EU Corporate Sustainability Due Diligence Directive (CSDDD) requirements are no longer theoretical. They are becoming enforceable expectations for how companies manage human rights and environmental risk across global supply chains.
The EU CSDDD shifts sustainability due diligence from a voluntary best practice to a legal obligation. Companies now face defined requirements, clear timelines, and growing enforcement pressure, even as delays and adjustments introduce uncertainty.
Let’s explore what the CSDDD requires in practice, who must comply, and how organizations should prepare as the obligations phase in.
Supply chain risk is increasing while regulatory tolerance for inaction is shrinking. Human rights violations, environmental harm, and climate-related impacts are no longer viewed as indirect business issues. Under the EU CSDDD, companies are expected to identify, prevent, mitigate, and address these risks across their own operations and value chains.
The Omnibus package, introduced by the European Commission in February 2025, proposes targeted changes to the CSDDD to reduce administrative burden while preserving its core objectives. Key discussions focus on adjusting company scope thresholds, delaying application timelines, and refining how far due diligence must extend across value chains.
The realities driving urgency include:
The EU CSDDD establishes a mandatory due diligence obligation for large companies operating in the EU. Rather than relying on voluntary commitments, the Directive requires companies to actively identify, prevent, mitigate, and address adverse human rights and environmental impacts across their operations, subsidiaries, and business relationships.
The Directive was published in the Official Journal of the European Union on July 5, 2024, confirming its legal status and triggering national implementation timelines. This publication marked the transition of the CSDDD from policy proposal to binding EU legislation, even as subsequent Omnibus discussions began to reshape specific elements of its application.
For a more expansive look at Human Rights regulations across the globe, read our blogs on “Human Rights Laws Shaping Responsible Supply Chains” and “Navigating UFLPA Compliance and Avoiding Enforcement Risks.”
The CSDDD is designed to move sustainability risk management into enforceable law.
Its core objectives are to:
By aligning with recognized international standards, the Directive provides a common baseline for how companies are expected to manage risk, regardless of where impacts occur.
The CSDDD and the Corporate Sustainability Reporting Directive (CSRD) serve different but complementary purposes.
For companies subject to both regulations, this distinction matters. CSRD reporting relies on the quality and consistency of underlying due diligence, while CSDDD compliance depends on having systems and data in place to demonstrate ongoing risk management. Treating them separately increases operational complexity and regulatory exposure.
Companies must comply with the EU CSDDD if, for two consecutive financial years, they meet one of the following thresholds:
These thresholds also apply at the group level, including ultimate parent companies. Under the Omnibus discussions, one of the most significant proposed changes is a clearer focus on direct business partners. Due diligence would apply by default to a company’s own operations, subsidiaries, and Tier 1 suppliers. Indirect business partners would only fall within scope when companies have plausible information indicating specific risks further down the value chain.
Micro companies and Small or Medium Enterprises (SMEs) are not directly covered under the Directive. However, they are often impacted indirectly as suppliers or business partners.
In-scope companies may request contractual assurances, conduct verification activities, or impose new data requirements across their value chains. As a result, SMEs increasingly feel the operational effects of CSDDD compliance expectations.
The EU CSDDD establishes a risk-based due diligence obligation that applies across the value chain.
Companies must implement processes to:
This risk-based approach is intended to prioritize severity and likelihood rather than require exhaustive assessment of every supplier. However, companies are still expected to demonstrate how risks are identified, assessed, and escalated when credible information indicates potential harm beyond direct relationships. These expectations apply to a company’s own operations, subsidiaries, and both direct and indirect business partners.
EU CSDDD requirements align with specific international standards listed in the Directive’s annexes.
Covered areas include:
The Directive does not cover the full range of ESG topics, such as anti-corruption or diversity initiatives.
Understanding the EU CSDDD timeline is critical for planning defensible compliance.
Key dates include:
The Omnibus proposal introduces targeted delays and simplifications, including:
Omnibus negotiations are expected to continue through 2026, and additional adjustments may be introduced before Member States complete national transposition. This creates a moving regulatory target, reinforcing the need for adaptable compliance programs rather than static, one-time implementations. Importantly, the Omnibus does not remove the CSDDD. It reshapes how and when companies must comply.
EU CSDDD compliance is backed by enforcement mechanisms at both national and EU levels. Member States will designate supervisory authorities with powers to:
An EU-level network of supervisory authorities will coordinate enforcement. Member States must ensure victims can seek compensation for damages resulting from a company’s failure to meet due diligence obligations. Non-compliance also creates:
Early action reduces cost, complexity, and disruption. Practical steps include:
As scope definitions and timelines evolve, companies that delay preparation risk compressing implementation into shorter windows. This often results in higher costs, inconsistent supplier engagement, and reduced confidence in due diligence outcomes when enforcement expectations become clearer.
CSDDD compliance is not a one-time effort. It requires structured data, consistent monitoring, and defensible documentation that can withstand regulatory scrutiny over time.
As requirements evolve and enforcement accelerates, organizations that invest early in data readiness and supplier engagement are better positioned to manage risk without disrupting operations or supplier relationships.
Managing EU CSDDD requirements at scale requires more than manual tracking or fragmented systems. Teams need visibility across suppliers, consistency in due diligence processes, and the ability to document actions taken with confidence.
Source Intelligence supports EU CSDDD compliance by:
By strengthening data foundations and standardizing due diligence, companies can move from reactive compliance to long-term regulatory readiness. Explore our human rights solution to discover how, when it comes to the EU CSDDD, software and compliance systems are the best response to compliance pressures.
Tiahna is a Senior Sustainability Consultant at Source Intelligence, based in the UK. She brings over a decade of experience in compliance data analysis, including seven years specializing in environmental compliance. With deep expertise in Extended Producer Responsibility (EPR), Tiahna serves as a trusted subject matter expert in global e-waste, packaging, and battery legislation. In her role, she supports organizations by evaluating EPR obligations and delivering outsourced reporting and compliance consultancy, helping companies navigate complex and evolving global regulations.