Understanding the CSDDD and what it means for businesses

The Corporate Sustainability Due Diligence Directive (CSDDD) is a landmark EU directive that’s going to have huge repercussions for businesses around the globe. With a sharp focus on human rights due diligence and environmental due diligence, companies will need to be well prepared for the regulatory requirements that it will invoke across every EU Member State from 2027.

In this article, Enhesa EU Regional Expert, Diletta Managò takes us through the CSDDD, including its coverage, applicability, and impacts — plus provides invaluable recommendations on how companies should prepare for its adoption from EU legislation into national law.

What is the EU CSDDD?

The CSDDD was published in the EU Official Journal on 5 July 2024.This landmark directive aims to strengthen corporate responsibility and sustainability across global value/supply chains by setting out comprehensive due diligence obligations for both large EU and non-EU businesses. Specifically, the CSDDD targets:

1. EU Companies: those meeting specific size criteria, such as having more than 1,000 employees on average and having a net worldwide turnover of more than EUR 450 million
2. Non-EU Companies: businesses based outside the EU that generated a net turnover of more than EUR 450 million in the Union (in this case, no employee threshold is specified)

The Directive focuses on ensuring that companies — among other things — identify, prioritize, prevent, mitigate, and, if needed, remediate any adverse impact related to human rights and the environment throughout their own operations, those of their subsidiaries, and, when related to their chains of activities, those of their business partners.

Defining “business partners” in the application of the CSDDD

Under the Directive, “business partners” encompass a wide range of entities with which a company engages in business activities, including:

1. Direct business partners: entities with which the company has a commercial agreement related to its operations, products, or services, or to which the company provides services
2. Indirect business partners: entities which, while not having a direct contractual relationship, perform business operations related to the company’s operations, products or services

While identifying direct business partners is straightforward through commercial agreements, pinpointing indirect business partners can be more complex due to the broad and somewhat vague definition. Indeed, such a definition seems to point to entities that, while not contracted, still play a role in the company’s operations and may impact or be impacted by its practices without providing any clear legal connection or reference. This lack of clarity presents both challenges and opportunities for companies to refine their due diligence practices and promote more responsible and sustainable operations. In practice, the interpretation of “indirect business partners” is expected to evolve over time through regulatory guidance, judicial rulings, and industry practices. Further details may also stem from the national transposition of the CSDDD, due by 26 July 2026.

Obligation expansion throughout the value/supply chain

The CSDDD also expands companies’ due diligence obligations across their entire ‘chain of activities,’ encompassing both upstream and downstream processes. The upstream activities cover a broad spectrum of operations that occur before the company’s direct production or service provision. This includes the design, extraction, sourcing, manufacturing, transport, storage, and supply of raw materials and products. In contrast, downstream activities are more narrowly defined, focusing specifically on the distribution, transport, and storage of the company’s products after they leave its direct control.

In the final text of the CSDDD, downstream activities were significantly narrowed compared to the original proposal, excluding broader due diligence responsibility for activities such as products’ sale, use, and disposal — including dismantling, recycling, composting, or landfilling.

Important CSDDD dates to know

As for its application, the CSDDD mandates a gradual implementation across a 2-year time period, as follows:

EU companies

• As of 26 July 2027: those that had more than 5,000 employees on average and generated a net worldwide turnover of more than EUR 1.5 billion in the previous financial year (group 1)
• As of 26 July 2028: those that had more than 3,000 employees on average and generated a net worldwide turnover of more than EUR 900 million in the previous financial year (group 2)
• As of 26 July 2029: those that had more than 1,000 employees on average and had a net worldwide turnover of more than EUR 450 million in the previous financial year (group 3)

Non-EU companies

• As of 26 July 2027: those that generated a net turnover of more than EUR 1.5 billion in the Union in the financial year preceding the previous financial year (group 1)
• As of 26 July 2028: those that generated a net turnover of more than EUR 900 million in the Union in the financial year preceding the previous financial year (group 2)
• As of 26 July 2029: those that generated a net turnover of more than EUR 450 million in the Union in the financial year preceding the previous financial year (group 3)

What impact does the CSDDD have for businesses?

