The Corporate Sustainability Due Diligence Directive (CSDDD) requires large EU and non-EU companies to identify, prevent, and address environmental and human rights harms across their value chains. Adopted in July 2024 and significantly amended by the Omnibus I Directive in March 2026, the CSDDD creates binding due diligence obligations that go beyond reporting into action.
This guide covers who the CSDDD applies to after the latest threshold changes, what companies must do to comply, how the directive compares to the EUDR and CSRD, and practical steps for building an environmental due diligence program.
What Is the CSDDD?
The CSDDD (also written as CS3D) is an EU directive that obligates companies to conduct human rights and environmental due diligence across their operations and supply chains. Unlike the CSRD, which requires companies to report on sustainability, the CSDDD requires companies to act by identifying and mitigating adverse impacts.
The directive aligns with the OECD Guidelines for Multinational Enterprises and follows a six-step due diligence framework. It was proposed by the European Commission in February 2022, adopted as Directive (EU) 2024/1760 in July 2024, and substantially amended by the Omnibus I Directive (EU) 2026/470 in February 2026. The Omnibus narrowed the scope, deleted the climate transition plan requirement, and removed the EU-wide civil liability regime.
Who Must Comply with the CSDDD?
The Omnibus I Directive raised the CSDDD thresholds substantially. The original phased approach (starting at 5,000 employees in 2027 and expanding to 1,000 employees by 2029) has been replaced with a single, higher bar. An estimated 6,000 companies fall within scope, down from roughly 13,000 under the original directive.
| Company Type | Employee Threshold | Turnover Threshold | Compliance Date |
|---|---|---|---|
| EU companies | 5,000+ | EUR 1.5 billion+ worldwide net turnover | July 26, 2029 |
| Non-EU companies | No employee threshold | EUR 1.5 billion+ net turnover generated in the EU | July 26, 2029 |
| Franchise/licensing (EU or non-EU) | No employee threshold | EUR 75 million+ royalties in EU AND EUR 275 million+ net turnover | July 26, 2029 |
| Parent companies | May be exempt if subsidiaries fulfill CSDDD obligations on their behalf | ||
Companies below these thresholds are not directly in scope. However, smaller suppliers face indirect pressure because in-scope companies must obtain environmental assurances from their direct business partners.
CSDDD Timeline: From Proposal to Omnibus
The CSDDD has undergone four major timeline shifts since the Commission’s original proposal. The Stop-the-Clock Directive delayed transposition by one year. The Omnibus I Directive then consolidated the phased rollout into a single compliance date.
| Milestone | Original (2024) | After Stop-the-Clock (2025) | After Omnibus I (2026) |
|---|---|---|---|
| Guidelines published | July 2026 | July 2026 | July 26, 2027 |
| Member State transposition | July 2026 | July 2027 | July 26, 2028 |
| Phase 1 (5,000+ / EUR 1.5B) | July 2027 | July 2028 | July 26, 2029 (single date, all in-scope companies) |
| Phase 2 (3,000+ / EUR 900M) | July 2028 | July 2029 | |
| Phase 3 (1,000+ / EUR 450M) | July 2029 | July 2030 |
The Omnibus eliminated the lower thresholds entirely. Companies with 1,000-4,999 employees or under EUR 1.5 billion turnover are no longer in scope at any phase.
What Does the CSDDD Require?
The Six-Step Due Diligence Process
The CSDDD structures its obligations around the OECD’s six-step due diligence framework. Companies must apply these steps across their own operations, subsidiaries, and direct business partners in their “chain of activities.”
| Step | Requirement | Practical Example |
|---|---|---|
| 1. Policy integration | Embed due diligence into company policies and management systems | Board-approved environmental due diligence policy with clear accountability |
| 2. Identify & assess impacts | Map operations and supply chain to find actual or potential adverse environmental and human rights impacts | Geocode supplier locations, run land cover analysis, screen for climate hazards at each site |
| 3. Prevent & mitigate | Take appropriate measures to prevent potential impacts and mitigate actual ones | Require contractual assurances from high-risk suppliers; provide capacity-building support to SMEs |
| 4. Monitor effectiveness | Track whether due diligence measures are working | Reassess supplier sites at regular intervals (every 5 years minimum, or when circumstances change) |
| 5. Communicate | Report publicly on due diligence activities and findings | Publish an annual due diligence statement covering actions taken and outcomes |
| 6. Remediate | Provide or cooperate in remediation when adverse impacts occur | Establish grievance mechanisms; engage with affected communities; fund remediation where harm is confirmed |
Environmental Scope
The CSDDD covers a broad range of environmental harms listed in the Annex to Directive 2024/1760. These include harmful soil changes, water and air pollution, excessive greenhouse gas emissions, excessive water consumption, land degradation, deforestation that impairs food production, denial of access to safe drinking water, and damage to ecosystem services.
This environmental scope is broader than the EUDR, which focuses exclusively on deforestation. Companies subject to the CSDDD must assess baseline environmental conditions at higher-risk sites and conduct in-depth assessments where severe impacts are most likely. The Omnibus I amendments allow companies to scope “general areas of risk” rather than mapping every individual impact, reducing the assessment burden.
