Corporate Sustainability Due Diligence Directive (CSDDD): preparation and compliance guide

The EU Corporate Sustainability Due Diligence Directive (CSDDD, also known as CS3D) represents one of the most consequential shifts in corporate accountability regulation in decades. Adopted by the European Parliament in April 2024 with 374 votes in favor, the directive will ultimately apply to approximately 5,400 EU companies and 900 non-EU companies operating within the bloc, according to European Commission impact assessments. By 2029, covered entities must identify, prevent, mitigate, and account for adverse human rights and environmental impacts across their entire value chains, including upstream suppliers and downstream distribution. With civil liability provisions enabling affected communities to seek damages in EU courts and administrative fines reaching up to 5% of global net turnover, the CSDDD creates binding obligations that extend well beyond previous voluntary frameworks. Companies that begin preparing now will be positioned to avoid enforcement actions, protect brand reputation, and build resilient supply chains in an era of escalating regulatory scrutiny.

Why It Matters

The CSDDD transforms corporate sustainability from a voluntary exercise into a legally enforceable obligation. Prior to this directive, most supply chain due diligence requirements were limited to sector or country level rules, such as France's Duty of Vigilance Law (2017) and Germany's Supply Chain Due Diligence Act (LkSG, 2023). The CSDDD harmonizes and significantly expands these approaches across all 27 EU member states.

The directive's scope is deliberately broad. It covers adverse impacts on human rights (forced labor, child labor, inadequate wages, unsafe working conditions) and the environment (greenhouse gas emissions, biodiversity loss, pollution, deforestation), drawing on international instruments including the UN Guiding Principles on Business and Human Rights and the OECD Guidelines for Multinational Enterprises. Companies must look beyond their own operations to examine the full chain of activities, from raw material extraction through to end use and disposal.

From a financial perspective, the stakes are considerable. Administrative fines can reach 5% of worldwide net turnover, a penalty structure modeled on GDPR enforcement. Additionally, the civil liability mechanism means that individuals and communities harmed by a company's failure to conduct proper due diligence can bring claims in EU courts, seeking compensation for damages. This litigation risk alone has prompted major law firms, including Clifford Chance and Linklaters, to advise clients that the CSDDD demands board level attention (European Parliament, 2024).

The directive also integrates climate transition planning. Companies in scope must adopt and implement a climate transition plan compatible with the 1.5 degree Celsius target of the Paris Agreement, with measurable, time bound interim and 2050 targets. This requirement converges with CSRD reporting obligations, creating a regulatory ecosystem where disclosure and action are increasingly intertwined.

Key Concepts

Value chain due diligence requires companies to identify and address adverse impacts not only within their own operations but across their entire upstream and downstream value chains. This includes direct suppliers, sub-suppliers, logistics providers, and, where relevant, disposal and recycling operators. The directive uses the concept of a "chain of activities" that encompasses business partners at all tiers.

Risk-based prioritization allows companies to focus due diligence efforts on the most severe and likely adverse impacts first, rather than attempting to address all risks simultaneously. This pragmatic approach recognizes that full value chain visibility takes time to build and that resources should target the highest risk areas.

Stakeholder engagement is a core procedural requirement. Companies must consult with affected communities, workers, trade unions, and civil society organizations when developing and implementing their due diligence policies. Meaningful engagement goes beyond information sharing to include genuine dialogue and consideration of stakeholder concerns.

Climate transition planning under the CSDDD requires companies to adopt plans ensuring their business model and strategy are compatible with the Paris Agreement. Plans must include time bound, science based emission reduction targets covering Scope 1, 2, and, where relevant, Scope 3 emissions, along with a description of decarbonization levers and associated investment plans.

Civil liability establishes that companies can be held liable for damages resulting from their failure to comply with due diligence obligations. Affected persons and entities, including trade unions and civil society organizations, can bring claims in the courts of EU member states, with a five year limitation period for filing.

Regulatory Timeline

The CSDDD follows a phased implementation schedule based on company size and turnover:

Phase	Effective Date	Company Criteria
Phase 1	July 2027	Companies with >5,000 employees and >€1.5 billion net worldwide turnover
Phase 2	July 2028	Companies with >3,000 employees and >€900 million net worldwide turnover
Phase 3	July 2029	Companies with >1,000 employees and >€450 million net worldwide turnover

Member states must transpose the directive into national law by July 2026. Non-EU companies are captured if they generate turnover within the EU exceeding the relevant thresholds, meaning major global corporations in sectors such as textiles, extractives, agriculture, and manufacturing will fall within scope regardless of their headquarters location.

The European Commission is expected to publish delegated acts and implementation guidance throughout 2025 and 2026, including model contractual clauses for use with business partners and sector specific guidelines for high risk industries (European Commission, 2024).

