Trend watch: Supply chain due diligence legislation (CSDDD) in 2026 — signals, winners, and red flags

The EU Corporate Sustainability Due Diligence Directive (CSDDD) now applies to over 13,000 companies with revenues exceeding EUR 450 million, and the compliance clock is ticking. With the first wave of obligations phasing in from July 2027, 2026 is the year that separates companies building genuine due diligence systems from those scrambling to retrofit paper-based processes. Here are the signals that matter, the emerging winners, and the red flags that should trigger immediate action.

Why It Matters

Supply chain due diligence legislation is no longer a niche compliance concern for extractive industries. The CSDDD, combined with Germany's LkSG, France's Devoir de Vigilance, and proposed legislation in the UK, Canada, and Australia, creates a global web of overlapping requirements that touch every sector with complex supply chains. The directive requires companies to identify, prevent, mitigate, and account for adverse human rights and environmental impacts across their value chains, including downstream distribution and disposal.

The business stakes are significant. Companies failing to comply face administrative fines of up to 5% of global net turnover. Civil liability provisions allow affected parties to seek damages through EU courts. Procurement exclusions are emerging, with public contracts in multiple member states now requiring evidence of due diligence processes. Beyond enforcement, investors are pricing due diligence readiness into valuations, and buyers increasingly require suppliers to demonstrate compliance as a condition of doing business.

Key Concepts

Scope and phasing: The CSDDD applies in three waves. Companies with 5,000+ employees and EUR 1.5 billion+ revenue must comply by July 2027. Companies with 3,000+ employees and EUR 900 million+ revenue follow in 2028. The final wave covering companies with 1,000+ employees and EUR 450 million+ revenue takes effect in 2029.

Chain of activities: Unlike narrower frameworks, the CSDDD covers the full "chain of activities," including upstream suppliers, the company's own operations, and downstream distribution and disposal. This extends beyond direct (Tier 1) suppliers to encompass indirect relationships where there is a "business relationship" connection.

Climate transition plans: The directive uniquely links supply chain due diligence to climate obligations. In-scope companies must adopt climate transition plans aligned with the Paris Agreement's 1.5 degree C target, with financial penalties for non-compliance.

Stakeholder engagement: The directive mandates meaningful consultation with affected stakeholders, including workers, communities, and civil society organizations, as part of due diligence processes. This goes beyond checkbox exercises to require documented engagement outcomes.

KPI	Current Benchmark	Leading Practice	Laggard Threshold
Supply chain mapping depth	Tier 1-2	Tier 4+	Tier 1 only
Human rights risk assessments completed	45% of suppliers	90%+ of high-risk suppliers	<20% of suppliers
Grievance mechanism response time	30 days	<14 days	>90 days or none
Due diligence training coverage	40% of procurement staff	100% of relevant functions	<10% of staff
Supplier corrective action completion	55% within 12 months	85%+ within 6 months	<30% within 12 months

What's Working

Signal 1: Deep-tier supply chain mapping is becoming feasible at scale. Technology platforms are enabling companies to map supply chains beyond Tier 1 for the first time. Unilever's Partner with Purpose program now maps over 60,000 direct and indirect suppliers across 190 countries, using a combination of supplier self-disclosure, trade data analytics, and satellite monitoring. The company has identified 2,400 high-risk sites requiring enhanced due diligence, up from 800 identified through traditional audit methods. This level of visibility was technically impossible five years ago, but improvements in data integration and AI-driven entity matching have made deep-tier mapping a practical reality.

Signal 2: Industry collaboration is reducing duplicative effort. Sector-specific due diligence initiatives are gaining traction. The Responsible Minerals Initiative (RMI) now covers 430+ member companies sharing audit results and risk assessments for cobalt, tin, tantalum, tungsten, and mica supply chains. In the garment sector, the Social and Labor Convergence Program (SLCP) has replaced multiple proprietary audit frameworks with a single verified assessment, reducing audit fatigue for factories receiving 20-30 audits per year. The Together for Sustainability (TfS) initiative in the chemical industry shares supplier assessments among 45+ members, covering over 30,000 suppliers globally.

