CSDDD: Human rights & environmental due diligence across your value chain

From July 2027, CSDDD applies to companies with 5,000+ employees and €1.5bn+ worldwide net turnover. Non-EU companies where the company generated a net turnover exceeding EUR1.5 billion in the EU in the financial year preceding the last financial year are also in scope. A previously planned focus exclusively on direct business partners ("Tier-1 companies") has been dropped. Instead, due diligence obligations must be observed across the entire value chain. A risk-based approach is to be applied: companies should only take action where (potential) adverse impacts have been identified. Risks can be prioritised according to their severity and likelihood of occurrence and addressed sequentially. In doing so, an initial focus on direct business partners is permissible where adverse impacts in multiple areas of the supply chain are assessed as equally likely or equally severe.

CSDDD requires a six-step due diligence process, aligned with the OECD Guidelines for Multinational Enterprises:

(1) Embed due diligence into policies
(2) Identify and assess adverse impacts
(3) Prevent, mitigate and bring to an end
(4) Monitor effectiveness
(5) Communicate publicly
(6) Provide remediation

CSDDD covers the entire "chain of activities" — this includes upstream suppliers at all tiers, your own operations, and certain downstream activities. Unlike the German LkSG, CSDDD explicitly requires risk-based due diligence across the full value chain.

You must use a risk-based approach — prioritise high-risk sectors, geographies, and commodities.

Yes — the Annex lists specific international instruments. Human rights: forced labour, child labour, workplace safety, fair wages, freedom of association, discrimination, land rights, indigenous peoples. Derived from ICCPR, ICESCR, ILO conventions.

Environmental impacts: pollution, emissions, water consumption, biodiversity, deforestation. Reference: Minamata, Stockholm, Basel conventions, Convention on Biological Diversity.

Yes — CSDDD introduces civil liability for companies that fail to fulfil their due diligence obligations. Victims have at least 5 years to bring claims. Companies cannot contractually limit this liability. NGOs and trade unions can bring claims on behalf of victims.

This gives a legal pathway for people harmed by supply chain practices to seek compensation in EU courts.

Yes — companies must adopt a climate transition plan compatible with the 1.5°C target.

Must include: (1) time-bound targets for 2030 and 5-year steps to 2050; (2) decarbonisation levers; (3) investments/funding; (4) role of management bodies. Updated annually.

CSDDD will effectively supersede national supply chain laws like LkSG once transposed.

Key differences: (1) full value chain coverage; (2) civil liability; (3) climate transition plan; (4) broader environmental obligations.

If compliant with LkSG, you have a strong foundation — but CSDDD goes further.

National supervisory authorities will have the power to impose fines of up to 5% of the company's worldwide net turnover. This is one of the highest penalty ceilings in EU sustainability legislation — exceeding even the EUDR's 4% threshold.

Beyond financial penalties, authorities can: (1) order the company to cease a specific practice or take specific remedial action; (2) issue public statements identifying the company and the violation; (3) in serious cases, exclude the company from public procurement in the EU.

The "naming and shaming" aspect is significant: reputational damage from a public finding of human rights or environmental due diligence failures can be as costly as the fine itself. Companies should treat compliance as a governance priority — not a paper exercise.