The CSDDD: Compliance Meets Sustainability Ambitions

Business leaders today are inundated with enduring, emerging, and unknown risks to their company. As ambitious sustainable business practices become law, leaders must now also focus on the risks their businesses and value chains pose to people and the environment. Chief Sustainability Officers (CSO) are rising in prominence as key expert advisors to Chief Executive Officers and boards alongside financial and legal executives with traditional responsibility for risk management.

The recent adoption of the EU’s Corporate Sustainability Due Diligence Directive (CSDDD) is the latest and arguably most significant regulatory development aimed at reshaping business practices to support, not undermine, sustainability. The CSDDD codifies international sustainability due diligence standards in the EU (and beyond) by requiring large companies to assess and address negative impacts on people and the environment in their value chains, and it helps level the playing field for sustainability leaders.

Translating the CSDDD into practice will require innovation. Traditional legal risk mitigation strategies will not meet the expectations of stakeholders, such as trade unions or civil society organizations, who will be empowered to bring direct claims for damages against companies. Such strategies will also struggle to deliver on the long-term business value of a strategic approach to sustainability risks.  

To stay ahead, corporate executives should recognize that compliance with the CSDDD can be transformational—driving improved outcomes for people and planet and helping to deliver, rather than hinder, each company’s sustainability aspirations and long-term value. Achieving this entails understanding not just what the Directive requires, but also its underlying drivers, what difficult questions must be asked, and how the company's core business model and strategy can enable improved outcomes for people and planet.

Companies must “know and show” how they address their adverse impacts, with civil liabilities and financial penalties for those who fail to comply. The scope of due diligence extends to own activities, supply chain (up to raw materials), and downstream activities related to transport, storage, and distribution. This means identifying and assessing a company’s actual and potential impacts on human rights and the environment and taking action to prevent, mitigate, remediate, and account for these. While downstream impacts (e.g., linked to the end use of products and services) are mostly out of scope, by 2026, the EU Commission is due to report on whether tailored due diligence requirements for financial services and investment activities are necessary.

The CSDDD establishes a distinct regulatory obligation for companies to adopt and implement climate transition plans that include science-based, time-bound targets covering Scope 1, 2, and 3 GHG emissions for 2030—and then every five years until 2050. This is aligned with the obligation to disclose climate transition plans under the EU Corporate Sustainability Reporting Directive (CSRD)and goes further by requiring companies to adopt and implement such plans—creating a de facto obligation to conduct climate due diligence to assess and address a company’s impact on climate. The CSDDD acknowledges the interdependent nature of human health, domestic and wild animals, plants, and the wider environment by requiring companies to address environmental degradation that results in adverse impacts on human rights.

The nature of the CSDDD will require many businesses to go beyond current practices—or formalize and expand voluntary practices to new issues and parts of their value chains. Companies will be required to engage with affected stakeholders, for example, through ongoing engagement with workers, local communities, consumers, and environmental and human rights institutions to identify and manage the negative externalities of their business and relationships. This requires a mature approach to transparency: not only disclosing issues or initiatives that a company is comfortable with sharing, but being open about challenges, stakeholder grievances, and what isn’t working yet.

The CSDDD is a game-changer for just and sustainable business. It is explicitly grounded in existing international soft law standards regarding responsible business conduct: the OECD Guidelines for Multinational Enterprises and the UN Guiding Principles in Business and Human Rights (UNGPs). Both endorsed by governments across regions, these standards provide a widely adopted roadmap for respecting human rights and the environment through robust corporate policies, governance structures, due diligence systems and processes, and effective grievance mechanisms.

The CSDDD also seeks to harmonize due diligence requirements in response to slightly varying due diligence laws in France and Germany (and plans for similar laws in other countries such as Belgium, the Netherlands, and Spain). By setting a common floor for sustainability due diligence, the CSDDD will level the playing field for companies operating in the EU, although the flexibility afforded to member states to go beyond the requirements of the CSDDD leaves room for some continued differences.

The CSDDD was also designed to play an essential and complementary role in the EU’s sustainability architecture. Along with the Corporate Sustainability Reporting Directive (CSRD), the CSDDD forms part of the EU’s policy to foster “An Economy that Works for People” and relates to the objectives of the European Green Deal. The CSDDD complements the CSRD which mandates reporting of material impacts on people and the environment. The CSDDD mandates the process by which companies must identify and address (i.e., prevent, mitigate, cease, or remediate) those material impacts.

The CSDDD’s broad due diligence approach should also be considered alongside other more narrowly focused EU regulations, such as the Conflict Minerals, Batteries, and Timber Regulations as well as the EU’s Regulation Prohibiting Products Made with Forced Labour. The EU Regulation on Deforestation-free Products recognizes this and expects the more specific deforestation due diligence requirements to sit alongside the overarching due diligence obligations in the CSDDD.

EU Member States have two years to transpose the CSDDD into domestic laws. These obligations for business will be phased in:

• 2027: Largest companies with over 5,000 employees and €1.5 billion turnover
• 2028: Companies with over 3,000 employees and €900 million turnover
• 2029: Companies with over 1,000 employees and €450 million turnover

Given the CSDDD’s global reach, companies within and outside Europe are encouraged to prepare by:

1. Assessing Alignment with Global Due Diligence Standards

Sustainability due diligence is not a new concept. Look to the OECD Guidelines and the UNGPs for guidance on how to establish a risk-based due diligence approach to human rights and environmental impacts.  Consider how other standards and frameworks on climate and nature impacts—such as the Taskforce for Nature-related Financial Disclosures and the Science Based Targets Initiative (SBTi) contribute to due diligence. BSR has been working with business to implement these standards for years, and there is a wealth of experience and best practice that companies can draw from as they assess their readiness to comply with the CSDDD.