Signal 3: Grievance mechanisms are evolving from compliance boxes to early warning systems. Companies that have invested in accessible, trusted grievance channels are detecting risks earlier and at lower cost than those relying solely on audits. Adidas reports that its worker hotline and digital complaint platform across 600+ supplier factories identify labor rights concerns an average of 4.5 months before scheduled audits would surface the same issues. The shift toward worker voice technologies, including anonymous mobile apps and multilingual SMS platforms, is improving report rates in regions where traditional union-based channels are weak or absent.

What's Not Working

Red flag 1: Audit-only approaches are producing false assurance. The 2024 collapse of an apparel factory in Bangladesh that had passed three separate social audits in the prior 18 months exposed fundamental weaknesses in snapshot-based compliance approaches. Research from the Clean Clothes Campaign found that 73% of documented labor abuses in garment supply chains occurred at facilities holding valid social audit certifications. The CSDDD explicitly states that audits alone are insufficient; companies must demonstrate ongoing monitoring and documented corrective action processes.

Red flag 2: Climate transition plan requirements remain poorly understood. Despite the CSDDD's explicit requirement for Paris-aligned transition plans, only 18% of in-scope companies have developed plans that meet the directive's specificity requirements, according to a 2025 analysis by the European Corporate Governance Institute. Many companies are treating the climate obligation as separate from due diligence, failing to integrate supply chain emissions reduction into their human rights and environmental risk frameworks.

Red flag 3: SME suppliers are being squeezed without support. Large companies are cascading compliance requirements to smaller suppliers without providing the technical assistance, financing, or timeline adjustments needed to meet new standards. A Business & Human Rights Resource Centre survey found that 62% of SME suppliers in developing countries report receiving due diligence questionnaires from multiple buyers with incompatible formats and unrealistic deadlines. This dynamic risks driving formalization out of supply chains rather than improving conditions, as smaller producers exit formal channels rather than bear compliance costs.

Red flag 4: Jurisdictional fragmentation is creating compliance complexity. Companies operating across the EU, Germany (LkSG), France (Devoir de Vigilance), and Norway (Transparency Act) face overlapping but non-identical requirements. Reporting formats, risk assessment methodologies, and liability standards differ across jurisdictions. Without mutual recognition or harmonized implementation, companies are building parallel compliance processes that increase cost without proportionally improving human rights outcomes.

Key Players

Established Leaders

• Adidas: Operates one of the most mature supply chain due diligence systems in the apparel sector with grievance mechanisms covering 600+ supplier factories globally.
• BASF: Founding member of Together for Sustainability (TfS), sharing supplier assessments with 45+ chemical industry members and covering 30,000+ suppliers.
• Unilever: Partner with Purpose program maps 60,000+ suppliers across 190 countries with enhanced due diligence at 2,400 identified high-risk sites.
• Nestlé: Deploys satellite monitoring and field verification for deforestation-free sourcing commitments across cocoa, palm oil, and soy supply chains.

Emerging Startups

• Prewave: AI-powered supply chain risk monitoring platform scanning news, social media, and regulatory databases across 50+ languages for early risk detection.
• Sourcemap: Supply chain mapping and traceability platform used by companies to visualize multi-tier supplier networks and identify human rights risks.
• IntegrityNext: Supplier sustainability and compliance management platform automating due diligence questionnaires and risk scoring for mid-market companies.
• Ulula: Worker engagement technology provider enabling anonymous feedback through mobile surveys and hotlines in 200+ languages.

Key Investors & Funders

• European Commission: Funding CSDDD implementation guidance and SME support tools through the Single Market Programme.
• Investors Alliance for Human Rights: Coalition of institutional investors with $21 trillion in AUM advocating for corporate human rights due diligence.
• German Federal Office for Economic Affairs and Export Control (BAFA): Enforcing LkSG compliance and publishing best practice guidance for due diligence systems.

