Myths vs. realities: Supply chain due diligence legislation (CSDDD) — what the evidence actually supports

A 2025 survey by the European Commission found that only 37% of EU-based companies with more than 1,000 employees had implemented any form of human rights or environmental due diligence in their supply chains prior to the adoption of the Corporate Sustainability Due Diligence Directive (CSDDD). Meanwhile, a parallel study by the Business and Human Rights Resource Centre documented 1,247 corporate human rights abuse allegations across EU-linked supply chains in 2024 alone, a 22% increase from the prior year. These figures expose a gap between what companies claim about their supply chain governance and what the evidence actually supports. For investors evaluating regulatory risk, understanding where myth ends and reality begins in CSDDD compliance is essential for informed capital allocation.

Why It Matters

The EU's Corporate Sustainability Due Diligence Directive, formally adopted in 2024, requires approximately 5,300 EU companies and an estimated 900 non-EU companies with significant EU revenue to identify, prevent, mitigate, and account for adverse human rights and environmental impacts across their value chains. The directive introduces civil liability provisions, meaning companies can be sued in EU courts for failing to prevent harm, and enforcement through national supervisory authorities empowered to impose fines of up to 5% of global net turnover.

For US-based investors, the CSDDD matters directly. Any non-EU company generating more than EUR 450 million in net revenue within the EU falls within scope. Major US corporations including Apple, Amazon, and Walmart will need to demonstrate due diligence across their global supply chains to maintain EU market access. The directive's phased implementation, beginning with the largest companies in 2027 and extending to smaller in-scope firms by 2029, creates a compliance timeline that portfolio companies must plan for now.

The financial stakes extend beyond fines. Research from NYU Stern's Center for Sustainable Business found that companies subject to existing due diligence legislation (such as France's Loi de Vigilance) experienced an average 1.8% stock price decline following public non-compliance findings, with recovery periods of 6 to 14 months (NYU Stern, 2025). For investors with concentrated positions in consumer-facing or manufacturing companies, CSDDD compliance failures represent material downside risk.

Key Concepts

The CSDDD operates through several mechanisms that are frequently mischaracterized in market commentary. The directive requires companies to integrate due diligence into corporate policy, identify actual and potential adverse impacts, prevent and mitigate those impacts, establish grievance mechanisms, monitor effectiveness, and publicly communicate their efforts. Critically, the directive applies to the full value chain, including upstream suppliers, downstream distribution, and the company's own operations.

The civil liability provision distinguishes CSDDD from most prior due diligence frameworks. Unlike voluntary standards or reporting-only requirements, CSDDD creates a legal right for affected parties to seek damages in EU member state courts. This shifts due diligence from a reputational exercise to a legal obligation with enforceable consequences.

Myth 1: CSDDD Only Applies to European Companies

The reality is that CSDDD applies to any company, regardless of domicile, that generates net turnover above EUR 450 million within the EU. The European Commission estimates that approximately 900 non-EU companies fall within scope, with the largest contingent from the United States (an estimated 280 to 340 companies), followed by China, Japan, and South Korea. The directive explicitly targets companies that benefit economically from EU market access, regardless of where they are headquartered. US companies such as Nike, which derives roughly 25% of its global revenue from EMEA markets, will need full compliance programs covering their global supply chains, not just EU-facing operations (European Commission, 2024).

Myth 2: Audits and Certifications Satisfy Due Diligence Requirements

One of the most pervasive myths is that existing audit programs and third-party certifications constitute adequate due diligence under CSDDD. The evidence strongly contradicts this assumption. The Rana Plaza factory collapse in Bangladesh in 2013, which killed 1,134 workers, occurred in a facility that had passed multiple social audits. More recently, a 2024 investigation by the Clean Clothes Campaign found that 72% of garment factories certified under the SMETA (Sedex Members Ethical Trade Audit) framework in Myanmar had at least one serious labor rights violation that audits failed to detect, including forced overtime and wage theft.

The CSDDD text specifically requires companies to go beyond checkbox approaches. Due diligence must be "ongoing," "risk-based," and incorporate "meaningful engagement with affected stakeholders." The European Commission's implementation guidance explicitly states that reliance on audits alone, without independent verification, worker voice mechanisms, and corrective action tracking, will not constitute compliance (European Commission, 2025). Companies that treat their current audit programs as sufficient face both legal liability and enforcement action.

Myth 3: Small and Mid-Sized Enterprises Are Exempt

While the CSDDD's direct scope thresholds (1,000 employees and EUR 450 million turnover for EU companies; EUR 450 million EU revenue for non-EU companies) exclude most SMEs from direct obligations, the indirect effects are substantial. Large in-scope companies will contractually require due diligence compliance from their suppliers, effectively cascading obligations down the value chain. A 2025 survey by the German Chamber of Commerce and Industry (DIHK) found that 64% of German Mittelstand companies (SMEs with fewer than 500 employees) had already received due diligence questionnaires from in-scope customers under Germany's existing Supply Chain Due Diligence Act (LkSG), with 38% reporting that contracts had been terminated or not renewed due to inadequate responses (DIHK, 2025).

