Explainer: Supply chain due diligence legislation (CSDDD) — what it is, why it matters, and how to evaluate options

More than 80% of corporate environmental and social impacts occur in supply chains, yet only 37% of large EU-headquartered companies conducted formal human rights due diligence before mandatory legislation arrived. The EU Corporate Sustainability Due Diligence Directive (CSDDD), adopted in 2024 and entering phased application from 2027, represents the most ambitious attempt to close that gap: requiring approximately 6,000 companies to identify, prevent, mitigate, and account for adverse human rights and environmental impacts across their entire value chains.

Why It Matters

Supply chain due diligence legislation marks a fundamental shift from voluntary corporate social responsibility to legally enforceable obligations. For decades, multinational companies could set their own standards for monitoring suppliers, with little consequence when labor abuses or environmental destruction occurred deep in their value chains. The CSDDD changes that calculus by attaching civil liability and administrative penalties to failures of due diligence.

Three structural forces make this legislation consequential beyond compliance. First, it creates a level playing field: companies that previously undercut responsible competitors by ignoring supply chain risks now face the same obligations. Second, it establishes extraterritorial reach, applying EU standards to non-EU companies with significant EU revenue, effectively exporting due diligence norms globally. Third, it introduces director-level accountability, tying executive compensation to climate transition plan implementation and making boards personally responsible for oversight failures.

The financial stakes are significant. Under the CSDDD, non-compliant companies face fines of up to 5% of global net turnover. Civil liability provisions allow affected parties to seek damages through EU courts, creating litigation risk that extends well beyond administrative penalties (European Commission, 2024). For a company with EUR 10 billion in revenue, that translates to a maximum fine of EUR 500 million, a figure that demands board-level attention.

Key Concepts

What the CSDDD Requires

The directive mandates six core obligations for in-scope companies:

1. Integrating due diligence into company policy: Companies must adopt a due diligence policy approved at director level, describing the company's approach, code of conduct, and processes for implementing due diligence throughout operations and supply chains.

2. Identifying actual and potential adverse impacts: This requires mapping value chains, assessing risks at each tier, and prioritizing impacts based on severity and likelihood. The directive covers both direct operations and the "chain of activities" of business partners.

3. Preventing and mitigating potential adverse impacts: Companies must develop prevention action plans, seek contractual assurances from partners, invest in capacity building for suppliers, and, where necessary, temporarily suspend or terminate business relationships.

4. Bringing actual adverse impacts to an end: When adverse impacts are already occurring, companies must take remedial action, including providing remediation to affected communities or individuals.

5. Establishing a complaints mechanism: An accessible, transparent process for stakeholders to raise concerns, with protections against retaliation.

6. Monitoring and communicating: Periodic assessments of due diligence effectiveness, with public annual reporting on implementation progress.

Scope and Phasing

The CSDDD applies in three phases based on company size and revenue:

Phase	Application Date	Company Criteria
Phase 1	2027	>5,000 employees and >EUR 1.5 billion global net turnover
Phase 2	2028	>3,000 employees and >EUR 900 million global net turnover
Phase 3	2029	>1,000 employees and >EUR 450 million global net turnover

Non-EU companies are covered if they generate turnover in the EU exceeding the same thresholds. This extraterritorial application means major US, Chinese, and other multinational corporations with significant EU market presence fall within scope.

Climate Transition Plans

A distinctive feature of the CSDDD is its requirement for climate transition plans. In-scope companies must adopt and implement a plan to ensure their business model is compatible with the Paris Agreement's 1.5-degree target. These plans must include time-bound emissions reduction targets, planned actions, investment commitments, and a description of board oversight. While the climate plan requirements do not carry the same civil liability exposure as human rights due diligence, they represent binding corporate climate governance obligations.

What's Working

Early Movers Building Competitive Advantage

Companies that invested in supply chain due diligence before mandatory requirements are demonstrating measurable advantages. Unilever's Responsible Sourcing Policy, implemented across 62,000 suppliers since 2017, required third-party audits, grievance mechanisms, and corrective action plans well before the CSDDD was adopted. By 2025, the company reported 94% of its agricultural raw materials were sustainably sourced, and its supply chain mapping covered 97% of Tier 1 and 78% of Tier 2 suppliers (Unilever, 2025). This infrastructure now positions Unilever to meet CSDDD obligations with incremental rather than transformational investment.

