The Corporate Sustainability Due Diligence Directive (CSDDD) requires large EU and non-EU companies to identify, prevent, and address environmental and human rights harms across their value chains. Adopted in July 2024 and significantly amended by the Omnibus I Directive in March 2026, the CSDDD creates binding due diligence obligations that go beyond reporting into action.
This guide covers CSDDD requirements after the latest threshold changes: who must comply, the six-step due diligence process, supply chain obligations, how the directive compares to the EUDR and CSRD, and practical steps for building an environmental due diligence program.
Last updated: April 28, 2026
What Is the CSDDD?
The CSDDD (also written as CS3D) is an EU directive that obligates companies to conduct human rights and environmental due diligence across their operations and supply chains. Unlike the CSRD, which requires companies to report on sustainability, the CSDDD requires companies to act by identifying and mitigating adverse impacts.
The directive aligns with the OECD Guidelines for Multinational Enterprises and follows a six-step due diligence framework. It was proposed by the European Commission in February 2022, adopted as Directive (EU) 2024/1760 in July 2024, and substantially amended by the Omnibus I Directive (EU) 2026/470 in February 2026. The Omnibus narrowed the scope, deleted the climate transition plan requirement, and removed the EU-wide civil liability regime.
CSDDD Status in 2026
As of April 2026, the CSDDD is in its transposition window, and no company is required to comply yet. The Omnibus I Directive (EU) 2026/470 entered into force on March 18, 2026, raising scope thresholds to 5,000 employees and EUR 1.5 billion in turnover and narrowing the directive from approximately 13,000 companies to roughly 6,000. Member States must transpose CSDDD by July 26, 2028, and in-scope companies must comply by July 26, 2029. Here is where the directive stands after Omnibus I:
- Omnibus I entered into force on March 18, 2026, amending the original CSDDD substantially
- Scope narrowed from approximately 13,000 companies to roughly 6,000, after thresholds were raised to 5,000 employees and EUR 1.5 billion turnover
- Climate transition plan obligation deleted entirely (companies subject to CSRD must still disclose transition plans under ESRS E1)
- EU-wide civil liability regime deleted, reverting to national law in each Member State
- Single compliance date: July 26, 2029, replacing the original three-phase rollout that would have started in 2027
- Member State transposition deadline: July 26, 2028, giving national legislators two years to incorporate the directive into domestic law
- Commission guidelines expected by July 2027, providing practical implementation guidance before transposition deadlines
Companies that expect to fall within scope should use the transposition window to begin supply chain mapping and environmental baseline work, rather than waiting for national legislation to take effect.
Who Must Comply with the CSDDD?
The Omnibus I Directive raised the CSDDD thresholds substantially. The original phased approach (starting at 5,000 employees in 2027 and expanding to 1,000 employees by 2029) has been replaced with a single, higher bar. An estimated 6,000 companies fall within scope, down from roughly 13,000 under the original directive.
| Company Type | Employee Threshold | Turnover Threshold | Compliance Date |
|---|---|---|---|
| EU companies | 5,000+ | EUR 1.5 billion+ worldwide net turnover | July 26, 2029 |
| Non-EU companies | No employee threshold | EUR 1.5 billion+ net turnover generated in the EU | July 26, 2029 |
| Franchise/licensing (EU or non-EU) | No employee threshold | EUR 75 million+ royalties in EU AND EUR 275 million+ net turnover | July 26, 2029 |
| Parent companies | May be exempt if subsidiaries fulfill CSDDD obligations on their behalf | ||
Companies below these thresholds are not directly in scope. However, smaller suppliers face indirect pressure because in-scope companies must obtain environmental assurances from their direct business partners.
