CSDDD - Löning - Human Rights and Responsible Business

The CSDDD:

Here’s What You
Need to Know

A quick guide to the Corporate Sustainability Due Diligence Directive

Introduction

On 24 May 2024, the EU Council formally adopted the Corporate Sustainability Due Diligence Directive (CSDDD), marking a significant milestone in EU sustainability law. The directive entered into force later that summer, and Member States were originally required to transpose it into national law by 26 July 2026. However, under the Omnibus simplification agreement reached in December 2025, the scope and application of CSDDD have been substantially revised.

For the first time in EU legislative history, core principles from the UN Guiding Principles on Business and Human Rights were embedded into EU law through the CSDDD, requiring companies in scope to identify, prioritise and address human rights and environmental risks and impacts across their own operations and value chains using a risk-based approach that reflects likelihood and severity of harm.

Show all

The Omnibus agreement raises the directive’s thresholds, meaning CSDDD will now apply only to very large companies with 5,000 or more employees and €1.5 billion or more in annual turnover, significantly reducing the number of companies covered compared to earlier proposals. It also adjusts implementation timelines and some substantive requirements, including the removal of a mandatory climate transition plan obligation. Member States will transpose the revised directive into national law with a staggered compliance timeline following publication in the Official Journal.

Show less

Scope of application

EU Member States must transpose the revised CSDDD into national law by 26 July 2028. This is when the national legal frameworks will formally take effect, based on the Omnibus-adjusted scope and requirements.

From 26 July 2029, companies with more than 5,000 employees and over €1.5 billion in global turnover must comply with the CSDDD by putting risk-based due diligence into practice across their chain of activities.

Risk-based scoping

Companies must apply due diligence across their entire “chain of activities,” which includes their own operations, subsidiaries, and both direct and indirect business partners involved in upstream and relevant downstream activities.

The directive is built around a risk-based scoping exercise, meaning companies first use reasonably available information to identify where the most likely and most severe human rights and environmental risks may occur, across both direct and indirect business partners, and then focus more detailed assessment and action on those priority areas.

To avoid placing unnecessary burdens on smaller suppliers, the revised rules limit information requests to what is truly necessary, encourage companies to seek data where risks are most likely to appear, and include safeguards to ensure smaller partners are not overwhelmed with reporting demands.

Risks

Rights of the Child
Prohibition of Child Labour

Right to Liberty and Security
Prohibition of Forced or Compulsory Labour
Prohibition of Slavery and Slave-Trade

Just and Favourable Conditions of Work

Freedom of Association and Collective Bargaining

Prohibition of Unequal Treatment in Employment
Freedom of Thought, Conscience, and Religion

Just and Favourable Conditions of Work
Prohibition of Restricting Workers' Access to Essential Needs

Right of Individuals, Groups and Communities to Lands and Resources and to not be Deprived of Means of Subsistence

Right to Life
Prohibition of Torture and Cruel, Inhuman, or Degrading Treatment

Prohibition of Environmental Degradation

Prohibition of Arbitrary or Unlawful Interference with Privacy and Family
Freedom of Thought, Conscience, and Religion, Adequate Housing for Workers

Risks Related to Mercury as Prohibited by the Minamata Convention

Risks Related to Persistent Organic Pollutants (POPs) as Prohibited by the Stockholm Convention

Import and Export of Hazardous Wastes as Prohibited by the Basel Convention

Obligation to Avoid or Minimize Adverse Impacts on Biological Diversity (1992)
Convention on Biological Diversity, Cartagena Protocol and the Nagoya Protocol

Prohibition of Importing, Exporting, Re-exporting, or Introducing Endangered Species of Wild Fauna and Flora (CITES)

Prohibition of Importing or Exporting Dangerous Pesticides and Industrial Chemicals Listed in Annex III of the Rotterdam Convention

Prohibition of Production, Consumption, Import, and Export of Ozone-Depleting Substances (ODS) in Line with the Montreal Protocol.

Obligation to Avoid or Minimize Adverse Impacts on Natural Heritage Properties

Obligation to Prevent Pollution from Ships

Obligation to Prevent, Reduce, and Control Pollution of the Marine Environment by Dumping

REALITY CHECK

There is no business case for corporate sustainability due diligence anymore.