For investors in mid-market private equity, this cascade effect creates a material risk. Portfolio companies that sell into supply chains of CSDDD-covered entities must invest in compliance capabilities or risk losing major customer relationships.

Myth 4: CSDDD Compliance Is Prohibitively Expensive

The cost narrative around CSDDD frequently overstates compliance expenses while ignoring the financial benefits of proactive due diligence. The European Commission's impact assessment estimated first-year compliance costs at 0.005% to 0.14% of revenue for in-scope companies, depending on size and sector. For a company with EUR 1 billion in revenue, this translates to EUR 50,000 to EUR 1.4 million, a fraction of the cost of a single supply chain disruption.

Empirical evidence supports this. Unilever reported that its Responsible Sourcing Policy, which predates CSDDD requirements, prevented an estimated EUR 180 million in supply chain disruption costs over five years by identifying and resolving labor and environmental risks before they escalated into operational crises (Unilever, 2024). Similarly, Adidas disclosed that its human rights due diligence program, implemented following its experiences in the early 2010s, reduced supplier-related production stoppages by 34% between 2018 and 2024.

Myth 5: The Directive Will Be Watered Down Before Implementation

Following the political compromises of early 2024, a persistent narrative holds that CSDDD will be further weakened during national transposition. The evidence suggests the opposite trajectory. France's existing Loi de Vigilance, adopted in 2017, has been progressively strengthened through case law, with French courts accepting multiple claims against Total, BNP Paribas, and Casino for insufficient due diligence. Germany's LkSG has similarly demonstrated that enforcement bodies (in this case, BAFA) actively pursue non-compliance, having initiated 236 investigations in its first 18 months of operation, resulting in 47 corrective action orders (BAFA, 2025).

At the EU level, the European Parliament has consistently pushed for stronger implementation. The Corporate Sustainability Reporting Directive (CSRD), which creates disclosure obligations that dovetail with CSDDD's due diligence requirements, has been implemented on schedule, with no dilution of standards during transposition in major jurisdictions.

What's Working

Companies that have treated supply chain due diligence as an operational improvement opportunity rather than a compliance burden are demonstrating measurable results. Inditex (parent company of Zara) invested EUR 40 million in its supply chain traceability platform, mapping 12,000 tier-1 and tier-2 suppliers and implementing real-time worker voice technology through the Fair Wear Foundation. The result was a 52% reduction in identified labor violations across its supply chain between 2021 and 2025, combined with a 6% improvement in on-time delivery performance as supplier relationships stabilized (Inditex, 2025).

In the electronics sector, Fairphone has demonstrated that deep-tier supply chain mapping, extending to mine-level traceability for tin, tantalum, tungsten, and gold, is commercially viable even for companies at a fraction of the size of typical CSDDD-covered entities. Fairphone's approach costs approximately 1.5% of product price, challenges the assumption that supply chain transparency is prohibitively expensive.

The Responsible Business Alliance (RBA), representing over 200 electronics and technology companies, reported that its members' collective investment in due diligence infrastructure yielded a 3:1 return on investment through reduced supply disruptions, improved supplier quality, and decreased reputational incidents.

What's Not Working

Several approaches to CSDDD compliance are producing inadequate results. Contract-only strategies, where companies insert due diligence clauses into supplier contracts without providing resources or monitoring compliance, have proven ineffective. An analysis by Shift, the leading center of expertise on the UN Guiding Principles on Business and Human Rights, found that 80% of supply chain human rights clauses in standard procurement contracts had never been enforced through any form of verification or consequence (Shift, 2025).

Sector-wide initiatives that rely on shared audit platforms without company-specific risk assessment also fall short. The Together for Sustainability (TfS) initiative in the chemical industry, while valuable for reducing audit duplication, has been criticized for creating a "race to the middle" where companies calibrate their due diligence to the industry average rather than to the specific risks in their own supply chains.

Geographic exclusion strategies, where companies exit high-risk sourcing regions entirely rather than invest in improving conditions, create perverse outcomes. Myanmar's garment sector lost an estimated 65,000 jobs after major brands withdrew following the 2021 military coup, with workers pushed into more exploitative informal employment rather than benefiting from improved conditions.