CSDDD Timeline: From Proposal to Omnibus
The CSDDD has undergone four major timeline shifts since the Commission’s original proposal. The Stop-the-Clock Directive delayed transposition by one year. The Omnibus I Directive then consolidated the phased rollout into a single compliance date.
| Milestone | Original (2024) | After Stop-the-Clock (2025) | After Omnibus I (2026) |
|---|---|---|---|
| Guidelines published | July 2026 | July 2026 | July 26, 2027 |
| Member State transposition | July 2026 | July 2027 | July 26, 2028 |
| Phase 1 (5,000+ / EUR 1.5B) | July 2027 | July 2028 | July 26, 2029 (single date, all in-scope companies) |
| Phase 2 (3,000+ / EUR 900M) | July 2028 | July 2029 | |
| Phase 3 (1,000+ / EUR 450M) | July 2029 | July 2030 |
The Omnibus eliminated the lower thresholds entirely. Companies with 1,000-4,999 employees or under EUR 1.5 billion turnover are no longer in scope at any phase.
What Does the CSDDD Require?
The Six-Step Due Diligence Process
The core CSDDD requirements center on the OECD’s six-step due diligence framework. Companies must apply these steps across their own operations, subsidiaries, and direct business partners in their “chain of activities.”
| Step | Requirement | Practical Example |
|---|---|---|
| 1. Policy integration | Embed due diligence into company policies and management systems | Board-approved environmental due diligence policy with clear accountability |
| 2. Identify & assess impacts | Map operations and supply chain to find actual or potential adverse environmental and human rights impacts | Geocode supplier locations, run land cover analysis, screen for climate hazards at each site |
| 3. Prevent & mitigate | Take appropriate measures to prevent potential impacts and mitigate actual ones | Require contractual assurances from high-risk suppliers; provide capacity-building support to SMEs |
| 4. Monitor effectiveness | Track whether due diligence measures are working | Reassess supplier sites at regular intervals (every 5 years minimum, or when circumstances change) |
| 5. Communicate | Report publicly on due diligence activities and findings | Publish an annual due diligence statement covering actions taken and outcomes |
| 6. Remediate | Provide or cooperate in remediation when adverse impacts occur | Establish grievance mechanisms; engage with affected communities; fund remediation where harm is confirmed |
Environmental Scope
The CSDDD covers a broad range of environmental harms listed in the Annex to Directive 2024/1760. These include harmful soil changes, water and air pollution, excessive greenhouse gas emissions, excessive water consumption, land degradation, deforestation that impairs food production, denial of access to safe drinking water, and damage to ecosystem services.
The directive adopts a “One Health” approach, recognizing that environmental degradation can cause adverse human health effects. Due diligence must account for this link between ecosystem damage and public health outcomes.
Companies must also contribute to preserving and restoring biodiversity and improving the state of air, water, and soil at sites where they operate or source. These obligations go beyond deforestation. While the EUDR focuses exclusively on deforestation-free supply chains for seven specific commodity groups, the CSDDD covers all forms of environmental harm: pollution, excessive water consumption, land degradation, emissions, and damage to ecosystem services.
Companies subject to the CSDDD must assess baseline environmental conditions at higher-risk sites and conduct in-depth assessments where severe impacts are most likely. The Omnibus I amendments allow companies to scope “general areas of risk” rather than mapping every individual impact, reducing the assessment burden.
In practice, meeting the identification and assessment requirement (Step 2) means companies need geolocation data for their supplier sites, environmental baselines showing land cover composition, and hazard screening for physical climate risks like flooding, wildfire, or deforestation due diligence verification.
Supply Chain Coverage
The CSDDD defines a “chain of activities” covering upstream partners (extraction, sourcing, manufacturing, transport, storage, supply) and downstream partners (distribution, transport, storage) under certain conditions. After the Omnibus I amendments, due diligence focuses on direct business partners (tier-1). For a detailed breakdown of partner obligations, contractual assurances, and when indirect partners come into scope, see the supply chain due diligence section below.
What Changed Under the Omnibus?
