
ESG Compliance with Criminal Coverage Lawyers
Design and implementation of ESG compliance with criminal coverage: CSDDD directive, supply chain due diligence, workers' rights and environmental offenses.
Last updated:
ESG and Criminal Liability
The intersection between ESG (Environmental, Social, Governance) and criminal law is the great frontier of corporate compliance from 2026 onwards. The CSDDD Directive (EU 2024/1760) imposes on large companies the obligation of human rights and environmental due diligence throughout their entire value chain.
CSDDD Directive
CSDDD requires companies of more than 1,000 employees and €450M revenue to identify and assess adverse human rights and environmental impacts; prevent and mitigate risks in own operations and value chain; establish a complaint channel accessible to affected third parties; report annually. Non-compliance generates fines of up to 5% of worldwide turnover. Spain will transpose CSDDD before July 2026.
Criminal Typologies
- Workers' rights offenses (Arts. 311-318 CP).
- Environmental offenses (Arts. 325-331 CP).
- Urban planning offenses (Art. 319 CP).
- Crimes against flora and fauna (Arts. 332-337 CP).
- Advertising offense (Art. 282 CP): Greenwashing with false ESG claims.
- Account falsification (Art. 290 CP): False ESG metrics in annual accounts.
Greenwashing
Advertising non-verified ESG credentials constitutes an advertising offense of Art. 282 CP when likely to cause serious harm to consumers or competitors. If ESG reporting forms part of annual accounts or non-financial information statements, falsified metrics may trigger the falsification offense of Art. 290 CP.
Art. 31 bis Integration
The Art. 31 bis CP prevention model must be expanded to include specific ESG controls: country risk map, enhanced due diligence on high-risk suppliers, stakeholder-accessible whistleblower channel, specific training for sustainability and procurement teams, and periodic external audit testing.
The six requirements of an effective model applied to ESG risk (Art. 31 bis 5 CP)
For an organisation and management model to operate as a cause of exemption from, or mitigation of, the criminal liability of the legal entity, Article 31 bis 5 of the Criminal Code requires six cumulative conditions, all of which must be projected onto environmental, social and governance risks. The first is identifying the activities in whose scope the offences to be prevented may be committed: in ESG terms, this means mapping the processes exposed to environmental offences, offences against workers' rights, corruption, and risks arising from the supply chain. The risk map is not a static document but the technical foundation on which the entire model is built.
The remaining requirements link that diagnosis to verifiable measures. The model must establish protocols specifying how the entity forms its will and adopts and executes decisions; financial-resource management models adequate to prevent the offences; a channel allowing risks and breaches to be reported to the oversight body; a disciplinary system that adequately sanctions non-compliance with the measures; and periodic verification of the model itself, with its amendment whenever relevant breaches come to light or the organisation or activity changes. A model that does not translate into effective training, an applied disciplinary regime and coherent internal communication risks being reduced to a merely documentary programme, lacking the effectiveness the provision demands.
Translating these requirements to the ESG sphere calls for technical rigour. A declaration of sustainable principles is not enough: the model must contain concrete controls over discharges and waste, over contracting with suppliers in high-risk jurisdictions, over gifts and hospitality offered to public officials, and over the subcontracting of labour. Effectiveness is measured by the traceability of each control and by the organisation's capacity to detect, escalate and correct deviations before they crystallise into a criminal act.
The autonomous oversight body and supply-chain due diligence
Article 31 bis 2 of the Criminal Code conditions the exemption, where the offence is committed by directors or representatives, on the supervision, monitoring and control of the model having been entrusted to a body of the legal entity with autonomous powers of initiative and control. This is the institutional core of compliance: the body or officer usually referred to as the compliance function or compliance officer. Its autonomy is not nominal; it requires direct reporting to the highest management body, unfiltered access to information, adequate resources, and the impossibility of having its judgement neutralised by those who manage the areas under supervision. In smaller entities, Article 31 bis allows the management body itself to assume these supervisory functions.
In ESG matters, this body channels supply-chain due diligence. Supervision does not stop at the company's borders: it reaches supplier selection, contractual compliance clauses, second- and third-tier audits, and the response to alerts of forced labour, environmental harm or corruption in external links of the chain. The omission of this due diligence matters because the legal entity also answers, under Article 31 bis 1 b) of the Criminal Code, for offences committed by subordinates where there has been a serious breach of the duties of supervision, monitoring and control, taking into account the circumstances of the case.
The body's effectiveness is assessed by how it actually functions, not by the organisational chart. A compliance officer without a budget, without access to purchasing decisions, or without the capacity to halt high-risk operations will struggle to demonstrate the autonomy the provision requires. For that reason, the documentation of its activity —minutes, investigations, recommendations and their follow-up— is a central piece of evidence when the entity invokes the effectiveness of its model.
Burden of proof of the exemption and the procedural status of the investigated entity
The criminal liability of the legal entity is autonomous from that of the natural person. Article 31 ter of the Criminal Code allows the entity to answer even where the specific natural person who committed the offence has not been identified or proceedings could not be directed against them, and even where a circumstance affecting that person's culpability is appreciated. As a result, the company's defence cannot rest solely on the individual's procedural fate: it must be built around the existence and effectiveness of its own organisation and management model, adopted and executed before the offence was committed.
