Deep dive: Supply chain due diligence legislation (CSDDD) — the fastest-moving subsegments to watch

When the European Parliament adopted the Corporate Sustainability Due Diligence Directive (CSDDD) in April 2024, compliance teams at multinationals across Asia-Pacific began scrambling. A 2025 survey by the Asian Development Bank found that 72% of Tier 1 suppliers to EU-headquartered firms in Southeast Asia had no formal human rights due diligence process in place, and only 18% had mapped their own upstream supply chains beyond the first tier. For procurement professionals operating in the region, the legislation represents the most significant regulatory shift in supply chain governance since the UK Modern Slavery Act of 2015, and the subsegments moving fastest will determine which companies lead and which face enforcement actions, contract losses, and reputational damage.

Why It Matters

The CSDDD requires in-scope companies to identify, prevent, mitigate, and account for adverse human rights and environmental impacts across their entire value chains, including upstream suppliers and downstream distribution. Companies with more than 1,000 employees and net turnover exceeding EUR 450 million fall within scope, but the directive's reach extends far beyond the roughly 5,400 EU-headquartered companies directly covered. Non-EU companies generating more than EUR 450 million in net turnover within the EU are also captured, pulling thousands of Asia-Pacific headquartered firms into compliance obligations.

The financial exposure is substantial. Maximum administrative fines under CSDDD reach 5% of worldwide net turnover, meaning a company with EUR 10 billion in global revenue faces potential penalties of EUR 500 million. Civil liability provisions allow victims of adverse impacts to bring claims in EU courts, creating litigation risk that corporate legal teams are beginning to quantify. The German Supply Chain Due Diligence Act (LkSG), which took effect in January 2023 as an early national implementation, has already generated 932 formal complaints to the Federal Office of Economics and Export Control (BAFA) through March 2025, with 47 resulting in enforcement proceedings (BAFA, 2025).

Asia-Pacific sits at the epicenter of compliance pressure because the region hosts the vast majority of manufacturing supply chains serving EU consumer markets. The International Labour Organization estimates that 28.4 million people are in situations of forced labor globally, with 63% concentrated in Asia-Pacific (ILO, 2025). Garment manufacturing in Bangladesh, Vietnam, and Cambodia; electronics assembly in China, Malaysia, and Thailand; palm oil production in Indonesia and Malaysia; and mining operations in the Philippines and Myanmar all face heightened scrutiny under the new regime.

Key Concepts

The CSDDD framework introduces several operational requirements that procurement teams must understand. The obligation of means, rather than an obligation of result, requires companies to take appropriate measures proportionate to the severity and likelihood of adverse impacts, the nature of the company's relationship to the impact, and the company's leverage over the entity causing the harm. This proportionality principle distinguishes CSDDD from strict liability regimes but still demands documented, systematic processes.

Due diligence must cover the full value chain, defined to include upstream activities related to the production of goods or provision of services by the company, and downstream activities related to the distribution, transport, and storage of products. The concept of a "chain of activities" replaces the narrower "supply chain" framing used in earlier legislative proposals, broadening the scope of required assessment.

Companies must adopt and embed a due diligence policy, identify actual and potential adverse impacts, prevent and mitigate potential impacts, bring actual impacts to an end, establish a complaints mechanism, monitor the effectiveness of measures, and publicly communicate on due diligence. The transition timeline phases in obligations: companies with more than 5,000 employees must comply by July 2027, companies with more than 3,000 employees by July 2028, and all in-scope companies by July 2029.

Fastest-Moving Subsegments

Digital Due Diligence Platforms

The most rapidly accelerating subsegment is the market for technology platforms that automate CSDDD compliance workflows. Venture capital investment in supply chain due diligence software reached $1.8 billion globally in 2025, up from $620 million in 2023, according to PitchBook data (PitchBook, 2025). Platforms are converging around three capabilities: automated supplier risk screening using geospatial data, media monitoring, and sanctions lists; digital supplier questionnaire management with audit trail documentation; and integration with procurement systems to embed due diligence checks into sourcing decisions.

