Corporate Sustainability Due Diligence Directive

Please note that the European Commission has released the EU Sustainability Simplification Omnibus Package (“The EU Omnibus Proposal”), and further proposals have been presented by the European Parliament and Council of the EU, which may affect the information below. Among the potential changes are adjustments to the regulation’s scope, compliance timeline, and some requirements. The following information will be updated accordingly, and a summary of key changes can be found at the end of this article.

What is the Corporate Sustainability Due Diligence Directive (CSDDD)?

The Corporate Sustainability Due Diligence Directive (CSDDD or CS3D) is a European Union directive that forms part of the EU’s wider plans for a more sustainable future and introduces legal obligations on businesses to respect human rights and the environment. It requires certain companies to conduct risk-based human rights and environmental due diligence (HREDD) in their operations and across their global chains of activities, holding companies accountable through public reporting on their efforts. It also includes obligations for companies to develop climate transition plans.

The CSDDD is a significant step forward in the EU’s efforts to promote corporate sustainability. It is the international due diligence law most aligned with the United Nations (UN) and Organization for Economic Cooperation and Development (OECD) guidelines on human rights and business.  

The final CSDDD text was published in the EU’s Official Journal on 5^th July 2024, and the Directive went into effect on 25^th July 2024. The EU Omnibus Proposal in February 2025  set the implementation date for the CSDDD for the first wave of companies as 26^th July 2028, with all other in-scope companies required to comply from 26^th July 2029. Further proposals from the European Parliament and Council of the EU (“EU Council”) were published in June 2025, which propose additional amendments to delay and modify the original CSDDD text.

The European Parliament’s position is currently in the draft format, and the Parliament is yet to adopt its negotiation mandate, which is expected in October 2025. Once adopted, trilogue is expected to start in November 2025, where the three institutions will find a final agreement in late 2025 or early 2026. However, timelines are tentative.

Over the next few years, Member States will take the important steps to ensure strong national legislation aligned with CSDDD. It will be paramount for them to ensure sufficient resources are allocated to enforcement and assurance of effective implementation, holding companies accountable to action and transparency. 

Who does it apply to?

The CSDDD will affect EU companies of more than 1,000 employees with a global turnover of more than €450 million. It will also affect non-EU companies with a turnover in the EU of more than €450 million. In addition, the CSDDD will apply to EU and non-EU franchisors and licensors that earn royalties exceeding €22.5 million (globally for EU entities and in the EU market for non-EU entities) and generate a net turnover of more than €80 million (globally for EU entities and in the EU market for non-EU entities).

Based on the latest amendments proposed by the European Parliament and EU Council, the scope of the CSDDD is subject to change and may be restricted to only the largest companies that are better equipped to manage due diligence obligations.  

What is required from companies?

Companies in scope of CSDDD will need to:  

1. Commit: Integrate due diligence into a company’s policies and risk management.
2. Assess: Identify, assess and prioritise actual and potential adverse impacts.
3. Prevent: Prevent or mitigate potential adverse impacts.
4. Bring to an end actual adverse impacts.
5. Remedy: Provide remediation where necessary.
6. Stakeholder engagement: Meaningfully engage with stakeholders.
7. Grievance mechanisms: Implement a robust notification/complaints mechanism.
8. Monitor: Monitor the effectiveness of measures taken.
9. Communicate: Publicly communicate on due diligence.
10. Combat climate change: Develop a transition plan for climate change mitigation.  

According to the original CSDDD text, these steps are required for companies across their “chains of activities”, beginning with their own operations, their upstream production of goods or the provision of services and the downstream distribution, transport, or storage of products. However, the Omnibus process may reduce the scope of assessment and required due diligence to Tier 1 unless there is plausible information on adverse impacts in Tier 2+.

The CSDDD also requires companies to develop a climate transition plan (CTP) to demonstrate how their business model and strategy includes science-based, time-bound targets covering Scope 1, 2 and 3 GHG emissions for 2030, and every five years after until 2050. While the development of CTPs is required, the original Omnibus Proposal by the European Commission removed the requirement to implement CTPs, instead introducing a new requirement to include actions that have been implemented or planned. Further amendments to the climate change measures in the CSDDD have been put forward in the Omnibus proposals by the EU Council and the European Parliament.

The CSDDD is a significant challenge for businesses, but it is also an opportunity to demonstrate their commitment to corporate sustainability. Additional more specific due diligence obligations have also been introduced recently. These include the EU Conflict Minerals Regulation, the EU Deforestation Regulation, and the EU Batteries Regulation.   

By conducting holistic due diligence – as required by the CSDDD – to better understand their impact on human rights and the environment, companies can streamline procedures and resources to ensure compliance with CSDDD as well as other due diligence regulations.

Summary of Recent Updates

Since the original CSDDD text went into effect in July 2024, there have been three amendment proposals from the European Commission, European Parliament and the EU Council, which all intend to streamline sustainability regulations, reduce the regulatory burden on companies and boost the EU’s competitiveness.

On 26^th February 2025, the European Commission announced a package of proposals under the EU Omnibus.

