Key Takeaways
- The Omnibus I directive (published 26 February 2026) raised the CSDDD scope to companies with more than 5,000 employees and net turnover above EUR 1.5 billion.
- In-scope companies must transpose obligations into practice by 26 July 2029, with Member State transposition due by 26 July 2028.
- In-depth assessment of adverse impacts is limited to Tier 1 business partners unless plausible information points to harm further upstream.
- The Omnibus I amendments removed the mandatory climate transition plan and the harmonised civil liability regime from the original directive.
What is Due Diligence (Sustainability)?
The CSDDD creates a legal obligation for qualifying companies to conduct ongoing human rights and environmental due diligence. Article 7 requires the company to integrate due diligence into its policies and risk management systems. Articles 8 and 9 require identification and prioritisation of actual and potential adverse impacts, ranked by severity and likelihood. Where a company identifies potential harm, Articles 10 and 11 require it to take appropriate measures to prevent or mitigate those impacts (and to bring actual adverse impacts to an end). Article 12 addresses remediation. Article 15 requires monitoring the effectiveness of due diligence actions, and Article 16 requires public communication on those actions.
The directive uses the term “chain of activities” rather than “value chain.” This covers upstream business partners (suppliers of goods and services) and downstream activities related to distribution and storage. The Omnibus I amendments clarified that in-depth assessment of adverse impacts focuses on Tier 1 business partners. Deeper tiers require investigation only when plausible information indicates adverse impacts exist there. The policy review cycle was also relaxed from annual to every five years, unless significant changes or new evidence trigger an earlier review.
For auditors, the CSDDD intersects with the CSRD because companies reporting under the ESRS must disclose their due diligence process in the sustainability statement. ESRS 2 GOV-4 requires disclosure of the integration of sustainability due diligence into governance and strategy. The assurance provider evaluating the sustainability statement will assess whether the entity's described due diligence process is consistent with the obligations the CSDDD imposes. Where non-compliance with the CSDDD creates a legal exposure, the financial statement auditor considers the implications under ISA 250 (consideration of laws and regulations).
Worked example: Henriksen Shipping A/S
Client: Danish maritime logistics company, FY2029, revenue EUR 140M, 5,200 employees, IFRS reporter. Henriksen exceeds both Omnibus I thresholds and falls within the CSDDD's scope from 26 July 2029.
Step 1 — Integrate due diligence into policy
Henriksen's board adopts a human rights and environmental due diligence policy covering its fleet operations, fuel sourcing, port services, and crew management. The policy identifies the company's salient risks: labour conditions on chartered vessels, air pollution from heavy fuel oil, waste discharge at port facilities, and unsafe working conditions during cargo handling.
Documentation note: record the board resolution adopting the policy and the salient risk identification process. Cross-reference the company's existing environmental management system. Reference Article 7 of Directive 2024/1760.
Step 2 — Identify and prioritise adverse impacts
Henriksen maps its Tier 1 business partners (47 chartered vessel operators, 12 fuel suppliers, 8 port service providers, 4 waste management contractors). The sustainability team scores each partner against severity and likelihood criteria. Three chartered vessel operators are flagged for potential labour rights violations based on port state control detention records. Two fuel suppliers are flagged for sulphur emissions exceeding IMO 2020 limits.
Documentation note: record the mapping of Tier 1 partners and the scoring methodology (severity x likelihood matrix). Retain the source data consulted (port state control databases, IMO compliance records). Reference Articles 8 and 9.
Step 3 — Prevent and mitigate
For the three flagged vessel operators, Henriksen requires corrective action plans within 90 days and schedules independent crew welfare audits. For the two fuel suppliers, Henriksen switches procurement to verified low-sulphur suppliers and includes contractual compliance clauses in new supply agreements. Total cost of mitigation measures: EUR 420,000.
Documentation note: record each corrective action, the contractual clauses added, the timeline for compliance, and the cost allocation. Reference Articles 10 and 11.