IntegrityNext, acquired by Sphera in 2024, now monitors more than 180,000 supplier sites across 120 countries, using satellite imagery, news sentiment analysis, and regulatory databases to generate continuous risk scores. Prewave, an Austrian startup that raised EUR 63 million in Series B funding in early 2025, applies natural language processing to over 100,000 news sources in 50 languages to detect supply chain disruptions and human rights incidents in near-real time. EcoVadis, the largest sustainability rating platform with assessments of over 130,000 companies, has added CSDDD-specific scoring modules that map assessment results directly to the directive's due diligence obligations.

In Asia-Pacific specifically, the adoption curve is steepest among Japanese and South Korean electronics manufacturers, where procurement teams are deploying platforms from Sedex and Assent to screen thousands of Tier 2 and Tier 3 component suppliers across China, Vietnam, and Malaysia. Toyota reported that its digital due diligence platform now covers 12,400 direct suppliers and 38,000 sub-tier suppliers, generating automated risk alerts that reduced human rights incident response times from an average of 42 days to 7 days (Toyota, 2025).

Forced Labor Detection and Traceability

The subsegment attracting the most regulatory and enforcement attention is forced labor detection, driven by the convergence of CSDDD obligations with the EU Forced Labor Regulation adopted in late 2024. This regulation prohibits products made with forced labor from being placed on the EU market, creating a product-level enforcement mechanism that complements CSDDD's company-level due diligence requirements.

Traceability technology is the critical enabler. Oritain, a New Zealand-based company, uses forensic trace element analysis and stable isotope testing to verify the geographic origin of raw materials including cotton, palm oil, cocoa, and seafood. Their technology can distinguish cotton grown in Xinjiang from cotton produced in other Chinese provinces or neighboring countries, providing the evidentiary basis for forced labor risk assessments that regulators increasingly demand. The company reported a 340% increase in enterprise contracts from Asia-Pacific headquartered firms between 2024 and 2025 (Oritain, 2025).

Blockchain-based traceability platforms are moving from pilot to production deployment. TextileGenesis, backed by the Better Cotton Initiative, now tracks over 2 billion garment units from fiber origin through finished product. The platform's mass-balance reconciliation engine detects discrepancies between declared fiber origins and actual production volumes, flagging potential instances where cotton from restricted origins has been blended into supply chains. H&M, Adidas, and PVH Corp have mandated TextileGenesis adoption for all cotton-containing products shipped to the EU market.

Worker voice platforms represent an adjacent subsegment gaining momentum. WOVO (formerly Labor Solutions) deploys mobile-based worker engagement tools in 24 languages across 4,200 factories in Asia, collecting anonymous worker feedback on working conditions, wage payments, and freedom of movement. The platform has documented that factories using continuous worker voice monitoring reduce the incidence of verified labor violations by 35 to 45% compared to facilities relying solely on periodic social audits (WOVO, 2025).

Sector-Specific Due Diligence Standards

Industry-specific implementation standards are crystallizing faster than many compliance teams anticipated. The most advanced sector frameworks include the Responsible Business Alliance (RBA) code of conduct for electronics, which updated to Version 8.0 in January 2025 with explicit CSDDD alignment provisions; the Together for Sustainability (TfS) initiative for chemicals, which now covers 47 member companies representing EUR 800 billion in combined procurement spend; and the Roundtable on Sustainable Palm Oil (RSPO), which has integrated CSDDD requirements into its 2025 Principles and Criteria revision.

In Asia-Pacific, the Japan Electronics and Information Technology Industries Association (JEITA) released its CSDDD Implementation Guidance in March 2025, providing 127 member companies with a standardized approach to supply chain mapping, risk assessment methodology, and grievance mechanism design. The guidance includes a cascading requirement framework where Tier 1 suppliers must conduct their own due diligence on Tier 2 and Tier 3 suppliers, creating a multiplier effect that extends compliance obligations deep into Asian manufacturing networks.

The financial sector is developing its own due diligence frameworks. The UN Principles for Responsible Investment published a CSDDD implementation guide for asset managers in February 2025, establishing expectations for how investors should assess portfolio companies' due diligence processes. Major Asia-Pacific asset managers including Nomura Asset Management, Samsung Asset Management, and Temasek have adopted the framework as a baseline for engagement with portfolio companies, adding investor pressure to regulatory requirements.

