BlogpostThe Corporate Sustainability Due Diligence Directive (CSDDD) marks a watershed moment for corporate sustainability in the European Union. If you’re wondering what this EU law means for your business, here’s the straightforward answer: CSDDD requires large companies to identify, prevent, mitigate, and remediate adverse human rights and environmental impacts across their entire value chain—not just within their own operations, but extending to subsidiaries and business partners.
The Council formally adopted CSDDD on 24 May 2024. The directive was published in the Official Journal of the European Union on 5 July 2024 and entered into force on 25 July 2024. This timeline matters because it sets the clock ticking for companies to prepare for mandatory due diligence obligations that will fundamentally change how businesses operating in the EU approach responsible business conduct.
Under the sustainability due diligence directive, in-scope companies must establish comprehensive due diligence processes covering their own operations, subsidiaries, and both direct and indirect business partners. The directive targets large companies meeting specific thresholds: 1,000 or more employees and EUR 450 million or more in net worldwide turnover. Non-EU companies generating equivalent turnover within the EU also fall under its requirements, as do certain franchise or licensing arrangements.
Implementation follows a phased approach between 2028 and 2030 under Directive (EU) 2025/794. Companies failing to meet their diligence obligations face serious consequences—penalties can reach up to 5% of net worldwide turnover depending on national law implementations by EU member states.
Core facts at a glance:
- CSDDD is mandatory EU law on human rights and environmental due diligence
- Adopted 24 May 2024, entered into force 25 July 2024
- Covers EU companies with 1,000+ employees and EUR 450 million+ turnover
- Non-EU companies with equivalent EU turnover are also in scope
- Phased application from 2028 to 2030
- Maximum penalties up to 5% of global turnover
- Extends to subsidiaries and business relationships throughout the value chain
Legal Evolution and Key Legislative Milestones
The CSDDD didn’t emerge overnight. Understanding its legislative journey helps explain why the directive takes its current form and what drove the European Commission, European Parliament, and Council to pursue mandatory rather than voluntary approaches to responsible corporate behaviour.
The European Commission released its initial proposal on 23 February 2022 as part of the broader European Green Deal agenda. This proposal aimed to fill a critical gap: while existing frameworks encouraged responsible business practices, they lacked enforcement teeth. The Commission recognized that global supply chains required binding rules to ensure corporate accountability extended beyond company boundaries.
Negotiations between the Council and Parliament proved contentious. Various member states raised concerns about competitiveness, administrative burden, and scope. A provisional political agreement emerged in December 2023, setting the framework for final negotiations. The European Parliament approved the directive in April 2024—specifically during its plenary session on 24 April 2024—followed by the Council’s formal adoption on 24 May 2024.
Publication in the Official Journal (OJ L 202, 5 July 2024) made the directive official EU law, with entry into force on 25 July 2024. However, recognizing implementation challenges, Directive (EU) 2025/794 subsequently amended the original CSDDD to adjust transposition deadlines and application timelines, giving companies additional preparation time.
The relationship between CSDDD and other EU sustainability initiatives is crucial to understand. The Corporate Sustainability Reporting Directive (CSRD) focuses on disclosure—what companies must report about their sustainability performance. CSDDD goes further by mandating substantive actions: actual due diligence measures, risk management, and remediation. Together, these frameworks create a comprehensive approach where companies must both act responsibly and report transparently on their efforts.
Key legislative milestones:
- 23 February 2022: European Commission adopts initial proposal
- December 2023: Provisional political agreement between Council and Parliament
- 24 April 2024: European Parliament approval
- 24 May 2024: Council formal adoption
- 5 July 2024: Publication in Official Journal (OJ L 202)
- 25 July 2024: Entry into force
- 2025: Directive (EU) 2025/794 adopted, amending timelines
CSDDD Scope: Which Companies Are Covered and When
Determining whether CSDDD applies to your company requires examining specific quantitative thresholds laid out in Article 2 of the directive. The finalized criteria focus on employee count and turnover, measured over two consecutive financial years.
For EU companies, coverage applies when a company reaches at least 1,000 employees and EUR 450 million in net worldwide turnover. Both thresholds must be met in each of the last two relevant financial years. This dual requirement prevents companies from escaping coverage through temporary fluctuations in headcount or revenue.