Who Must Comply

The directive applies to three categories of organizations:

Large EU companies meeting the employee and turnover thresholds outlined in the timeline above. This captures major listed and unlisted companies across all sectors. The European Commission estimates approximately 5,400 EU companies will ultimately be in scope by 2029 (European Commission, 2024).

Non-EU companies generating net turnover exceeding the relevant thresholds within the EU, regardless of their size or structure globally. The Commission estimates roughly 900 non-EU companies will be captured. This extraterritorial reach means that US, Chinese, Japanese, and other multinational corporations with significant EU revenue must comply.

Financial sector entities are partially included following intense political negotiation. Regulated financial undertakings (banks, insurers, asset managers) are covered for their own operations and upstream supply chains but have a temporary exclusion from downstream due diligence. The Commission will reassess this exclusion within two years of transposition.

Companies not directly in scope should anticipate indirect impacts: in scope companies will cascade due diligence requirements to their suppliers through contractual clauses and verification mechanisms, creating a ripple effect through global supply chains.

Compliance Requirements

The CSDDD establishes six core due diligence obligations that closely mirror the OECD Due Diligence Guidance for Responsible Business Conduct:

1. Integrate due diligence into policies and management systems. Companies must adopt a due diligence policy describing their approach, a code of conduct for employees and subsidiaries, and processes for implementing due diligence across operations and value chains.

2. Identify and assess actual and potential adverse impacts. This requires mapping the value chain, conducting risk assessments, and prioritizing the most severe impacts on human rights and the environment.

3. Prevent and mitigate potential adverse impacts. Companies must develop and implement prevention action plans, seek contractual assurances from business partners, provide targeted support (such as capacity building for SME suppliers), and, where necessary, make investments to prevent harm.

4. Bring actual adverse impacts to an end and remediate. When adverse impacts have already occurred, companies must take corrective action to cease the impact, minimize its extent, and provide or cooperate in remediation, including financial compensation to affected communities.

5. Establish and maintain a complaints mechanism. Companies must provide accessible channels for affected persons, trade unions, and civil society organizations to submit concerns about actual or potential adverse impacts. Complaints must be addressed in a timely and transparent manner.

6. Monitor and publicly communicate. Companies must regularly assess the effectiveness of their due diligence measures and publish an annual statement on due diligence, which can be integrated with CSRD sustainability reporting.

KPI	Target / Benchmark	Measurement Approach
Value chain mapping coverage	100% of Tier 1 suppliers, risk based for deeper tiers	Supplier registration and data collection platforms
Risk assessment completion rate	Annual cycle covering all high risk areas	Internal audit and third party verification
Grievance mechanism response time	Acknowledgment within 14 days, resolution within 90 days	Case management system tracking
Corrective action closure rate	>90% within agreed timelines	Remediation tracking dashboard
Climate transition plan alignment	Paris Agreement 1.5°C pathway	Science Based Targets initiative (SBTi) validation
Supplier code of conduct adoption	100% of direct business partners	Contract and compliance management systems

Step-by-Step Implementation

Step 1: Conduct a gap analysis (Q1 2026). Map your current due diligence practices against the six CSDDD obligations. Identify where existing systems (such as ISO 14001, SA8000, or LkSG compliance programs) already address requirements and where gaps exist. Prioritize the gaps that carry the highest legal and reputational risk.

Step 2: Establish governance structures (Q2 2026). Assign board level responsibility for due diligence oversight. The CSDDD explicitly requires directors to consider human rights and environmental consequences in their decision making. Appoint a cross functional due diligence committee spanning procurement, legal, sustainability, and operations.

Step 3: Map your value chain (Q2 to Q4 2026). Begin with Tier 1 suppliers and extend to deeper tiers using a risk based approach. Prioritize sectors and geographies with known elevated risks, such as cobalt mining in the Democratic Republic of Congo, garment manufacturing in Bangladesh, or palm oil production in Southeast Asia. Leverage existing supply chain platforms like EcoVadis, Sedex, or IntegrityNext to accelerate data collection.

Step 4: Conduct risk assessments (Q3 2026 onward). Use a combination of desktop research, supplier questionnaires, third party audits, and stakeholder consultations to identify actual and potential adverse impacts. The UN Guiding Principles recommend assessing risks based on severity (scale, scope, and irremediability) and likelihood.

Step 5: Develop prevention and mitigation plans (Q4 2026 onward). For each identified risk, define specific actions, responsible parties, timelines, and resources. Plans should include contractual clauses requiring business partners to comply with your code of conduct, capacity building support for smaller suppliers, and verification mechanisms to track progress.

