Assonime

The entity is in favour of making due diligence a legal requirement only for some companies under specific circumstances (large companies, bargaining power, direct upstream relationships)

The entity agrees that a legal framework is needed. However, it states: ‘the adoption of a mandatory due diligence process should be required only under certain circumstances: i) Mandatory rules should be activated only when there is a relationship with suppliers on which the company has an effective bargaining power: this limitation could be defined taking into account the significance of the supplier’s revenues from the company in comparison to its total revenues. A simplified – but less effective way – to identify them, would be to limit the mandatory rules on the first-tier of the supply chain. For the same reason, it should focus on upstream suppliers only…. ii) Mandatory rules should regard only larger companies and company groups only, namely the ones who have an effective market power over their supply chain. This option would be also in line with international best practices’.

The entity is in favour of an horizontal approach. Howerver, it considers that all SMEs should be excluded.

In response to question 16 it states that: 'SMEs should be excluded at least for the following reasons: 1) to ensure coherence with the internationally accepted standards: for instance, the OECD Due Diligence Guidance for Responsible Business Conduct refers only to multinational enterprises and multinational group. It would be inappropriate to extend same initiatives to SMEs. In this perspective, a strong proportionality approach is to be adopted, following what is provided for by the UN Guiding Principles on Business and Human Rights. 2) to appropriately consider the impact of administrative and financial burdens of conducting systematic due diligence, that would be too onerous for SMEs. For this purpose, we suggest a gradual approach, which means to impose mandatory due diligence duty on larger companies and leave SMEs the possibility to opt-in to such a requirement'.

In relation to enforcement mechanisms the entity advocates for supervision by national authorities based con complaints about non-compliance with setting up and implementing due diligence with effective sections, with a mechanism of EU coordination to ensure consistency.

The entity states that ‘the enforcement mechanism should regard only the “non-compliance” with the obligation of introducing a proper “due-diligence system”. This is a very important point, as the introduction of mandatory due diligence provisions cannot introduce a sort of vicarious liability of the company for the damages that are caused by its suppliers, unless this damage has been intentionally caused by the company itself. Beyond this cases, international guidelines (OECD, UNGP) are crystal clear stating that due diligence does not shift responsibilities, neither from governments to companies, nor from suppliers or subcontractors to the companies placing the order. Each State or company has its own responsibility for the action it takes and the adverse impacts it may have. The companies’ duty of care should neither remove the liability of each local actor for its acts nor place the burden of liability on EU companies. Therefore, we could consider the possibility of developing an enforcement mechanism in relation to “non-compliance” cases only, where the company, irrespective of the harm, have not put in place an adequate due-diligence system (administrative liability, with a sanctioning power of the national competent authority: e.g. fines). The enforcement mechanism should be entrusted to the supervision of the competent national authority (legal seat of the company)’.

The entity strongly disagrees with a legal requirement for directors to establish procedures to ensure that possible risks and advese impacts on stakeholders are identified, prevented and addressed. It also disagrees to some extent with a legal requirement for directors to manage the risks of the company in relation to stakeholders and their interests.

The entity strongly disagrees with question 7 in relation to legal requirement for directors to establish procedures to ensure that possible risks and impacts on stakeholders are identified, prevented and addressed. It argues that 'all these aspects are sufficiently covered by existing legal requirements (see answer to Q.6) and corporate governance codes'. Response to question 6, to which it disagrees 'to some extent', refers to including legal requirement for directors to manage possible risks and impacts for the company in relation to stakeholders and their interrests. It argues that ‘we believe that the identification of stakeholder as well as the of the related risks and opportunities naturally falls within the decision-making process of the board. Therefore, there is no need to require it by law. Moreover, we underline that … The second item (risk management) is a consequence of the above-mentioned choices of stakeholder and of the opportunities; the importance of having appropriate internal controls and risk management is already considered by a number of national legislation and is covered by important EU-law milestones, such as the Accounting Directive … and the NFRD'.

Although the entity does not directly refer to remedy and reparation, it only would accept liability in case of causing harm intentionally.

In its response to question 2, the entity states that ‘The whole framework should be completed by an appropriate safe harbour provision. This is a very important point, as the introduction of mandatory due diligence provision cannot introduce a sort of vicarious liability of the company for the damages that are caused by its suppliers, unless this damage has been intentionally caused by the company itself’. In its response to question 19a, it adds: ‘Beyond this cases, international guidelines (OECD, UNGP) are crystal clear stating that due diligence does not shift responsibilities, neither from governments to companies, nor from suppliers or subcontractors to the companies placing the order. Each State or company has its own responsibility for the action it takes and the adverse impacts it may have. The companies’ duty of care should neither remove the liability of each local actor for its acts nor place the burden of liability on EU companies. Therefore, we could consider the possibility of developing an enforcement mechanism in relation to “non-compliance” cases only, where the company, irrespective of the harm, have not put in place an adequate due-diligence system (administrative liability, with a sanctioning power of the national competent authority: e.g. fines)’.

Although it considers grievance an efficient means to detect negative impacts, it does not consider that this should be a requirement.