The CSDDD marks a transformative shift in the way companies manage their operations with respect to sustainability and human rights. As businesses align with the CSDDD, they’ll experience substantial operational impacts. In particular, the Directive requires the following eight steps to be incorporated into businesses’ activities:

1. Integrating due diligence into their policies and risk management systems and having a due diligence policy in place

This involves implementing a comprehensive business approach to due diligence and ensuring that all subsidiaries and business partners also adhere to similar standards.

2. Identifying, assessing, and prioritizing any actual or potential adverse impact

This translates into thorough evaluations of business operations, including subsidiaries and business partners throughout the chain of activities to evaluate actual and potential negative effects arising from current or future activities.

3. Preventing and mitigating potential adverse impacts

This includes bringing any actual adverse impact to an end and minimizing their extent. This crucial step requires businesses to proactively address the identified potential risks (including by means of a preventive action plan) to avoid human rights violations or environmental impact. Additionally, when actual adverse impacts occur, companies are required to take concrete actions (for instance through a corrective action plan) to reduce their severity.

4. Providing remediation for an actual adverse impact

This involves a structured approach to resolve actual issues and address the harm caused. In particular, the company that itself has caused or jointly caused an adverse impact, is explicitly required to take action to remedy the situation. However, where the adverse impact is solely the result of a business partner’s actions, the company can engage in voluntary remediation.

5. Carrying out meaningful engagement with stakeholders

This step mandates companies to establish open and transparent communication channels, consulting, and sharing information about sustainability practices, due diligence processes, and any identified risks or issues with affected, or potentially affected, subjects (including employees, trade unions, communities, and civil society organizations).

6. Establishing and maintaining a notification mechanism and a complaints procedure

The implementation of a transparent system for reporting human rights and environmental adverse impacts. This mechanism should allow employees, stakeholders, and affected communities to report concerns confidentially and without fear of retaliation.

7. Monitoring the effectiveness of due diligence policy and measures

A continuous process of evaluating how well the said policies and measures are achieving their intended goals.

8. Public communication

Maintaining a transparent approach to due diligence by publishing and making publicly available an annual statement on the matters covered by the CSDDD.

Additionally, the CSDDD also obliges companies to develop and implement a comprehensive transition plan for climate change mitigation. This plan must align their business model and strategic objectives with the targets set by the Paris Agreement (limiting global warming to 1.5°C). In practical terms, this means companies need to assess current operations and strategies, identify areas to reduce their carbon footprint, and set clear, actionable goals to achieve these reductions. However, companies that already report a climate change transition plan under Directive (EU) 2022/2464 on corporate sustainability reporting (CSRD) will be considered to have met the CSDDD’s climate change reduction plan requirement.

Due diligence reporting under the CSDDD

As briefly touched upon above, under the CSDDD, companies have specific reporting obligations designed to ensure transparency and accountability in their due diligence efforts. Each year, companies must publish a detailed statement within 12 months of the financial year balance sheet date. This report must include an overview of their due diligence activities, including an account of identified and potential adverse impacts, and the measures implemented to address these issues.

At the time of publication, the precise requirements for this report and the criteria for its preparation aren’t yet established. These will be outlined in a forthcoming Commission act, but this reporting obligation is separate from those required under the CSRD. If a company is already subject to the sustainability reporting requirements of the CSRD, it will be exempt from publishing the outlined (separate) statement reporting on its compliance with the CSDDD.

With this in mind, companies should be sure to have the means in place to stay updated on further guidance from the European Commission regarding how to align and integrate their reporting obligations effectively.

The reputational benefits of CSDDD compliance

In today’s business landscape, compliance with the CSDDD is going to play a pivotal role in shaping a company’s reputation. By aligning with the CSDDD, companies signal their dedication to human rights and environmental sustainability, which can significantly enhance public image and leverage key aspects, such as:

Building trust

One of the key benefits of CSDDD compliance is enhanced trust. Effective due diligence practices show stakeholders — including customers, investors, and employees — that a company is serious about its social and environmental responsibilities. This trust is crucial for fostering long-term relationships and securing stakeholder support.