Step 6: Implement grievance mechanisms (by mid 2027). Establish accessible, transparent complaints channels that allow affected persons to raise concerns without fear of retaliation. Consider partnering with industry initiatives or multi stakeholder platforms to provide credible, independent mechanisms.

Step 7: Report and iterate (annually from 2027). Publish your due diligence statement, integrating it with CSRD reporting where applicable. Use monitoring data and stakeholder feedback to continuously improve your approach.

Common Pitfalls

Treating due diligence as a compliance checkbox. The CSDDD requires ongoing, adaptive processes rather than one time assessments. Companies that approach due diligence as a static exercise risk missing emerging risks and face enforcement action when adverse impacts go unaddressed.

Over-reliance on audits alone. Social audits have well documented limitations, including short notice inspections that allow temporary improvements and auditor conflicts of interest. The CSDDD expects companies to combine audits with worker voice mechanisms, grievance channels, and direct stakeholder engagement. Research by the Clean Clothes Campaign (2024) found that audit only approaches failed to detect forced labor in 71% of documented cases.

Ignoring SME supplier capacity constraints. Many suppliers in developing economies lack the resources and expertise to meet stringent due diligence requirements. Companies that simply impose contractual demands without providing support risk supply chain disruption and may be found to have inadequate prevention measures under the directive.

Failing to coordinate CSDDD with CSRD and other regulations. The CSDDD, CSRD, EU Taxonomy, and EU Deforestation Regulation (EUDR) create overlapping but distinct obligations. Companies that manage these in silos waste resources and risk inconsistent reporting. Building an integrated compliance architecture from the outset saves significant effort.

Underestimating the scope of "chain of activities." Unlike some national laws that focus primarily on Tier 1 suppliers, the CSDDD extends to the entire value chain, including downstream activities. Companies must consider how their products are used and disposed of, not only how inputs are sourced.

Key Players

Regulatory Bodies

• European Commission — Lead drafter and enforcement coordinator for the CSDDD, responsible for delegated acts and sector guidance.
• European Parliament — Adopted the directive in April 2024 after extensive negotiation with the Council.
• National Supervisory Authorities — Each member state must designate an authority to oversee compliance, investigate complaints, and impose sanctions.

Advisory and Standards Organizations

• OECD — Publisher of the Due Diligence Guidance for Responsible Business Conduct, the primary framework referenced by the CSDDD.
• UN Office of the High Commissioner for Human Rights (OHCHR) — Custodian of the UN Guiding Principles on Business and Human Rights.
• Science Based Targets initiative (SBTi) — Provides the leading methodology for validating corporate climate transition plans aligned with the Paris Agreement.

Compliance Platforms and Service Providers

• EcoVadis — Sustainability ratings platform assessing over 130,000 companies across 220 industries and 180 countries, widely used for supplier due diligence.
• Sedex — Ethical supply chain data platform with over 85,000 member sites, providing risk assessment and audit management tools.
• IntegrityNext — Supplier sustainability monitoring platform supporting CSDDD, LkSG, and CSRD compliance workflows.

Real-World Examples

Shell and Climate Transition Litigation

In May 2021, the District Court of The Hague ordered Royal Dutch Shell to reduce its net CO2 emissions by 45% by 2030 relative to 2019 levels, covering Scope 1, 2, and 3 emissions. While Shell appealed (with a ruling expected in 2025), the case demonstrated that courts can hold companies liable for inadequate climate action across their value chains. Under the CSDDD's civil liability provisions, similar claims could be brought against any in scope company that fails to adopt and implement a credible climate transition plan. Shell has since set more detailed interim targets and increased its low carbon investment budget to $10 to $15 billion for 2023 to 2025, illustrating how litigation risk drives corporate strategy (Milieudefensie v. Shell, 2021).

Nestlé and Child Labor Due Diligence in Cocoa Supply Chains

Nestlé, which sources cocoa from over 100,000 farming households in West Africa, launched its Income Accelerator Program in 2022 to address child labor and poverty in its cocoa supply chain. By 2024, the program had reached over 30,000 families in Ivory Coast and Ghana, providing direct cash incentives tied to school enrollment and sustainable farming practices. Nestlé invested CHF 1.27 billion in the program as part of its broader Cocoa Plan. Under the CSDDD, this type of proactive engagement with high risk supply chains will shift from voluntary best practice to a legal obligation, and companies that fail to implement comparable prevention measures face fines and civil liability (Nestlé, 2024).

Volkswagen and Supply Chain Mapping in Xinjiang

In 2024, Volkswagen faced intense scrutiny over its joint venture operations and supplier relationships in the Xinjiang Uyghur Autonomous Region of China, where credible allegations of forced labor have been documented by the UN and independent researchers. Volkswagen commissioned an independent audit of its Xinjiang plant and announced it would divest from the joint venture by mid 2025. The case highlights the CSDDD's requirement to "bring actual adverse impacts to an end," including through disengagement from business relationships where adverse impacts cannot be prevented or mitigated. Volkswagen subsequently invested in enhanced supply chain mapping technology, deploying AI driven traceability tools across its battery mineral supply chain covering over 40,000 supplier sites globally (Volkswagen AG, 2024).