Inditex, the parent company of Zara, provides another example of early-mover advantage. After facing public criticism over labor conditions in its supply chain in the 2010s, Inditex built one of the most comprehensive supplier monitoring systems in the fashion industry. By 2025, the company tracked 1,803 Tier 1 and Tier 2 suppliers across 47 countries, conducting over 5,200 audits annually and maintaining a corrective action closure rate above 90% (Inditex, 2025). The company's supply chain transparency platform publicly discloses factory-level data including audit results, worker counts, and environmental performance metrics. This system, originally built as a reputational risk management tool, now serves as a compliance-ready infrastructure for CSDDD requirements.

Germany's Supply Chain Act as Proving Ground

Germany's Lieferkettensorgfaltspflichtengesetz (LkSG), effective since January 2023 for companies with more than 3,000 employees and expanded to those with more than 1,000 employees in 2024, has provided a real-world testing environment for mandatory due diligence. The German Federal Office for Economic Affairs and Export Control (BAFA) received over 700 complaints in its first 18 months and conducted 463 company inspections, issuing corrective orders in 12% of cases (BAFA, 2025). Companies report that the most significant implementation challenges are Tier 2+ supplier mapping, grievance mechanism design, and integrating due diligence into purchasing practices. The German experience demonstrates that while initial compliance costs are substantial, averaging EUR 1.2 million for large companies in the first year, ongoing costs stabilize at approximately EUR 400,000-600,000 annually as systems mature.

Technology Platforms Enabling Scalable Due Diligence

The compliance requirements have accelerated development of supply chain due diligence technology. Platforms like IntegrityNext, EcoVadis, and Sedex are reporting 40-60% growth in enterprise subscriptions since 2024. These tools automate supplier self-assessments, aggregate audit data across frameworks, and use AI to flag risk indicators from news monitoring, geographic risk databases, and trade data. EcoVadis now rates over 130,000 companies globally, making it the largest sustainability ratings platform for supply chains. The technology layer is critical because manual due diligence processes cannot scale to cover the thousands of suppliers most large companies maintain.

What's Not Working

Tier 2+ Visibility Remains Limited

Despite the CSDDD's requirement to address impacts across the "chain of activities," most companies lack meaningful visibility beyond Tier 1 suppliers. A 2025 study by the Organisation for Economic Co-operation and Development found that only 24% of companies in scope for due diligence legislation could identify their Tier 2 suppliers comprehensively, and less than 8% had meaningful data on Tier 3 and beyond (OECD, 2025). Raw material origins, subcontracting relationships, and informal labor arrangements remain largely opaque. This visibility gap is most acute in sectors with complex, geographically dispersed supply chains such as electronics, textiles, automotive, and food and agriculture.

SME Burden and Cascade Effects

While the CSDDD directly targets only large companies, the cascade effect on small and medium enterprises is substantial. Large companies pass due diligence requirements to their suppliers through contractual clauses, questionnaires, and audit demands. SMEs, which typically lack dedicated compliance teams, report spending 40-80 hours per year responding to due diligence requests from multiple customers, often with overlapping but non-standardized requirements. Industry associations warn that without harmonized standards and mutual recognition of assessments, the administrative burden could push smaller suppliers out of EU-connected value chains.

Enforcement Uncertainty

Member states must transpose the CSDDD into national law by July 2026, but implementation approaches are expected to vary significantly. National supervisory authorities will differ in resourcing, enforcement philosophy, and penalty calibration. The civil liability provisions, while potentially powerful, face legal uncertainty around burden of proof, jurisdictional questions for non-EU impacts, and the practical ability of affected communities in developing countries to access EU courts. Legal scholars estimate that meaningful civil liability case law will take 5-8 years to develop, creating a period of regulatory ambiguity.

Key Players

Established Leaders

EcoVadis: The largest supply chain sustainability ratings platform, covering over 130,000 companies across 220 industries and 180 countries. Provides scorecards used by procurement teams to assess supplier performance.

Bureau Veritas: Global testing, inspection, and certification company offering supply chain audit services across labor standards, environmental compliance, and product safety.

SGS: Swiss multinational providing supply chain due diligence audits, social compliance assessments, and environmental monitoring services across 140+ countries.

Sedex: Membership organization hosting the world's largest collaborative platform for sharing responsible sourcing data, with over 85,000 member companies.

Emerging Startups

IntegrityNext: German supply chain sustainability platform automating supplier self-assessments, monitoring, and risk management with specific LkSG and CSDDD compliance modules.

Prewave: Austrian AI-driven supply chain risk monitoring platform using natural language processing across news, social media, and regulatory databases to detect emerging risks in real time.

Sourcemap: US-based supply chain mapping and traceability platform enabling companies to visualize multi-tier supply chains and verify raw material origins through blockchain-verified documentation.

Retraced: German due diligence compliance platform focused on the textile industry, offering automated supplier management and CSDDD-ready reporting workflows.