Coverage categories explained:
- EU companies: Companies established in the European Union meeting the 1,000 employee and EUR 450 million turnover thresholds
- Non-EU companies: Third-country companies generating equivalent turnover (EUR 450 million or more) within the EU, regardless of their global footprint
- Ultimate parent company: Parent companies of large groups meeting thresholds on a consolidated basis bear responsibility for group-wide compliance
- Franchise and licensing models: Companies operating under franchising or licensing agreements generating at least EUR 22.5 million in EU royalties, where total group turnover exceeds EUR 80 million
Employee calculations follow specific rules to ensure consistency. The company’s employees count includes full-time equivalents, and importantly, temporary agency workers must be included in headcount calculations. This approach aligns with European Court of Justice case law on employment thresholds and prevents companies from artificially reducing their apparent size through workforce structures.
The phased application calendar under Directive (EU) 2025/794 provides breathing room for smaller in-scope companies:
- From 26 July 2028: Companies with more than 3,000 employees and more than EUR 900 million turnover
- From 26 July 2029: Mid-tier companies meeting intermediate thresholds
- From 26 July 2030: All remaining companies meeting the base 1,000 employees / EUR 450 million turnover criteria
Financial sector entities receive special treatment under the directive. While financial institutions must develop climate transition plans earlier, full due diligence obligations regarding their clients and investment activities face deferred treatment, with a scheduled review two years after entry into force to assess appropriate requirements for this economic sector.
Core Due Diligence Obligations and OECD Six-Step Process
CSDDD effectively embeds the OECD Due Diligence Guidance framework into EU law, making the six-step process mandatory for in-scope companies. Understanding these steps is essential for any compliance effort.
Step 1: Integrate due diligence into policies and management systems
Companies must establish a due diligence policy that covers their own operations, subsidiaries, and business partners throughout the value chain. This policy must be integrated into existing risk management systems rather than treated as a standalone compliance exercise. Board-level oversight and clear allocation of responsibilities across relevant corporate functions are required.
Step 2: Identify and assess actual and potential adverse impacts
The diligence process set out in CSDDD requires companies to map their value chains and identify where human rights and environmental risks exist. This means assessing adverse human rights impacts (like forced labor or child labor) and environmental impacts (like pollution or biodiversity destruction). For example, a chocolate manufacturer must scrutinize cocoa sourcing from West African suppliers where child labor risks are well-documented.
Step 3: Prevent, mitigate, or bring to an end adverse impacts
Once risks are identified, companies must take appropriate human rights and environmental due diligence measures. This could include changing suppliers, implementing corrective action plans, or providing capacity-building support to business partners. Contractual assurances alone are insufficient—companies must demonstrate genuine effort to address potential adverse human rights and environmental harms.
Step 4: Monitor and assess effectiveness of due diligence measures
The directive requires ongoing monitoring—not one-time assessments. Companies must track whether their diligence measures actually prevent or mitigate harms, adjusting approaches when they prove ineffective. This creates a continuous improvement cycle aligned with the relevant international framework for responsible business conduct.
Step 5: Communicate how impacts are addressed
Transparency matters. Companies must publicly communicate their due diligence efforts, which often overlaps with reporting requirements under CSRD. Annual financial statements and sustainability reports should reflect due diligence activities and outcomes.
Step 6: Provide for or cooperate in remediation
When harms occur despite due diligence efforts, companies must provide or cooperate in remediation. This includes establishing grievance mechanisms accessible to affected stakeholders—workers, communities, civil society groups—and cooperating with business partners to address complaints.
The required due diligence policy under Articles 5-6 must include clear content: a strategy for identifying and addressing impacts, a code of conduct applicable to business partners, and procedures for implementation. Companies must update this policy at least every 24 months or after significant events like entering a new high-risk sector or geographic market.
Stakeholder engagement is not optional. Companies must consult with affected communities, workers’ representatives, and civil society organizations where relevant. This requirement reflects the business and human rights principle that those affected by corporate activities should have voice in how impacts are addressed.
Governance, Risk Management, and Climate Transition Plans
CSDDD fundamentally reshapes how corporate governance must address sustainability risks. Directors bear explicit responsibility for overseeing due diligence policies and ensuring integration into strategic decision-making—this isn’t a delegation to mid-level managers but a board-level accountability mechanism.