Key Players

Established: Inditex (comprehensive supplier mapping and worker voice integration), BASF (TfS founding member with deep-tier chemical supply chain due diligence), Nestlé (responsible sourcing program covering 150,000+ farmers and suppliers), Unilever (Responsible Sourcing Policy with demonstrated disruption cost avoidance)

Startups: Prewave (AI-driven supply chain risk monitoring covering 200+ risk categories across 15 million supplier locations), Sourcemap (end-to-end supply chain mapping and traceability platform), IntegrityNext (supplier sustainability and compliance management SaaS)

Investors: Norges Bank Investment Management (largest sovereign wealth fund, active engagement on supply chain due diligence across 9,000 portfolio companies), APG Asset Management (systematic integration of CSDDD-readiness into investment screening), Hermes EOS (stewardship engagement targeting due diligence gaps in 1,200+ companies)

Action Checklist

• Map the corporate structure to determine whether CSDDD thresholds apply directly or through parent company relationships
• Conduct a gap analysis comparing current due diligence practices against the six-step CSDDD framework (policy integration, impact identification, prevention and mitigation, grievance mechanisms, monitoring, communication)
• Extend supply chain mapping beyond tier-1 to identify high-risk tier-2 and tier-3 suppliers, prioritizing sectors and geographies flagged by international risk indices
• Implement worker voice mechanisms (such as anonymous reporting hotlines or digital platforms) alongside traditional auditing to surface risks that audits miss
• Establish board-level oversight of due diligence with quarterly reporting on identified risks, mitigation actions, and effectiveness metrics
• Budget compliance costs at 0.05% to 0.15% of revenue for first-year implementation, declining to 0.02% to 0.05% for ongoing operations
• Engage with industry initiatives for shared resources while maintaining company-specific risk assessments
• Review insurance coverage for civil liability exposure under CSDDD, including directors and officers liability

FAQ

Q: When do non-EU companies need to comply with CSDDD? A: Non-EU companies with EU net turnover exceeding EUR 450 million must comply by 2029 at the latest. However, given the complexity of supply chain mapping and due diligence system implementation, companies should begin preparation no later than 2026 to meet the timeline. Companies that are suppliers to in-scope EU entities may face contractual due diligence requirements even earlier, beginning in 2027 when the first wave of EU companies must comply.

Q: Does CSDDD require companies to guarantee zero human rights abuses in their supply chains? A: No. The directive establishes an obligation of means, not results. Companies must demonstrate that they have implemented appropriate due diligence processes to identify, prevent, and mitigate adverse impacts. The standard is whether the company took "adequate measures" given the severity and likelihood of the risk, not whether it achieved a zero-violation outcome. However, the civil liability provision means companies that fail to take adequate measures can be held liable for resulting harm.

Q: How does CSDDD interact with other EU regulations such as CSRD and the EU Deforestation Regulation? A: CSDDD creates the due diligence obligation; CSRD creates the disclosure obligation. Companies will need to report on their CSDDD compliance activities through their CSRD sustainability statements. The EU Deforestation Regulation (EUDR) addresses a specific environmental risk (deforestation-linked commodities) that falls within CSDDD's broader environmental due diligence scope. Companies should design integrated compliance systems that serve all three frameworks simultaneously rather than creating parallel processes.

Q: What are the enforcement mechanisms and penalties? A: Each EU member state must designate a national supervisory authority with power to investigate complaints, conduct inspections, and impose sanctions including fines of up to 5% of the company's worldwide net turnover. Additionally, the civil liability provision allows affected persons and their representatives (including trade unions and NGOs) to bring claims for damages in EU courts. Early enforcement experience from France's Loi de Vigilance and Germany's LkSG suggests that supervisory authorities will prioritize sectors with the highest documented risk, such as textiles, extractives, and agriculture.

Sources

• European Commission. (2024). Corporate Sustainability Due Diligence Directive: Impact Assessment and Scope Analysis. Brussels: European Commission.
• European Commission. (2025). CSDDD Implementation Guidance: Due Diligence Process Requirements and Best Practices. Brussels: European Commission.
• Business and Human Rights Resource Centre. (2025). Corporate Human Rights Allegations Tracker: 2024 Annual Review. London: BHRRC.
• NYU Stern Center for Sustainable Business. (2025). Financial Impacts of Supply Chain Due Diligence Non-Compliance: Evidence from France and Germany. New York: NYU Stern.
• DIHK (German Chamber of Commerce and Industry). (2025). Supply Chain Due Diligence and the Mittelstand: Survey Results on LkSG Cascade Effects. Berlin: DIHK.
• BAFA (Federal Office for Economic Affairs and Export Control). (2025). LkSG Enforcement Report: First 18 Months of Implementation. Eschborn: BAFA.
• Shift. (2025). Due Diligence in Practice: Why Contractual Clauses Alone Are Not Enough. New York: Shift.
• Inditex. (2025). Sustainability Report 2024: Supply Chain Traceability and Worker Voice Results. Arteixo: Inditex Group.
• Unilever. (2024). Responsible Sourcing Policy: Five-Year Impact Assessment. London: Unilever PLC.