A new Sustainability Reporting Act came into force this year
At the beginning of 2024, the Finnish Accounting Act underwent a significant extension when the EU’s Corporate Sustainability Reporting Directive (CSRD), adopted in 2022, was transposed into domestic law. The new law says that certain companies must disclose a number of environmental, human and governance-related sustainability issues in their annual reports. The legislation applies to financial years beginning on or after 1 January 2024, so it is already in force.
In the first phase, the new law applies to large listed companies, credit institutions, insurance companies and pension companies (or groups) with 500 or more employees. Thereafter, the scope will be extended each year so that from 2026, all other large companies (or large groups) as defined in the Accounting Act, as well as small and medium-sized listed companies will be covered. While the formal scope of the Act is already quite broad, the big news is that in reality it can affect any company in Finland, regardless of size.
“One thing is clear: Any small or medium-sized company that serves large companies directly or indirectly, may sooner or later be asked to come up with the data that is required for sustainability reporting.”
The reporting companies are required to report specific sustainability information in their financial statements in accordance with a standard that is harmonised on the EU level. The reports must include information on the company’s or group’s carbon footprint and other environmental risks, and actions to manage them, as well as information on social aspects (e.g. relating to employees, communities and consumers) and governance (e.g. relating to ethical business and corporate culture).
In other words, the large companies must publish extensive, data-intensive reports on their sustainability (ESG) efforts.
It is particularly noteworthy that although the law only applies to larger companies and groups as well as listed companies, they are required to report data from the total length of their entire value chains (i.e. their supply, production and delivery chains). The reporting company’s value chain includes all subcontractors, suppliers, distributors and other partners that are in any material way involved in the reportable activity. Thus, it is entirely possible that the subcontractors of subcontractors will also have to hand over greenhouse gas calculations for their products, occupational health and safety statistics and a host of other things further down the chain in order to provide the large customer at the end of the chain with the information it needs.
One thing is clear: Any small or medium-sized company that serves large companies directly or indirectly, may sooner or later be asked to come up with the data that is required for sustainability reporting.
If your company (regardless of its size) is involved in a supply, production or value chain that in the end serves listed companies, banks, insurance companies or other financial actors, you should keep a close eye on what your customers, suppliers and others are doing in the chain. In any case, every company should consider adopting sustainability criteria in its own operations as soon as possible. Even if sustainability reporting regulations do not apply to you right now, there’s on ambiguity about the where the laws – and as a result the markets – are headed: sustainability is becoming a big part of every company’s daily life.
Article continues below the picture
A new law on corporate responsibility will be adopted in the coming years
The European Parliament earlier this year adopted a new Corporate Sustainability Due Diligence Directive (CSDDD), which obliges the largest companies to investigate corporate sustainability within their value chains and to address any breaches of the law that they detect. On the basis of the Directive, Finland will also introduce a new CSDD law in the coming years, which will ultimately apply to large companies with at least 1,000 employees.
“Any startup or growth company that has ever applied for significant funding or sought large clients knows how difficult the due diligence process can be if it is not prepared in time.”
As with the new sustainability reporting legislation, the upcoming corporate responsibility law applies throughout the value chain of the reporting company. This again means that small and medium-sized companies that participate in those value chains may also need to obtain the sustainability information required for the reporting.
A special feature of the CSDDD is that companies that are required to report must not only report on responsibility issues, but must also ensure that companies in their value chains do not violate human rights and labour protection laws, or cause environmental damage, among other things. As the name of the new Directive hints, the reporting company must conduct due diligence across their value chains, which means they have to ensure and carefully monitor that their subcontractors and suppliers do not violate the law and ethical rules.
In practice, SMEs participating in the value chains will be required to commit to the corporate responsibility rules of the big players, and to report and provide proof on the implementation of corporate responsibility in their own operations. Any startup or growth company that has ever applied for significant funding or sought large clients knows how difficult the due diligence process can be if it is not prepared in time.
Greenwashing to be banned in consumer marketing
In early 2024, the European Parliament adopted a proposal for a new directive to tackle false and unsubstantiated “green claims“. The new law aims to prevent greenwashing in consumer marketing. It will apply to everyone except micro companies.
“When planning your marketing strategy, it pays to take upcoming regulations into account early on, so that your company can get a head start with the new rules.”
The Directive will also become law in Finland in the coming years, and it will place serious limits on how the environmental impact of products and services can be marketed. If consumer marketing makes claims about the environmental performance of a product or service, the claims must be substantiated (beforehand!) by scientific, comprehensive and accurate evidence. The use of environmental certificates must also be based on certification schemes that are accredited under the new law.
