One of the world’s most anticipated regulations, the European Union’s Corporate Sustainability Due Diligence Directive (CSDDD), officially entered into force on July 25th, 2024. The regulation aims to address a lack of harmonized legal frameworks related to the due diligence requirements of a company and its supply chain. It mandates large companies to conduct thorough due diligence to identify, prevent, mitigate, and account for their impacts on human rights and the environment throughout their entire value chain. This includes the activities of their subsidiaries and both direct and indirect business partners.
Unlike previous regulations within the EU’s Sustainable Finance Framework and Green Deal, such as the Corporate Sustainability Reporting Directive (CSRD) and Sustainable Finance Disclosure Regulation (SFDR), the CSDDD focuses on ensuring that companies take appropriate action toward human rights and environment-related matters. Previously, regulations have leaned heavily on the need to be transparent but have often failed to emphasize accountability, ethics, and enforcement. The CSDDD marks a major step forward for regulations to move away from simply reporting impacts, risks, and opportunities to identifying, managing, mitigating, and addressing negative impacts on people and the planet.
Who Is Impacted by the CSDDD?
The CSDDD applies to a wide range of companies within and outside the EU with significant operations in the EU market. Approximately 7,000 companies will be required to comply with CSDDD — this figure does not include companies in the chain of activities, so the total number of companies anticipated to be impacted by this regulation will likely be significantly higher. Similar to the iterative approach taken by the CSRD, the regulation will be phased in based on company size and turnover, with the first companies being subject to its requirements three years after the CSDDD enters into force (i.e., in 2027).
In terms of next steps, EU Member States need to incorporate the regulation into national law by July 26th, 2026. Large companies with over 5,000 employees and €1.5 billion in worldwide turnover must comply, starting from July 2027, while smaller companies have later deadlines based on the specified thresholds outlined below. It is important to note that non-EU companies are required to focus on their turnover within the EU, whereas EU companies will fall within scope based upon their global turnover.
The thresholds for companies to fall within the scope of the CSDDD are:
EU Companies | Non-EU Companies | Year of Application | ||
Turnover | Employees | Turnover | Employees | |
€1,500 million globally | 5,000 | €1,500 million in the EU | N/A | 2027 |
€900 million globally | 3,000 | €900 million in the EU | N/A | 2028 |
€450 million globally | 1,000 | €450 million in the EU | N/A | 2029 |
The timelines for franchisors and licensors will be later:
EU Franchisors and Licensors | Non-EU Franchisors and Licensors | Year of Application | ||
Turnover | Royalties | Turnover | Royalties | |
€80 million globally | €22.5 million globally | €80 million in the EU | €22.5 million in the EU | 2029 |
Regulated financial institutions that meet the CSDDD thresholds are also included in the Directive and must also comply with its requirements. However, the scope is limited to only what they are responsible for in their own operations and upstream supply chain due diligence. Downstream value chains receiving financial products or services (e.g., investments, loans, and insurance activities) are therefore not in scope. By July 2026, the European Commission is expected to have assessed whether to extend due diligence requirements to the downstream part of the value chain for financial institutions within scope. As such, we recommend keeping up to date as this regulation evolves.
What Are the Penalties for Non-Compliance with the CSDDD?
Similar to the CSRD and the SFDR, each EU Member State will designate which body is responsible for supervising compliance with the rules and regulations. When considering penalties upon a company, Member States must consider a range of aggravating and mitigating factors, including (1) the nature, gravity, and duration of the infringement; (2) any previous infringements by the company; and (3) any remedial actions taken by the company, among other factors. Sanctions can include actions, such as publicly exposing and condemning, removing a company’s products from the market, and imposing fines. Although Member States will have some discretion to set maximum penalties, they may not set penalties below 5% of a company’s net worldwide turnover from the preceding financial year, meaning the financial implications of non-compliance could be significant for some companies. Non-EU companies that fail to adhere to the regulation will also be prohibited from participating in the EU’s public procurement processes.
One novel element of CSDDD is civil liability and the right to full compensation for damages caused to people or legal entities. Companies can be held liable if the company intentionally or negligently fails to comply with the duties set out in the Directive; however, if non-compliance occurs solely due to their business partners, then the company is not liable unless it is proven they jointly caused damages.
What Do Companies Need to Do to Comply with the CSDDD?
The CSDDD requirements are far-reaching but mainly focus on two core areas which companies must adopt across their own operations, as well as among subsidiaries and business partners in their chain of activities:
- Due diligence: Companies must integrate human rights and environmental due diligence into their policies and risk management practices and identify, prioritize, prevent, and remediate potential and adverse impacts.
- Climate plan: Companies, including financial institutions, must develop, implement, and adopt a climate transition plan that, to the best of their ability, aligns with the EU’s 2050 net zero commitments and the 1.5℃ Paris Agreement target.
The due diligence duty of the Directive emphasizes obligations for companies to consider child labor, slavery, pollution, deforestation, excessive water consumption, and damage to ecosystems. The CSDDD also cites the UN Guiding Principles on Business and Human Rights and the OECD Guidelines for Multinational Enterprises as the mandatory standards for conducting due diligence and addressing and remediating human rights and environmental matters. Therefore, companies will need to ensure and verify compliance with the UNGP and the OECD Guidelines. The key obligations will include:
- the integration of due diligence into company policies
- conducting regular risk assessments
- prioritizing and addressing significant risks
- providing remediation for adverse impacts
- engaging in stakeholder consultations and maintaining transparent complaint mechanisms and procedures
When addressing climate change, transition plans must include time-bound climate targets for 2030 and onwards in five-year increments up to 2050. They must be grounded in conclusive scientific evidence and include absolute greenhouse gas (GHG) emission reduction targets across Scopes 1, 2, and 3 when appropriate. Companies must also provide descriptions about their decarbonization strategies, investment plans, and governance related to the plan’s implementation.
Again, emphasizing the importance of walking the talk, companies must adopt a transition plan, ensure it is updated on an annual basis, and demonstrate continuous progress toward their climate objectives. Similarly to the CSRD, we anticipate that companies will need to allocate a substantial budget to comply with this element, including the sourcing of relevant knowledge and experience to ensure plans are sufficiently developed and maintained.
Want to get ahead of the CSDDD? Get started by calculating, managing, and tracking your carbon emissions today with Novata Carbon Navigator.