After two tumultuous years, the Corporate Sustainability Due Diligence Directive (CSDDD) is in its final stages of adoption with the final vote by the European Parliament expected on April 24th. This will add another milestone to the growing ecosystem of sustainability regulation in the European Union. Along the way, the merits and threats of the CSDDD have been hotly debated. Still, many myths and misinterpretations about what the CSDDD means for companies remain. This article explores ten of the most widely discussed assumptions, fact-checking them and providing interpretation to help companies understand how the CSDDD applies to them and start their journey to basic compliance and beyond.

1. The CSDDD is all about reporting.

False. While its close relative, the Corporate Sustainability Reporting Directive (CSRD), aims to ensure ESG transparency at companies it applies to, the CSDDD focuses on identifying adverse impacts and taking action. It does so through a due diligence process, following the six steps outlined in the OECD Guidelines for Multinational Enterprises, as shown in the graphic below.

csddd is all about reporting

These measures aim to identify, prevent, mitigate, and address potential and actual human rights and environmental impacts and communicate to relevant stakeholders how due diligence is being carried out.

The CSDDD seeks to avoid duplication in reporting and, therefore, expects companies to use CSRD-compliant reports as the primary vehicle for fulfilling the communications aspects of due diligence. Companies that are not covered by CSRD, but must comply with the CSDDD, will need to issue an annual statement describing how they implement due diligence.

2. Full upstream supply chain transparency is required immediately.

False. The CSDDD promotes a risk-based methodology for determining where companies should prioritize their efforts first. Companies are expected to identify risks and assess them based on severity and likelihood, enabling the prioritization of impacts and corresponding mitigation efforts. Companies must evaluate risks across various dimensions, such as geographical location, supply chain activities, and supplier performance. The scope encompasses a company’s operations, subsidiaries, and business associates affiliated with specific value chain segments. Depending on the company and the nature of its operations, the largest risks may be upstream. In this case, gaining upstream visibility should be prioritized. Companies are expected to continuously work on a better understanding of their supply chain risks.

BOX 1: What is the CSDDD, and which companies does it apply to?

On March 15, 2024, the European Council finally adopted the Corporate Sustainability Due Diligence Directive (CSDDD) two years after it was initially proposed. The Directive requires companies to identify, prevent, and, where necessary, mitigate and cease the adverse impacts of business activities on human rights and the environment. Following weeks of intense deliberation and uncertainty, a revised proposal for the CSDDD emerged, narrowing its original scope.

Under the updated Directive, companies exceeding 1000 employees and global (net) revenue exceeding €450 million will need to comply with the new regulation. The Directive will be implemented in three phases, depending on the number of employees and revenue. The first group, consisting of companies with over 5000 employees and €1500 million in revenue, needs to comply by 2027. The second group, companies with over 3000 employees and €900 million in revenue, will follow in 2028, and the third group, companies with more than 1000 workers and €450 million in revenue, must comply by 2029.

The CSDDD is part of the EU's broader sustainability ecosystem, and an essential pillar of the Green Deal, a comprehensive package of sustainable policy initiatives. It draws from the widely accepted human rights due diligence standard that many companies have already implemented globally, namely the UN Guiding Principles on Business and Human Rights, which also underpins the OECD Guidelines for Multinational Enterprises.

The CSDDD requires companies to conduct environmental and human rights due diligence in their operations, subsidiaries, and parts of the value chain, which is called the “chain of activities.” By setting out clear due diligence expectations, the CSDDD strives to complement other key regulations, such as the Corporate Sustainability Reporting Directive (CSRD), the EU Taxonomy Regulation, and the Sustainable Finance Disclosure Regulation (SFDR).

Other EU provisions seek similar objectives, such as regulations on conflict minerals, batteries, and deforestation-free supply chains. The CSDDD states that the regulation with the most extensive obligations shall prevail.

3. The CSDDD allows for civil liability.

True. The CSDDD allows for legal actions against companies when they fail to prevent and mitigate impacts that have been prioritized following the risk-based approach or when they have failed to end and minimize the extent of the damage caused to a legal or natural person. The Directive includes a provision allowing claimants at least a five-year window to file such claims. Failure to meet CSDDD requirements could result in fines of up to 5% of the net global revenue of the company at fault. Details of how civil liability will work in practice are left up to individual EU countries as they integrate the CSDDD into their local regulatory system.