National law implementations will specify exact director duties, but the directive establishes clear expectations: directors must oversee risk assessments, approve due diligence policies, and ensure adequate resources for implementation. This represents a shift where financial decisions affecting the company must account for human rights and environmental considerations.
Minimum governance features under CSDDD:
- Board-level or executive committee oversight of due diligence policy and implementation
- Clear allocation of responsibilities across relevant corporate functions (legal, compliance, procurement, sustainability, HR)
- Integration of due diligence risks into enterprise risk management frameworks
- Defined escalation processes for identified high-severity risks
- Regular reporting to leadership on due diligence effectiveness
Many companies are establishing dedicated sustainability committees at board level or appointing human rights and environment officers with direct reporting lines to senior leadership. Cross-functional ESG steering groups help ensure that due diligence becomes embedded in core business processes rather than siloed in a compliance department.
Climate transition plans represent a distinct requirement for companies with significant climate impact. These plans must align business models with the 1.5°C objective under the Paris Agreement, setting measurable interim targets toward net zero emissions. While some political negotiations scaled back certain mandatory climate provisions, CSDDD still expects credible transition pathways from covered companies.
The interaction between climate transition plans and CSRD reporting creates synergies—data gathered for due diligence purposes feeds into disclosure requirements, reducing duplication when systems are properly designed.
Enforcement, Supervision, and Civil Liability
The teeth of CSDDD lie in its enforcement provisions. Member states must designate one or more supervisory authorities to monitor compliance, investigate companies, and impose penalties. Articles 17-21 establish the framework for administrative supervision that companies must navigate.
A European network of supervisory authorities will ensure coordinated enforcement practices across the EU, sharing information and promoting consistent application. This prevents companies from forum-shopping for lenient jurisdictions and helps ensure uniform business methods for compliance don’t face regulatory arbitrage.
Available sanctions include:
- Administrative fines: Up to 5% of a company’s net worldwide turnover in the relevant business year. For a company with EUR 2 billion turnover, this means potential fines of EUR 100 million.
- Compliance orders and injunctions: Authorities can mandate specific corrective actions
- Exclusion from public procurement: Severe or repeated violations may result in exclusion from government contracts or public support, where national law provides for such measures
The civil liability regime under CSDDD deserves careful attention. Victims of human rights or environmental harms can bring claims against companies that failed to conduct adequate due diligence. The limitation period is five years, and rules on disclosure of evidence and cost allocation aim to ease access to justice for affected parties.
Companies can face liability for harms caused by their subsidiaries and certain business partners when they failed to take appropriate due diligence measures. Critically, contractual clauses requiring suppliers to comply with standards are insufficient to discharge responsibility—companies must demonstrate genuine due diligence efforts.
This civil liability framework means that independent third party companies conducting audits cannot fully shield in-scope companies from legal exposure. Actual due diligence—not just paperwork—determines liability.
Interaction with Other ESG Legislation and Political Context
Understanding how CSDDD fits within the broader EU regulatory landscape prevents duplication and helps companies build integrated compliance systems.
The relationship between CSDDD and the Corporate Sustainability Reporting Directive is complementary: CSRD governs what companies must disclose about sustainability performance across their full value chains, while CSDDD governs the underlying due diligence processes and risk management actions. A company might report under CSRD on supply chain labor practices while simultaneously implementing due diligence requirements under CSDDD to actually address those practices.
Key regulatory interactions:
- EU Taxonomy: CSDDD aligns with minimum safeguards on human rights due diligence required for Taxonomy-aligned activities
- Sustainable Finance Disclosure Regulation (SFDR): Financial market participants must consider due diligence findings in sustainability disclosures
- Sector-specific rules: Battery regulation, deforestation-free products regulation, and other measures complement CSDDD’s horizontal approach with targeted requirements
Political debates significantly shaped CSDDD’s final scope. Concerns about EU competitiveness and administrative burden—particularly from certain member states and business associations—led to revisions that narrowed applicability compared to original Commission proposals. The goal was balancing responsible corporate behaviour with avoiding excessive compliance costs that might disadvantage EU-linked companies.
The role of U.S. political developments, including the Trump administration’s anti-ESG stance, entered European discussions as an indirect factor. Some argued the EU should proceed cautiously to avoid competitive disadvantages; others contended that leadership on sustainability standards would benefit European companies long-term. However, no EU legal document attributes CSDDD delays directly to any U.S. administration—the directive’s evolution reflects internal EU political dynamics.