Step 4 — Monitor and communicate
Henriksen schedules six-monthly reviews of corrective action progress. The annual sustainability due diligence statement (required for financial years beginning on or after 1 January 2030) will disclose the process followed, the adverse impacts identified, the preventive measures taken, and the outcomes observed. The company's sustainability assurance provider will evaluate the ESRS 2 GOV-4 disclosures against the documented due diligence process.
Documentation note: record the monitoring schedule and the KPIs tracked (audit completion rate, supplier compliance rate). Map each KPI to the planned ESRS 2 GOV-4 disclosure. Reference Article 15 and Article 16.
Conclusion: Henriksen's due diligence process is defensible because each step follows the CSDDD's six-step framework, adverse impacts are prioritised by severity and likelihood at Tier 1, and the documentation trail connects the risk assessment to the preventive measures taken.
Why it matters in practice
- Companies frequently confuse the CSDDD's due diligence obligation with CSRD sustainability reporting. The CSDDD requires active identification, prevention, mitigation, and remediation of adverse impacts (a conduct obligation), while the CSRD requires disclosure of sustainability information (a reporting obligation). ESRS 2 GOV-4 bridges the two by requiring disclosure of the due diligence process, but performing the disclosure alone does not satisfy the CSDDD's conduct requirements under Articles 6 through 16.
- The Omnibus I narrowing of in-depth assessment to Tier 1 business partners leads some teams to conclude that deeper supply chain tiers are irrelevant. Article 8 (as amended) still requires the company to investigate Tier 2 and beyond when plausible information indicates adverse impacts exist there. Treating the Tier 1 limitation as a blanket exemption from deeper scrutiny misreads the risk-based approach the directive preserves.
Due diligence (CSDDD) vs. double materiality (ESRS)
| Dimension | Due diligence (CSDDD) | Double materiality (ESRS) |
|---|---|---|
| Purpose | Identify, prevent, mitigate, and remediate adverse human rights and environmental impacts | Determine which sustainability topics require disclosure in the sustainability statement |
| Legal basis | Directive 2024/1760 Articles 6–16 | ESRS 1 paragraphs 37–58 |
| Nature of obligation | Conduct obligation: the company must act on the impacts it identifies | Reporting obligation: the company must disclose material sustainability information |
| Scope | Chain of activities (upstream business partners, own operations, subsidiaries, downstream distribution) | Full value chain as relevant to impact materiality and financial materiality |
| Output | Preventive and corrective measures, remediation, monitoring, public communication | Sustainability statement with disclosures organised by material ESRS topics |
The distinction matters because a company can perform a double materiality assessment that identifies human rights as a material topic but fail to take the preventive action the CSDDD requires. The ESRS disclosure alone does not fulfil the CSDDD obligation. Auditors providing assurance on the sustainability statement should verify that an entity subject to both regimes has not conflated the two.
Related terms
Frequently asked questions
Does the CSDDD apply to non-EU companies?
Yes, but only if they generate more than EUR 1.5 billion in net turnover within the EU (post-Omnibus I thresholds). No employee threshold applies to non-EU companies. The directive covers their entire chain of activities, not just the EU-based portion. Article 2 of Directive 2024/1760 defines the scope for both EU and non-EU undertakings.
How does CSDDD due diligence relate to the ESRS sustainability statement?
ESRS 2 GOV-4 requires the reporting entity to disclose how sustainability due diligence is embedded in governance and risk management. The CSDDD provides the legal framework that defines what due diligence must look like in practice. An entity subject to both regimes documents the due diligence process under the CSDDD and discloses that process in the ESRS sustainability statement, giving the assurance provider a verifiable basis for evaluation.
When do companies have to start complying with the CSDDD?
Member States must transpose the directive by 26 July 2028. In-scope companies must comply with the due diligence obligations from 26 July 2029. The obligation to publish an annual sustainability due diligence statement on the company's website applies for financial years beginning on or after 1 January 2030. There is no phased rollout by company size; the single set of thresholds (5,000 employees, EUR 1.5 billion turnover) applies uniformly from 2029.