CSDDD Explained: Key Compliance Requirements & Timeline for the EU Directive
17 Mar 2025
·
Maxime Pschera
DISCLAIMER: The CSDDD is subject to change following the EU's Omnibus proposal. For a detailed breakdown of these changes and their implications, read our full analysis here: EU Omnibus Proposal Explained: What Organizations Need to Know & Do Next.
The Corporate Sustainability Due Diligence Directive (CSDDD) is a novel EU regulation designed to enhance corporate accountability by enforcing due diligence obligations related to human rights and environmental practices. It applies to approximately 6,000 large EU-based companies as well as non-EU companies operating in the EU, requiring them to identify, prevent, and mitigate adverse impacts across their operations, subsidiaries, and value chains (both upstream and downstream). In addition to due diligence, the EU CSDDD mandates the implementation of a climate transition plan that aligns business models with the EU’s climate neutrality goals and the Paris Agreement’s 1.5°C target.
With national transposition set for 2026 and application from 2027, companies need to prepare early to understand the requirements, their relationship to related frameworks such as the Corporate Sustainability Reporting Directive (CSRD), ensure compliance and use the Directive as an opportunity to strengthen stakeholder confidence and competitive positioning.
This article provides a comprehensive CSDDD summary, breaking down key aspects such as its obligations, timeline, and implications on businesses. For official details, refer to the European Commission’s website: Corporate Sustainability Due Diligence Directive.
Objective of the CSDDD
The CSDDD aims to create a harmonized EU framework for corporate sustainability due diligence, addressing:
Gaps in voluntary measures and inconsistent implementation across member states.
Legal fragmentation, ensuring uniform standards across the EU.
Corporate accountability, by mandating due diligence on human rights and environmental risks.
By requiring companies to integrate due diligence into their governance and risk management systems, the directive promotes responsible business conduct and long-term resilience.
Content of Obligations
Under the CSDDD, companies must integrate due diligence into their corporate policies and risk management systems, ensuring oversight of human rights and environmental impacts across their operations, subsidiaries, and chains of activities. Importantly, the directive imposes obligations of means, not obligations of result, meaning companies are not required to eliminate all adverse impacts but must take appropriate measures that are capable of achieving the objectives of due diligence.
Key Due Diligence Practices
To comply with the CSDDD, companies must follow a structured due diligence process, incorporating the following steps:
Integrate Due Diligence into Operations
Companies must establish clear policies and governance structures that embed due diligence into corporate functions and decision-making processes. This includes aligning due diligence with the existing corporate risk management system. Companies can for example implement a code of conduct that outlines expectations for employees, subsidiaries, and business partners regarding human rights and environmental standards.
Identify and Assess Adverse Impacts
Companies are required to identify and assess actual and potential human rights and environmental risks in their operations and business relationships. This process involves conducting risk assessments across their own operations, subsidiaries, and both upstream and downstream supply chains. First, “companies should map their own operations, those of their subsidiaries and, where related to their chains of activities, those of their business partners, in order to identify general areas where adverse impacts are most likely to occur and to be most severe” (European Commission, 2024). Second, “companies should carry out an in-depth assessment of their own operations, those of their subsidiaries and, where related to their chains of activities, those of their business partners” (European Commission, 2024). Companies should prioritize among the identified impacts risks based on severity and likelihood, if they are not able to address all impacts at the same time.
Prevent and/or Mitigate Adverse Impacts
Once risks are identified, companies must take proactive steps to prevent and/or mitigate negative impacts. This can involve implementing a set of actions:
Prevention and Corrective Action Plans: Companies should develop and implement strategies to prevent potential human rights violations and environmental damage, particularly in high-risk areas.
Contractual Assurances: Companies can seek to obtain contractual assurance from direct business partners, including cascading requirements through the chain of activities.
Financial Investments: Companies should make financial or non-financial improvements, such as upgrading infrastructures, improving sourcing practices, or adjusting operational processes.
Business Strategy Adjustments: Companies should modify their business plan, strategies and operations, including purchasing, design, and distribution practices where they contribute to risks that have been identified.
Operational Support for SMEs: Companies should provide support to their SME partners, such as capacity building, when the SME faces resource or knowledge constraints.
Financial Support for SMEs: Companies should provide funding, loans, or guarantees to SMEs business partners, where the code of conduct or the prevention plan risk the viability of the SME.
Collaboration: Companies should partner with other entities to address issues and strengthen influence over business partners.
Complaints and Notification Mechanism: Lastly, companies should establish an accessible and effective complaints process to allow affected parties to report concerns.
Provide Remedy Where Necessary
If a company has caused or contributed to harm, it must take remedial action to address the impact. Remediation can happen in the form of financial compensation, operational improvements, or corrective measures. It is important for companies to ensure that affected stakeholders have access to the remedy mechanisms.
Disengagement as a Last Resort
Where adverse impacts cannot be prevented, mitigated, or adequately remedied, companies must assess their relationship with the involved business partner. Before terminating a partnership, companies should first assess whether disengagement would create more harm than the original adverse impact. Second, companies should ensure that appropriate steps are taken to mitigate any negative consequences of disengagement.
Monitor Due Diligence Effectiveness
Regular monitoring and evaluation of due diligence policies are essential for compliance and continuous improvement. Companies should conduct ongoing internal audits to assess the effectiveness of their due diligence policies and adjust risk management strategies based on audit findings.
