1.8 Tracking progress

Article 15, Monitoring

 Member States shall ensure that companies carry out periodic assessments of their own operations and measures, those of their subsidiaries and, where related to the chain of activities of the company, those of their business partners, to assess the implementation and to monitor the adequacy and effectiveness of the identification, prevention, mitigation, bringing to an end and minimisation of the extent of adverse impacts.

Such assessments shall be based, where appropriate, on qualitative and quantitative indicators and becarried out without undue delay after a significant change occurs, but at least every 12 months and whenever there are reasonable grounds to believe that new risks of the occurrence of those adverse impacts may arise. Where appropriate, the due diligence policy, the adverse impacts identified and the appropriate measures that derived shall be updated in accordance with the outcome of such assessments and with due consideration of relevant information from stakeholders

Recital 39

In order to ensure that due diligence forms part of companies’ policies and risk management systems, and in line with the relevant international framework, companies should integrate due diligence into their relevant policies and risk management systems and at all relevant levels of operation, and have in place a due diligence policy. The due diligence policy should be developed in prior consultation with the company’s employees and their representatives and should contain a description of the company’s approach, including in the long term, to due diligence, a code of conduct describing the rules and principles to be followed throughout the company and its subsidiaries, and, where relevant, the company’s direct or indirect business partners and a description of the processes put in place to integrate due diligence into the relevant policies and to carry out due diligence, including the measures taken to verify compliance with the code of conduct and to extend its application to business partners. The due diligence policy should ensure a risk-based due diligence. The code of conduct should apply in all relevant corporate functions and operations, including procurement, employment and purchasing decisions. For the purposes of this Directive, employees should be understood as including temporary agency workers, and other workers in non-standard forms of employment provided that they fulfil the criteria for determining the status of worker established by the CJEU.

Recital 41
 

Identification of adverse impacts should include assessing the human rights and environmental context in a dynamic way and at regular intervals: without undue delay after a significant change occurs, but at least every 12 months, throughout the life cycle of an activity or relationship, and whenever there are reasonable grounds to believe that new risks may arise.

Recital 61: 
 

Companies should monitor the implementation and effectiveness of their due diligence measures. They should carry out periodic assessments of their own operations, those of their subsidiaries and, where related to the chain of activities of the company, those of their business partners, to assess the implementation and to monitor the adequacy and effectiveness of the identification, prevention, minimisation, bringing to an end and mitigation of adverse impacts.

Such assessments should verify that adverse impacts are properly identified, due diligence measures are implemented and adverse impacts have actually been prevented or brought to an end. In order to ensure that such assessments are up-to-date, they should be carried out without undue delay after a significant change occurs, but at least every 12 months and be revised in-between if there are reasonable grounds to believe that new risks of adverse impact could have arisen.

 A significant change should be understood as a change to the status quo of the company’s own operations, operations of its subsidiaries or business partners, the legal or business environment or any other substantial shift from the situation of the company or its operating context. Examples of a significant change could be cases when the company starts to operate in a new economic sector or geographical area, starts producing new products or changes the way of producing the existing products using technology with potentially higher adverse impact, or changes its corporate structure via restructuring or via mergers or acquisitions. Reasonable grounds to believe that there are new risks may arise in different ways, including learning about the adverse impact from publicly available information, through stakeholder engagement, or through notifications.

Companies should retain documentation demonstrating their compliance with this requirement for at least five years. Such documentation should at least include, where relevant, the identified impacts and in-depth assessments pursuant to Article 8, the prevention and/or corrective action plan pursuant to Articles 10(2), point (a), and 11(3), point (b), contractual provisions obtained or contracts concluded pursuant to Articles 10(2), point (b), Article 10(4) and 11(3)(c), Article 11(5), verifications pursuant to Articles 10(5) and 11(6), remediation measures, periodic assessments as part of the company’s monitoring obligation, as well as notifications and complaints. Financial undertakings should carry out periodic assessment only of their own operations, those of their subsidiaries and those of their upstream business partners.