On 25 July 2024, the Directive (EU) 2024/1760 on corporate sustainability due diligence (the Directive or CSDDD) came into force. It followed by several years of negotiations on the terms of the Directive, involving representatives of the EU Council, the European Commission, the European Parliament, the European Central Bank, and other participants.
The CSDDD forms part of multiple EU initiatives aimed at achieving climate neutrality by 2050. It is closely linked to the Directive (EU) 2022/2464 as regards corporate sustainability reporting (CSRD). CSDDD and CSRD collectively require companies to conduct and disclose comprehensive sustainability, human rights, and environmental impact assessments, including the process and results of such evaluations.
However, initial CSRD reports showed that preparing such disclosures demands substantial time and resources, and numerous issues lack clarification and harmonisation. In response, on 26 February 2025, the European Commission adopted a set of new proposals (the Omnibus proposal), a legislative package intended to simplify EU regulations and ease requirements mainly for small and medium-sized enterprises regarding sustainable finance reporting and sustainability due diligence.
On 14 April 2025, the European Parliament and the Council postponed the date on which CSDDD requirements apply to companies. By 26 July 2027, member states must adopt the laws, regulations, and administrative provisions necessary to comply with the CSDDD.
Since the remaining provisions of the Omnibus proposal are still under development and have yet to be submitted to the European Parliament and the Council of the European Union for approval, this article focuses on the current version of the CSDDD. We will outline the proposed amendments from the Omnibus proposal in separate sections of the text.
What is corporate sustainable due diligence?
What does the new Directive mean by “due diligence”? It includes legal analysis, an operational activity review, environmental assessment, and other measures to identify and eliminate potential and actual adverse impacts on human rights and the environment.
We will examine how the Directive will affect European companies and other firms, including those in Ukraine.
The CSDDD requires companies to conduct verification of their activities, the activities of their subsidiaries, and business partners, in the following two areas:
(i) human rights: prohibition of forced labor, right to freedom of association and assembly, prohibition of interference in personal and family life, confidentiality of correspondence, etc.; and
(ii) environment: prohibition of production, use in production processes, import and export of products with added mercury, prohibition of illegal waste management, discharge of oil and wastewater into the sea, etc.
If companies detect violations, they must independently take measures to remedy them. For non-compliance with the requirements, a company may be fined or face court proceedings.
The main focus is on large companies
The Directive is directly aimed at companies with high metrics, as outlined in the table:
| European companies | Other companies, including Ukrainian |
| 1) >1,000 employees and >EUR 450 million in net worldwide turnover in the last financial year, or | 1) >EUR 450 million in net turnover in the EU in the last financial year, or |
| 2) did not reach the thresholds (point 1) but is the ultimate parent company of a group that (collectively) reached these thresholds in the last financial year according to consolidated financial statements, or | 2) did not reach the thresholds (point 1) but is the ultimate parent company of a group that (collectively) reached these thresholds in the last financial year according to consolidated financial statements, or |
| 3) company (or a group of companies where it is the ultimate parent company) received royalties from franchise or licensing agreements in the EU exceeding EUR 22.5 million and had a net worldwide turnover of more than EUR 80 million in the last financial year | 3) company (or a group of companies where it is the ultimate parent company) received royalties from franchise or licensing agreements in the EU exceeding EUR 22.5 million and had a net turnover of more than EUR 80 million in the EU in the last financial year |
CSDDD applies to:
a) limited liability companies, joint-stock companies, or companies with a similar legal form (listed in Annexes I and II of Directive 2013/34/EU), and
b) financial institutions (the necessity and options for additional requirements for financial institutions shall be published by 26 July 2026), regardless of their legal form, if the requirements listed in the table above are met for two consecutive years.
Such companies will be referred to as “large companies” under the CSDDD.
The actual impact of the Directive will be significantly broader
Although the Directive does not directly apply to small and medium-sized enterprises, they will experience its indirect impact as partners and suppliers to large companies that are subject to CSDDD.