Publicly Report on Due Diligence Efforts
As a last step, transparency is a requirement under the CSDDD, which requires companies to disclose due diligence efforts, risk assessments, and mitigation strategies. Also companies must ensure that reports provide sufficient detail to assess the adequacy of corporate sustainability measures.
Climate Transition Plan Obligations
In addition to the due diligence on human rights and environmental risks, companies must implement a climate transition plan that aligns with the Paris Agreement’s 1.5°C goal and the EU’s climate neutrality targets for 2030 and 2050. This plan must include:
Time-bound targets for 2030, 2050, and interim steps based on scientific evidence.
Decarbonization levers and actions detailing how the company will reach their greenhouse gas emission targets.
Interplay With Other EU Initiatives
The CSDDD complements existing EU sustainability initiatives by:
Serving as a broad due diligence framework (lex generalis) while allowing more specific sectoral laws (lex specialis) to take precedence where applicable.
Aligning with the Corporate Sustainability Reporting Directive (CSRD) by relying on its reporting requirements, reducing duplication for covered companies and offering a simplified framework for those outside the CSRD’s scope.
Scope & Timeline: Who Must Comply and When?
The CSDDD was published on July 5 and entered into force on July 25 2024. The directive must be transposed by Member States into national law by 26 July 2026. The new rules will start to apply by 26 July 2027 following a staggered approach (Source of table: Connellan et al., 2024):
Category | Net turnover threshold | Number of employees | Date of application for companies |
EU Companies | EUR 1,500 m (global) | 5,000 | 26 July 2027 |
EUR 900 m (global) | 3,000 | 26 July 2028 | |
EUR 450 m (global) | 1,000 | 26 July 2029 | |
Non-EU Companies | EUR 1,500 m (in EU) | N/A | 26 July 2027 |
EUR 900 m (in EU) | N/A | 26 July 2028 | |
EUR 450 m (in EU) | N/A | 26 July 2029 | |
EU Franchisers/ Licensors | Turnover: EUR 80 m (global) | N/A | 26 July 2029 |
Royalties: EUR 22.5 m (global) | |||
Non-EU Franchisers/ Licensors | Turnover: EUR 80 m (in EU) | N/A | 26 July 2029 |
Royalties: EUR 22.5 m (in EU) |
Ultimate parent companies of corporate groups that meet the above-listed threshold on a consolidated basis are also subject to the directive.
SMEs are not directly subject to the CSDDD and face no legal obligations or enforcement under the directive. However, as business partners in the supply chains of larger companies, they may be required to share information or address sustainability impacts, with the directive including safeguards and support measures to minimize their compliance burden.
Penalties and Burden Limitation
The CSDDD establishes an enforcement framework, with national supervisory authorities empowered to issue injunctions and sanctions (including fines) for non-compliance. Companies can also face civil liability if they fail to prevent or mitigate adverse impacts, requiring them to compensate victims, though overcompensation is not permitted. Enforcement applies to both EU and non-EU companies operating in the EU, with third-country companies required to designate an authorized representative.
Changes and Regulatory Updates
The first of a series of omnibus simplification packages that were introduced in the EU’s Competitiveness Compass, set to be released at the end of February or beginning of March 2025. The package aims to streamline sustainability reporting and reduce administrative burdens by 25% for all businesses and 35% for SMEs. For the CSDDD, this could have implications by focusing on:
More efficient due diligence processes
Clearer compliance guidelines
A reduction in overlapping data collection requirements
By simplifying reporting rules, the EU aims to maintain high sustainability standards while enabling businesses to focus on effective risk management and growth. Businesses should monitor these developments closely to remain compliant and agile in their sustainability strategies.
Conclusion: Preparing for CSDDD Compliance
The Corporate Sustainability Due Diligence Directive (CSDDD) is a transformative regulation that mandates proactive risk management in human rights and environmental practices. By preparing early and strategically, companies can:
Ensure compliance and minimize legal risks.
Strengthen stakeholder trust and enhance brand reputation.
Position themselves as leaders in sustainable corporate practices.
Start your CSDDD compliance journey today by assessing your current due diligence practices and aligning them with the directive's requirements.
FAQs
What is the CSDDD?
The Corporate Sustainability Due Diligence Directive (CSDDD) is an EU regulation that mandates large companies to identify, prevent, and address human rights and environmental risks in their operations and supply chains.
When does CSDDD come into force?
The Corporate Sustainability Due Diligence Directive (CSDDD) was published on July 5, 2024, and entered into force on July 25, 2024. EU member states must transpose it into national law by July 26, 2026, with implementation starting in July 2027.
Who is affected by the CSDDD?
The directive applies to large EU and non-EU companies that meet specific revenue and employee thresholds. While SMEs are not directly covered, they may be indirectly impacted as part of supply chains.
How does the CSRD differ from the CSDDD?
The Corporate Sustainability Due Diligence Directive (CSDDD) focuses on due diligence obligations regarding human rights and environmental risks in corporate activities.
The Corporate Sustainability Reporting Directive (CSRD), on the other hand, mandates sustainability reporting requirements for companies.
What are the penalties for non-compliance with the CSDDD?
Companies that fail to comply with the Corporate Sustainability Due Diligence Directive (CSDDD) may face:
Fines and sanctions imposed by national supervisory authorities.
Civil liability, requiring companies to compensate victims if they fail to prevent or mitigate adverse human rights or environmental impacts.
