EU Corporate Sustainability Due Diligence Directive (CSDDD)

The compromise text of the Corporate Sustainability Due Diligence Directive (CSDDD) amending the ‘Whistle Blowers’ Directive was adopted by the EU Parliament this week. The final text approved by the EU Institutions and to be formally endorsed by the Council raised the thresholds for in-scope non-financial and financial companies.  Once transposed by member states, company’s due diligence information will be published on the Europe Single Access Point (ESAP) portal and form part of annual statements.

Across the financial sector, the rules will apply to regulated financial institutions namely credit institutions, investment firms and alternative investment fund managers (AIFMs), management companies, insurance and reinsurance undertakings, institutions for occupational retirement provision (IORPs), central counterparty entities, central securities depository entities, re/insurance special purpose vehicles, securitization special purpose vehicle, financial holding companies, payment institutions, electronic money institutions, crowdfunding service providers, and crypto-asset service providers.

The CSDDD will complement the Corporate Sustainability Reporting Directive (CSRD) by adding a substantive corporate duty for in-scope companies to perform due diligence to identify, prevent, mitigate and account for external harm resulting from adverse human rights and environmental impacts in the company’s own operations, its subsidiaries and in the value chain.

The CSDDD rules will apply gradually to large limited liability EU companies and non-EU companies reaching the same turnover thresholds and in certain cases employee thresholds, to be fulfilled for two consecutive financial years:

  • EU companies and parent companies with over 1000 employees and a worldwide turnover higher than 450 million euro in the last financial year. A parent company that reached these thresholds is in-scope applying its consolidated annual financial statements.
  • Third country companies which generated a net turnover of at least EUR 450 million euro in the EU in the financial year preceding the last financial year (there is no employee threshold for third-country companies). A parent company that reached these thresholds is in-scope applying its consolidated annual financial statements.
  • EU and third-country companies with franchising or licensing agreements in the EU ensuring a common corporate identity with worldwide turnover higher than 80 million euro if at least 22.5 million euro was generated by royalties.

The methods for calculating net turnover for third-country companies are as laid down in the EU Accounting Directive.

A staggered phase-in is planned:

  • From 2027 to companies with over 5000 employees and worldwide turnover higher than 1500 million euro;
  • From 2028 companies with over 3000 employees and a 900 million euro worldwide turnover;
  • From 2029 all the remaining companies within the scope including those with over 1000 employees and worldwide turnover higher than 450 million euro.

In-scope companies will have to integrate due diligence into their policies, make related investments, seek contractual assurances from their partners, improve their business plan or provide support to such business partners to ensure they comply with new obligations. Therefore, while small to medium sized entities (SME’s) are not directly in-scope for the CSDDD, many may be asked to provide contractual assurances as business partners to those companies that are in-scope.

For companies in-scope for both the CSRD and CSDDD their disclosure of compliance will form part of the requirement to describe how they carry out due diligence across both Directives.  Companies not in-scope for the CSRD will publish an annual statement on their website, no later than 12 months after the balance sheet date of the financial year.

Due diligence by companies means conducting risk-based human rights and environmental actions laid down in Articles 7 to 16, summarised as follows:

  1. integrating due diligence into their policies and risk management systems;
  2. identifying and assessing actual or potential adverse impacts and, where necessary, prioritising actual and potential adverse impacts;
  3. preventing and mitigating potential adverse impacts, and bringing actual adverse impacts to an end and minimising their extent;
  4. providing remediation for actual adverse impacts;
  5. carrying out meaningful engagement with stakeholders;
  6. establishing and maintaining a notification mechanism and a complaints procedure;
  7. monitoring the effectiveness of their due diligence policy and measures; and
  8. publicly communicating on due diligence.

Member state competent authorities will be responsible for enforcement of the CSDDD provisions. Penalties for infringement by in-scope companies will include monetary penalties and a public statement outlining the nature of the infringement if the company fails to comply.  Penalties are to be calculated taking into account the consolidated turnover at the level of the ultimate parent company.

Persons (and their representative organisations) who are adversely affected or have reasonable grounds to believe that they might be adversely affected by the companies value-chain activities with regard to human rights and the environment are to have a mechanism to submit complaints directly to the company.  Companies therefore must establish an accessible, fair, and publicly available procedure for such persons to submit legitimate complaints directly to them. Companies will have the right to participate in collaborative procedures in connection with complaints.  Actual or potential severe adverse impacts on human rights and the environment will be subject to meaningful engagement and remediation.  The term ʻremediationʼ means restoring the affected person or persons, communities or environment to a situation equivalent or as close as possible to the situation they would have been in had the actual adverse impact not occurred.

Provisions for legitimate civil liability claims to be brought to the national courts where a company intentionally or negligently failed to comply with due diligence obligation stemming from the CSDDD have a five year limitation period.


This information does not constitute legal, regulatory or other advice.