Action Checklist

• Determine whether your company falls within the CSDDD's scope based on employee count and net turnover thresholds, including the non-EU company provisions
• Appoint a board level sponsor and cross functional due diligence committee with clear mandates and resources
• Conduct a gap analysis mapping current due diligence practices against the directive's six core obligations
• Begin value chain mapping starting with Tier 1 suppliers, prioritizing high risk sectors and geographies for deeper tier investigation
• Develop or update a code of conduct aligned with OECD Guidelines and UN Guiding Principles, and communicate it to all business partners
• Implement a risk assessment framework that evaluates adverse impacts by severity and likelihood across human rights and environmental dimensions
• Establish an accessible grievance mechanism with defined response timelines and non-retaliation protections
• Draft or refine your climate transition plan with science based targets validated by SBTi or an equivalent methodology
• Coordinate CSDDD implementation with CSRD reporting, EU Taxonomy alignment, and EUDR compliance to avoid duplication
• Engage legal counsel to assess civil liability exposure and ensure insurance coverage reflects the directive's enforcement provisions

FAQ

Q: Does the CSDDD apply to companies headquartered outside the EU? A: Yes. Non-EU companies that generate net turnover exceeding the relevant thresholds (€450 million by Phase 3) within the EU must comply, regardless of where they are incorporated. The European Commission estimates approximately 900 non-EU companies will be captured by 2029.

Q: How does the CSDDD differ from the German Supply Chain Due Diligence Act (LkSG)? A: The CSDDD is broader in several respects. It covers environmental adverse impacts more extensively, includes downstream activities in the chain of activities, introduces civil liability for damages, requires climate transition plans, and sets fines at up to 5% of global net turnover compared to LkSG's maximum of €8 million or 2% of average annual turnover. Companies already complying with LkSG will have a foundation but must expand their programs.

Q: Are SMEs directly covered by the CSDDD? A: No, SMEs are not directly in scope. However, SMEs that supply to in scope companies will face indirect requirements through contractual clauses and verification demands. The directive includes provisions to limit disproportionate burden on SMEs, requiring in scope companies to provide fair contract terms and, where appropriate, capacity building support.

Q: What happens if a company fails to comply? A: National supervisory authorities can impose administrative fines of up to 5% of worldwide net turnover. Additionally, affected persons can bring civil liability claims in EU courts seeking compensation for damages caused by inadequate due diligence. Companies may also face reputational harm, exclusion from public procurement, and investor pressure.

Q: How does the climate transition plan requirement interact with CSRD? A: The CSDDD requires companies to adopt and implement a climate transition plan, while the CSRD requires disclosure of that plan. In practice, companies should develop a single, integrated plan that satisfies both obligations, ensuring consistency between the action commitments under CSDDD and the disclosures reported under CSRD's European Sustainability Reporting Standards (ESRS E1).

Sources

• European Parliament. (2024). "Corporate Sustainability Due Diligence Directive: Final Text Adopted April 24, 2024." https://www.europarl.europa.eu/doceo/document/TA-9-2024-0329_EN.html
• European Commission. (2024). "Directive on Corporate Sustainability Due Diligence: Questions and Answers." https://ec.europa.eu/commission/presscorner/detail/en/qanda_22_1146
• OECD. (2018). "OECD Due Diligence Guidance for Responsible Business Conduct." https://www.oecd.org/investment/due-diligence-guidance-for-responsible-business-conduct.htm
• Milieudefensie v. Royal Dutch Shell plc. (2021). District Court of The Hague, Case No. C/09/571932. https://uitspraken.rechtspraak.nl/details?id=ECLI:NL:RBDHA:2021:5339
• Nestlé. (2024). "Nestlé Cocoa Plan and Income Accelerator Program: Progress Report 2024." https://www.nestle.com/sustainability/human-rights/nestle-cocoa-plan
• Clean Clothes Campaign. (2024). "Fig Leaf for Fashion: How Social Auditing Protects Brands and Fails Workers." https://cleanclothes.org/publications/fig-leaf-for-fashion
• Volkswagen AG. (2024). "Responsible Supply Chain Management: Annual Report on Human Rights Due Diligence." https://www.volkswagen-group.com/en/sustainability-reporting
• Clifford Chance. (2024). "EU Corporate Sustainability Due Diligence Directive: What Companies Need to Know." https://www.cliffordchance.com/insights/resources/blogs/business-and-human-rights-insights