory authorities are required to keep records of
investigations and enforcement actions. Decisions made by supervisory authorities regarding
compliance do not affect a company's civil liability.
 Natural and legal persons with objective grounds to believe that a company is violating national
provisions adopted pursuant to the CSDDD shall be able to submit their substantiated concerns to
any supervisory authority and be informed of the outcome of the examination and the supervisory
decision. Access to national courts or other independent and impartial public bodies shall be granted
to review the procedural and substantive legality of supervisory decisions, acts or failures to act.
 The reporting of breaches and the protection of reporting persons shall follow the Whistleblower
Protection Directive (EU) 2019/1937 and the respective national implementation laws.
 Adherence to the obligations outlined in the CSDDD, whether through mandatory adoption or
voluntary measures, shall be considered an environmental or social factor that contracting
authorities can take into consideration when awarding public and concession contracts, as per
Directives 2014/24/EU, 2014/25/EU, and 2014/23/EU.
Penalties and Liability
Member States shall establish and enforce penalties for violations of national provisions under the CSDDD,
ensuring that they are “effective, proportionate, and dissuasive”. Penalties must consider the nature and
severity of the infringement, previous violations, remedial actions taken, and financial benefits or losses
from the infringement etc. Pecuniary penalties shall be based on the company's net worldwide turnover,
with a maximum limit of not less than 5% of the turnover in the preceding financial year. Decisions
containing penalties must be published, publicly available for at least 5 years, and shared with the European
Network of Supervisory Authorities (ENSA), excluding personal data.
Member States shall also ensure that companies can be held liable for damages caused by intentional or
negligent failure to comply with the CSDDD obligations regarding the prevention of potential and bringing
to an end of actual adverse impacts, provided that the right, prohibition or obligation listed in Annex I
(“Rights And Prohibitions Included In International Human Rights Instruments”) is aimed to protect the
natural or legal person, and the violation harms a natural or legal person protected under national law. This
liability constitutes a legal novelty and entails the obligation for full compensation. It also extends to
companies that have participated in industry initiatives or used third-party verification.
Nevertheless, a company can't be held liable if damage is solely caused by its business partners. If the
company is held liable, the affected party has the right to full compensation under national law without
leading to overcompensation. Member States shall, furthermore, ensure reasonable limitation periods (at
least 5 years) for bringing actions for damages and accessible legal proceedings which shall not begin to
run before the infringement has ceased and the claimant knows or can reasonably be expected to know of
the behavior, the caused harm and the identity of the infringer. Claimants shall also be allowed to seek
injunctive measures and authorize relevant organizations to bring actions on behalf of injured parties. It
should also be noted that national courts can order disclosure of evidence as necessary for claims, and
companies involved in initiatives or third-party verification can still be held liable. In addition, the liability
of a company for damages doesn't affect the liability of its subsidiaries or business partners. The civil

10. H:CSDDD (updated)_DB.docx
liability rules in the CSDDD don't limit companies' liability under other legal systems and may be enforced
even if the applicable law isn't that of a Member State.
Implications of the Potential Implementation of the CSDDD on Vietnam-based Companies
In the event of the CSDDD coming into effect, EU companies falling under Category 1 will extend their
due diligence obligations to their business partners, including those overseas. As a result, even companies
based in Vietnam closely linked to the chains of activities of these EU entities, would be indirectly held
accountable. However, the CSDDD does not limit itself to indirect effects but explicitly extends its scope
to companies based in third countries. Thus, Vietnamese companies or companies with branches in Vietnam
would be direct addressees of Category 2 obligations. In this regard, the ENSA shall publish an indicative
list of third country companies subject to the CSDDD. This is particularly relevant for Vietnam-based
companies, as it will provide clarity on which entities fall under the scope of the Directive. However, it is
important that the criteria for the opening of the scope of the Directive are regularly reviewed. The start of
the application of the regulations, particularly for Category 2 companies, but also for Category 1 companies,
as this may indirectly affect companies in Vietnam, must be also taken into account.
