The Corporate Sustainability Due Diligence Directive (CSDDD)



What is the Corporate Sustainability Due Diligence Directive (CSDDD)?

The proposed Corporate Sustainability Due Diligence Directive (CSDDD) introduces the obligation for companies to conduct appropriate human rights and environmental due diligence with respect to their operations, operations of their subsidiaries, and operations of their business partners in companies’ chains of activities.

The due diligence process set out in the CSDDD covers the six steps defined by the OECD Due Diligence Guidance for Responsible Business Conduct:

(1) integrating due diligence into policies and management systems,

(2) identifying and assessing adverse human rights and environmental impacts,

(3) preventing, ceasing or minimising actual and potential adverse human rights, and environmental impacts,

(4) assessing the effectiveness of measures,

(5) communicating,

(6) providing remediation.


Understanding the due diligence obligation in the Corporate Sustainability Due Diligence Directive (CSDDD)

The due diligence policy should contain a description of the company’s approach, including in the long term, to due diligence, a code of conduct describing the rules and principles to be followed by the company’s employees and subsidiaries, and, where relevant, the company’s direct or indirect business partners, and a description of the processes put in place to implement due diligence, including the measures taken to verify compliance with the code of conduct and to extend its application to business partners.

The code of conduct should apply in all relevant corporate functions and operations, including procurement and purchasing decisions.

Companies should also update their due diligence policy without undue delay after a significant change occurs, but at least every 24 months. A significant change should be understood as such a change to the status quo of the company’s own operations, the operations of its subsidiaries or business partners, the legal or business environment or any other substantial shift from the situation of the company that the company could be reasonably expected to react to it and update the policy.

Examples of a significant change could be the cases when the company operates in a new economic sector or geographical area, starts producing new products or changes the way of producing the existing products using technology with potentially higher adverse impacts, or changes its corporate structure via restructuring or mergers or acquisitions.

Incorporating due diligence into risk management systems must be understood in line with the relevant international framework to ensure that the due diligence obligations are put in place and being overseen. In order to fulfil this obligation, companies should be allowed to internally organise according to their needs, for example by using existing management systems, setting up a risk management system of the company or creating a human rights and environment officer.


Who must comply with the Corporate Sustainability Due Diligence Directive (CSDDD)?

According to Article 2 (Scope) of the Interinstitutional File: 2022/0051(COD):

1. This Directive shall apply to companies which are formed in accordance with the legislation of a Member State and which fulfil one of the following conditions:

(a) the company had more than 500 employees on average and had a net worldwide turnover of more than EUR 150 million in the last financial year for which annual financial statements have been or should have been adopted;

(b) the company did not reach the thresholds under point (a), but had more than 250 employees on average and had a net worldwide turnover of more than EUR 40 million in the last financial year for which annual financial statements have been or should have been adopted, provided that at least EUR 20 million was generated in one or more of the following sectors associated with the applicable statistical classification of economic activities established by Regulation (EC) No 1893/2006 and listed in Annex II:

(i) the manufacture of textiles, leather and related products (including footwear), and the wholesale trade of textiles, clothing and footwear;

(ii) agriculture, forestry, fisheries (including aquaculture), the manufacture of food products and beverages, and the wholesale trade of agricultural raw materials, live animals, wood, food, and beverages; or

(iii) the extraction of mineral resources regardless from where they are extracted (including crude petroleum, natural gas, coal, lignite, metals and metal ores, as well as all other, non-metallic minerals and quarry products), the manufacture of basic metal products, other non-metallic mineral products and fabricated metal products (except machinery and equipment), and the wholesale trade of mineral resources, basic and intermediate mineral products (including metals and metal ores, construction materials, fuels, chemicals and other intermediate products).

2. This Directive shall also apply to companies which are formed in accordance with the legislation of a third country, and fulfil one of the following conditions:

(a) generated a net turnover of more than EUR 150 million in the Union in the financial year preceding the last financial year; or

(b) generated a net turnover of more than EUR 40 million but not more than EUR 150 million in the Union in the financial year preceding the last financial year, provided that at least EUR 20 million was generated in one or more of the sectors listed in paragraph 1, point (b).

3. For the purposes of paragraph 1, the number of part-time employees shall be calculated on a full-time equivalent basis. Temporary agency workers shall be included in the calculation of the number of employees in the same way as if they were workers employed directly for the same period of time by the company.

3a. This Directive shall apply to a company if the company has met the conditions laid down in paragraph 1 or 2 during two consecutive financial years.

4. As regards the companies referred to in paragraph 1, the Member State competent to regulate matters covered in this Directive shall be the Member State in which the company has its registered office.

