After years of back-and-forth negotiations and the ironing out of several significant amendments, the European Parliament as well as the Council of the European Union have approved the long-awaited Corporate Sustainability Due Diligence Directive (CSDDD), which imposes stringent new due diligence requirements on companies to identify and address environmental and human rights abuses in their supply chains or face severe penalties. While drastically reduced from its first proposal, the directive introduces significant obligations for large companies regarding the adverse impacts of their activities on human rights and environmental protection. 


Scope of covered companies

Compared to earlier versions which had a much broader scope, the CSDDD only applies to large EU companies and non-EU companies that meet specific employee and turnover thresholds worldwide or within the EU market. 

Due Diligence Obligations

The CSDDD introduces human rights and environmental “due diligence obligations” at the level of the company’s operations, its subsidiaries’ operations, and both their upstream and downstream business partners in their “chain of activities.” To clarify, upstream starts at the extraction of raw materials and involves the production of goods or the provisions of services, whereas  downstream includes distribution, transport and storage of the products.


Companies affected by the legislation will have to take and implement a risk-based strategy to monitor, prevent or remedy human rights or environmental damages identified by the directive. The central component of the CSDDD is the five due diligence obligations that companies, their subsidiaries, and business partners must carry out as follows:


Integrate due diligence into policies and risk management systems. A due diligence policy that ensures a risk-based due diligence approach should be implemented. 

When integrating due diligence into policies and risk management systems, companies should take into account that human rights abuses are more likely to occur and be more severe in conflict-affected and high-risk areas


Identify and assess actual or potential human rights and environmental harms. Companies must continuously identify and assess actual and potential adverse impacts on human rights and the environment throughout their operations, chains of activities, and business relationships.


To identify where adverse human rights or environmental impacts are most likely to occur or be most severe, companies should conduct a data mapping exercise of their operations and those of their upstream and downstream chains of activities. 


The CSDDD directs companies to address and prioritize adverse impacts based on their degree of severity and likelihood, and take into account “the circumstances of the specific case, including the nature and extent of the adverse impact and relevant risk factors.” 


Prevent, mitigate, and end human rights and environmental harm. Companies should develop and implement a prevention action plan. Once risks are identified, companies must implement appropriate measures to prevent and mitigate adverse impacts. This includes introducing robust policies, practices and management systems to effectively address identified risks. 


Monitor the effectiveness of the due diligence policy and risk management system. The company should conduct periodic assessments every 12 months, verifying that it has properly identified adverse impacts, implemented due diligence measures, and prevented or ended adverse human rights or environmental harms. 


The company also should conduct an assessment if it has “reasonable grounds to believe that new risks of adverse impact could have arisen,” the CSDDD states, such as if the company learns about an adverse impact from publicly available information or stakeholder engagement.


Publish an annual statement.  To comply with their communication obligations under the CSDDD, companies are required to provide annual public reports detailing their findings and any actions taken. Companies should publish on their website in “at least one of the official languages of the Union.” and, within a “reasonable period,” but no later than by the publication date of the annual financial statement, unless the company is subject to the sustainability reporting requirements under Directive 2013/34/EU.


What companies need to know

However, EU companies and companies with a nexus to the EU market should not wait to assess the current state of their human rights and environmental due diligence policies and risk management procedures to identify where improvements may need to be made, including contracts with business partners. 


Companies must integrate enhanced due diligence processes into their operations. To prepare and adapt to these requirements companies should begin with a thorough review of their current practices and supply chains, engaging with stakeholders and developing robust compliance frameworks. Support from external advisors like The Risk Advisory Group will be crucial in navigating these requirements, having the capability to respond swiftly and appropriately to any identified human and environmental harm.


To discuss this article or any other business challenge in risk and compliance, ESG, supply chain due diligence, or investigative dispute, please get in touch with one of our experts at [email protected]