CSDDD Overview
The Corporate Sustainability Due Diligence Directive (CSDDD) is the EU's most demanding sustainability regulation — requiring large companies to identify, prevent, and remedy adverse human rights and environmental impacts across their entire value chains. Unlike CSRD which requires disclosure, CSDDD requires action. First obligations apply from 2027.
The Corporate Sustainability Due Diligence Directive (CSDDD) is the EU's most demanding sustainability regulation — requiring large companies to identify, prevent, and remedy adverse human rights and environmental impacts across their entire value chains. CSDDD requires companies to conduct human rights and environmental due diligence across their operations, subsidiaries, and value chains.
What CSDDD requires — the core obligation
CSDDD requires companies to conduct human rights and environmental due diligence across their operations, subsidiaries, and value chains. This is not a reporting requirement — it is a conduct requirement. Companies must actively identify, prevent, mitigate, and remediate adverse impacts.
The six core due diligence obligations under CSDDD:
1. Integrate due diligence into company policy: Adopt a due diligence policy describing your approach to human rights and environmental due diligence — approved by the board and reviewed annually.
2. Identify and assess adverse impacts: Map your value chain and identify actual and potential adverse impacts on human rights and the environment. Prioritise the most severe and most likely impacts.
3. Prevent and mitigate potential adverse impacts: Take preventive action — contractual commitments from suppliers, capacity building, supplier engagement, and where necessary, suspension or termination of business relationships.
4. Bring actual adverse impacts to an end and remediate: Where adverse impacts are occurring, take action to stop them and provide remedy — whether financial compensation, restoration, or non-financial measures.
5. Establish and maintain a complaints procedure: Provide an accessible grievance mechanism for affected persons — workers, communities, civil society — to raise concerns about actual or potential adverse impacts.
6. Monitor effectiveness and communicate: Annually assess the effectiveness of your due diligence programme and publicly communicate your approach and outcomes.
CSDDD scope — which companies are affected
CSDDD applies in three waves based on company size:
Wave 1 (from 2027): EU companies with 5,000+ employees AND €1.5B+ net worldwide turnover. Non-EU companies with €1.5B+ EU net turnover.
Wave 2 (from 2028): EU companies with 3,000+ employees AND €900M+ net worldwide turnover. Non-EU companies with €900M+ EU net turnover.
Wave 3 (from 2029): EU companies with 1,000+ employees AND €450M+ net worldwide turnover. Non-EU companies with €450M+ EU net turnover.
The employee count and turnover thresholds are cumulative — both must be met. Parent companies are assessed at group level — a group with 1,200 employees and €500M turnover meets Wave 3 thresholds even if individual subsidiaries are below the threshold.
High-risk sector companies: The original CSDDD proposal included lower thresholds for companies in high-risk sectors (textiles, agriculture, mining, food). The final adopted Directive removed sector-specific thresholds — all companies are assessed against the same size criteria.
Non-EU companies: Non-EU companies are in scope if they generate the relevant turnover threshold in the EU — from sales to EU customers regardless of where goods are produced.
CSDDD vs CSRD — the critical difference
CSRD and CSDDD are complementary but fundamentally different in nature:
CSRD requires disclosure: Report what your sustainability impacts are, how you manage them, and what your performance is. Failure to disclose accurately results in regulatory penalties. The obligation is transparency.
CSDDD requires action: Identify adverse impacts and do something about them. Failure to prevent or remediate adverse impacts results in civil liability and administrative penalties. The obligation is conduct.
A company can fully comply with CSRD — disclosing all material impacts accurately — while failing CSDDD because it has not taken action to prevent those impacts.
The interaction: CSRD data feeds CSDDD. Your ESRS S2 value chain worker disclosure identifies the supply chain risks you know about. CSDDD requires you to have a programme to address those risks. ESRS G1 governance disclosures evidence the due diligence processes that CSDDD mandates.
Timeline interaction: CSRD Wave 2 companies begin reporting for FY2027. CSDDD Wave 1 companies must have due diligence programmes in place from 2027. For many large companies, both obligations begin in the same year — requiring integrated planning.
Frequently asked questions
Does CSDDD apply to non-EU companies supplying into the EU?
Non-EU companies are directly in CSDDD scope if they meet the EU turnover thresholds — €1.5B, €900M, or €450M in EU net turnover depending on wave. However, even non-EU companies below these thresholds are indirectly affected — their EU customers subject to CSDDD will impose due diligence requirements through supply chain contracts.
What is the difference between CSDDD and existing national due diligence laws?
Several EU member states already have national human rights due diligence laws — Germany (LkSG, 2023), France (Loi de Vigilance, 2017), Netherlands (CSDD, proposed). CSDDD creates an EU-level minimum standard that supersedes national laws where they are less demanding. Companies subject to national laws that exceed CSDDD requirements must continue to comply with the stricter national standard.
When do CSDDD due diligence programmes need to be operational?
From the first date of application for your wave — 2027 for Wave 1, 2028 for Wave 2, 2029 for Wave 3. Given that building a robust due diligence programme takes 18–24 months, Wave 1 companies should be in implementation now (2025/2026). Wave 2 companies should begin planning in 2026.