How will this affect partners? The Directive requires large companies to analyse and assess all operations with suppliers related to the production of goods or the provision of services by that company, including the design, extraction, sourcing, manufacture, transport, storage and supply of raw materials, products or parts of products and the development of the product or the service for potential or actual negative impacts on human rights or the environment.
If a smaller company works with a large company covered by the Directive, it will likely need to adhere to the large company’s code of conduct, follow its due diligence policies, include contractual provisions mandating compliance with those rules, and provide assurances of compliance. Additionally, large companies may request information regarding their counterparts’ activities and require them to take measures to mitigate negative impacts on the environment or human rights. At a minimum, this behavior is reasonable for a conscientious large company that does not want to violate the requirements of CSDDD.
The Omnibus proposal:
Assessment within the value chain is restricted to direct business partners.
Indirect supply chain partners are considered only in two scenarios:
1) a large company has credible information that adverse impacts have occurred or may occur in the partner’s operations, or
2) the partner is used to circumvent direct partner verification requirements.
At the same time, large companies may take into account available information about indirect business partners and whether such business partners are capable of complying with the rules and principles set out in the large company’s code of conduct when selecting a direct business partner.
The Omnibus proposal further restricts general information requests for impact mapping. Large companies requesting information from direct business partners with less than 500 employees are limited to the data specified in the VSME standard. This limitation does not apply if large companies need additional information for impact mapping that they cannot reasonably obtain elsewhere.
The CSDDD requires large companies to provide support to small and medium-sized business partners, such as training, consulting, low-interest loans, etc. The Directive also permits large companies to suspend or terminate relationships with a partner in the event of non-compliance with the requirements of the large company or causing harm to human rights or the environment.
The Omnibus proposal:
The Directive allows large companies to jointly develop an enhanced action plan with suppliers to prevent negative impacts if there is a reasonable expectation of success, to monitor its implementation, or to suspend business relations with such a supplier.
As long as there is a reasonable expectation that the enhanced prevention action plan will be effective, continued engagement with that business partner will not, by itself, trigger the large company’s liability.
Who will monitor compliance with the requirements of the Directive?
The state responsible for monitoring compliance with the CSDDD requirements depends on the large company's location and its activities in the EU:
(i) for European companies – the EU member state where the company is registered;
(ii) for other (including Ukrainian) companies – the EU member state where the company has a branch. If the company does not have a branch in any EU member state or has branches located in different states, the responsibility for monitoring compliance falls on the member state where the company generated most of its net turnover in the EU in the previous financial year.
What obligations does the Directive impose on companies?
Four main categories of obligations for companies under the CSDDD can be identified:
1. Preventive measures
To prevent potential negative impacts, companies must modernise their production or other operational processes and infrastructure. This includes reducing waste or emissions in production processes, and investing in new technologies and equipment that are more environmentally friendly and safer. Large companies must develop a due diligence policy and update it at least every 24 months, as well as integrate due diligence into all their policies and risk management systems. At least once a year, large companies must evaluate the effectiveness of their due diligence efforts.
Large companies must develop a code of conduct with rules and principles to prevent or mitigate negative impacts on human rights and the environment. Both the companies themselves and their business partners must comply with this code.
The Omnibus proposal:
Large companies must assess their measures to mitigate and prevent adverse human rights or environmental impacts at least every five years.
Non-EU companies that fall under the scope of the Directive will be required to appoint an authorised representative responsible for liaison and communication with the relevant supervisory authorities of EU member states.
2. Mitigation of negative impacts
Large companies must develop and implement a corrective action plan and obtain contractual assurances from business partners regarding compliance with this plan.
In some cases, large companies must suspend or terminate business relationships with partners who violate human rights or cause harm to the environment.
3. Interaction with stakeholders
Large companies must establish a system through which employees, citizens, and organisations can report negative impacts from the company's or business partners' activities. This can include in-person meetings, online platforms, surveys, etc.
Additionally, large companies are required to report annually on their due diligence efforts by publishing a corresponding report on their website.
4. Mitigation of climate change impacts
Large companies must adopt and implement a transition plan to mitigate the impacts of climate change. This plan should align with the goals of the Paris Agreement (2015) and include clearly defined emission reduction targets with specific timelines. Ukraine has been a party to the Paris Agreement since 2016.