Directive (EU) 2025/794 emerged from a “simplification” agenda aiming to reduce reporting duplication and extend preparation timelines while preserving core human rights and environmental safeguards. This balance reflects ongoing tension between ambition and practicality in EU sustainability policy.
Practical Compliance Roadmap for In-Scope Companies
Even if your application date sits years away, starting compliance preparation now prevents rushed implementation and builds competitive advantage. Here’s a practical roadmap companies can follow immediately.
Phase 1 (Year 1): Foundation Building
Begin with a gap assessment against OECD due diligence guidance expectations and existing national rules. If you’re already complying with German Lieferkettengesetz or French Duty of Vigilance law, you have a head start—but don’t assume full alignment with CSDDD requirements.
Key tasks:
- Establish governance structures with clear board-level accountability
- Draft initial due diligence policy covering own operations, subsidiaries, and business partners
- Conduct preliminary salience assessment identifying highest-risk value chain segments
- Allocate budget and resources for multi-year compliance program
- Engage legal counsel to understand national law implementation in relevant EU member states
Phase 2 (Year 2): Deep Dive and Pilot
Move beyond policy to action by diving into high-risk segments of your value chain.
Key tasks:
- Conduct detailed risk mapping of priority suppliers and business relationships
- Engage stakeholders including workers’ representatives, affected communities, and civil society
- Pilot grievance mechanisms to test accessibility and effectiveness
- Develop remediation protocols for identified issues
- Begin supplier capability-building programs where needed
Phase 3 (Year 3 and Beyond): Full Rollout
Scale systems across the entire value chain and integrate with other reporting obligations.
Key tasks:
- Complete full value chain mapping with risk scoring
- Integrate due diligence data with CSRD reporting systems
- Establish continuous monitoring processes
- Refine approaches based on effectiveness assessments
- Document all due diligence measures for potential supervisory authority review
High-quality data and digital tools are essential for companies with complex global value chains. Supply chain transparency platforms can automate risk scoring, track supplier performance, and maintain documentation that supervisory authorities will expect during inspections.
Practical milestones:
- By end of 2026: Companies above 3,000 employees should complete at least one full risk mapping cycle and pilot a grievance mechanism
- By end of 2027: Second-tier companies should have governance structures and initial policies in place
- By end of 2029: All in-scope companies should have fully operational due diligence systems
Cross-functional collaboration across legal, compliance, procurement, sustainability, HR, and finance teams is non-negotiable. The common business concept underlying CSDDD is that due diligence must be embedded in core business processes—sourcing decisions, M&A due diligence, product development—rather than treated as a standalone exercise.
Implications for Smaller Businesses and Global Supply Chains
While SMEs generally fall outside CSDDD’s direct scope based on employee and turnover thresholds, the directive’s effects ripple through global supply chains in ways smaller businesses cannot ignore.
In-scope large companies will cascade requirements down their value chains. This happens through contractual clauses in supplier agreements, updated codes of conduct, audit requirements, and capacity-building programs. If you supply to a large EU company, expect new due diligence expectations regardless of your own size.
Challenges for smaller suppliers:
- Limited resources for implementing due diligence systems
- Difficulty documenting compliance across their own supply chains
- Potential costs of audits and certifications demanded by larger buyers
- Risk of being dropped as a supplier if unable to meet requirements
Certain sectors face particularly intense scrutiny. Textile factories in Bangladesh, mineral suppliers in the Democratic Republic of Congo, and agricultural producers in Latin America operate in regions and industries flagged for potentially higher adverse impacts. Companies in these sectors should anticipate heightened due diligence attention from EU buyers.
The directive and European Commission communications mention possible support measures for SMEs, including guidance documents, technical assistance, and financial support mechanisms. However, smaller businesses shouldn’t wait for external help—proactive preparation builds competitive advantage.
Recommendations for smaller businesses:
- Map your own supply chain to understand where your inputs originate
- Document existing due diligence measures, even informal ones
- Align practices with OECD due diligence guidance standards
- Prepare documentation packages that larger customers will request
- Consider industry collaborations or collective audit schemes to share compliance costs
- Monitor developments in your primary EU customer markets
The business environment is shifting toward supply chain transparency as a competitive requirement. Smaller businesses that can demonstrate responsible business practices will maintain access to EU-linked markets while competitors struggle to catch up.