2. Establishing Robust Governance and Board Oversight

Integrating due diligence in a company’s policies and risk management systems, meaningfully engaging with stakeholders, and responding to stakeholder complaints all require clear internal accountabilities and effective board governance and oversight. Without this, companies will not be able to achieve the transformational potential of the CSDDD and deliver the long-term business value a strategic approach to compliance can unlock.

Companies can review the mandates and expertise of board members to oversee due diligence efforts and consider the sustainability risks of business models and strategies. At the management level, define clear accountabilities to establish and manage effective mechanisms that channel affected stakeholder concerns, which may include but should not be limited to ethicalhotlines or helplines. Under the CSDDD, complainants should have access to company representatives “at an appropriate level” to discuss actual or potential severe adverse impacts, as well as potential remediation.

3. Building Expertise and Fostering Cross-Functional Collaboration

Effectively conducting sustainability due diligence requires expertise on human rights and environmental impacts—including the interconnected nature of these different impacts—as well as on practical approaches to evaluate the severity and likelihood of these impacts. This will involve identifying and building the capacity of sustainability and other teams at different levels, including up to the board.

As sustainability risks become also regulatory risks, Legal, Compliance and Risk functions will take on a role in ensuring compliance with the CSDDD. In doing so, they must draw on the expertise of sustainability professionals (including issue-specific expertise on topics such as health and safety, living wages, biodiversity and climate) as they do for other risks; e.g., those related to intellectual property or data security.

4. Mapping the Landscape

Compliance with the CSDDD starts with a clear understanding of a company’s activities (including through its subsidiaries) and its direct and indirect business partners. Although the scope of the CSDDD is focused on upstream activities, understanding full value chain impacts is essential for meeting the expectations of both the CSDDD and the CSRD.

Second, companies also need to understand who their affected stakeholders are and build lasting relationships through proactive and structured engagement, from direct consultations with workers and trade unions to advisory councils with representatives from civil society and human rights and environmental defenders.

Third, recognizing the complex challenges of addressing certain impacts, including deep in supply chains, companies need to identify opportunities to collaborate with others to identify and address their human rights and environmental impacts. Perceived lack of visibility into—or influence over—a company’s supply chain is not an excuse for inaction. Under the CSDDD, companies may lean on industry and multi-stakeholder initiatives where these can support them in meeting their due diligence obligations. However, companies should carefully consider and assess the fitness of such initiatives to support their due diligence efforts, noting that they do not shield a company from penalties or liability if their due diligence is found lacking.

5. Developing a Roadmap for Implementation of the CSDDD

Due diligence is an ongoing cycle of activities that cannot be established overnight.

It requires a stepped and iterative approach to build a nuanced and dynamic understanding of a company’s impacts over time. A clear roadmap starting now will help prepare to comply with the CSDDD—setting out key milestones for mapping the company’s activities and engaging stakeholders; defining cross-functional accountabilities; developing a due diligence policy and climate transition plan and integrating this into existing policies, management systems, and processes; and evaluating the company’s grievance mechanisms, among other things.

The CSDDD is a major milestone and part of a global trend toward addressing the impacts of business on people and the planet. It signals growing pressure from civil society—and appetite among policymakers—for holding companies accountable for their own activities and value chains through regulatory and legal means.

Global Trend toward Regulating Responsible Business Conduct

The CSDDD is one of many government-led efforts to advance sustainability due diligence, and its adoption is likely to spur increased action among states beyond the EU. Some countries (such as South Korea) have proposed human rights due diligence rules, and other countries, such as Chile, require disclosure of due diligence measures. The US Uyghur Forced Labor Prevention Actde facto requires due diligence to overcome the presumption of forced labor imposed on certain goods from China.

Sustainability disclosure rules and non-binding policy initiatives, such as National Action Plans, also indicate a growing recognition by governments of the need to regulate business conduct on sustainability matters. The US National Action Plan on Responsible Business Conduct is grounded on the OECD Guidelines and the UNGPs, and multiple countries in Africa, Asia, and Latin America have adopted similar policy initiatives.

Interest in harmonizing human rights due diligence expectations globally is culminating in negotiations for a global binding treaty on business and human rights at the UN. This initiative is supported by the active engagement of countries across regions, such as China, Colombia, Ecuador, Egypt, France, Mexico, and South Africa.

Holding Companies Accountable through Litigation

Companies can expect to face increased scrutiny and legal action from civil society organizations representing the interests of affected people and the environment.

Affected stakeholders did not wait for the CSDDD to sue companies for their failures to meaningfully address their impacts on human rights, climate, or the environment. Corporate lawsuits for damages resulting from human rights violations and/or environmental degradation are now a regular occurrence. The last few years have also seen a rise in human rights-based climate litigation against governments and businesses. This culminated in the recent landmark ruling by the European Court of Human Rights, which found that the Swiss government violated human rights by failing to reduce carbon emissions, after a complaint brought by four older women and a Swiss association.

The fact that the CSDDD formally grants affected stakeholders and their representatives standing to bring liability claims for damages caused by companies’ failure to conduct proper due diligence will only normalize the expectation that such actors will play a role in enforcing standards of responsible business conduct.

How BSR Can Help

BSR’s multidisciplinary team takes a holistic approach to CSDDD compliance strategies, helping companies to develop approaches that are aligned with international standards and other related regulations and integrated across the value chain. BSR advisory services can help your company to:

• Evaluate your company’s approach to meeting the expectations of the CSDDD.
• Review the current state of your supply chain, by identifying related risks, and impacts
• Establish effective board oversight of sustainability
• Understand your just transition maturity and develop approaches for effective management
• Identify and prioritize human rights impacts across the value chain
• Understand disclosure requirements for your climate transition plan