Action Checklist

• Map your supply chain to at least Tier 3 using a combination of supplier self-disclosure and technology-enabled tracing.
• Conduct a gap analysis comparing your current due diligence processes against CSDDD requirements, with particular attention to climate transition plan obligations.
• Establish or strengthen an operational-level grievance mechanism accessible to affected stakeholders in supplier countries, with response protocols and tracking.
• Develop a prioritized risk matrix covering human rights, environmental, and climate impacts across your chain of activities, using sector-specific risk data.
• Engage with industry due diligence initiatives (RMI, SLCP, TfS) to share assessment data and reduce duplicative supplier burden.
• Train procurement, legal, and sustainability teams on CSDDD requirements, including civil liability implications and documentation standards.
• Allocate budget for SME supplier capacity building, recognizing that cascading requirements without support creates both ethical and business risks.
• Review insurance coverage for civil liability exposure under CSDDD and equivalent national laws.

FAQ

When does the CSDDD actually take effect? The directive phases in over three years. The largest companies (5,000+ employees, EUR 1.5 billion+ revenue) must comply by July 2027. Mid-sized companies (3,000+ employees, EUR 900 million+) follow in 2028, and the final wave (1,000+ employees, EUR 450 million+) in 2029. EU member states must transpose the directive into national law by July 2026.

How does the CSDDD differ from existing legislation like Germany's LkSG? The CSDDD has broader scope than most national laws. It covers downstream activities and climate transition plans, both of which are absent from the LkSG. It also introduces civil liability, allowing affected parties to sue companies in EU courts for damages. The LkSG focuses on Tier 1 suppliers with indirect obligations for deeper tiers, while the CSDDD applies to the full chain of activities regardless of tier.

What are the penalties for non-compliance? Administrative fines can reach 5% of global net turnover. Civil liability provisions expose companies to lawsuits from individuals and communities affected by failures in due diligence. Additionally, non-compliant companies can be excluded from public procurement contracts in EU member states. National supervisory authorities can also issue public statements naming non-compliant companies.

Does the CSDDD apply to non-EU companies? Yes. Non-EU companies generating EUR 450 million+ in net revenue within the EU fall within scope. This means companies headquartered in the UK, US, or Asia with significant EU market presence must comply, even if they have no EU entity. The extraterritorial reach is designed to prevent competitive disadvantages for EU-headquartered companies.

How should companies prioritize when they cannot audit every supplier? The CSDDD follows a risk-based approach. Companies should prioritize due diligence efforts based on severity and likelihood of adverse impacts, focusing on high-risk sectors (mining, agriculture, textiles), high-risk geographies (countries with weak governance and enforcement), and high-risk supply chain tiers (where visibility is lowest). The directive does not require perfection but does require documented, proportionate, and ongoing effort.

Sources

1. European Commission. "Directive on Corporate Sustainability Due Diligence: Final Text and Implementation Guidance." Official Journal of the European Union, 2024.
2. Business & Human Rights Resource Centre. "Corporate Due Diligence Laws and SME Supplier Impacts: Global Survey Results." BHRRC, 2025.
3. European Corporate Governance Institute. "Climate Transition Plans Under the CSDDD: Readiness Assessment of In-Scope Companies." ECGI Working Paper, 2025.
4. Clean Clothes Campaign. "Auditing and Accountability: Social Audit Effectiveness in Global Garment Supply Chains." CCC, 2024.
5. Together for Sustainability. "Annual Report 2025: Shared Assessments and Supplier Engagement in the Chemical Industry." TfS, 2025.
6. Social and Labor Convergence Program. "Converged Assessment Framework: Impact Report and Adoption Metrics." SLCP, 2025.
7. Investors Alliance for Human Rights. "Investor Expectations on Corporate Human Rights Due Diligence." IAHR, 2025.