Moreover, the rules on penalties to be adopted by Member States will also be (in-)directly relevant for
Vietnamese companies.
Therefore, investment in and adoption of sustainable technologies and practices, coupled with legal advice
on appropriate strategies, will be critical in this context and for risk mitigation. Going forward, it will also
be essential to comply with regulatory guidelines issued by the supervisory authorities and the European
Commission.
Our firm is ready to assist and guide you in these matters and to help you develop appropriate strategies.
CSDDD and EVFTA
Nevertheless, Vietnamese companies are unlikely to be caught completely off guard by these commitments.
Given their existing commitments under the EVFTA, encompassing CSR and environmental standards,
climate protocols and biodiversity protection, they are not entirely unprepared. Chapter 13 of the EVFTA
integrates sustainable development as a fundamental component of the bilateral trade relations with the EU.
In light of the EVFTA commitments, Vietnam is striving to ensure and promote a high level of
environmental, labor and social protection through its legislation and policies, and is constantly seeking to
improve. Regarding procedural guarantees, unlike other topics discussed within the EVFTA framework,
any dispute arising from Chapter 13 relating to trade and sustainable development, including labor, is not
subject to the general dispute settlement procedures under Chapter 15. Discussion on labor issues can only
be settled through government-to-government consultations or panel of expert as stipulated under Chapter
13.
In terms of labor standards, the EVFTA does not create any new standards, but emphasises the
implementation of commitments that Vietnam and the EU made to as members of the ILO and it’s
Declaration on Fundamental Principles and Rights at Work, and its follow-up, specifically: i) the freedom
of association and the effective recognition of the right to collective bargaining, ii) the elimination of all
forms of forced or compulsory labor, iii) the effective abolition of child labor; and iv) the elimination of
discrimination in respect of employment and occupation. Prior to the entry into force of the EVFTA,
Vietnam had already adopted and adjusted its laws, regulations, and policies to be in line with
internationally recognized labor standards. This process continues as Vietnam fulfils its obligations under
both the CPTPP and the EVFTA, notably the amended Labor Code in 2019.

11. H:CSDDD (updated)_DB.docx
In terms of environment protection, in addition to Chapter 13, the EVFTA also contains a dedicated chapter
on Non-tariff Barriers to Trade and Investment in Renewable Energy Generation. It covers specific rules
for the renewable energy sector (i) on non-discriminatory treatment in general (licensing and authorization
procedures), (ii) on local content in particular, and further (iii) on the use of international standards.
Relevant recent initiatives include Decision No. 876/QD-TTg on approving the Action Program for
Transition to Green Energy and Mitigation of Carbon Dioxide and Methane Emissions from Transportation,
Decision No. 500/QD-TTg on the issuance of the Power Development Plan VIII, Law No. 72/2020/QH14
on Environmental Protection, and the "One Strategic Framework for Sustainable Development Cooperation
between the Government of the Socialist Republic of Vietnam and the United Nations for the Period 2022-
2026", among others. These necessarily imply a number of obligations for companies operating in Vietnam
to adhere to these standards and local requirements.
Conclusion
In essence, with the expected EU Supply Chain Directive on the horizon, companies based in Vietnam must
remain vigilant.
The CSDDD sets out obligations for companies concerning actual and potential adverse impacts on human
rights and the environment related to their own activities, those of their subsidiaries, and their business
partners. Its current compromise-based wording suggests that the Directive will soon come into effect.
Therefore, affected companies in Vietnam need to prepare for the future legal landscape as early as possible
to remain competitive in the EU market. By proactively adapting to the evolving legal framework,
Vietnamese businesses can effectively navigate these challenges and sustain their foothold in Europe.
Please do not hesitate to contact Dr. Oliver Massmann under omassmann@duanemorris.com if you have
any questions or want to know more details on the above. Dr. Oliver Massmann is the General Director of
Duane Morris Vietnam LLC.