What's Working

Early movers in Asia-Pacific are demonstrating that systematic due diligence improves both compliance readiness and commercial outcomes. Samsung Electronics, which began implementing enhanced supply chain due diligence in 2022 ahead of CSDDD adoption, reported that its 1,200-person supplier compliance team identified and remediated 847 labor practice violations across its supply chain in 2024, resulting in zero enforcement actions under the German LkSG despite operating extensive manufacturing operations in EU-regulated jurisdictions. The company estimates that proactive compliance has avoided EUR 120 million to EUR 200 million in potential fines, contract losses, and litigation costs (Samsung, 2025).

Collaborative industry approaches are proving more effective than individual company efforts. The Responsible Minerals Initiative (RMI) now operates 28 shared audit programs across conflict mineral smelters and refiners, reducing per-company audit costs by 60 to 75% compared to proprietary audit programs. The model is expanding to cover cobalt, mica, and lithium supply chains, with 420 participating companies sharing audit results through a common platform.

Regional government engagement is also accelerating. The ASEAN Secretariat published its first Regional Guidelines on Business and Human Rights in November 2024, providing a policy framework that member states can adapt into national action plans. Thailand and the Philippines have announced national action plan development processes aligned with the UN Guiding Principles on Business and Human Rights, creating domestic regulatory foundations that complement EU requirements.

What's Not Working

Deep-tier supply chain mapping remains the most significant operational challenge. A 2025 assessment by McKinsey found that even leading companies in high-risk sectors can typically map their supply chains only to Tier 2 with confidence, covering approximately 60 to 70% of spend. Beyond Tier 2, visibility drops to below 20% for most firms. In sectors like garments and electronics where subcontracting is pervasive, unauthorized subcontracting (where a contracted factory outsources production to an unaudited facility) undermines even well-designed due diligence programs. The Rana Plaza collapse in Bangladesh demonstrated the consequences of subcontracting opacity, and the structural conditions enabling unauthorized subcontracting persist across much of Asia-Pacific manufacturing.

Audit fatigue is degrading the effectiveness of traditional compliance approaches. Factories in major manufacturing hubs like Shenzhen, Ho Chi Minh City, and Dhaka may undergo 15 to 30 social audits annually from different brands and certification bodies, each with slightly different requirements. The cumulative burden diverts factory management attention from genuine improvement to audit preparation, and the prevalence of "audit deception" (coaching workers before audits, maintaining dual record books, temporarily improving conditions for audit days) remains high. A 2025 study by the Clean Clothes Campaign found that 68% of garment workers surveyed in Bangladesh, India, and Cambodia reported being coached on answers before social audits (Clean Clothes Campaign, 2025).

Small and medium enterprises (SMEs) in Asia-Pacific supply chains face disproportionate compliance burdens. While the CSDDD exempts SMEs from direct obligations, their position as suppliers to in-scope companies means they must respond to due diligence requirements flowing down from customers. Many lack the resources to implement formal human rights policies, grievance mechanisms, and monitoring systems. The European Commission's estimate that SME compliance costs will average EUR 1,400 to EUR 14,000 per year is widely viewed as unrealistically low for suppliers in developing economies where governance infrastructure is weaker.

Key Players

Established: EcoVadis (sustainability ratings platform serving 130,000+ companies), Sedex (ethical supply chain data platform with 85,000+ member sites), SAP (integrated supply chain due diligence modules within procurement software), Bureau Veritas (audit and certification services for CSDDD compliance)

Startups: Prewave (AI-driven supply chain risk monitoring), Oritain (forensic traceability for raw material origin verification), WOVO (worker voice technology platform), Sourcemap (supply chain mapping and traceability)

Investors: EQT Ventures (lead investor in Prewave Series B), Partech Partners (supply chain compliance technology investments), SOSV (early-stage supply chain transparency startups), Temasek (ESG technology platform investments across Asia-Pacific)

Action Checklist

• Conduct a scoping assessment to determine whether your organization falls within CSDDD's direct scope (1,000+ employees and EUR 450M+ turnover, including non-EU companies with EUR 450M+ EU turnover)
• Map your supply chain to at least Tier 3 in high-risk sectors (garments, electronics, extractives, agriculture) using a combination of supplier self-disclosure, trade data analysis, and digital mapping tools
• Implement a digital due diligence platform that integrates risk screening, supplier assessment management, and audit trail documentation aligned with CSDDD's six-step due diligence process
• Establish or strengthen a grievance mechanism accessible to affected stakeholders including workers in supplier facilities, with documented response timelines and escalation procedures
• Deploy worker voice technology in high-risk supplier facilities to supplement periodic audits with continuous worker feedback
• Engage with sector-specific initiatives (RBA, TfS, RSPO) to leverage shared audit programs and reduce per-supplier due diligence costs
• Develop a prioritized remediation framework that addresses the most severe and likely adverse impacts first, consistent with CSDDD's proportionality principle
• Build internal capacity through training procurement teams on human rights due diligence requirements, integrating CSDDD compliance criteria into supplier selection and contract management processes

