Understanding the EU Corporate Sustainability Due Diligence Directive (CSDDD): Why It Matters and How to Prepare

Key Takeaways

• CSDDD became law in July 2024, with compliance phasing in from 2027 to 2029.
  
• It covers EU and non-EU companies with significant EU turnover.
  
• Member states must transpose rules by July 2026.
  
• Early prep means mapping supply chains, updating policies, and building monitoring systems.
  

For years, European companies have faced a patchwork of national laws pushing them to take responsibility for human rights and environmental issues tied to their business operations. France passed its Duty of Vigilance law in 2017. Germany followed with the EU Supply Chain Act in 2021. Each aimed to hold companies accountable not just for what they do directly, but for what happens along the value chains that support them. As global supply networks grew more complex and regulatory demands became harder to reconcile across borders, it became clear that a unified, EU-wide approach was needed.

That’s why the EU Corporate Sustainability Due Diligence Directive (CSDDD) was created.

Formally adopted by the European Parliament in April 2024 and published in the Official Journal of the EU on July 5, 2024, the directive officially entered into force on July 25, 2024. Member States now have until July 26, 2026 to transpose it into national legislation. Companies must begin complying in phases based on the following CSDDD timeline, depending on their size and revenue:

• July 26, 2027: Companies with more than 5,000 employees and €1.5 billion turnover
• July 26, 2028:  Companies with more than 3,000 employees and €900 million turnover
• July 26, 2029: Companies with more than 1,000 employees and €450 million turnover

This directive lays down a common framework for corporate due diligence on sustainability risks. It compels large companies operating in the EU, whether headquartered inside or outside the bloc, to:

• Identify actual or potential human rights and environmental risks
  
• Prevent and mitigate adverse impacts tied to their value chains
  
• Establish grievance mechanisms for affected individuals
  
• Publicly disclose their due diligence efforts
  
• Align their business strategies with global climate goals
  

The idea is simple, (even if the execution is complex). Companies should no longer be blind to forced labor in their suppliers’ factories or environmental damage caused by third parties acting on their behalf.

Here’s what makes the EU CSDD Directive such a significant shift:

• It creates binding obligations across borders, including for non-EU companies
  
• It moves from voluntary ESG programs to enforceable legal requirements
  
• It expands due diligence from internal operations to entire value chains
  
• It introduces civil liability for harm caused by failure to act
  
• It connects environmental sustainability with corporate governance
  

What is Required Under the EU CSDDD Directive?

The directive doesn’t stop at values. It mandates systems. Companies will need to embed due diligence into their management and governance processes, regularly assess and mitigate risks, take corrective action when harms occur, and communicate their progress publicly. They will also be required to adopt climate transition plans aligned with the Paris Agreement’s 1.5°C goal. This shows a deeper integration of environmental goals into risk and compliance frameworks.

Risk managers, compliance officers, legal counsel, ESG teams, and even CISOs all have a role to play. The directive encourages companies to take a broad view of responsibility, stretching from boardroom strategy to daily operations, with oversight embedded into corporate policies and executive performance incentives.

Starting in 2027, the law will begin applying to the largest firms with over 5,000 employees and €1.5 billion in global turnover. In 2028 and 2029, it will phase in for smaller thresholds, eventually covering any firm with over 1,000 employees and €450 million in turnover. The directive also applies to non-EU companies that generate this level of revenue within the EU. For global firms that are used to lighter-touch regulations in their home markets, this represents a substantial change.

The scope is broad but not unlimited. It applies to a company’s own operations, its subsidiaries, and business partners throughout its value chain. In late negotiations, lawmakers limited the requirement to direct suppliers unless further risk is identified. Still, even this tiered model reflects a deeper change. The days of plausible deniability are over.

Many companies will find this transition difficult. Unlike the Corporate Sustainability Reporting Directive (CSRD), which is largely about disclosures, the CSDDD is action-oriented. It requires companies not only to report on risks, but to address them directly. That includes offering access to remedies for affected individuals or communities, and keeping policies updated as risks evolve.

In practical terms, this means building or expanding systems that many companies are only just beginning to pilot. These include supply chain mapping, human rights risk assessments, grievance mechanisms, ESG data workflows, and internal training. While some of these components may already exist – particularly for companies subject to other EU regulations like the Conflict Minerals Regulation or the Deforestation Regulation – the CSDDD connects them under a unified operational expectation. Policies on paper are no longer enough. Action and documentation are both required.