The Omnibus I Directive (EU) 2026/470, published on February 26, 2026 and entering into force on March 18, 2026, substantially weakened the CSDDD. The European Commission framed these changes as “simplification” to reduce compliance burdens, but critics argue the amendments remove the directive’s most impactful provisions.
| Provision | Original CSDDD (2024) | After Omnibus I (2026) |
|---|---|---|
| Scope | Phased: 1,000+ employees / EUR 450M+ (final phase) | Single threshold: 5,000+ employees / EUR 1.5B+ |
| Climate transition plans | Companies must adopt and implement Paris-aligned plans | Deleted entirely |
| Civil liability | Harmonized EU-wide regime; NGOs and unions could bring representative actions | Deleted; reverts to national law in each Member State |
| Penalties | Effective and dissuasive; linked to worldwide turnover | Capped at 3% of worldwide net turnover |
| Monitoring frequency | At least annually | Every 5 years (ad hoc when circumstances change) |
| Stakeholder engagement | Broad stakeholder definition; engagement throughout due diligence | Narrowed to workers and directly affected communities only |
| Supply chain depth | Direct and indirect partners | Direct partners; indirect only on “plausible information” |
| Member State flexibility | Could introduce stricter national rules | Cannot introduce stricter rules in core areas (harmonization) |
The deletion of climate transition plans is the most significant change. Under the original directive, companies with 1,500+ employees had to adopt Paris-aligned plans with Scope 1, 2, and 3 reduction targets. That entire obligation no longer exists under the CSDDD, though companies subject to the CSRD must still disclose transition plans under ESRS E1.
Supply Chain Due Diligence Under the CSDDD
The CSDDD’s supply chain obligations are where most compliance effort will concentrate. Unlike reporting frameworks that ask companies to disclose risks, the CSDDD requires companies to take concrete steps with their business partners. Here is what that looks like in practice after the Omnibus I amendments.
Direct Business Partner Obligations
In-scope companies must seek contractual assurances from every direct business partner (tier-1) covering both environmental and human rights impacts. These assurances are not optional contract clauses. Verification measures must back them up: site audits, satellite-based monitoring, third-party assessments, or industry certification schemes.
The directive requires companies to cascade these obligations through their partner networks. A manufacturer that sources components from a tier-1 supplier must contractually require that supplier to obtain similar assurances from its own suppliers. In practice, this creates a chain of documented commitments flowing from the in-scope company down through the supply chain.
When a direct partner causes or contributes to adverse impacts, the CSDDD prescribes a clear sequence: first, work with the partner to address the problem. If that fails, suspend the relationship as an intermediate step. Termination is a last resort, permitted only when impacts are severe and the company has exhausted other options. This “engagement over disengagement” principle reflects a deliberate policy choice: cutting off suppliers does not fix the underlying problem.
When Indirect Partners Come Into Scope
Under the Omnibus I amendments, companies do not need to assess every supplier in their extended value chain. Indirect partners (tier-2 and beyond) only come into scope when the company has “plausible information” of adverse impacts. The directive defines five specific triggers:
- Complaints received about a specific indirect partner through the company’s grievance mechanism
- Credible media or NGO reports identifying adverse impacts at a known supplier location
- Recent incident documentation at a specific site in the supply chain
- Recurring problems reported at the same locations or within the same supplier network
- Business structures that lack economic rationale, suggesting a supplier deliberately conceals its sub-contracting arrangements
Once any trigger is activated, the company must extend its due diligence to the indirect partner. The threshold is deliberately qualitative: “plausible information” does not require proof, only a reasonable basis for concern.
SME Proportionality
The CSDDD does not expect large companies to simply impose compliance costs on their smaller suppliers. Information requests to SME business partners must be limited to data already collected under voluntary sustainability standards (e.g., EcoVadis, Sedex, industry certifications). Additional data requests are permitted only when the information is necessary and unavailable through other channels.