In practice, meeting the identification and assessment requirement (Step 2) means companies need geolocation data for their supplier sites, environmental baselines showing land cover composition, and hazard screening for physical climate risks like flooding, wildfire, or deforestation due diligence verification.
Supply Chain Coverage
The CSDDD defines a “chain of activities” covering upstream partners (extraction, sourcing, manufacturing, transport, storage, supply) and downstream partners (distribution, transport, storage of products) under certain conditions.
The Omnibus I amendments narrowed the due diligence scope to focus on direct business partners (tier-1). Companies only need to assess indirect partners when they have “plausible information” of adverse impacts through complaints, media reports, recent incidents, or evidence of deliberate concealment by suppliers.
The directive emphasizes engagement over disengagement. When a supplier causes or contributes to adverse impacts, the company must first work with the partner to address the issue. Suspension of the business relationship is an intermediate step. Termination is a last resort, used only when severe impacts persist and the company has exhausted other options.
For companies managing hundreds or thousands of supplier relationships, supply chain traceability systems provide the data infrastructure to identify which partners require closer scrutiny.
What Changed Under the Omnibus?
The Omnibus I Directive (EU) 2026/470, published on February 26, 2026 and entering into force on March 18, 2026, substantially weakened the CSDDD. The European Commission framed these changes as “simplification” to reduce compliance burdens, but critics argue the amendments remove the directive’s most impactful provisions.
| Provision | Original CSDDD (2024) | After Omnibus I (2026) |
|---|---|---|
| Scope | Phased: 1,000+ employees / EUR 450M+ (final phase) | Single threshold: 5,000+ employees / EUR 1.5B+ |
| Climate transition plans | Companies must adopt and implement Paris-aligned plans | Deleted entirely |
| Civil liability | Harmonized EU-wide regime; NGOs and unions could bring representative actions | Deleted; reverts to national law in each Member State |
| Penalties | Effective and dissuasive; linked to worldwide turnover | Capped at 3% of worldwide net turnover |
| Monitoring frequency | At least annually | Every 5 years (ad hoc when circumstances change) |
| Stakeholder engagement | Broad stakeholder definition; engagement throughout due diligence | Narrowed to workers and directly affected communities only |
| Supply chain depth | Direct and indirect partners | Direct partners; indirect only on “plausible information” |
| Member State flexibility | Could introduce stricter national rules | Cannot introduce stricter rules in core areas (harmonization) |
The deletion of climate transition plans is the most significant change. Under the original directive, companies with 1,500+ employees had to adopt Paris-aligned plans with Scope 1, 2, and 3 reduction targets. That entire obligation no longer exists under the CSDDD, though companies subject to the CSRD must still disclose transition plans under ESRS E1.
CSDDD vs EUDR: Key Differences
The CSDDD and the EU Deforestation Regulation (EUDR) both require supply chain due diligence, but they differ in almost every dimension. Companies in agricultural commodities, timber, or related products may need to comply with both directives simultaneously.
| Dimension | CSDDD | EUDR |
|---|---|---|
| Trigger | Company size (employees + turnover) | Product-based (7 commodity groups) |
| Applicability | 5,000+ employees AND EUR 1.5B+ turnover | Any company placing covered products on EU market, regardless of size |
| Environmental scope | Broad: pollution, water, emissions, land degradation, deforestation, ecosystem damage | Narrow: deforestation-free only (no deforestation after Dec 31, 2020) |
| Human rights | 15 distinct rights itemized (child labor, forced labor, FPIC, etc.) | References FPIC and labor rights broadly |
| Geolocation | Point-based geocoding of supplier locations | Plot-level coordinates of production land required |
| Enforcement | Engagement-first: work with partner, suspend, terminate only as last resort | Market ban: non-compliant products blocked from EU market entirely |
| Due diligence | Risk-based; scope general areas of risk | Mandatory independent audit; negligible risk standard |
| Overlap rule | Where CSDDD and EUDR conflict, EUDR prevails (sector-specific takes priority) | |
| Compliance date | July 26, 2029 | December 30, 2025 (large); June 30, 2026 (SMEs) |
| SME impact | Indirect (supply chain pressure from in-scope companies) | Direct (any company placing covered commodities, including SMEs) |
A 10-person coffee importer must comply with EUDR compliance requirements because it places a covered commodity on the EU market, but falls well below the CSDDD thresholds. Conversely, a large technology company with 8,000 employees must comply with the CSDDD but may have no EUDR obligations if it does not deal in covered commodities.
Companies subject to both must maintain separate compliance workflows. EUDR demands plot-level traceability and independent audits for specific commodities. The CSDDD requires broader environmental and human rights due diligence across the full value chain. The two regimes are complementary, not interchangeable.
