Skip to main content
Analysis:
Analysis

CSDDD: Corporate Sustainability Due Diligence Directive

Understanding and Implementing the Upcoming CSDDD

The Corporate Sustainability Due Diligence Directive (CSDDD), which came into force on July 25, 2024, is one of the EU’s central sustainability laws. It requires companies to conduct thorough due diligence on human rights and environmental impacts across their entire value chain, both upstream and downstream. The aim is to identify, prevent, and eliminate negative effects. The Directive is a crucial aspect of the EU's broader commitment to sustainable development and corporate social responsibility.

Download: CSDDD Q&A (PDF)

With our expertise in sustainability, legal matters, risk management, supply chain management, business strategy, and other key related topics, we are prepared to help companies interpret legislation and prepare for compliance while meeting their broader sustainability and business objectives.

Prepare your business: read our guide to CSDDD and how to navigate it below.

Let's together prepare your organisation for CSDDD
Update: Impact of Omnibus on CSDDD

First announced by President von der Leyen in November 2024, the European Commission released the Omnibus package on 26th February 2025. The package includes proposals to streamline and simplify certain aspects of the EU sustainability framework, notably the CSRD, CSDDD and EU Taxonomy.

The documents released are proposals, and therefore explicitly subject to further debate and negotiations. This means that the final outcome may be different from the proposals including thresholds for companies to be in scope. As the negotiations are ongoing, it is still unclear if more changes are on the horizon or if there may be a softening of some of the proposed changes. Up until adoption of Omnibus Proposal I and II, the existing timelines of the CSRD, CSDDD and EU Taxonomy are applicable.

The proposals will now go through the political process, requiring approval by the European Parliament and European Council.

To give companies more certainty on timing of the directives, a decision on the ‘stop the clock’ proposal is expected in early April 2025. The ‘content’ proposal containing the detailed changes will likely take between 12-18 months depending on the progress of negotiations.

Timing: The application deadline is subject to a 1-year delay from 26 July 2027 to 26 July 2028. Guidelines will be published earlier starting in July 2026.

Value chain: Value chain due diligence is limited to direct business partners, except when there is plausible information that suggests that adverse impacts at the level of the operations of an indirect business partner have arisen or may arise. In this case it shall carry out an in-depth assessment.

Stakeholder engagement: The definition of ‘stakeholder’ has been narrowed to cover only company employees, employees of direct business partners and subsidiaries, and individuals and communities that are  directly impacted by the products, services and operations of the company and its subsidiaries.

Stakeholder engagement is no longer required when deciding to terminate or suspend a business relationship, or develop indicators for the monitoring of effectiveness. It is still required to identify and prioritise adverse impacts, developing action plans and remediation efforts.

Monitoring frequency: Changed from annually to every 5 years.

Termination of business relationships: Companies are no longer required to terminate business relationships in the case of non-compliance, instead focusing on the suspension of the relationship and remediation.

Enforcement: The EU-wide civil liability requirements have been removed, leaving civil liabilities requirements to the discretion of member states. In addition, it is proposed that NGOs and trade unions are no longer authorized to file complaints or claims on behalf of affected persons.

Penalties: The commission shall issue guidance to Member States’ supervisory authorities to determine the level of penalties. The minimum cap of 5% global turnover has been removed and the penalty amount is no longer mandatorily based on the company’s net worldwide turnover.

Climate transition plan: The obligation to adopt a transition plan remains, but the obligation to ‘put it into effect’ has been removed.

The Omnibus is still subject to significant discussion, and potential changes. However, the scope of companies impacted by the directive hasn’t changed, nor its foundations in the UN Guiding Principles and OECD Guidelines for Responsible Business. As immediate next steps we would advise companies to:

  • Continue to monitor ongoing legislative developments
  • Start to understand how they align with the UN Guiding Principles for Business and Human Rights and OECD Guidelines for Responsible Business and develop an action plan to close the gaps
  • Understand how these due diligence efforts flow into transparent public reporting (e.g. CSRD).
Background on CSDDD

The Corporate Sustainability Due Diligence Directive (CSDDD) is an EU directive that requires companies within its scope to implement a human rights and environmental due diligence process.

The Directive requires companies to identify and assess negative impacts on human rights and the environment that are associated with their own operations, the operations of their subsidiaries, and the operations of their business partners in the companies' chains of activity. Business partners include direct partners, those with commercial agreements related to the company’s business activities, products, or services, as well as indirect business partners, companies that carry out business activities related to the company’s business activities, products, or services.