In-scope companies must provide “proportionate support” to SME suppliers that struggle with due diligence requirements. This can include training programs, capacity-building initiatives, or financial assistance for implementing environmental management systems. The directive explicitly prohibits using non-compliance as a pretext for terminating SME relationships without first offering support.
The German Supply Chain Act (LkSG)
Germany’s Lieferkettensorgfaltspflichtengesetz (LkSG), effective since January 2023, was the first national supply chain due diligence law in the EU. It covers companies with 1,000 or more employees operating in Germany and established many of the enforcement patterns the CSDDD now scales EU-wide. The German Federal Office for Economic Affairs and Export Control (BAFA) has published enforcement guidance and conducted audits that demonstrate what operational due diligence looks like in practice.
Companies already complying with LkSG have a significant head start on CSDDD compliance. The core due diligence steps, risk analysis methodology, and documentation requirements overlap substantially. However, the two laws differ in scope: LkSG applies to companies with 1,000+ employees in Germany, while the CSDDD applies only to companies with 5,000+ employees and EUR 1.5 billion+ turnover across all EU Member States. How Germany will align LkSG with the CSDDD during transposition by July 2028 has not been formally clarified. The LkSG may continue to apply to companies in the 1,000-4,999 employee range that fall below CSDDD thresholds.
Supply Chain Due Diligence Checklist
This checklist covers the specific actions companies must take regarding their supply chain partners under the CSDDD:
- Map all direct business partners by geographic location to understand where your supply chain physically operates and which regions carry elevated environmental risk
- Assess general areas of environmental risk by region and sector, focusing on locations with known deforestation, pollution, water stress, or climate hazard exposure
- Obtain contractual assurances from each direct partner covering environmental and human rights impacts, with clauses requiring partners to cascade obligations to their own suppliers
- Establish verification measures including site audits, satellite-based land cover monitoring, third-party sustainability assessments, or recognized certification schemes
- Set up a grievance mechanism accessible to affected stakeholders, workers, and communities in your supply chain
- Monitor and reassess at least every five years, or sooner when significant changes occur, new information emerges, or previous measures prove inadequate
- Document plausible information triggers and maintain records of any complaints, media reports, incidents, or structural concerns that require extending due diligence to indirect partners
- Provide proportionate support to SME suppliers through training, capacity building, or financial assistance rather than terminating non-compliant relationships
CSDDD vs EUDR: Key Differences
The CSDDD and the EU Deforestation Regulation (EUDR) both require supply chain due diligence, but they differ in almost every dimension. Companies in agricultural commodities, timber, or related products may need to comply with both directives simultaneously.
| Dimension | CSDDD | EUDR |
|---|---|---|
| Trigger | Company size (employees + turnover) | Product-based (7 commodity groups) |
| Applicability | 5,000+ employees AND EUR 1.5B+ turnover | Any company placing covered products on EU market, regardless of size |
| Environmental scope | Broad: pollution, water, emissions, land degradation, deforestation, ecosystem damage | Narrow: deforestation-free only (no deforestation after Dec 31, 2020) |
| Human rights | 15 distinct rights itemized (child labor, forced labor, FPIC, etc.) | References FPIC and labor rights broadly |
| Geolocation | Point-based geocoding of supplier locations | Plot-level coordinates of production land required |
| Enforcement | Engagement-first: work with partner, suspend, terminate only as last resort | Market ban: non-compliant products blocked from EU market entirely |
| Due diligence | Risk-based; scope general areas of risk | Mandatory independent audit; negligible risk standard |
| Overlap rule | Where CSDDD and EUDR conflict, EUDR prevails (sector-specific takes priority) | |
| Compliance date | July 26, 2029 | December 30, 2025 (large); June 30, 2026 (SMEs) |
| SME impact | Indirect (supply chain pressure from in-scope companies) | Direct (any company placing covered commodities, including SMEs) |
A 10-person coffee importer must comply with EUDR compliance requirements because it places a covered commodity on the EU market, but falls well below the CSDDD thresholds. Conversely, a large technology company with 8,000 employees must comply with the CSDDD but may have no EUDR obligations if it does not deal in covered commodities. See our detailed CSDDD vs EUDR comparison for a full side-by-side breakdown of scope, due diligence, enforcement, and compliance timelines.