When the entity is investigated, it acquires its own procedural status and full rights of defence. It is entitled not to testify against itself, not to plead guilty, to legal assistance and to propose evidence, and it must appoint a specific representative for the criminal proceedings, distinct from anyone whose interests might conflict with those of the company. Proving the model's suitability and its effective implementation rests on the evidence the entity itself provides: the risk map, training records, channel logs, disciplinary decisions and periodic verification reports.
A guilty plea or settlement by the legal entity is possible and is governed by its own regime, independently of whether the co-accused natural persons reach one. It bears repeating that this is a system of corporate liability: it is not appropriate here to attribute a penalty-by-offence scheme or a limitation-period calculation as though dealing with an offence committed by a natural person, because the entity answers under its own sanctioning regime and its own rules of attribution.
Penalties under Art. 33.7, Law 2/2023 and corporate succession (Art. 130.2 CP)
The consequences for the legal entity are specific and set out in Article 33.7 of the Criminal Code: a fine by day-units or proportional fine, dissolution of the entity, suspension of its activities, closure of premises and establishments, prohibition on carrying out in the future the activities in whose exercise the offence was committed, disqualification from obtaining public subsidies and aid, contracting with the public sector or enjoying tax or social-security benefits and incentives, and judicial intervention to safeguard the rights of workers and creditors. The severity of some of these penalties explains why an effective compliance model, capable of exempting or mitigating under Articles 31 bis and 31 quater of the Criminal Code, is a risk-management tool rather than a mere formality.
The social pillar of ESG compliance interlocks with Law 2/2023 of 20 February, which requires many organisations to implement an internal reporting system and protects those who report breaches against retaliation. That internal channel simultaneously satisfies a requirement of Article 31 bis 5 of the Criminal Code —the duty to report risks and breaches to the oversight body— and an autonomous legal obligation. A secure, confidential channel with documented follow-up of communications strengthens the model's effectiveness and provides decisive evidence if the entity comes to be investigated.
Finally, Article 130.2 of the Criminal Code prevents criminal liability from being extinguished by the transformation, merger, absorption or split of the legal entity: liability passes to the resulting entity or entities. This makes criminal-compliance due diligence a critical point in any M&A operation, since the acquirer may inherit pre-existing criminal contingencies. A compliance review prior to the transaction, examining the target company's model and its latent ESG risks, is the means to identify and manage that transfer of liability before closing.
Penalties & Consequences: ESG Compliance with Criminal Coverage Lawyers
| Type / Scenario | Criminal Penalty |
|---|---|
| Workers' rights offenses (Art. 311 CP) | 6 months to 6 years' imprisonment and fine. Disqualification from public contracting. |
| Environmental offense (Art. 325 CP) | 2 to 5 years' imprisonment, 8 to 24 months' fine and 1 to 3 years' disqualification. |
| CSDDD fine | Up to 5% of annual worldwide turnover for systematic directive non-compliance. |
* Penalties shown are indicative. The actual penalty depends on case circumstances, applicable mitigating and aggravating factors.
Defense Strategy: ESG Compliance with Criminal Coverage Lawyers
CSDDD gap analysis
Diagnosis of current situation vs CSDDD requirements and adaptation plan before July 2026.
ESG criminal risk map
Identification of risks by country, sector, supplier and critical operation, with prioritization and owners.
Responsible procurement policy
ESG clauses in supplier contracts, external audit and orderly exit plan for non-compliance.
Training program
Specific training for sustainability, procurement, risk and compliance teams on ESG criminal risks.
Economic Criminal Law in Spain: Tax Fraud, Money Laundering and Corporate Crimes
Economic criminal law encompasses the most severe financial penalties in the Spanish Criminal Code. Tax fraud over €120,000 (Art. 305 CP), money laundering (Art. 301 CP), and corporate crimes (Art. 290-297 CP) are complex offenses where defense requires a combination of criminal law expertise and deep accounting/financial knowledge.
Penalty Comparison: Economic Offenses
| Offense | Threshold | Penalty |
|---|---|---|
| Tax Fraud (Art. 305) | >€120,000 | 1 – 5 years + fine x6 |
| Aggravated Tax Fraud | >€600,000 | 2 – 6 years |
| Money Laundering (Art. 301) | Any amount | 6 months – 6 years |
| Aggravated Laundering | Organized/financial system | Up to 9 years |
| Corporate Crime (Art. 290) | Balance sheet falsification | 1 – 3 years |
| Punishable Insolvency (Art. 259) | Fraudulent bankruptcy | 1 – 4 years |
Key Defense Strategies
Tax Regularization Defense (Art. 305.4 CP)
Pay the full tax debt before charges are formally filed and the crime is extinguished. This is the most powerful complete defense in tax fraud cases.
Challenge the €120K Threshold
The tax authority's calculation method is often contestable. Independent forensic accounting can challenge the assessed figure below the criminal threshold.
Money Laundering 'Self-laundering' Issues
Spanish courts have debated whether the primary offender can also be convicted of laundering their own proceeds. Challenge the double jeopardy implications.
Corporate Crime: Harm to Company vs. Shareholders
Art. 295 corporate crimes require actual financial harm to the company or its members. Demonstrate that any loss was speculative or absent.
Why Choose Us?
Need a criminal defense lawyer for this type of offense? Here's how we work:
Do you need specialised legal assistance?
The judicial system is complex. We have the criminal-law specialisation and technical resources required to take on the defence.