Summary: The EU Corporate Sustainability Due Diligence Directive, or CSDDD, requires large companies to identify, prevent, mitigate, and address human rights and environmental harms across their value chains. For procurement and supply chain leaders, CSDDD makes supplier due diligence a legal requirement rather than a voluntary ESG initiative, which raises the need for better risk mapping, documentation, audit trails, and remediation processes.
What is the CSDDD — the EU Corporate Sustainability Due Diligence Directive?
The European Council formally adopted the EU Corporate Sustainability Due Diligence Directive (CSDDD) in May 2024. This landmark legislation requires large companies to conduct human rights and environmental due diligence (HREDD) across their global supply chains and value chains. The European Commission originally proposed the directive in February 2022 as a “draft directive.” In fact, it now stands as adopted law. Member States must transpose it into national legislation by July 2026, and phased corporate compliance obligations begin in 2027.
The CSDDD aims to build a “just and sustainable economy.” To that end, it obligates companies to identify, prevent, mitigate, and remedy adverse human rights and environmental impacts throughout their operations and supply chains — globally. Unlike prior regulations that limited compliance to the jurisdictions where companies operate, the CSDDD extends mandatory due diligence throughout the full global value chain. This scope covers everything from raw material extraction through product delivery.
Consequently, this represents a fundamental shift in how EU law defines and enforces corporate responsibility for supply chain impacts. Germany’s LkSG (Supply Chain Due Diligence Act), in force since January 2023, already set the standard for national supply chain due diligence legislation within the EU. As such, the CSDDD now complements and extends that framework across all Member States.
Who will the CSDDD apply to?
The CSDDD applies in a phased manner based on company size. The largest companies face compliance obligations first. Specifically, the Directive applies to:
1. EU-based companies with more than 5,000 employees and a net worldwide turnover exceeding EUR 1.5 billion — compliance required from 2027.
2. EU-based companies with more than 3,000 employees and a net worldwide turnover exceeding EUR 900 million — compliance required from 2028.
3. EU-based companies with more than 1,000 employees and a net worldwide turnover exceeding EUR 450 million, and non-EU companies generating EU turnover exceeding EUR 450 million — compliance required from 2029.
The final adopted CSDDD raised the applicability thresholds compared to the original 2022 Commission proposal. As a result, the scope now focuses on the largest companies in the first compliance waves. Estimates suggest the CSDDD will directly apply to approximately 5,000 EU companies and a significant number of non-EU companies generating material EU-market revenue.
However, the Directive’s requirements will cascade down supply chains. In-scope companies will impose contractual due diligence obligations on their suppliers. Therefore, the practical impact reaches far beyond the directly regulated universe.
What will the CSDDD require of companies?
The CSDDD establishes a comprehensive set of human rights and environmental due diligence obligations. Companies must identify actual and potential adverse impacts arising from their own operations, the operations of their subsidiaries, and the activities of their business partners. In particular, they must do so on a risk-based, proportionate basis throughout their value chains.
Specifically, the CSDDD requires companies to:
- Integrate HREDD into corporate governance policies and risk management systems, with annual updates and board-level accountability.
- Conduct comprehensive risk assessments to identify actual and potential adverse human rights and environmental impacts in their operations and across their supply chains — including Tier 1 and, where risks exist, deeper supply chain tiers.
- Implement prevention action plans for potential adverse impacts and take corrective remediation measures for actual adverse impacts throughout their value chains.
- Establish and maintain an accessible grievance mechanism that allows affected parties — including workers, communities, and civil society organizations — to raise concerns about adverse impacts.
- Monitor and assess the effectiveness of their HREDD policies and procedures annually, and update them as needed.
- Publicly communicate their due diligence activities — including reporting requirements aligned with the EU Corporate Sustainability Reporting Directive (CSRD) for in-scope companies.
What are the sanctions for non-compliance?
The CSDDD establishes a robust enforcement framework. Each EU Member State must designate national supervisory authorities with the power to investigate companies, require corrective action, and impose sanctions for non-compliance.
Sanctions must be “effective, proportionate and dissuasive.” Authorities can calculate financial penalties as a percentage of a company’s net worldwide turnover. Notably, the CSDDD specifies that fines can reach up to 5% of net global turnover for the most serious violations.
In addition, the Directive includes explicit provisions for civil liability. Companies that fail to meet their HREDD obligations and cause or contribute to damages can face lawsuits and must compensate affected parties. These damages include environmental harm, human rights violations, and social impacts. Furthermore, directors of in-scope companies can bear personal accountability for inadequate HREDD governance. Ultimately, this reinforces board-level ownership of compliance obligations.
Germany’s LkSG caps fines at 2% of annual global turnover (or up to EUR 8 million for companies below a revenue threshold). In contrast, the CSDDD’s civil liability provisions represent a significant escalation in the legal consequences of non-compliance. For this reason, a robust, documented due diligence program is essential for both risk management and legal compliance.
30+ Audit and inspection checklists free for download.
When will the CSDDD come into force?