Companies subject to both must maintain separate compliance workflows. EUDR demands plot-level traceability and independent audits for specific commodities. The CSDDD requires broader environmental and human rights due diligence across the full value chain. The two regimes are complementary, not interchangeable.
CSDDD vs CSRD: Reporting vs Action
The CSDDD and CSRD form two halves of the EU’s sustainability framework. The CSRD tells companies to report on their impacts. The CSDDD tells companies to do something about them. In practice, CSDDD due diligence generates the data that feeds CSRD disclosures.
| Dimension | CSDDD | CSRD |
|---|---|---|
| Purpose | Conduct due diligence (prevent and mitigate harm) | Report on sustainability impacts (disclose information) |
| Scope trigger | 5,000+ employees AND EUR 1.5B+ turnover | 1,000+ employees AND EUR 50M+ turnover (post-Omnibus) |
| Core obligation | Identify, prevent, and remediate adverse impacts | Publish sustainability reports under ESRS standards |
| Enforcement | Administrative penalties (up to 3% turnover) + national civil liability | Audit assurance on sustainability reports |
| Climate requirements | Deleted by Omnibus I (no climate transition plan) | Required under ESRS E1 (CSRD climate risk disclosure) |
| Overlap | CSDDD actions inform CSRD disclosures; companies subject to both must do due diligence AND report on it | |
The CSRD has a lower entry threshold, so more companies must report on sustainability than must conduct due diligence. A company with 2,000 employees and EUR 100 million turnover must comply with the CSRD but not the CSDDD.
For a detailed side-by-side comparison of scope, requirements, Omnibus changes, and compliance timelines, see our CSRD vs CSDDD comparison.
How to Prepare for CSDDD Compliance
Understanding CSDDD requirements is one step; acting on them is another. Companies that meet the scope thresholds have until July 2029 to comply. But supply chain mapping and environmental baseline work cannot happen overnight. Starting early creates audit-ready evidence and avoids last-minute scrambles when supervisory authorities begin enforcement.
Step 1: Scope assessment. Determine whether your company meets the 5,000-employee and EUR 1.5 billion turnover thresholds on a standalone or consolidated basis. Check whether parent company exemptions apply.
Step 2: Supply chain mapping. Geocode your direct business partner locations. Convert supplier addresses into geographic coordinates to understand where your supply chain physically operates and which regions carry elevated environmental risk.
Step 3: Environmental baseline. Run satellite-based land cover analysis at high-risk supplier sites to establish a quantitative environmental baseline. Land cover composition data shows tree cover, cropland, built-up areas, and water bodies at each location, providing measurable evidence of environmental conditions.
Step 4: Risk screening. Screen every supplier location for physical climate risk. Flood exposure, wildfire probability, drought risk, and other hazards vary dramatically by geography. Risk screening identifies which sites face the most severe environmental threats.
Step 5: Documentation. Compile audit-ready evidence of your due diligence process. Supervisory authorities will assess whether companies took “appropriate measures,” which requires demonstrating a systematic, documented approach rather than ad hoc responses.
Continuuiti automates the data-intensive steps: batch-geocode supplier addresses, run satellite-based land cover analysis to establish environmental baselines, and screen every site for 12 physical climate hazards. This gives due diligence teams quantitative evidence of environmental conditions at supplier sites, covering the identification and assessment phases of the OECD six-step process. CSDDD’s full scope extends to pollution, human rights, and contractual assurance, which require different tools.
CSDDD Penalties and Enforcement
Member States must designate supervisory authorities to enforce the CSDDD. These authorities can investigate companies, impose corrective measures, and issue financial penalties.
