What is the Corporate Sustainability Due Diligence Directive (CSDDD)?

Summary Highlights:

• The Corporate Sustainability Due Diligence Directive, also known as CSDDD and CS3D, is a new European Union directive that requires organizations to identify adverse human rights and environmental impacts their operations cause, and develop measures to mitigate those impacts. 
• EU companies with 1,000 employees and net turnover of at least EUR 450 million and are required to follow the new CSDDD requirements
• Specific issues CSDDD aims to tackle include child labor, forced labor, unequal treatment in employment, use of POPs, pollution, emissions, and deforestation.. 
• EU member states have two years from when the CSDDD entered into force to incorporate the directive into national law.

What is the Corporate Sustainability Due Diligence Directive (CSDD)?

The Corporate Sustainability Due Diligence Directive (CSDDD) is a new European Union law that requires EU and non-EU businesses to meet certain thresholds to identify, mitigate, or remedy adverse human rights and environmental impacts linked to their operations and supply chains.

What Does CSDDD Mean?

CSDDD stands for the Corporate Sustainability Due Diligence Directive. It’s also sometimes abbreviated as CS3D. The legislation’s name refers to the due diligence requirements being imposed by the directive, which focus on sustainability issues in the ESG spaces. 

How Has CSDDD’s Scope Changed Since It Was First Proposed? 

In December 2023, the Council of the EU and European Parliament reached a provisional agreement on the language of the CSDDD, a crucial political hurdle that was widely expected to presage a relatively smooth legislative process the following year. But in the first few months of 2024, the EU bill encountered stiff resistance from a number of EU countries. 

In January and February, large EU nations like Germany and Italy, as well as a coterie of smaller member states that included Finland, Hungary, and Estonia, began voicing ambivalence about the large burden the directive would impose on businesses. This growing resistance to the law led to months of high-stakes political drama—including a string of postponements on an EU Council vote and a failed passage on February 28—and left many observers wondering if the historic bill would soon be dead in the water. Following weeks of intense negotiations between EU member states, however, the CSDDD was pulled back from the brink. On April 24, European Parliament approved the legislation. A month later, the EU finalized its adoption of the Corporate Sustainability Due Diligence Directive. 

In January and February, large EU nations like Germany and Italy, as well as a coterie of smaller member states that included Finland, Hungary, and Estonia, began voicing ambivalence about the large burden the directive would impose on businesses.

As a result of the high-wire political drama between EU member states, the CS3D was pared back in several meaningful ways. But despite these changes, the directive remains a highly consequential piece of legislation. At its heart, CS3D’s passage into law represents a major paradigm shift in the role ESG plays in government regulation.

At its heart, CS3D’s passage into law represents a major paradigm shift in the role ESG plays in government regulation.

For large organizations operating in the EU, the bill will almost certainly trigger major internal overhauls. Corporations will need to start expanding their due diligence processes, risk management measures, and climate change mitigation efforts to meet the ESG regulation’s myriad requirements. Though CS3D’s initial scope may be smaller than it once was, make no mistake: the directive’s teeth remain sharp, long, and capable of biting negligent actors who run afoul of the law. 

CSDDD vs. ESG vs. CSRD: What’s the Difference?

CSRD, ESG, CSDDD…with so many new sustainability initiatives springing up all over the world, it’s getting easier and easier to mix up all the acronyms and initialisms. So what do they stand for?

CSRD, ESG, CSDDD…with so many new sustainability initiatives springing up all over the world, it’s getting easier and easier to mix up all the acronyms and initialisms. So what do they stand for?

“ESG” stands for environmental, social, and governance, and it isn’t actually a government regulation at all. Rather, it’s a framework for assessing and evaluating corporate sustainability. Its three titular pillars collectively encompass a number of issues that are related to ethical, sustainable business practices, including decarbonization, hazardous waste reduction, biodiversity loss, fair pay, forced labor, and corporate governance. 