4. The CSDDD expects companies to allocate additional resources to meet its requirements.

True. The CSDDD expects but is not prescriptive about additional resources. Sustainability, procurement, marketing, legal, compliance, human resources, and operational teams may absorb many of the tasks needed to meet the expectations outlined in CSDDD. Still, CSDDD requirements will likely stretch existing resources. Companies are already expanding their capacity and capability to manage enhanced due diligence, including stakeholder and supplier relationships. Going forward, companies will likely increasingly rely on collective solutions, digital tools, and external experts to carry out specific tasks, including corrective action plans.

BOX 2: The last steps

CSDDD’s journey is not entirely over yet. On April 24th, 2024, the EU Parliament will vote on the agreed CSDDD text. After an expected positive vote, the final English version of the law will be issued in April, followed by the final texts in other languages by the European Parliament in September/October. Ultimately, the Council of the European Union will also need to sign off on all texts to complete the process formally. Once approved by the Parliament, officially adopted by the Council, and published in the Official Journal, Member States will have two years to integrate it into their domestic legal system.

5. The CSDDD is a tick-box exercise for the companies it applies to.

False. Integrating due diligence measures for environmental and human rights impacts is a journey that demands constant learning and refinement. Companies that proactively embrace the CSDDD and adopt sustainable practices throughout their operations and supply chains will benefit in various ways, from enhanced reputation and deeper engagement with stakeholders to long-term financial and business resilience.

6. CSDDD only applies to supply chains.

False. Companies can have adverse impacts beyond their supply chain. For instance, companies could violate the labor rights of employees within their own operations or impact local communities near their facilities, particularly large capital projects like mines, data centers, and construction sites. It's imperative for companies to understand the origins of these impacts and determine whether they directly cause, contribute to, or have direct links to them.

7. CSDDD does not apply to the financial sector.

Partially true. In line with the adopted definition of the ‘chain of activities,’ in the latest round of CSDDD negotiations, only the financial sector's upstream activities are covered by the CSDDD. Downstream financial investments and other due diligence obligations no longer apply to the financial industry as initially planned. However, the current CSDDD regulation includes a review clause, leaving the door open for future integration of financial downstream activities.

8. Various forms of stakeholder engagement and collaboration are indispensable to meet CSDDD expectations.

True. Meaningful engagement is paramount throughout the due diligence process, including gathering information, drafting prevention, correction, or remedy plans, considering terminating a business relationship and developing indicators to measure progress. Additionally, the CSDDD underscores the fundamental need for broad collaboration to successfully tackle sustainability challenges and their root causes.

9. There is no business case for corporate sustainability due diligence.

False. Due diligence helps companies prevent risks (including legal liability) and address issues before they become significant and costly conflicts. Also, companies that can demonstrate their CSDDD alignment to investors, business partners, and states will likely have easier access to capital and markets. Compliance may also emerge as a prerequisite for securing public contracts and concessions awards.

10. Companies not in scope of CSDDD are better off without due diligence.

False. Based on the experience of many companies implementing due diligence over the past decade, it is clear the process helps address human rights and environmental risks before they escalate. A robust approach to human rights and the environment also helps build trust with investors, consumers, employees, and other stakeholders, in turn supporting access to capital, markets, and talent. So, even if CSDDD does not apply to them, companies will benefit from embedding a CSDDD-style due diligence process in their management systems.

The CSDDD is also not unique: many other regulations and voluntary standards align with similar concepts. Various regulations, such as the Minimum Social Safeguards within the EU Taxonomy and CSRD, underline the OECD guidelines and UN Guiding Principles, which mandate due diligence practices. Additionally, CSDDD will indirectly impact numerous companies that are not in scope since its requirements will cascade down the value chain of companies that are.

The inclusion of specific requirements acknowledges the challenges this can bring for small and medium enterprises (SMEs). CSDDD companies are expected to give SMEs in their value chain, but not in scope, targeted, and proportionate support. However, the SMEs are still affected.

In conclusion, the trend of pushing companies to align their conduct with the changing societal expectations is strong and will be hard to ignore. The CSDDD, despite its rocky road to approval, is living proof of that. Companies should read the writing on the wall and start preparing for it immediately.

Author contacts

Morganne Kroon - Consultant
Jelle van der Stempel – Consulting Senior Associate
Renée Rotering – Consulting Associate
Emma Albertone – Consulting Associate