Risky business? Corporate risk management obligations in sustainability due diligence and digital platform regulation

In two fields that are currently of high political salience and strategic significance – the regulation of digital platforms, and the regulation of environmental and human rights impacts in global value chains – the EU has taken a strikingly similar regulatory approach. In the 2022 Digital Services Act and the 2024 Corporate Sustainability Due Diligence Directive, it has charged large companies with managing risks to various public values and concerns. In this contribution, we critique this shared regulatory approach. First, we argue that regulating dominant corporations via risk management obligations actually reinforces their power in three ways: it is inherently deferential to corporate power and profitability; it reinforces technocratic framings of policy problems which discourage political contestation of economic governance; and it allows corporations to evade responsibility by framing negative impacts of their activities as external problems against which they protect the public. Second, these problem framings shape the implementation as well as the content of regulations. Specifically, they direct compliance and enforcement efforts to procedure over substance; and create significant practical barriers to public and private enforcement. We conclude by discussing the implications of our analysis in the context of the EU’s current deregulatory agenda.