“CSRD,” on the other hand, is an abbreviation of the Corporate Sustainability Reporting Directive. The CSRD is an EU regulation that became effective in 2023 and obligates certain EU companies to adhere to sweeping reporting requirements in 12 different categories (these categories are referred to as the European Sustainability Reporting Standards, or ESRS). Reporting for the first group of companies in the scope of the CSRD is due in 2025, with deadlines extending all the way to 2029. 

What Are CSDDD’s Specific Due Diligence Obligations?

The Corporate Sustainability Due Diligence Directive establishes a raft of new obligations for businesses operating in the EU. Under the new law, organizations that meet certain thresholds will need to identify any adverse human rights and environmental impacts connected to their operations and develop measures to mitigate or remediate those impacts. 

Under the new law, organizations that meet certain thresholds will need to identify any adverse human rights and environmental impacts connected to their operations and develop measures to mitigate or remediate those impacts. 

What Does CSDDD Require?

The directive requires in-scope businesses to implement six specific due diligence steps drawn from the Organisation for Economic Co-operation and Development’s (OECD) Due Diligence Guidance for Responsible Business Conduct. The OECD’s guidance includes the following high-level steps:

• Identify and assess adverse impacts, including not only those arising out of the business’s own operations but also across the organization’s supply chain and business partners. 
• Develop and implement specific measures to prevent, mitigate, or otherwise ameliorate these adverse impacts. 
• Incorporate all due diligence processes into company policies and internal management systems. 
• Continuously monitor the mitigation measures and track their effectiveness over time. 
• Communicate how the adverse impacts are being addressed.
• Cooperate in external remediation measures when applicable, including by providing access and transparency to outside parties. 

What Are CSDDD’s “Adverse Impacts”? 

The Corporate Sustainability Due Diligence Directive covers a bundle of issues that all generally fall into one of the ESG framework’s three central pillars. In the text of the legislation, the Council of the European Union lays out several dozen examples of what constitute adverse impacts to the environment and human rights. The impacts are generally framed as either “prohibitions” businesses in the scope of the CS3D are legally barred from engaging in, or “rights” they are obligated to uphold. 

Specific human rights issues addressed in the legislation include—but are not limited to—the following areas:

• Favorable working conditions
• Fair wages
• Adequate housing
• Forced labor
• Child labor 
• Slavery, serfdom, and human trafficking
• Unequal treatment in employment 

The Corporate Sustainability Due Diligence Directive also addresses a number of environmental impacts that fall within the framework’s remit:

• Biological diversity
• Use of Persistent Organic Pollutants (POPs)
• Importing, exporting, and disposing of hazardous waste 
• Pollution
• Emissions
• Deforestation

In addition to addressing these adverse impacts, the CS3D regulation also requires all businesses in the directive’s scope to develop and implement a climate transition plan. According to the legislation, these transition plans should aim “to ensure, through best efforts, that the business model and strategy of the company are compatible with the transition to a sustainable economy and with the limiting of global warming to 1.5 °C in line with the Paris Agreement.” Such climate transition plans should also align with the European Climate Law passed in 2021, which set forth a goal for the 27 member countries to reach climate neutrality by 2050. 

The directive notably characterizes its climate change requirements as an “obligation of means and not of results.” While the CS3D stipulates that supervising authorities should review, assess, and monitor the transition plans of covered businesses, it also acknowledges the possibility that some companies will not achieve their target goals. 

What’s the Scope of the Corporate Sustainability Due Diligence Directive?

The scope of the CSDDD was one of the major sticking points in the high-level negotiations that transpired in the first quarter of the year, and the final version of the law reflects some significant concessions on this front. The version of the directive that the Council of the EU and European Parliament provisionally agreed on last year would have ultimately covered all EU companies with at least 500 employees and total annual revenue exceeding EUR 150 million. Additionally, all non-EU businesses with annual revenues of at least EUR 150 million within the EU would have been covered by the law. 

Who Does CSDDD Apply To?

In the subsequent version of the legislation that was officially passed in May, that threshold was lifted to 1,000 employees and net turnover of at least EUR 450 million for EU companies. The threshold for non-EU companies operating in the member states, meanwhile, was lifted to EUR 450 million. 