CSDDD vs CSRD: Reporting vs Action
The CSDDD and CSRD form two halves of the EU’s sustainability framework. The CSRD tells companies to report on their impacts. The CSDDD tells companies to do something about them. In practice, CSDDD due diligence generates the data that feeds CSRD disclosures.
| Dimension | CSDDD | CSRD |
|---|---|---|
| Purpose | Conduct due diligence (prevent and mitigate harm) | Report on sustainability impacts (disclose information) |
| Scope trigger | 5,000+ employees AND EUR 1.5B+ turnover | 1,000+ employees AND EUR 50M+ turnover (post-Omnibus) |
| Core obligation | Identify, prevent, and remediate adverse impacts | Publish sustainability reports under ESRS standards |
| Enforcement | Administrative penalties (up to 3% turnover) + national civil liability | Audit assurance on sustainability reports |
| Climate requirements | Deleted by Omnibus I (no climate transition plan) | Required under ESRS E1 (CSRD climate risk disclosure) |
| Overlap | CSDDD actions inform CSRD disclosures; companies subject to both must do due diligence AND report on it | |
The CSRD has a lower entry threshold, so more companies must report on sustainability than must conduct due diligence. A company with 2,000 employees and EUR 100 million turnover must comply with the CSRD but not the CSDDD.
How to Prepare for CSDDD Compliance
Companies that meet the scope thresholds have until July 2029 to comply. But supply chain mapping and environmental baseline work cannot happen overnight. Starting early creates audit-ready evidence and avoids last-minute scrambles when supervisory authorities begin enforcement.
Step 1: Scope assessment. Determine whether your company meets the 5,000-employee and EUR 1.5 billion turnover thresholds on a standalone or consolidated basis. Check whether parent company exemptions apply.
Step 2: Supply chain mapping. Geocode your direct business partner locations. Convert supplier addresses into geographic coordinates to understand where your supply chain physically operates and which regions carry elevated environmental risk.
Step 3: Environmental baseline. Run satellite-based land cover analysis at high-risk supplier sites to establish a quantitative environmental baseline. Land cover composition data shows tree cover, cropland, built-up areas, and water bodies at each location, providing measurable evidence of environmental conditions.
Step 4: Risk screening. Screen every supplier location for physical climate hazards. Flood exposure, wildfire probability, drought risk, and other hazards vary dramatically by geography. Risk screening identifies which sites face the most severe environmental threats.
Step 5: Documentation. Compile audit-ready evidence of your due diligence process. Supervisory authorities will assess whether companies took “appropriate measures,” which requires demonstrating a systematic, documented approach rather than ad hoc responses.
Continuuiti automates the data-intensive steps: batch-geocode supplier addresses, run satellite-based land cover analysis to establish environmental baselines, and screen every site for 12 physical climate hazards. This gives due diligence teams quantitative evidence of environmental conditions at supplier sites, covering the identification and assessment phases of the OECD six-step process. CSDDD’s full scope extends to pollution, human rights, and contractual assurance, which require different tools.
CSDDD Penalties and Enforcement
Member States must designate supervisory authorities to enforce the CSDDD. These authorities can investigate companies, impose corrective measures, and issue financial penalties.
The Omnibus I Directive capped penalties at 3% of worldwide net turnover. Penalties apply regardless of whether actual damage occurred. A company that fails to conduct due diligence faces sanctions even if no adverse environmental or human rights impact materializes.
The EU-wide civil liability regime was deleted by the Omnibus. Individuals or communities harmed by a company’s failure to conduct due diligence may still seek damages, but under national law rather than a harmonized EU framework. This means liability exposure varies by Member State.
The European Commission will develop fining guidelines collaboratively with Member States by July 2027.
Frequently Asked Questions
Is the CSDDD mandatory?
Yes, for companies meeting the scope thresholds: EU companies with 5,000+ employees and EUR 1.5 billion+ worldwide net turnover, and non-EU companies generating EUR 1.5 billion+ in the EU. Compliance is required by July 26, 2029. Smaller companies face indirect pressure as supply chain partners.
What is the difference between the CSDDD and CSRD?
The CSDDD requires companies to conduct due diligence by identifying, preventing, and remediating adverse impacts. The CSRD requires companies to report on sustainability through ESRS disclosures. One demands action, the other demands transparency. Companies subject to both must do due diligence and report on it.
Who does the CSDDD apply to?
After the Omnibus I amendments: EU companies with 5,000+ employees and EUR 1.5 billion+ worldwide turnover. Non-EU companies with EUR 1.5 billion+ in EU turnover. Franchise or licensing companies with EUR 75 million+ in EU royalties and EUR 275 million+ net turnover.
What are the penalties for CSDDD non-compliance?
Financial penalties are capped at 3% of worldwide net turnover. Penalties apply even without actual damage. Civil liability exists under each Member State’s national law, not a unified EU framework.
Has the CSDDD been delayed?
Yes. Originally applying from July 2027 for the largest companies, the CSDDD was delayed twice. The current compliance date is July 26, 2029 for all in-scope companies, and the lower thresholds (1,000 employees / EUR 450 million) were eliminated.
How does the CSDDD differ from the EUDR?
The CSDDD is company-size triggered (5,000+ employees, EUR 1.5 billion+ turnover) with broad environmental scope and engagement-first enforcement. The EUDR is product-triggered (7 commodities) with a deforestation-only focus and market ban enforcement. Where both apply, EUDR prevails.