In other words, in the coming years, ambiguous sustainability promises (“We are committed to a sustainable future!”), misleading sustainability slogans (“Eco-friendly packaging!”) and brand techniques (the use of green colours or wood patterns on packaging) are likely to be banned if they are not justified in an acceptable way. What will ultimately be banned will become clearer in the coming years.
Although the new law is unlikely to come into force before 2025, it is worth keeping an eye on regulatory developments. When planning your marketing strategy, it pays to take upcoming regulations into account early on, so that your company can get a head start with the new rules. This will also help you to avoid unnecessary risks in the near future.
Article continues below the picture
Don't forget the Whistleblower Act, which is already in force
Alongside environmental regulation, other areas of responsibility have also seen new legislation. An important example is the EU Whistleblower Directive, which was adopted in 2019 and resulted in the adoption of the Whistleblower Protection Act in Finland in 2023.
“If your company has not yet put appropriate whistleblower processes in place, you should make sure that happens without delay.”
By law, every company must ensure that whistleblowers are protected within the company. There are a number of formalities that every company needs to be aware of and which require meticulous documentation. Companies with 50 or more employees must also set up an internal reporting channel through which employees can report any wrongdoing to the right people (the channel can also be outsourced). The transition period for putting everything in place expired on 17 December 2023.
The law applies to the reporting of any breaches of EU or national law in areas such as financial services, money laundering, product safety, road safety, environmental protection, consumer protection and data protection. The idea is that every employee in your company should be able to report any wrongdoing they see in the company’s activities, safely and without fear of retaliation.
If your company has not yet put appropriate whistleblower processes in place, you should make sure that happens without delay. The law allows an employee who has been retaliated against, or who has been deterred in any way from reporting wrongdoing to be awarded statutory compensation (on top of any damages), the amount of which can be big.
What’s more, when bringing an action for compensation the employee only has to state the facts on which his or her claim is based, after which the wrongdoing is presumed to have occurred. It is then on your company to rebut that presumption (reversed burden of proof). In addition, failure to comply may result in criminal liability for the company’s management. For these reasons, it is very important to comply with the formalities and to document everything correctly.
This is how you can manage the tightening sustainability regulation
There have been a lot of developments in the regulation of corporate responsibility recently. In particular, regulation is getting tighter and tighter, with significant new obligations for companies. What is new is that it also affects very small companies, either indirectly or even directly.
“We are talking about serious contractual risks, the management of which is vital for small and medium-sized enterprises.”
This is why it is important that your company also exercises due diligence to keep abreast of new obligations and take the right steps to avoid non-compliance. As the new regulation comes from the EU, you can expect that the penalties will also be significant. All of the Directives described above use the infamous phrase “effective, proportionate and dissuasive” to characterise the penalties to be imposed on offenders. The same phrase is also found in the EU’s General Data Protection Regulation (GDPR), and it has been used as a basis for a rather hard line in administrative and judicial practice when imposing fines for data protection breaches.
In addition, the new legislation could create substantial liability for companies subject to reporting obligations for damages, including for human rights violations.
Even if the new regulations mainly apply to very large companies as such (at least initially), it is to be expected that, because of the enormous risks posed by the new law, these companies will come to demand strict compliance from their smaller partners and put them under the threat of substantial fines and damages. We are talking about serious contractual risks, the management of which is vital for small and medium-sized enterprises.
Unfortunately, in the area of liability regulation, it is not possible to provide an easy guide to avoid the risks posed by the new laws. In general, corporate sustainability is a long-term process that needs to take into account a wide range of ESG issues.
We recommend that every company, even the small ones, integrate sustainability into their core strategy. As your business grows and you start having riskier customers and partnerships, and as the regulation evolves, you will always be prepared to internalise the various sustainability obligations and to manage the risks that arise from the various sustainability obligations.
Varoen’s mission is to guide companies, especially small and medium-sized enterprises, in managing the risks created by increasing regulation and corporate sustainability expectations, as easily and cost-effectively as possible. We will always focus on the actual activities of your company, so that our advice and assistance is as effective as possible in addressing the real risks your company faces.
If you need help managing your regulated sustainability responsibilities, we’re here to help. Read more about our Corporate Sustainability (ESG) service package or book an appointment for a free, no-risk meeting.
Follow us on LinkedIn. We’ll post updates on this and other topics that are useful for your business.