Trend analysis: Supply chain due diligence legislation (CSDDD) — where the value pools are (and who captures them)

The EU Corporate Sustainability Due Diligence Directive (CSDDD) covers an estimated 6,000 companies headquartered in Europe and thousands more non-EU firms meeting revenue thresholds, generating a compliance services market projected to reach $8.4 billion by 2028 according to Verdantix. The directive forces companies to identify, prevent, and mitigate adverse human rights and environmental impacts across their entire value chains. That obligation is creating distinct value pools: some captured by technology platforms, others by advisory firms, and a growing share by the suppliers themselves who invest early in transparency infrastructure.

Why It Matters

Supply chain due diligence legislation is redrawing the economics of global trade. Before the CSDDD, human rights and environmental risk management in supply chains was largely voluntary, driven by brand reputation rather than legal liability. The directive introduces civil liability provisions that allow victims of corporate negligence to seek damages in EU courts: a mechanism that fundamentally changes the risk calculus for procurement teams, general counsel, and boards of directors.

The financial stakes are substantial. Non-compliance penalties under the CSDDD can reach 5% of global net turnover for the largest companies. For a firm with EUR 10 billion in revenue, that translates to a potential EUR 500 million fine. Germany's Supply Chain Due Diligence Act (LkSG), which preceded the CSDDD, has already issued penalties exceeding EUR 4.3 million against individual companies since enforcement began in January 2023, according to the German Federal Office for Economic Affairs and Export Control (BAFA). France's Duty of Vigilance Law (Loi de Vigilance), enacted in 2017, has generated more than 30 active lawsuits against major French multinationals including TotalEnergies and Casino Group.

The directive also interacts with other EU regulations. Companies subject to the CSRD must report on due diligence processes, and the EU Forced Labour Regulation (effective 2027) will ban products made with forced labor from the EU market. Together, these regulations create a compliance ecosystem where due diligence is not an isolated function but a foundational data layer that supports multiple reporting obligations.

Key Concepts

Value chain mapping refers to the systematic identification of every entity involved in producing and delivering a company's goods and services, from raw material extraction through manufacturing, logistics, and retail. Under the CSDDD, companies must map not only direct (Tier 1) suppliers but also indirect suppliers where risks are known or reasonably foreseeable.

Risk-based prioritization is the methodology companies use to focus due diligence efforts on the highest-risk areas. The CSDDD does not require equal scrutiny of every supplier. Instead, it mandates that companies assess severity and likelihood of adverse impacts, concentrating resources on sectors, geographies, and commodities with the greatest exposure to human rights violations or environmental harm.

Remediation obligations distinguish the CSDDD from earlier voluntary frameworks. When a company identifies that it has caused or contributed to an adverse impact, it must provide or cooperate in remediation. This goes beyond risk identification into active harm reduction and victim compensation.

Civil liability provisions allow affected parties to bring claims in EU member state courts. Companies face liability for failures to prevent adverse impacts that adequate due diligence would have identified. This creates a direct financial incentive for thorough implementation rather than checkbox compliance.

What's Working

Technology-enabled supply chain mapping is delivering results at scale. SAP's Responsible Design and Production module, integrated into its S/4HANA ERP system, now supports more than 1,200 enterprise clients in mapping Tier 1 through Tier 3 suppliers against human rights and environmental risk indicators. The platform cross-references supplier locations with databases from the International Labour Organization (ILO), the Walk Free Foundation's Global Slavery Index, and country-level environmental governance scores. Companies using the tool report a 60% reduction in time spent on manual risk assessments compared to spreadsheet-based approaches, according to SAP's 2025 sustainability impact report.

EcoVadis, the French sustainability ratings platform, has expanded its supplier assessment network to over 130,000 rated companies across 220 industries and 180 countries as of early 2026. The platform's corrective action plans have driven measurable improvements: suppliers that undergo a second EcoVadis assessment score an average of 3.6 points higher (on a 100-point scale) than their initial rating. Major CSDDD-scope companies including Schneider Electric, Unilever, and Nestlé use EcoVadis scores as a condition for supplier onboarding, creating a market incentive for suppliers to invest in sustainability performance.