The European Council formally adopted the CSDDD in May 2024. The directive entered into force in July 2024. EU Member States have until July 2026 to transpose it into national law. Corporate compliance obligations then apply on a phased basis. The largest companies (5,000+ employees, EUR 1.5B+ turnover) must comply from 2027. Mid-sized companies follow from 2028. Smaller in-scope companies and non-EU companies with significant EU revenue must comply from 2029.
Unlike the original 2022 Commission proposal — which was still a draft subject to significant revision — the CSDDD now stands as adopted law. Additionally, the phased implementation timeline gives in-scope companies a defined runway to build their due diligence programs. However, mapping global supply chains, implementing risk assessment processes, and establishing grievance mechanisms all involve significant operational complexity. Therefore, organizations should actively build their CSDDD compliance capabilities now. In particular, companies already subject to Germany’s LkSG have a proven operational template to follow for CSDDD compliance.
How can your company prepare for the CSDDD?
CSDDD compliance obligations begin in 2027 for the largest companies. As such, organizations should take concrete preparatory steps now. Building a robust HREDD program takes time — especially for companies with complex, multi-tier global supply chains. The following steps provide a practical compliance roadmap:
1) Map your supply chain — identify who your suppliers are across all tiers relevant to your risk profile. Define the nature of each supplier relationship (direct/indirect, Tier 1/2/3). Furthermore, assess the human rights and environmental risk profile of each supplier based on sector, geography, and product category.
2) Develop and integrate HREDD policies and governance procedures into your corporate risk management framework, as CSDDD Articles 5–16 require. Additionally, ensure board-level ownership and annual review processes are in place.
3) Define and implement your human rights and environmental impact assessment methodology. This includes the structured checklists you will use to evaluate supplier compliance. For a ready-to-deploy starting point, see our Supplier Social and Environmental Compliance Checklist.
4) Establish a regular, risk-based program to assess and document the human rights and environmental impacts of your suppliers. Apply more intensive assessment for higher-risk relationships and geographies. Moreover, align your reporting cadence with CSRD disclosure obligations where applicable.
5) Implement a corrective action management system to document, track, and resolve identified human rights and environmental impacts. Most importantly, maintain a complete audit trail of remediation activities for regulatory and civil liability purposes.
6) Establish an accessible grievance mechanism — compliant with CSDDD Article 14 — that allows workers, communities, and other affected parties to raise concerns about adverse impacts in your supply chain. In addition, document your process for reviewing, responding to, and resolving complaints.
You may also be interested in:
The Supplier Compliance Audit: What it is (and Why You Need One)
Supplier Audit Software Solutions
Frequently Asked Questions (FAQs)
What is the CSDDD and when does it apply?
The CSDDD (Corporate Sustainability Due Diligence Directive) is EU law — formally adopted in May 2024 — that requires large companies to conduct human rights and environmental due diligence throughout their global supply chains. Compliance obligations apply in phases: largest companies from 2027, mid-sized companies from 2028, and smaller in-scope and non-EU companies from 2029. Member States must transpose the Directive into national law by July 2026.
How does the CSDDD differ from Germany’s LkSG?
Germany’s LkSG (Lieferkettensorgfaltspflichtengesetz), in force since January 2023, was the first major national supply chain due diligence law in the EU — applying to companies with 1,000+ employees in Germany. The CSDDD is the EU-wide equivalent, harmonizing due diligence obligations across all 27 Member States with a broader scope and stronger enforcement mechanisms, including civil liability provisions. Companies already compliant with LkSG have a significant head start on CSDDD compliance, as the underlying operational requirements are closely aligned.
What is the relationship between CSDDD and CSRD?
The CSDDD and CSRD (Corporate Sustainability Reporting Directive) are complementary EU frameworks. The CSDDD establishes due diligence obligations — companies must conduct and act on HREDD. The CSRD establishes reporting obligations — companies must disclose their sustainability impacts, risks, and actions, including their supply chain due diligence activities. Together, they create an integrated EU framework for supply chain sustainability: CSDDD defines what companies must do; CSRD defines what they must disclose.
What are the penalties for non-compliance with CSDDD?
CSDDD penalties include financial fines of up to 5% of net worldwide turnover, imposed by national supervisory authorities. In addition, the Directive introduces civil liability — companies that fail their HREDD obligations and cause damages can be sued for compensation by affected parties. Directors can also bear personal accountability for inadequate HREDD governance. These enforcement provisions are significantly stronger than those in the original 2022 draft, underscoring the seriousness with which EU lawmakers view supply chain accountability.
How can Certainty Software help with CSDDD compliance?
Certainty Software provides an integrated audit, inspection, and compliance management platform purpose-built for supply chain due diligence. Organizations can deploy structured supplier assessment checklists aligned with CSDDD and LkSG requirements, capture real-time audit findings, track corrective actions through to closure, manage grievance records, and generate the documented evidence of due diligence required for regulatory reporting and civil liability defense. Built-in templates — including the Supplier Social and Environmental Compliance Checklist — accelerate CSDDD compliance program implementation across complex, multi-tier supply chains.