Frequently Asked Questions about CSDDD
How does CSDDD differ from CSRD?
CSRD mandates sustainability disclosure—what companies must report about their ESG performance. CSDDD mandates substantive actions—what companies must actually do to identify, prevent, and mitigate human rights and environmental harms. A company could theoretically produce a compliant CSRD report while failing CSDDD requirements if it discloses risks but takes no action to address them.
Does CSDDD apply to a non-EU parent company with an EU subsidiary generating EUR 500 million in turnover?
Potentially yes. Non-EU companies fall under CSDDD scope if they generate EUR 450 million or more in EU turnover. The EUR 500 million figure exceeds this threshold, so the parent company would likely be covered. However, analysis depends on whether turnover is measured at the parent company level, whether the EU subsidiary operates as a separate legal entity, and how member states implement specific provisions.
What counts as a ‘value chain’ under CSDDD?
The chain of activities covers upstream processes (design, extraction, sourcing, manufacturing, transport, storage of raw materials) and downstream activities (distribution, transport, storage post-production). This extends to direct business partners and indirect business partners, though due diligence intensity may vary based on risk severity and relationship closeness.
Can a company rely solely on contractual clauses with suppliers to comply?
No. CSDDD explicitly establishes that contractual assurances are insufficient to discharge due diligence duty. Companies must take genuine measures—monitoring, verification, capacity building—beyond simply requiring suppliers to sign compliance commitments. This doesn’t create legal uncertainty around contracts; it means contracts are one tool among many, not a complete defense.
How long do victims have to bring a claim under national laws implementing CSDDD?
The directive establishes a five-year limitation period for civil liability claims. National law implementations may provide specific procedural rules, but this baseline ensures affected parties have meaningful time to pursue remedies.
What documentation will supervisory authorities expect during inspections?
Expect requests for due diligence policies, risk assessments, records of stakeholder consultations, supplier audit reports, grievance mechanism records, remediation action documentation, and evidence of monitoring effectiveness. Companies should maintain organized records demonstrating the due diligence process set forth in their policies actually operates in practice.
How does CSDDD interact with existing national supply chain laws in Germany, France, and the Netherlands?
CSDDD harmonizes requirements across the EU, but existing national laws (German Lieferkettengesetz, French Duty of Vigilance) continue operating until member states transpose CSDDD. Companies already compliant with stricter national rules have foundations to build on, though specific requirements may differ. The directive aims to ensure coordinated enforcement and prevent fragmented national approaches from creating compliance complexity.
Are financial institutions fully covered, and if not, what parts of CSDDD apply to them now?
Financial institutions face partial coverage. Climate transition plan requirements apply, but full due diligence obligations regarding downstream financial services (lending, investment decisions affecting clients) are subject to deferred treatment and scheduled review. The directive acknowledges complexity in applying value chain due diligence to financial relationships and commits to revisiting scope within two years.
What happens if an ultimate parent company fails to ensure subsidiary compliance?
The ultimate parent company bears responsibility for group-wide due diligence under CSDDD when it meets threshold criteria on a consolidated basis. Failures at subsidiary level can trigger enforcement against the parent, and civil liability may extend to harms occurring in subsidiary operations where the parent failed to implement appropriate measures.
How do franchise and licensing agreements factor into CSDDD scope?
Companies operating under uniform business methods through franchising or licensing agreements face specific thresholds: EUR 22.5 million or more in EU royalties combined with total group turnover exceeding EUR 80 million. This captures business models where the franchisor controls operational standards but franchisees technically operate independently.
CSDDD represents a fundamental shift from voluntary sustainability commitments to mandatory corporate accountability. The directive transforms how large companies must approach their global value chains, embedding due diligence into governance, risk management, and strategic decision-making.
Whether your company faces 2028, 2029, or 2030 application deadlines, starting compliance preparation now avoids scrambling later. The companies that treat CSDDD as an opportunity—to strengthen supplier relationships, build operational resilience, and demonstrate genuine responsible business conduct—will emerge stronger than those viewing it purely as a compliance burden.
Begin your gap assessment against OECD due diligence guidance standards. Review your corporate structure and governance arrangements. Engage cross-functional teams in understanding what assessing adverse human rights and environmental impacts means for your specific operations and business relationships. The clock is ticking, and preparation today prevents penalties tomorrow.