FAQ

Q: Does CSDDD apply to companies headquartered outside the EU? A: Yes. Non-EU companies with net turnover exceeding EUR 450 million generated within the EU fall within scope. This captures major manufacturers, trading houses, and service providers headquartered in Japan, South Korea, China, India, Australia, and across Southeast Asia that sell products or services into EU markets. The obligation applies at the ultimate parent company level, meaning that an Asia-Pacific conglomerate with a European subsidiary generating sufficient EU turnover triggers group-wide due diligence requirements.

Q: How does CSDDD interact with the EU Forced Labor Regulation? A: The two regulations are complementary but operate through different mechanisms. CSDDD imposes process obligations on companies (requiring them to maintain due diligence systems), while the Forced Labor Regulation imposes product-level prohibitions (banning products made with forced labor from the EU market regardless of whether the company has due diligence in place). A company with a robust CSDDD-compliant due diligence process could still face product seizures under the Forced Labor Regulation if specific goods in its supply chain are linked to forced labor. Conversely, evidence of a functioning CSDDD due diligence system may be considered a mitigating factor in enforcement proceedings.

Q: What is the most effective approach for mapping supply chains beyond Tier 1? A: The most effective approaches combine multiple data sources rather than relying on any single method. Start with supplier self-disclosure through cascading questionnaires where Tier 1 suppliers identify their own suppliers. Supplement with trade data analysis using customs records, bills of lading databases (platforms like ImportGenius and Panjiva), and material flow analysis. Validate using forensic traceability technologies like isotope testing (Oritain) or DNA marking (Applied DNA Sciences) for high-risk commodity inputs. Prioritize depth over breadth: map to Tier 4 or Tier 5 in your highest-risk commodity chains rather than attempting shallow mapping across all categories simultaneously.

Q: What are the penalties for non-compliance with CSDDD? A: Member states must establish administrative fines with maximum penalties of at least 5% of worldwide net turnover. Additionally, CSDDD includes civil liability provisions allowing individuals and communities harmed by adverse impacts to bring claims for compensation in EU courts. Companies can also face exclusion from EU public procurement and be denied export credit agency support. The reputational and commercial consequences, including loss of contracts from EU-based customers and reduced access to ESG-sensitive capital, may exceed direct financial penalties for many Asia-Pacific suppliers.

Sources

• Federal Office for Economic Affairs and Export Control (BAFA). (2025). Annual Report on Enforcement of the Supply Chain Due Diligence Act (LkSG): 2024 Statistics. Eschborn, Germany: BAFA.
• International Labour Organization. (2025). Global Estimates of Modern Slavery: Forced Labour and Forced Marriage (2025 Update). Geneva: ILO.
• PitchBook. (2025). Supply Chain Compliance Technology: Emerging Market Report Q1 2025. Seattle, WA: PitchBook Data.
• Toyota Motor Corporation. (2025). Sustainability Data Book 2025: Supply Chain Human Rights Due Diligence. Toyota City, Japan: TMC.
• Oritain Global Limited. (2025). Annual Impact Report 2024: Traceability Deployments and Market Adoption. Wellington, New Zealand: Oritain.
• WOVO (Labor Solutions). (2025). Worker Voice Impact Assessment: Outcomes from 4,200 Factory Deployments. Washington, DC: Labor Solutions Inc.
• Samsung Electronics. (2025). Sustainability Report 2024: Supply Chain Compliance and Human Rights. Seoul, South Korea: Samsung Electronics Co.
• Clean Clothes Campaign. (2025). Fig Leaf for Fashion: The Persistence of Audit Deception in Global Garment Supply Chains. Amsterdam: CCC.
• Asian Development Bank. (2025). Supply Chain Due Diligence Readiness in Southeast Asia: A Baseline Assessment. Manila: ADB.