The Omnibus proposal:
A transition plan should also include specific actions to reach defined targets.
When should companies conduct an assessment?
The application of CSDDD will occur in three phases.
1. Preparation phase:
By 26 July 2027, EU member states will develop and approve rules and guidelines detailing how companies should comply with CSDDD requirements. These rules will outline what documents need to be prepared and what actions should be taken for the assessment of risks to human rights and the environment.
2. Compliance with the Directive by companies:
From the moment EU member states approve the relevant rules and guidelines, companies will have at least one year to implement the measures required by CSDDD and the EU member states’ legislation.
3. Application of the Directive’s measures:
CSDDD measures will be applied gradually:
- from 26 July 2028 – to European companies with a net worldwide turnover exceeding EUR 900 million and more than 3 000 employees; to other companies (including Ukrainian companies) with a net turnover in the EU exceeding EUR 900 million;
- from 26 July 2029 – to all other companies that fall under the scope of CSDDD.
Liability for non-compliance with the Directive
The Directive provides three types of liability for damage caused intentionally or negligently.
1. Pecuniary penalties
A member state may impose penalties on a large company. The maximum limit of pecuniary penalties shall be not less than 5 % of the net worldwide turnover of the company in the financial year preceding that of the decision to impose the fine. The amount of the pecuniary penalties will depend on the nature, duration of the violation, severity of the consequences, cooperation with other entities to mitigate the relevant effects, and other factors.
The Omnibus proposal:
The Directive prohibits EU member states from setting a cap on fines in their national legislation.
2. Public statement
If a large company fails to pay the fine on time, a public statement identifying the company and the nature of the violation will be published. This will negatively impact the company’s reputation and, consequently, its financial performance.
3. Compensation for Damages
A large company is required to compensate for damage caused to a natural or legal person. If the damage was caused jointly by the company and its subsidiary or business partner, they are jointly liable.
EU member states will specify the liability for violations of the Directive's requirements in their national legislation.
How can companies prepare for the implementation of the Directive now?
Large companies operating in the EU market or whose companies meet the Directive's criteria should already be preparing for the implementation of the CSDDD, particularly by assessing their activities and processes.
The CSDDD is aimed at protecting human rights and the environment. Therefore, large companies need to analyse which processes relate to human rights and which impact the environment.
Preparation for the implementation of the CSDDD can, in particular, include the following steps:
1) audit and risk assessment: analyse the large company's operations and those of its business partners, identifying operations/areas that may be considered risky. For suppliers - conduct an audit of their activities to avoid the risks of suspension or termination of business relationships with large companies;
2) establish prioritisation: after identifying the negative impacts, prioritise them and take further actions accordingly;
3) monitoring: implement measures to prevent and mitigate negative impacts, and regularly monitor their effectiveness. The large company should include provisions in its contracts regarding compliance with the code of conduct that it must approve and publish beforehand;
4) reporting and communication: establish effective interaction with stakeholders, create a system for submitting complaints and feedback, as well as efficient processes for responding to submitted complaints and feedback.
Small and medium-sized suppliers who are not directly covered by the Directive should also analyse their operations to ensure compliance with the CSDDD requirements. If a company supplies products to larger market participants, its compliance with the CSDDD will become a mandatory requirement for the company’s participation in global supply chains.
Conclusions and recommendations
The CSDDD directly targets not all, but only large companies with specified turnover and employee criteria. If your company operates in the EU market and meets the criteria outlined in the Directive, you should assess your company's activities for compliance with the CSDDD requirements to timely identify and address potential issues related to human rights violations and environmental harm. This will help mitigate risks and ensure a smooth transition to the new regulation.
Even smaller companies must prepare to meet the new CSDDD requirements if they cooperate or plan to partner with large companies, to avoid exposing their partners to liability risks. Since large companies must comply with the CSDDD, they will prefer partners that are prepared to meet these requirements, thus securing their supply chain. Prompt due diligence and the ability to demonstrate compliance with the Directive to large company partners will provide a significant competitive advantage.
Authors: Volodymyr Igonin, Mariia Mykhailovin