Key changes to the CSDDD under the Omnibus proposal by the European Commission:

• Postponement: The transposition deadline and first phase of CSDDD application, reserved for the largest in-scope companies, has been postponed for one year, now set for 26th July 2028. This postponement was subsequently approved by the “stop-the-clock” directive that entered into force on 17th April 2025. Member States will have an additional year, until 26th July 2027, to transpose the rules into national legislation.
• Release of Additional Guidance: The deadline for publishing guidelines has been moved up to 26^th July 2026, allowing companies to better align their due diligence processes with CSDDD requirements. 
• Compliance Thresholds: No change – as per original CSDDD text.
• Due Diligence Scope: In-depth assessment of adverse impacts is limited to Tier 1 suppliers only, unless there is plausible information on adverse impacts in Tier 2+ supply chains. 
• Assessment Frequency: The frequency of periodic assessment and monitoring has been reduced from annual to at least every five years, with ad hoc assessments where necessary. 
• Terminating Business Relationships: The obligation to terminate business relationships as a last resort has been removed. 
• Supplier Engagement: For value chain mapping purposes, companies should aim to request data from larger companies only. If data from smaller companies (with less than 500 employees) is required, the collected datapoints should be in line with the CSRD Voluntary reporting standard for SMEs (VSME). 
• Climate Transition Plans: The implementation of climate transition plans is not required, although the requirement to develop CTPs still stands. 

On 12^th June 2025, the European Parliament’s Legal Affairs Committee (i.e. JURI) published its draft report on the Omnibus proposal, which suggests further amendments to CSDDD.

Key changes to the CSDDD under the draft Omnibus proposal by the European Parliament:

• Postponement: The Parliament agrees with the Commission’s delay to the CSDDD, setting the start of the compliance period as 26^th July 2028.
• Release of Additional Guidance: The deadline for publishing guidelines has been moved up to 26^th July 2028. 
• Compliance Thresholds: The scope has been reduced to companies of more than 3,000 employees with a global turnover of more than €450 million. Non-EU companies with a net turnover of €450 million in the EU are in scope, with no employee thresholds.
• Due Diligence Scope: Companies are required to conduct a scoping exercise instead of comprehensive mapping and are only required to conduct an in-depth assessment of impacts identified as the most likely and severe. In-depth assessment is limited to Tier 1 suppliers only, unless there is plausible information on adverse impacts in Tier 2+ supply chains. A new limitation has been added to the definition of “plausible information”, which is now defined as information that is also “objective, factual and verifiable”. Companies have greater flexibility in deciding which impacts to prioritise for due diligence, with the most severe and likely impacts required to be addressed first. Companies will not be penalised for any harm that stems from less significant adverse impacts.
• Supplier Engagement: To scope their adverse impacts, companies must not obtain information from their business partners directly but rather rely solely on information that is already reasonably available. Where additional information is required on the most severe and likely impacts, companies must not seek to obtain information from direct business partners with fewer than 3,000 employees that exceeds the information specified in VSME reporting standards.
• Terminating Business Relationships: If it can be justified, companies can forego suspending business relationships due to adverse impacts if doing so would cause substantial prejudice.
• Climate Transition Plans: The requirement to develop a CTP has been removed, limiting to reporting on existing transition plans if companies have them.

On 21^st June 2025, the EU Council agreed its position on the simplification proposal.

Key changes to the CSDDD under the Omnibus proposal by the EU Council:

• Postponement: The application deadline for all companies has been extended to 26^th July 2029 with the transposition deadline set as 26^th July 2028.
• Release of Additional Guidance: The deadline for publishing guidelines has been moved up to 26^th July 2027. 
• Compliance Thresholds: The scope has been reduced to companies of more than 5,000 employees with a net turnover of more than €1.5 billion. Non-EU companies with a net turnover of €1.5 billion in the EU are in scope, with no employee thresholds.
• Due Diligence Scope: Companies are required to conduct a scoping exercise instead of comprehensive mapping and are only required to conduct an in-depth assessment of impacts identified as the most likely and severe. Companies are not required to identify and assess every single entity or risk. When assessing the need to look beyond direct business relationships, plausible information has been more precisely defined as “information that objectively has a reasonable likelihood of being true”.
• Assessment Frequency: The frequency of mandatory periodic assessments and monitoring has reduced from annual to at least every 5 years.
• Supplier Engagement: For business partners with fewer than 1,000 employees, companies must only request information when necessary and cannot be reasonably obtained by other means. 
• Terminating Business Relationships: Clarified the requirement to suspend business relationship only as a measure of last resort, if all due diligence efforts failed, while continuing to work with the supplier towards a solution. The suspension should end once the adverse impact is addressed.
• Climate Transition Plans: Companies are required to adopt a CTP, however, there is no requirement to implement this, and companies are given greater flexibility on the content of the plan. The requirement to adopt CTPs has also been delayed by two years.
• Penalties for Non-Compliance: Member States are required to ensure that the maximum limit of pecuniary penalties is set at 5% of the company’s net worldwide turnover.

Get in touch

We’d love to hear from you

We are the world’s leading purpose driven, digitally enabled, science-based activator. And always welcome inquiries and partnerships to drive positive change together.