Where necessary, companies should prioritize the most serious risks to prevent, mitigate, and remediate or contribute to remediation, based on shared responsibility.

The CSDDD will ultimately apply to:

  • Companies in the EU with more than 1,000 employees and a global net turnover above 450 million euros.
  • Non-EU companies with a net turnover of over 450 million euros in the European Union.
  • Parent companies of a group that meets the above thresholds.
  • Companies that have entered into a franchise or royalty agreement in the EU with independent third-party companies or are the ultimate parent company of a group that meets the following criteria:
    • The agreements ensure a common identity, a common business concept, and the application of uniform business methods.
    • Royalties must be more than 22.5 million euros.
    • The company or group has a worldwide net turnover of more than 80 million euros.

Implementation of the Directive in local legislation is expected by 2026. Therefore, the CSDDD will come into force gradually based on thresholds.

The CSDDD has strong synergies with and is closely linked to various EU laws related to human rights and value chain due diligence, including the EU Deforestation Regulation (EUDR), the EU Conflict Minerals Regulation (EUCMR), the EU Batteries Regulation (EUBR), and impending legislation banning forced labour. While the due diligence obligations in these regulations are often sector-, commodity-, or topic-specific and vary in scope and obligations, the CSDDD sets a uniform EU-wide standard. It requires both EU and non-EU companies to develop comprehensive due diligence strategies for human rights and environmental issues. However, the data collected and the due diligence implemented in the context of EUDR, EUCMR, and other regulations may be used to support CSDDD compliance, and vice versa.

In addition, the CSDDD is closely linked to the Corporate Sustainability Reporting Directive (CSRD), and the two complement each other in their efforts to enhance value chain sustainability and transparency within the European Union. Both guidelines are consistent with the OECD Guidelines for Multinational Enterprises on Responsible Business Conduct and are based on the UN Guiding Principles, with the CSRD focusing on reporting and disclosure of social and environmental impacts, risks, and opportunities, while the CSDDD imposes action-oriented obligations, requiring companies to actively examine and address the environmental and human rights impacts of their own operations and supply chain.

It should be noted that CSRD and CSDDD have different application areas. The CSRD applies to a broader range of companies and covers all value chain activities, including companies’ own operations, downstream and upstream. The CSDDD, on the other hand, applies to a narrower set of companies and focuses on a smaller group of value chain activities.

Finally, the CSDDD also has strong similarities with the minimum protection criteria of the EU taxonomy. If a company wants to be compliant with the EU taxonomy, it must implement human rights due diligence, which is very similar to the CSDDD due diligence requirements.

Requirements of the CSDDD

Implementing human rights and environmental due diligence requires companies to carry out the below activities.

Meaningful stakeholder engagement is required in each of these processes and is a fundamental element of due diligence as mandated by CSDDD.

In addition, CSDDD requires that companies establish a climate transition plan:

  • Companies must adopt and implement a transition plan aimed at limiting global warming to 1.5°C.
  • Companies must report progress and update their plans annually.

While the Directive places responsibility on companies to address negative human rights and environmental impacts throughout their value chain, the proximity to the impact and the influence that the company has on the business partner involved plays a role in determining the level of action expected from the company.

Note that context and leverage should not be a factor in impact prioritisation, as this should be done based on severity and likelihood.

  1. Developing and implementing a prevention action plan when necessary.
  2. Obtaining contractual assurances from direct business partners, complying with the code of conduct and, if necessary, the prevention action plan.
  3. Making financial or non-financial investments, adjustments, or upgrades aimed at preventing negative impacts.
  4. Adapting business plans, practices, policies, overall strategies, and operations that contribute to living wages and incomes for their suppliers, and that do not encourage potential adverse impacts on human rights or the environment.
  5. Making necessary changes to, or improvements in, their design, distribution, and payment practices to address negative impacts both upstream and downstream in their activities.
  6. Providing targeted and proportionate financial and/or non-financial support to business partners who are small and medium-sized enterprises (SMEs) that may need it, especially if compliance with the code of conduct or prevention action plan could jeopardize their viability, for example through bankruptcy.

Companies are expected to address these risks by working directly with business partners and/or working with indirect business partners if necessary, as well as working with affected stakeholders or representatives. However, if these measures do not lead to successfully managing the risks, the company may, as a last resort, choose to temporarily suspend the business relationship until the risk is resolved, or refrain from entering into new or existing relations with the relevant partner, if it has been determined that the situation will not be further affected.