Learn the truth

The CSDDD only applies to supply chains.

Learn the truth

The CSDDD will make foreign trade extremely difficult.

Learn the truth

The CSDDD creates new reporting obligations.

Learn the truth

SMEs won’t be able to cope with the requirements of this regulation.

Learn the truth

Full upstream supply chain transparency is required immediately.

Learn the truth

Myth
The CSDDD creates new reporting obligations.

Reality
The CSDDD does not introduce a new sustainability reporting regime. Instead, it builds on the transparency framework already established under the CSRD. The focus of the CSDDD is not reporting, but action: identifying, prioritising and addressing human rights and environmental risks through a structured, risk-based due diligence process, aligned with the OECD Guidelines for Multinational Enterprises. While companies may need to communicate how they manage risks, the directive is fundamentally about improving outcomes in practice, not adding another layer of reporting.

Myth
SMEs won’t be able to cope with the requirements of this regulation.

Reality
SMEs remain outside the legal scope of the CSDDD and are not required to comply directly. While SMEs may still be indirectly affected through their relationships with large customers, the revised directive now includes stronger safeguards to reduce unnecessary burden. Companies must rely first on reasonably available information, limit information requests to what is genuinely necessary, and avoid overwhelming smaller partners with excessive or duplicative demands. Where engagement with SMEs is needed, larger companies are encouraged to provide support and capacity building, rather than simply passing obligations down the chain.

Myth
Full upstream supply chain transparency is required immediately.

Reality
The CSDDD promotes a risk-based methodology for determining where companies should first focus their efforts. Companies are expected to identify risks and assess them based on severity and likelihood. This way, they can prioritise their impacts and corresponding mitigation efforts. Companies must assess risks across multiple dimensions, such as geographic location, supply chain activities, and supplier performance. The scope includes a company’s operations, subsidiaries and business partners linked to specific segments of the value chain. Companies are required to prioritise the most severe risks, understand causes and mitigate these risks first. While less severe risks require less immediate attention and transparency, companies are still expected to continuously enhance their understanding of supply chain risks and work towards mitigating them over time.

Myth
There is no business case for corporate sustainability due diligence anymore.

Reality
Even under the revised CSDDD, due diligence remains central to responsible and resilient business. While the Omnibus agreement reduced some legal exposure at EU level, companies may still face financial penalties, enforcement actions, contractual consequences, litigation under national laws and reputational damage if they fail to manage serious human rights and environmental risks. Strong due diligence also helps companies prevent costly disruptions, maintain investor and customer trust, secure market access and remain competitive in public procurement and partnerships. Beyond compliance, companies that can demonstrate credible, risk-based due diligence are better positioned for stable supply chains, capital access and talent retention.

Myth
The CSDDD only applies to supply chains.

Reality
The CSDDD goes beyond traditional “supply chain” thinking. It applies across a company’s chain of activities, covering its own operations, subsidiaries and both direct and indirect business partners. Adverse impacts may arise not only upstream, but also within a company’s facilities or large projects such as mines, data centres or construction sites, as well as through downstream activities. Companies are expected to understand where they may cause, contribute to or be linked to harm, and to prioritise the most likely and severe risks using a risk-based approach.

Myth
The CSDDD will make foreign trade extremely difficult.

Reality
No — the CSDDD does not aim to restrict trade. Disengagement and withdrawal are explicitly considered last-resort measures and should only be used when other efforts to prevent or mitigate harm are ineffective, and when withdrawal would not create greater harm. The directive emphasises a risk-based approach, prioritisation and collaboration, not cutting ties. Companies are expected to work with suppliers to improve practices, encourage respect for human rights and environmental standards, and support capacity building rather than immediately terminating relationships. In practice, this approach can actually strengthen long-term trading relationships by promoting trust, stability and responsible business conduct.

Contact us

Interested in navigating the CSDDD in your chain of activities? We can support you!

Löning – Human Rights & Responsible Business is an international management consultancy specialised in human rights. With our multinational and interdisciplinary team of experts, we help companies establish and integrate effective human rights due diligence processes.