In the subsequent version of the legislation that was officially passed in May, that threshold was lifted to 1,000 employees and net turnover of at least EUR 450 million for EU companies.

Broadly speaking, there are four groups that fall within the scope of the law:

• EU companies that have at least 1,000 employees and total revenue exceeding EUR 450 million. (This also includes parent companies of these businesses.)
• EU companies that entered into franchising or licensing agreements in the EU and collected royalties of at least EUR 22.5 million and have annual global revenue in excess of EUR 80 billion.
• Non-EU companies that entered into franchising and licensing agreements in the EU and collected royalties of at least EUR 22.5 million and have annual revenue in the EU exceeding EUR 80 million.
• Non-EU companies that have a total annual revenue of at least EUR 450 million in the EU (there are no employee thresholds for this group). 

Finally, companies must fulfill the criteria for one of the above groups for two consecutive years to fall within the scope of the CS3D. 

What’s the Timeline for CSDDD Implementation?

EU member states have two years from when the CSDDD entered into force to incorporate the directive into national law.

EU member states have two years from when the CSDDD entered into force to incorporate the directive into national law (this is a legal process the EU refers to as “transposition”). As the legislation was formally adopted by the European Council and passed into law on May 24, countries will likely be codifying it over the course of 2025 and 2026. The EU will be carrying out a phased implementation of the CS3D beginning in 2027 that will take place over three years and eventually impose compliance obligations on each of the four categories outlined above. 

‍

What Are the Consequences for Noncompliance with the Corporate Sustainability Due Diligence Directive?

The sustainability directive requires member states to designate a “supervisory authority” to oversee implementation of the CS3D and monitor its adherence among covered businesses. These regulatory bodies are responsible for enforcing the framework’s due diligence requirements and climate transition plan. The chosen authorities may employ enforcement mechanisms that include penalties and fines that are “effective, proportionate, and dissuasive.” According to the language of the directive, such fines must carry a maximum penalty of no less than 5% of the total global revenue of the violating company (based on proceeds from the previous year). 

According to the language of the directive, such fines must carry a maximum penalty of no less than 5% of the total global revenue of the violating company (based on proceeds from the previous year). 

In addition to financial penalties, companies that violate the CSDDD may also be subject to civil liability. Under these circumstances, businesses can be found liable if they “intentionally or negligently” failed to comply with the directive’s obligations and that compliance failure caused damage to a natural or legal person. Any victims of such violations of the directive—i.e., a potential claimant—must be given at least five years to bring forth a claim of damages and seek civil liability. 

What Can Businesses Do to Prepare for the Corporate Sustainability Due Diligence Directive?

The first measure businesses with operations in the EU should take is to determine whether or not they fall within the scope of the CSDDD. The new thresholds agreed upon by member states in the first quarter of 2024 substantially reduced the number of companies covered by the directive, and some estimates have suggested that the scope shrunk from nearly 17,000 businesses to around 5,500. 

If a company does exceed one or multiple thresholds for inclusion in the CS3D, there are several steps they can take to effectively prepare for the law’s implementation:

• First, they can incorporate into their operations the OECD’s Due Diligence Guidance for Responsible Business Conduct—a framework that directly informed the development of the directive’s due diligence obligations. 
• Second, businesses should start the process of creating a climate transition plan that adheres to the CSDDD’s stated design requirements. These include integrating time-bound emissions targets with specific goals for 2030 and every five years thereafter up to 2050; decarbonization strategies or “levers” that will facilitate the company’s reduction of greenhouse gas emissions; and a detailed description of the financial investments and allocations funding the climate transition plan. 
• Finally, businesses that have not already done so can adopt a comprehensive supply chain risk management system. These systems—which are often a combination of policies, practices, and third-party platforms—can help companies assess internal and external risks, establish greater transparency with suppliers, business partners, and other supply chain stakeholders, and develop appropriate risk mitigation measures. Collectively, these actions can help firms identify and ultimately reduce many of the adverse impacts they will be legally obligated to address under the CS3D.