Collaborative industry initiatives are reducing duplication costs. The Responsible Business Alliance (RBA), originally focused on electronics, now covers over 500 member companies with combined annual revenue exceeding $8 trillion. RBA's Validated Assessment Program (VAP) allows audit results to be shared across buyers: a single factory audit satisfying the requirements of multiple downstream customers. This audit-sharing model reduces supplier audit fatigue and cuts per-buyer audit costs by an estimated 40-70%, according to RBA's 2025 annual report.

What's Not Working

Deep-tier visibility remains the critical gap. A 2025 study by the Organisation for Economic Co-operation and Development (OECD) found that only 12% of companies subject to due diligence laws have meaningful visibility beyond Tier 2 suppliers. For commodities like cobalt, palm oil, and cotton, where the most severe human rights risks concentrate at the extraction and farming level (Tier 4 or deeper), this visibility gap means that due diligence efforts often miss the very harms they are designed to address.

Small and medium enterprises (SMEs) in supplier countries face disproportionate compliance burdens. While the CSDDD directly applies only to large companies, those companies pass requirements downstream through contractual clauses. A 2025 survey by the International Trade Centre found that 68% of SME suppliers in Bangladesh, Vietnam, and Ethiopia reported receiving new due diligence questionnaires from European buyers, but only 23% received any financial or technical support to meet the requirements. This creates a risk of supply chain disengagement: buyers shifting to larger, lower-risk suppliers rather than investing in capacity building for smaller producers.

Audit reliability is contested. The 2024 collapse of social auditing firm RINA's credibility after investigators found systemic failures to detect forced labor conditions at audited facilities in Malaysia highlighted long-standing concerns about the social auditing model. The Business and Human Rights Resource Centre documented 78 cases between 2020 and 2025 where certified or audited facilities were subsequently found to have serious labor violations. Announced audits, language barriers, worker coaching, and auditor conflicts of interest continue to undermine the reliability of traditional compliance verification.

Remediation mechanisms are underdeveloped. Most companies have established grievance mechanisms on paper, but effectiveness remains low. The Corporate Human Rights Benchmark (CHRB) 2025 assessment found that only 18% of the world's 2,000 largest companies demonstrate evidence of providing remedy to affected stakeholders. The gap between identifying harms and delivering meaningful remediation represents both a compliance risk and a market opportunity.

Key Players

Established Leaders

SAP: Enterprise resource planning giant with integrated due diligence modules serving 1,200+ clients. Its Responsible Design and Production solution connects procurement, compliance, and sustainability data in a single platform.

EcoVadis: Leading sustainability ratings platform with 130,000+ supplier assessments globally. Used by procurement teams at 1,000+ buying organizations to screen and monitor supply chain risks.

Bureau Veritas: Global testing, inspection, and certification (TIC) company with 82,000 employees across 140 countries. Provides social audits, environmental assessments, and CSDDD readiness services.

LRQA (formerly Lloyd's Register): Assurance and certification provider offering supply chain auditing, due diligence advisory, and digital compliance platforms for multinational clients.

Emerging Startups

Prewave: Vienna-based AI platform monitoring supply chain risks in real-time using natural language processing across 50+ languages. Tracks media, regulatory filings, and NGO reports to flag risks before they escalate.

Sourcemap: Supply chain mapping platform that provides visual traceability from raw materials to finished goods. Used by Mars, Patagonia, and Target to map multi-tier supply chains.

Interos: AI-powered supply chain risk management platform that continuously monitors suppliers across financial, operational, and ESG risk dimensions. Maps relationships to the sub-tier level.

TrustHub: Dutch regtech startup focused specifically on CSDDD and LkSG compliance. Offers automated risk scoring and reporting workflows tailored to EU due diligence requirements.

Key Investors and Funders

Insight Partners: Lead investor in Interos ($100 million Series C in 2024) and active backer of supply chain technology platforms.

Tiger Global Management: Invested in multiple supply chain visibility startups including Sourcemap and logistics technology firms.

European Commission: Funding CSDDD implementation support programs through Horizon Europe and the Single Market Programme, with EUR 45 million allocated for SME due diligence capacity building in 2025-2027.