Boosting positive public perception

Companies that actively comply with CSDDD requirements stand out in a crowded market in the most positive of ways. By proactively managing risks and addressing issues within its supply, these companies differentiate themselves from competitors. This positive public perception can translate into increased customer loyalty, investor confidence, and a stronger overall market position.

Mitigating reputational risks

Another crucial aspect of CSDDD compliance is its role in risk management. Thorough due diligence and transparent reporting can help organizations prevent potential controversies related to human rights and environmental issues. This proactive stance helps protect a company’s brand from reputational damage, ensures longevity, and demonstrates company responsibility.

In summary, robust CSDDD compliance is more than just meeting legal requirements. It’s about building a positive reputation, gaining stakeholder trust, and safeguarding against reputational risks. Integrating the CSDDD standards can set a company apart as a leader in corporate responsibility and sustainability.

Navigating the value/supply chain impact of the CSDDD

The CSDDD introduces a new era of responsibility for companies, extending their obligations far beyond their immediate operations (or even those of their subsidiaries) to encompass those of their business partners in their chains of activities (as defined above). Here is a closer look at how this directive reshapes the way businesses handle these impacts.

Deepening due diligence

Under the CSDDD, companies are required to adopt a thorough approach to due diligence. This means examining more than just their own operations to scrutinize every tier of their chains of activities — from raw material supply to final product distribution. Companies must now identify and assess human rights and environmental risks associated with both direct and indirect business partners. This comprehensive oversight ensures that every link in the company’s chain of activities adheres to ethical and sustainable practices.

Proactive risk management

Effective risk management is essential under the CSDDD. Companies must also develop and implement action plans to address adverse human rights and environmental impacts that occur (or could occur) across the various stages of their chains of activities — from procurement to production, transport, and storage, right through to distribution. By taking appropriate measures to avoid potential harm and promptly managing actual negative effects, companies can ensure that their operations — as well as those of their business partners — remain both sustainable and responsible.

Embracing transparency and accountability

Transparency is also at the heart of the CSDDD. Businesses must ensure visibility across their entire chains of activities and clearly communicate their comprehensive due diligence efforts. This involves regular reporting on how they are managing risks throughout the different operational levels and implementing far-reaching prevention and mitigation strategies.

In essence, the CSDDD requires companies to broaden their management perspective and embrace a more integrated approach. This not only helps in meeting regulatory requirements but also enhances overall corporate responsibility and integrity.

Does the CSDDD relate to the CSRD?

The CSDDD strictly focuses on integrating human rights and environmental due diligence into corporate operations, while the CSRD establishes comprehensive sustainability reporting. However, the two directives are closely interconnected, both playing key roles in advancing corporate responsibility and sustainability in the EU.

The most significant link between the CSDDD and the CSRD is their shared focus on transparency in managing businesses’ sustainability risks. In particular, the CSDDD mandates detailed disclosure of companies’ due diligence efforts to address human rights and environmental issues, while the CSRD requires broader sustainability reporting on environmental, social, and governance (ESG) performance.

Fortunately, companies subject to both directives will be able to integrate their reporting (as explained above) to avoid duplication.

Identifying the distinctions: CSDDD vs. CSRD

While both directives aim to promote corporate responsibility and transparency, they address different sustainability aspects.

Firstly, let’s compare how the two directives respond to different logics:

• The CSDDD focuses on due diligence concerning human rights and environmental impacts. It requires companies to carry out specific actions, such as actively identifying, preventing, and mitigating adverse effects across their entire chains of activities. Therefore, it aims to ensure that businesses are accountable for the impacts of their own operations as well as those of their business partners by mandating proactive and effective practices. Reporting — even though relevant — plays a minor role compared to the CSRD.
• The CSRD provides a broader framework for reporting on sustainability but does not prescribe specific due diligence actions. Instead, it outlines general reporting requirements and disclosure standards related to a company’s overall ESG performance, which includes but is not limited to due diligence practices.

The directives also have different application scopes.

