(Rachel Griffin, SciencesPo): In two regulatory fields that are currently of high political salience and strategic significance - the regulation of digital platforms, and the regulation of environmental and human rights impacts in global value chains - the EU has taken a strikingly similar regulatory approach. In both the 2022 Digital Services Act and the 2024 Corporate Sustainability Due Diligence Directive, EU legislators have established obligations for the most powerful companies to establish internal risk management systems that regularly assess and take ‘appropriate’ steps to mitigate risks to a wide range of public values and concerns.
We highlight common features of of these two regulations and develop a critical analysis of their shared regulatory approach. This analysis is informed by relevant scholarship in regulatory theory, sociology, STS and political economy, as well as legal analysis of both texts, and in the case of the DSA its application to date. First, we argue that regulating dominant global corporations via risk management obligations actually strengthens their power and impunity in three ways: it follows a deregulatory agenda which seeks to maximise corporate freedom and minimise the costs of regulation; it reinforces technocratic framings of policy issues which sideline political contestation of global economic governance; and it allows corporations to evade responsibility for the negative social impacts of their activities by framing them as external problems against which they must protect the public. Second, we show that this political agenda and these problem framings not only shape political discourse around regulation, but also have direct legal consequences for its implementation. Specifically, regulation through risk management obligations directs compliance and enforcement efforts to questions of procedure over substance; and this proceduralisation and the discretion accorded to regulated companies create significant practical barriers to public and private enforcement.