For environmental due diligence under the CSDDD, a specific set of environmental topics is in scope, as outlined in the Directive’s appendix and summarised below:

Negative impact on natural resources:

  • Biological diversity
  • Endangered species
  • Natural heritage sites
  • Wetlands
  • Seas and oceans (from pollution from ships, dumping, and other sources)

Management of substances that are environmentally harmful:

  • Mercury (use and waste)
  • Prohibited chemicals (production/use as well as import/export)
  • Waste (handling, collection, storage, and disposal as well as export)
  • Controlled substances (illegal production, consumption, import, and export)

Environmental degradation that affects people’s safety, health, well-being, and access to resources, such as:

  • Harmful soil alteration
  • Water or air pollution
  • Harmful emissions
  • Excessive water use
  • Land degradation or other natural resources
  • Eviction or expropriation of land, forests, and waters through acquisition, development, and use, including deforestation

Reducing climate change in line with the Paris Agreement, on the basis of a climate transition plan

Fines up to a maximum amount to be determined individually by each Member State (this maximum amount should not, however, be less than 5% of the company’s net global turnover)

Exclusion from public tenders

Civil liability for the intentional or negligent causing of adverse effects

Preparing for CSDDD compliance

Compliance with the Corporate Sustainability Due Diligence Directive (CSDDD) can help companies position themselves as leaders in sustainability and ethical business practices and achieve significant operational, reputational, and financial benefits:

  • Improve competitive advantage and reputation by attracting socially and environmentally conscious customers and building trust with stakeholders through proactive sustainability efforts.
  • Mitigate risk by avoiding future liabilities, legal issues, and supply chain disruptions by fostering a culture of continuous improvement.
  • Increase operational efficiency by streamlining supply chains, increasing transparency, and regularly assessing supplier performance.
  • Strengthen long-term resilience by enabling companies to adapt more efficiently to regulatory changes, market demands, and global challenges.
  • Achieve financial benefits through efficient use of resources and attracting investment due to meeting Environmental, Social, and Governance (ESG) criteria.
  • Strengthen employee engagement, improve workplace culture, and help attract and retain top talent by prioritising sustainability.
  • Build trusted relationships with suppliers through collaboration on capability building and supporting sustainable business practices.

Companies should start preparing for CSDDD now to allow enough time to build the systems and carry out the activities required by the directive. This includes taking enough time to identify risks and mitigate them, including through coordination with partners in the value chain and through contract (re)negotiations if necessary. Companies also need to consider how they can effectively meet these requirements, while taking into account their broader business and sustainability goals.

The requirements of CSDDD are complex, but if addressed carefully, they can be seamlessly integrated into business operations, potentially leading to positive outcomes such as improved reputation, stronger customer relationships, and enhanced risk management. By proactively addressing CSDDD, companies avoid costly reactive measures such as expensive firefighting or penalties and reputational damage due to non-compliance with human rights and environmental standards. Additionally, early preparation allows companies to harmonise CSDDD compliance with other related regulations, thereby minimising inefficiencies and maximising resource utilisation.

  • Determine whether CSDDD compliance will be treated as a compliance-driven activity or integrated into larger organisational transformation efforts to support business objectives.
  • Establish a governance structure and identify key stakeholders responsible for ensuring CSDDD compliance and taking responsibility for the required activities.
  • Conduct a value chain risk assessment to identify key human rights and environmental risks, prioritise them based on the severity and likelihood of negative impacts, and prepare to take preventive action if necessary.
  • Conduct a human rights and environmental value chain risk management assessment across processes, policies, technology/data, organisation, and governance to assess actions required to achieve compliance.
  • Ensure that appropriate data management and transparency/visibility systems are in place to enable due diligence activities as well as required reporting.
  • If not already started, begin to develop a climate transition plan in line with the Paris Agreement. 

Deloitte can support you with each of these key steps.