CSDDD Requirements At a Glance

• A written, board-approved sustainability due diligence policy
  
• Integration into risk management and governance systems
  
• Risk assessments across the value chain
  
• Preventive and corrective measures for adverse impacts
  
• A climate transition plan in line with 1.5°C targets
  
• Annual review and public disclosure of due diligence efforts

As with most EU directives, the CSDDD sets minimum standards. Member states are responsible for passing national laws that align with it, and they may choose to go further. This means there will be some variation in how enforcement works, including how penalties and civil liabilities are applied. But the direction is clear. Sustainability and human rights risk are now firmly within the domain of corporate compliance.

How to Prepare for the EU CSDDD: A Practical Roadmap

Whether your company is already in scope or expects to be in a few years, the time to act is now. Building compliance into your DNA early will make implementation smoother and reduce exposure to enforcement risk. Here’s a straightforward roadmap to get started:

1. Map Your Value Chain
   Identify suppliers, subsidiaries, and business partners involved in your product and service delivery. Start with your direct relationships and work outward.
   
2. Conduct a Gap Analysis
   Compare your current practices to CSDDD requirements. Evaluate how well your current policies address due diligence, climate planning, and grievance handling.
   
3. Define Responsibility Internally
   Create a cross-functional team spanning legal, compliance, ESG, procurement, and executive leadership.
   
4. Develop or Update Your Policies
   Codify your due diligence policy and embed it into your wider risk and governance frameworks.
   
5. Build or Enhance a Risk Monitoring System
   Implement digital tools that help you identify and assess human rights and environmental risks in real time. This is where platforms like Centraleyes play a critical role.
   
6. Train Your Stakeholders
   Ensure that procurement, operations, and vendor-facing teams understand what the directive requires and how they contribute to compliance.
   
7. Establish Grievance Channels and Remediation Plans
   Develop accessible ways for affected stakeholders to report harm. Prepare protocols for responding and offering remedies.
   
8. Document Everything
   Track every risk, decision, and mitigation step. A clear audit trail will be essential if your due diligence is ever challenged.

Comparison to Other Frameworks

The CSDDD is part of a broader ecosystem of European regulations around sustainability and ESG. Here’s how it stacks up against other key frameworks:

Regulation	Focus	Scope	Enforcement	Applies To
CSDDD	Due diligence and remediation	Global value chain, including subsidiaries and suppliers	Civil liability, regulatory fines	>€450M turnover
CSRD	ESG disclosure and reporting	Financial and non-financial metrics	Administrative penalties	~50,000 EU companies
German Supply Chain Act	Due diligence for human rights	Tier-1 and known tier-2 suppliers	Regulatory enforcement	>3,000 employees
France Duty of Vigilance	Human rights and environmental vigilance	Broad value chain	Civil liability	>5,000 employees in France

Frequently Asked Questions

Is the EU CSDDD legally binding?
Yes. It is a directive, which means all EU member states are required to implement it through national legislation. The rules must meet or exceed the minimum outlined in the directive.

Does this apply to non-EU companies?
Yes. If a non-EU company generates more than €450 million in revenue from the EU market, it falls under the directive.

How is this different from the CSRD?
The CSDDD is about action and risk prevention. The CSRD is about reporting. Most companies in scope for one will also need to comply with the other.

What happens if a company doesn’t comply?
Penalties may include administrative fines and civil liability for harm. Member states will define their own enforcement regimes.

Is the supply chain requirement limited to tier-1 suppliers?
Not always. The directive requires companies to act where they have established business relationships. In high-risk sectors, this may include indirect suppliers.

Final Thoughts

The Corporate Sustainability Due Diligence Directive is not just another item on the compliance checklist. It reflects a growing global expectation that companies operate with integrity, visibility, and accountability. It also marks the convergence of ESG principles and operational risk, embedding human rights and environmental impact directly into governance frameworks.

Companies that prepare early, invest in the right systems, and treat due diligence as part of their culture-not just a legal hurdle-will be better equipped to adapt, scale, and lead.

Let the directive serve as a catalyst. Build a future-proof compliance strategy now, and you’ll be ready not only for the CSDDD, but for what comes next.