Navigating the CSDDD: a game changer for business and human rights

Scope and timeline: which companies are affected by the CSDDD?

The CSDDD applies to large companies that meet certain criteria, including turnover and – for EU companies – employment thresholds. The CSDDD covers EU companies or EU parent companies of a group with more than 1,000 employees on average and net worldwide turnover exceeding EUR 450m, third-country companies or third-country parent companies of a group which generate net turnover of at least EUR 450m in the EU, and companies providing franchising or licensing agreements that have worldwide turnover of at least EUR 80m and royalties of more than EUR 22.5m, and that meet the criteria specified in the CSDDD.

Member States must transpose the CSDDD into national law and communicate the relevant texts to the Commission by 26 July 2026. One year later, the rules will start to apply to the first group of companies, following a staggered approach, with full application on 26 July 2029.

What are the main steps and requirements for conducting human rights and environmental due diligence?

Under the CSDDD, the due diligence process should encompass the following key steps, which companies should begin preparing for now: (i) integrating due diligence into policies and management systems, including adopting a code of conduct; (ii) identifying and assessing adverse human rights and environmental impacts in their operations and chain of activities, considering the severity and likelihood of the impacts; (iii) preventing, mitigating, ceasing or minimising actual and potential adverse human rights and environmental impacts; (iv) monitoring and assessing the effectiveness of the measures taken; (v) communicating publicly and transparently on the due diligence policy, the code of conduct, risk assessment, the prevention and remediation action plan, and the monitoring and evaluation results; and (vi) providing remediation for any adverse human rights and environmental impacts caused or contributed to by the company.

In addition, companies must adopt and implement a climate transition plan, using best efforts to align their business model and strategy with the transition to a sustainable economy. This includes limiting global warming to 1.5ºC in line with the Paris Agreement.

What are the potential sanctions, liabilities and reputational risks for non-compliance with the CSDDD?

The CSDDD includes a penalty regime enforceable by the Member States' national supervisory authorities. Fines can reach up to at least 5 % of the company's worldwide net turnover. Penalties may also include a public statement identifying the company and detailing the nature of the infringement.

An in-scope company can also be held civilly liable for damages caused to a natural or legal person, provided it intentionally or negligently failed to comply with the obligations to prevent and cease adverse human rights and environmental impacts, damaging the natural or legal person's legal interests protected under national law.

What are the impacts on SMEs and suppliers of in-scope companies?

The CSDDD has significant implications for small and medium-sized enterprises (SMEs) and suppliers that are part of the supply chain of in-scope companies. Although they are not directly subject to the CSDDD, they are indirectly affected due to their business relationships with larger companies that must comply with the directive.

Those companies may face increased pressure to adhere to the sustainability standards and due diligence requirements imposed by their larger business partners. This will result in additional administrative and compliance costs, as well as the need to upgrade their management systems and processes to meet the new standards. The CSDDD acknowledges these challenges. It will be crucial for in-scope companies to provide targeted and proportionate support to their affected business partners.

How does the CSDDD affect companies outside of the EU?

The CSDDD will significantly impact non-EU companies with EU business relationships. These companies must comply with the due diligence obligations if they fall within the scope of the CSDDD. Non-compliance could result in a loss of access to the EU market, penalties or liability claims. It remains uncertain how and to what extent breaches will be enforced due to the territorial limitations on enforcement actions by EU authorities.

The CSDDD will also affect non-EU companies that are part of the value chain of in-scope companies. These companies may face increased burdens and are likely to receive requests from EU-based companies (or non-EU companies covered by the CSDDD) for additional information, due diligence or contractual assurances. These assurances may include compliance with a code of conduct or prevention action plan, as well as measures to verify compliance, such as audits and regular reporting. They may also have to adapt their policies, processes and practices to align with the human rights and environmental standards set by the CSDDD. Many businesses globally will need to significantly change their current operations, transactions, reporting and interactions with business partners.

What are the available resources and best practices for implementing the CSDDD effectively?

Companies, whether within the scope of the CSDDD or not, and regardless of their location, should use the time before the national legislation takes effect wisely, especially if they have business relationships with EU-based companies. It is crucial to navigate the complexities of the CSDDD at an early stage. Possible preparatory steps include: (i) conducting a thorough review of current operations, policies and procedures to identify any gaps in compliance with the CSDDD; (ii) developing policies and strategies, including robust due diligence policies and climate transition plans; (iii) providing training sessions and workshops to ensure employees understand the CSDDD obligations and are equipped to implement the necessary changes; and (iv) facilitating engagement with key stakeholders, including business partners, suppliers and regulatory authorities to ensure a collaborative approach to compliance.

authors: Johannes Frank, Danijel Stevanovic