The entity states that 'The best way to conduct a dialogue with them stakeholders is up to each individual company. As to the evolving practice, possible – but necessarily set on a self-regulatory level within Corporate Governance Codes – mechanisms could be: ... an operational grievance mechanism at company level, which is an efficient means to detect negative impacts at an early stage. Here, companies could consider the possible involvement of the CSR manager, the Stakeholder Relations Office, etc.; a whistleblower procedure open not only to employees but also to stakeholders.' It does not take a position on the relevance of some stakeholder groups (question 5), including employees and communities in the supply chain, and communities affected by the company's operations'.

The Company doesn't consider this a suitable option as enforcement mechanism.

Question 19a asks about enforcement mechanisms through a multiple-choice format, one of which is 'judicial enforcement with liability and compensation in case of harm caused by not fulfilling the due diligence obligations'. The company did not select this as one of its preferred measures.

The Company is in favour of a requirement to implement a due diligence system covering large companies. However, it considers that value chain should cover supplier with whom the company has an effective bargaining power.

In its response to question 14, on whether it agrees with due diligence duty definition, it statse that disagrees with both due diligence duty and supply chain definitions. Although the discrepancy with due diligence duty refers to the climate change side, it states that following in relation to supply chain: ' Mandatory due diligence should regard only suppliers on whom the company has an effective bargaining power: this could be realized by considering, for example, the significance of the supplier’s revenues from the company in comparison to its total revenues. A simplified – but less effective way – to identify them, would be to limit the mandatory rules on the first-tier of the supply chain, i.e. direct subcontractors or providers, where the co-contractors are effectively able to exercise leverage through the contractual relationship. Any further obligation down the supply chain would make it legally uncertain and practically impossible for companies to control and enforce their internal due diligence guidelines. For the same reason, it should focus on upstream suppliers only, while mid- or downstream suppliers shall be excluded from the scope'. It does not refer to improvement over time. Finally, although it does not explicitly refer to remedy, it is inferred that the Company opposes liability for harm caused unless intentional damage is caused (see indicator Q1.2).

The entity disagrees 'to some extent' to a legal requirement for directors to identify stakeholders (incluing vulnerable individuals, groups and communities) and their interests.

It disagrees 'to some extent' with question 6 on being a legal requirement stakeholder identification (and making it a directors' duty). It sates: 'We disagree to some extent with the proposed question. We believe that the identification of stakeholder as well as the of the related risks and opportunities naturally falls within the decision-making process of the board. Therefore, there is no need to require it by law. Moreover, we underline that: The first and the third item (identification of stakeholder and of the opportunities) are pivotal choices of companies’ business strategic plan, which is to be developed by each individual company and its board. Their choice reflects, in fact, one of the key drivers in the definition of the company’s strategy and therefore needs to stay within company’s discretion as part of the business freedom ensured by the national constitutional legal systems. The identification of both varies significantly according to company’s business model and sector specific features'. It also states that 'all these aspects are covered also by the Corporate Governance Codes, .... In Italy, for example, the Italian CG Code recommends the board to pursue the sustainable success of the company “taking into account the interests of relevant stakeholders” (which shall be defined by each individual company) and to define – accordingly – its strategic plan and its internal control and risks management system'. Finally, in its response to question 5, the entity does not take position on the relevance of some stakeholder groups, including employees and communities in the supply chain, and communities affected by companies' direct operations.

The entity strongly disagrees with requiring directors to establish mechanisms for engaging in stakeholder consultation.

It argues that ‘Stakeholder consultation is good practice and should be encouraged. However, according to our answer to Q. 6, the identification of stakeholders as well as the way companies prefer to conduct a dialogue with them are pivotal choices of companies’ business strategic plan, which is to be developed by each individual company and its board. Therefore, the engagement of stakeholder and the best way to conduct a dialogue with them is up to each individual company, which is the only that can identify the best and most appropriate way of conducting stakeholder consultations (centralised vs. decentralised; annual vs on going; problem-based workshops vs. strategic consultative committees) and to strike the right balance between different stakeholders, in order to identify those who are relevant for the company on a case-by-case evaluation. This practice is developing across larger companies and is supported by Corporate Governance Codes, which represent the best flexible tool to tackle this issue’.

The entity disagrees 'to some extent' to a legal requirement for directors to manage risks for the Company in relation to stakeholders. It considers that these issues fall within the decision-making process of the board, and thereferore, there's no need of a law, and risk management is already covered by other legislation.

In its response to question 6, it states that 'We disagree to some extent with the proposed question. We believe that the identification of stakeholder as well as the of the related risks and opportunities naturally falls within the decision-making process of the board. Therefore, there is no need to require it by law. Moreover, we underline that: … The second item (risk management) is a consequence of the above-mentioned choices of stakeholder and of the opportunities; the importance of having appropriate internal controls and risk management is already considered by a number of national legislation and is covered by important EU-law milestones, such as the Accounting Directive … and the NFRD'. As a consequence, we consider that the framework regarding the integration of sustainability risks, impacts and opportunities is already in place and efficient. Moreover, this framework is likely to be strengthened following the review of NFRD and overlapping legislation should therefore be avoided. All these aspects are covered also by the Corporate Governance Codes, which represent – especially in this area – a relevant complementary source to national company law provisions. In Italy, for example, the Italian CG Code recommends the board to pursue the sustainable success of the company “taking into account the interests of relevant stakeholders” (which shall be defined by each individual company) and to define – accordingly – its strategic plan and its internal control and risks management system’.