5. As regards the companies referred to in paragraph 2, the Member State competent to regulate matters covered in this Directive shall be the Member State in which the company has a branch. If the company does not have a branch in any Member State, or has branches located in different Member States, the Member State competent to regulate matters covered in this Directive shall be that in which the company generated most of its net turnover in the Union in the financial year preceding the last financial year.

6. Member States may decide to apply this Directive to pension institutions which are considered to be social security schemes under the Regulation (EC) No 883/2004 of the European Parliament and of the Council and Regulation (EC) No 987/2009 of the European Parliament and of the Council. If a Member State decides to apply this Directive to such pension institutions, those pension institutions shall be considered regulated financial undertakings within the meaning of Article 3, point (a)(iv).

7. This Directive shall not apply to financial products listed in points (b) and (f) of point (12) of Article 2 of Regulation (EU) 2019/2088 of the European Parliament and of the Council.

8. Member States may decide to apply this Directive to regulated financial undertakings within the meaning of Article 3, point (a)(iv), also with respect to their business partners to which such regulated financial undertakings provide the services referred to in Article 3, point (g).


24 April 2024 - The European Parliament approved the Corporate Sustainability Due Diligence Directive (CSDDD)

The European Parliament approved with 374 votes (against 235 and 19 abstentions) the CSDDD, agreed on with the Council, requiring firms and their upstream and downstream partners, including supply, production and distribution to prevent, end or mitigate their adverse impact on human rights and the environment. Such impact will include slavery, child labour, labour exploitation, biodiversity loss, pollution or destruction of natural heritage.

The rules will apply to EU companies and parent companies with over 1000 employees and a worldwide turnover higher than 450 million euro. It will also apply to companies with franchising or licensing agreements in the EU ensuring a common corporate identity with worldwide turnover higher than 80 million euro if at least 22.5 million euro was generated by royalties.

Non-EU companies, parent companies and companies with franchising or licensing agreements in the EU reaching the same turnover thresholds in the EU will also be covered. These firms will have to integrate due diligence into their policies, make related investments, seek contractual assurances from their partners, improve their business plan or provide support to small and medium-sized business partners to ensure they comply with new obligations. Companies will also have to adopt a transition plan to make their business model compatible with the Paris Agreement global warming limit of 1.5°C.

Fines and compensation of victims - Member states will be required to provide companies with detailed online information on their due diligence obligations via practical portals containing the Commission’s guidance. They will also create or designate a supervisory authority to investigate and impose penalties on non-complying firms.

These will include “naming and shaming” and fines of up to 5% of companies’ net worldwide turnover. The Commission will establish the European Network of Supervisory Authorities to support cooperation and enable exchange of best practices. Companies will be liable for damages caused by breaching their due diligence obligations and will have to fully compensate their victims.

Next steps

The directive now also needs to be formally endorsed by the Council, signed and published in the EU Official Journal. It will enter into force twenty days later. Member states will have two years to transpose the new rules into their national laws.

The new rules (except for the communication obligations) will apply gradually to EU companies (and non-EU companies reaching the same turnover thresholds in the EU):

From 2027 to companies with over 5000 employees and worldwide turnover higher than 1500 million euro;

From 2028 to firms with over 3000 employees and a 900 million euro worldwide turnover;

From 2029 to all the remaining companies within the scope of the directive (including those over 1000 employees and worldwide turnover higher than 450 million euro).


14 December 2023 - We have a deal between the Council and the Parliament.

The Council and the European Parliament reached a provisional deal on the corporate sustainability due diligence directive (CSDDD), which aims to enhance the protection of the environment and human rights in the EU and globally.

The due diligence directive will set obligations for large companies regarding actual and potential adverse impacts on human rights and the environment, with respect to their own operations, those of their subsidiaries, and those carried out by their business partners.

The compromise strengthens the provisions related to the obligation of means for large companies to adopt and put into effect, through best efforts, a transition plan for climate change mitigation.

On civil liability, the agreement reinforces the access to justice of persons affected. It establishes a period of five years to bring claims by those concerned by adverse impacts (including trade unions or civil society organisations). It also limits the disclosure of evidence, injunctive measures, and cost of the proceedings for claimants.

As a last resort, companies that identify adverse impacts on environment or human rights by some of their business partners will have to end those business relationships when these impacts cannot be prevented or ended.

For companies that fail to pay fines imposed on them in the event of violation of the directive, the provisional agreement includes several injunction measures, and takes into consideration the turnover of the company to impose pecuniary penalties.


Next steps

The provisional agreement now needs to be endorsed and formally adopted by both institutions (the European Parliament and the Council).


Cyber Risk GmbH, some of our clients