Key Investors and Funders

European Commission: Funded development of sector-specific due diligence guidance through the Directorate-General for Justice and Consumers.

KfW Development Bank: Financing supply chain due diligence capacity building in developing countries, particularly for SME suppliers seeking to meet EU requirements.

Partech Partners: Lead investor in multiple supply chain technology startups addressing compliance automation and risk monitoring.

Action Checklist

1. Determine applicability: Assess whether your company falls within CSDDD scope based on employee count and EU-generated turnover, including non-EU parent company calculations.
2. Map your value chain: Begin with Tier 1 suppliers and progressively extend mapping to Tier 2 and beyond, prioritizing high-risk sectors, geographies, and raw material categories.
3. Conduct a gap assessment: Compare existing due diligence processes against the six CSDDD obligations to identify areas requiring new policies, processes, or technology.
4. Establish a complaints mechanism: Design or adapt a stakeholder grievance channel meeting CSDDD requirements for accessibility, transparency, and non-retaliation protections.
5. Select technology partners: Evaluate supply chain due diligence platforms based on multi-tier visibility, regulatory framework coverage, and integration with existing procurement and ERP systems.
6. Integrate into purchasing practices: Embed due diligence criteria into supplier selection, contracting, and performance management processes, not as a standalone compliance exercise.
7. Develop a climate transition plan: Draft a Paris-aligned transition plan with time-bound targets and board-level oversight, aligning with CSRD double materiality assessments where applicable.
8. Train procurement and compliance teams: Build internal capacity to implement due diligence processes operationally, not just as a legal or sustainability function.

FAQ

What is the difference between the CSDDD and CSRD? The CSRD (Corporate Sustainability Reporting Directive) requires companies to report on sustainability impacts, risks, and opportunities. The CSDDD goes further by requiring companies to take action: identifying, preventing, mitigating, and remediating adverse impacts in their supply chains. The CSDDD creates legally enforceable due diligence obligations and civil liability, while the CSRD focuses on disclosure and transparency. In practice, the two directives are complementary, with CSRD reporting drawing on CSDDD due diligence processes for supply chain data.

Does the CSDDD apply to non-EU companies? Yes. Non-EU companies are in scope if they generate net turnover exceeding the applicable thresholds within the EU. This means that major US, UK, Chinese, Japanese, and other multinational corporations with significant EU market presence must comply. Non-EU companies must designate an authorized representative in an EU member state and are subject to the same supervisory and enforcement regime as EU-headquartered companies.

How does the CSDDD relate to Germany's LkSG and France's Duty of Vigilance Law? The CSDDD harmonizes and supersedes national due diligence legislation across EU member states. Germany's LkSG and France's Loi de Vigilance were precursors that influenced the CSDDD's design. Once member states transpose the CSDDD, national laws will need to be aligned with the directive's requirements. Companies already compliant with the LkSG or Duty of Vigilance will have a head start but will need to extend their processes to meet the CSDDD's broader scope, particularly around environmental due diligence and climate transition plans.

What penalties can companies face for non-compliance? The CSDDD establishes two enforcement mechanisms. First, national supervisory authorities can impose administrative fines of up to 5% of worldwide net turnover. Second, the civil liability provisions allow individuals and communities harmed by due diligence failures to seek damages in EU courts, with a five-year limitation period. Companies may also face reputational consequences, exclusion from public procurement, and withdrawal of EU trade preferences.

What are the biggest implementation challenges? Companies consistently report three primary challenges: achieving visibility beyond Tier 1 suppliers, integrating due diligence into core business processes rather than treating it as a compliance add-on, and managing the cascade effects on SME suppliers who face duplicative requirements from multiple customers. Technology platforms, industry collaboration initiatives, and mutual recognition of audit standards are emerging as solutions, but significant gaps remain.

Sources

1. European Commission. "Directive on Corporate Sustainability Due Diligence: Final Text and Impact Assessment." European Commission, Directorate-General for Justice and Consumers, 2024.
2. OECD. "Due Diligence Legislation: Implementation Progress and Challenges." Organisation for Economic Co-operation and Development, 2025.
3. BAFA. "Supply Chain Due Diligence Act: Enforcement Report 2023-2024." German Federal Office for Economic Affairs and Export Control, 2025.
4. Unilever. "Responsible Sourcing Progress Report 2025." Unilever PLC, 2025.
5. Inditex. "Annual Sustainability Report 2025: Supply Chain Transparency." Industria de Diseno Textil S.A., 2025.
6. EcoVadis. "Global Supply Chain Sustainability Ratings: Market Report 2025." EcoVadis SAS, 2025.
7. Shift Project. "CSDDD Implementation Guidance for Business: Practical Steps for Compliance." Shift, 2025.