The Omnibus I Directive capped penalties at 3% of worldwide net turnover. Penalties apply regardless of whether actual damage occurred. A company that fails to conduct due diligence faces sanctions even if no adverse environmental or human rights impact materializes.
The EU-wide civil liability regime was deleted by the Omnibus. Individuals or communities harmed by a company’s failure to conduct due diligence may still seek damages, but under national law rather than a harmonized EU framework. This means liability exposure varies by Member State.
The European Commission will develop fining guidelines collaboratively with Member States by July 2027.
Frequently Asked Questions
What is the current status of the CSDDD?
As of April 2026, the CSDDD has been amended by the Omnibus I Directive, which entered into force on March 18, 2026. The directive is in its transposition window. Member States must transpose it into national law by July 26, 2028, and all in-scope companies must comply by the single deadline of July 26, 2029.
Is the CSDDD mandatory?
Yes, for companies meeting the scope thresholds: EU companies with 5,000+ employees and EUR 1.5 billion+ worldwide net turnover, and non-EU companies generating EUR 1.5 billion+ in the EU. Compliance is required by July 26, 2029. Smaller companies face indirect pressure as supply chain partners.
What is the difference between the CSDDD and CSRD?
The CSDDD requires companies to conduct due diligence by identifying, preventing, and remediating adverse impacts. The CSRD requires companies to report on sustainability through ESRS disclosures. One demands action, the other demands transparency. Companies subject to both must do due diligence and report on it.
Who does the CSDDD apply to?
After the Omnibus I amendments: EU companies with 5,000+ employees and EUR 1.5 billion+ worldwide turnover. Non-EU companies with EUR 1.5 billion+ in EU turnover. Franchise or licensing companies with EUR 75 million+ in EU royalties and EUR 275 million+ net turnover.
What are the penalties for CSDDD non-compliance?
Financial penalties are capped at 3% of worldwide net turnover. Penalties apply even without actual damage. Civil liability exists under each Member State’s national law, not a unified EU framework.
Has the CSDDD been delayed?
Yes. Originally applying from July 2027 for the largest companies, the CSDDD was delayed twice. The current compliance date is July 26, 2029 for all in-scope companies, and the lower thresholds (1,000 employees / EUR 450 million) were eliminated.
How does the CSDDD differ from the EUDR?
The CSDDD is company-size triggered (5,000+ employees, EUR 1.5 billion+ turnover) with broad environmental scope and engagement-first enforcement. The EUDR is product-triggered (7 commodities) with a deforestation-only focus and market ban enforcement. Where both apply, EUDR prevails.
What are the main requirements of the CSDDD?
The CSDDD requires in-scope companies to follow a six-step due diligence process aligned with OECD guidelines: integrate policies, identify and assess impacts, prevent and mitigate harms, monitor effectiveness every five years, communicate findings publicly, and provide remediation. Companies must also obtain contractual assurances from direct business partners and establish grievance mechanisms.
What is supply chain due diligence under the CSDDD?
Supply chain due diligence under the CSDDD means identifying, preventing, and mitigating environmental and human rights risks across a company’s chain of activities. Companies must assess direct business partners (tier-1) and extend assessment to indirect partners when they receive complaints, credible media reports, or other evidence of adverse impacts. The directive emphasizes working with suppliers to fix problems rather than terminating relationships.
Is the CSDDD the same as the German Supply Chain Act (LkSG)?
No. The LkSG is a German national law effective since January 2023 covering companies with 1,000+ employees in Germany. The CSDDD is an EU-wide directive for companies with 5,000+ employees and EUR 1.5 billion+ turnover. The two share similar due diligence steps but differ in scope and enforcement. Germany must align the LkSG with the CSDDD during transposition by July 2028, though the LkSG may continue to apply to companies below CSDDD thresholds.