Value Pool Analysis

Value Pool	Market Size (2026 est.)	Growth Rate	Primary Captors
Supply chain mapping software	$2.1 billion	28% CAGR	SAP, Sourcemap, Interos
Supplier ratings and assessments	$1.8 billion	22% CAGR	EcoVadis, Sedex, IntegrityNext
Advisory and implementation services	$2.3 billion	18% CAGR	Big 4, boutique ESG consultancies
Social and environmental auditing	$1.4 billion	12% CAGR	Bureau Veritas, LRQA, SGS
Grievance mechanism platforms	$0.4 billion	35% CAGR	Navex Global, Convercent, startups
Training and capacity building	$0.4 billion	20% CAGR	RBA, Sedex, industry associations

The highest growth rates are in grievance mechanism platforms (35% CAGR) and supply chain mapping software (28% CAGR), reflecting the shift from static compliance to dynamic, technology-enabled due diligence. Advisory services represent the largest absolute pool ($2.3 billion) but grow more slowly as companies internalize capabilities over time.

Action Checklist

1. Conduct a gap analysis comparing current due diligence processes against CSDDD Article 6-11 requirements, focusing on value chain mapping depth, risk identification methodology, and remediation protocols.
2. Implement or upgrade supply chain mapping technology to achieve visibility beyond Tier 1, prioritizing high-risk commodities and geographies identified in the OECD Due Diligence Guidance.
3. Establish a cross-functional due diligence team spanning procurement, legal, sustainability, and human resources to coordinate implementation and avoid siloed approaches.
4. Integrate due diligence data flows with CSRD reporting systems and internal risk management frameworks to avoid duplicated effort and ensure consistency across regulatory obligations.
5. Allocate budget for supplier capacity building programs, particularly for SMEs in high-risk sourcing regions, to prevent supply chain disengagement and demonstrate good faith compliance.
6. Test grievance mechanisms for accessibility and effectiveness, including anonymous reporting channels available in relevant languages, and track response times and resolution rates as KPIs.
7. Engage with industry-level collaborative initiatives (RBA, Sedex, Amfori) to share audit costs and leverage standardized assessment frameworks.

FAQ

When does the CSDDD take effect? The CSDDD was adopted in 2024 and member states have until 2026 to transpose it into national law. The largest companies (over 5,000 employees and EUR 1.5 billion turnover) must comply first, with phased implementation extending to smaller in-scope companies by 2029.

Does the CSDDD apply to non-EU companies? Yes. Non-EU companies generating over EUR 450 million in net turnover within the EU fall within scope. This captures major US, UK, Asian, and other international firms with significant European market presence.

How does the CSDDD differ from Germany's LkSG? The CSDDD is broader in several respects: it covers environmental impacts alongside human rights, includes civil liability provisions, and extends to the full value chain rather than primarily direct suppliers. Companies already compliant with LkSG will need to expand their programs to meet CSDDD requirements.

What are the penalties for non-compliance? National supervisory authorities can impose fines up to 5% of worldwide net turnover. Additionally, civil liability provisions allow affected persons and trade unions to bring claims for damages in EU courts, creating financial exposure beyond administrative penalties.

How should companies prioritize which supply chains to assess first? Focus on the sectors, commodities, and geographies with the highest documented risk of adverse human rights and environmental impacts. The OECD sector-specific guidance documents, ILO forced labor indicators, and environmental risk databases provide starting frameworks for risk-based prioritization.

Sources

1. European Commission. "Directive on Corporate Sustainability Due Diligence: Final Text and Implementation Guidance." Official Journal of the European Union, 2024.
2. Verdantix. "Supply Chain Due Diligence Software Market Forecast 2024-2028." Verdantix Research, 2025.
3. Organisation for Economic Co-operation and Development. "OECD Due Diligence Guidance for Responsible Business Conduct: Implementation Review." OECD Publishing, 2025.
4. EcoVadis. "Business Sustainability Risk and Performance Index: 2025 Global Report." EcoVadis SAS, 2025.
5. Business and Human Rights Resource Centre. "Corporate Due Diligence Tracker: Legislative and Litigation Trends." BHRRC, 2025.
6. Responsible Business Alliance. "Annual Impact Report 2025: Collaborative Due Diligence in Practice." RBA, 2025.
7. International Trade Centre. "SME Competitiveness and Due Diligence Requirements: Survey of Supplier Readiness in Developing Countries." ITC, 2025.