  • Extensive Experience: Deloitte has a strong track record of helping clients design and implement comprehensive human rights and environmental due diligence.
  • Cross-Functional Collaboration: Our multidisciplinary approach involves collaboration across multiple focus areas, including supply chain, risk management, legal, and sustainability, to provide holistic solutions.
  • Global Networks and Partnerships: Deloitte’s extensive global network ensures access to local expertise and resources, facilitating the seamless implementation of CSDDD requirements across different regions.
  • Advanced Technology and Data Analytics: Deloitte uses state-of-the-art digital tools and platforms to monitor, manage, and report on human rights and environmental performance, using data analytics to inform decision-making.
  • Tailored Support and Strategic Guidance: We tailor our services to each client’s individual needs and challenges, providing strategic roadmaps and action plans aligned with broader business and sustainability goals.
  • Stakeholder Engagement and Reporting: Deloitte helps clients develop and implement strategic stakeholder engagement plans and align reporting with the Corporate Sustainability Reporting Directive (CSRD).
  • Expert Advice on Climate Transition Plans: Our expertise helps clients develop, disclose, and implement credible climate change plans, manage transition risks and financial impacts, and prepare for future changes.
CSDDD: impact on Financial Services Institutions (FSIs)

While corporates are mandated to implement comprehensive sustainability due diligence across their entire value chain, FSIs primarily focus on upstream activities. Moreover, FSIs need to integrate clients' sustainability strategies and commitments to the Paris Agreement for improved risk assessment and transparency.

The CSDDD impacts FSIs by requiring them to conduct comprehensive human rights and environmental due diligence, primarily focusing on upstream activities of their value chain. Although FSIs are not obligated to cover downstream activities, aligning with the broader compliance efforts of their clients—who might be in scope of CSDDD and CSRD—can enhance transparency and risk management. Furthermore, FSIs must also align their business models with the Paris Agreement, ensuring that their financial activities contribute to global sustainability goals. 

Extending sustainability due diligence beyond the CSDDD minimum requirements offers FSIs enhanced risk mitigation and can position them as leaders in sustainable finance. By integrating downstream activities, FSIs can better support their clients' sustainability efforts, align with international standards such as the OECD Guidelines and the UN Guiding Principles on Business and Human Rights (UNGPs), and build competitive advantages through credible transition plans.

This proactive approach not only facilitates improved Know Your Customer (KYC) practices and transition planning but also supports strategic decision-making and operational efficiency, leading to stronger client relationships and increased trust. Furthermore, having solid knowledge of the sustainability performance of clients, also in the downstream value chain may limit the risk of ESG-related litigation. 

FSIs can leverage sustainability data from the CSRD. By integrating client-reported data, FSIs can strengthen their KYC and risk management practices, aligning with soft law standards, and enhancing strategic decision-making. This "trickle-up" approach ensures FSIs contribute effectively to sustainability goals and defend their practices in a changing regulatory landscape. 

Connect with us

We hope this information has given you the context around CSDDD that you were looking for. We understand that every organisation and situation is unique. With our extensive experience, global network, and state-of-the-art technology, we are ready to help you find a fitting solution. Please feel free to contact us. We are ready to discuss how we can help you with your specific needs.

Did you find this useful?

Yes
No

Thanks for your feedback

Your feedback is important to us

To tell us what you think, please update your settings to accept analytics and performance cookies.

Need help updating cookies?

Sustainability & Climate

Collection

Omnibus

Analysis
Filter by Associated office:
All
  • All

Get in touch with our CSDDD team

Jille Luijckx

Partner | Sustainable supply chains
+31650018110

Rozemarijn Bloemendal

Partner | Legal sustainability
3188 288 3661

Nathalie La Verge

Director | Social sustainability
+31882881930

Laura Klapwijk

Partner | Forensic, Due Diligence and ESG Integrity
+31882886049

Stefanie Citroen

Director I Sustainable Finance
+31882861651

Why a (new) Legal Operating Model can enhance CSDDD-compliance

In this article, we explain how establishing or re-evaluating a Legal Operating Model (“LOM”) could help businesses in meeting the requirements under the Directive. We also identify some opportunities and possible pitfalls during this process.
Service

Let's connect

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited (“DTTL”), its global network of member firms, and their related entities (collectively, the “Deloitte organization”). DTTL (also referred to as “Deloitte Global”) and each of its member firms and related entities are legally separate and independent entities, which cannot obligate or bind each other in respect of third parties. DTTL and each DTTL member firm and related entity is liable only for its own acts and omissions, and not those of each other. DTTL does not provide services to clients. Please see www.deloitte.com/about to learn more. 

In The Netherlands the services are provided by independent subsidiaries or affiliates of Deloitte Holding B.V., an entity which is registered with the trade register in The Netherlands under number 40346342.

© 2025. For information, contact Deloitte Global.