The CSDDD applies specifically to large companies, both within and outside the EU, that meet certain size thresholds related to turnover and employee count.

The CSRD also targets large companies, but it has a broader application that extends to all large EU entities, listed small and medium-sized companies, and third-country companies with a net turnover over EUR 150 million and a subsidiary or branch in the EU. It encompasses a wide range of sustainability issues beyond just human rights and environmental due diligence.

Balancing CSDDD and CSRD for effective overall compliance

To ensure strong compliance, companies must understand how to address the CSDDD and CSRD both together and individually. Here are some top tips for a streamlined approach:

Implement a unified strategy

To maximize efficiency, businesses should integrate their compliance efforts for both directives. Just as CSDDD compliance supports reporting under the CSRD, the CSRD’s extensive reporting requirements can complement the CSDDD’s goals by enhancing transparency and building trust. A cohesive strategy helps avoid duplication and ensures alignment between reporting and due diligence. For example: aligning risk management efforts under the CSDDD with the CSRD’s reporting requirements not only helps effectively communicate due diligence measures but also strengthens the company’s overall sustainability narrative.

Don’t lose sight of their distinct focuses

While integrating efforts, keep in mind the distinct obligations of each directive. Companies should target thorough due diligence practices to manage and mitigate human rights and environmental risks across their supply chain (in accordance with the CSDDD), while also concentrating on detailed sustainability reporting that covers a broad range of ESG issues (under the CSRD). Ensuring collaboration across departments can help integrate compliance strategies for both directives effectively.

Only by addressing both the CSDDD and CSRD in tandem while focusing on their unique requirements, can companies enhance their overall sustainability efforts and ensure comprehensive compliance.

Get your business ready for the CSDDD

The CSDDD mandates companies to adopt comprehensive human rights and environmental due diligence throughout their entire chains of activities. This entails an integrated approach that extends beyond immediate companies’ operations to include every tier of the chain of activities. By adopting this comprehensive framework, companies are expected to enhance accountability, boost transparency, and proactively manage sustainability risks. This approach ensures adherence to ethical standards and actively works to prevent and mitigate any adverse impacts on people and the environment. The CSDDD’s emphasis on rigorous due diligence practices aims to embed sustainability deeply into corporate strategies, thereby fostering a more responsible and resilient business environment.

Six essential steps for CSDDD preparation

As the CSDDD comes into play, companies need to gear up to meet its requirements. Here’s a simple 6-step approach to help you get prepared:

1. Strengthen due diligence

Start off by assessing and improving your due diligence practices. Ensure you have robust systems in place to identify and manage human rights and environmental risks across your operations.

2. Map your chain of activities

Gain a thorough understanding of your entire value/supply chain, including both direct and indirect business partners. This will help you monitor and address risks more effectively.

3. Develop action plans

Draft and implement clear strategies for both preventing potential risks (prevention action plan) and bringing identified adverse impacts to an end (corrective action plan). This proactive approach will assist you in managing issues before they escalate or, even better, preventing them from occurring.

4. Prepare for reporting

Keep track of your due diligence practices and set up efficient reporting mechanisms to ensure transparency. The CSDDD requires detailed reporting on your due diligence efforts, so having a well-organized system in place will make this process smoother.

5. Train your team

Educate your employees about the CSDDD and its requirements. A well-informed team will be crucial in implementing and maintaining compliance across all departments.

6. Stay informed

Keep up with any updates or changes from the EU Parliament, Council, and Commission, and in the Member State regulatory landscape. Being proactive about regulatory changes will help you stay ahead of compliance issues.

With the CSDDD requiring each Member State to impose pecuniary penalties based on the company’s net worldwide turnover, the cost of CSDDD non-compliance can be considerable. Knowing the details of regulatory updates as soon as — or even before — they come into effect ensures corporate practices are on point and stay aligned with ever-increasing requirements.

With the right solutions and tools at your disposal, you can ensure your teams have access to accurate, up-to-date information that’s been analyzed by experienced legal experts — making it clear and actionable.

Find out more about how Enhesa helps businesses mitigate non-compliance risks and keep on top of the evolving regulatory landscape…