CSDDD: EU Corporate Sustainability Due Diligence Directive
What Is CSDDD and What Does It Require?
The Corporate Sustainability Due Diligence Directive (CSDDD) is the EU's mandatory human rights and environmental due diligence regulation — the first legally binding EU requirement for companies to conduct, report, and remediate value chain human rights and environmental impacts. While CSRD requires reporting on sustainability impacts, CSDDD requires active due diligence and prevention. Companies subject to CSDDD must identify, prevent, mitigate, and account for actual and potential adverse human rights and environmental impacts in their own operations and value chains — and face civil liability if they fail to conduct adequate due diligence and adverse impacts result in harm. For investors, CSDDD creates both an investor engagement anchor (demanding HRDD compliance from portfolio companies) and a direct investor application (large investment management firms are in scope).
CSDDD (Corporate Sustainability Due Diligence Directive) requires large EU companies and large non-EU companies operating in the EU to conduct mandatory human rights and environmental due diligence (HRDD) in their value chains — including identification, prevention, mitigation, and remediation of adverse impacts — with civil liability for harms caused by inadequate due diligence.
Key Takeaways
- CSDDD creates a legally binding HRDD obligation for EU companies with 1,000+ employees and €450M+ turnover (initially proposed at 500/€150M but revised upward in 2024 negotiations).
- Value chain scope is broader than own operations — companies must address adverse impacts throughout their chain of activities, including suppliers and customers where they have a business relationship.
- Civil liability is the enforcement mechanism: victims of HRDD failures can sue the company in EU member state courts if HRDD was inadequate and harm resulted.
- Companies must have a climate transition plan consistent with 1.5°C pathway (or update existing plans) — not just report climate plans but actively pursue them.
- CSDDD complements CSRD: CSRD requires reporting what HRDD was conducted; CSDDD requires actually conducting it.
CSDDD Scope
Final scope (following 2024 political negotiations that narrowed the initial Commission proposal):
EU companies: Large EU companies with:
-
1,000 employees AND
-
€450M worldwide net turnover
Non-EU companies: Non-EU companies with:
-
€450M net turnover generated in the EU
Phase-in:
- Phase 1: EU companies >5,000 employees AND >€1.5B turnover — approximately 2027
- Phase 2: EU companies >1,000 employees AND >€450M turnover — approximately 2028
- Phase 3: Non-EU companies >€450M EU turnover — approximately 2029
Financial sector: Financial institutions (banks, asset managers) are included in scope but with reduced requirements — primarily focused on own activities rather than full value chain due diligence on investment portfolios. The EU Parliament had pushed for full financial sector value chain due diligence; the final directive limits financial sector scope.
SME protection: SMEs are not directly subject to CSDDD but face indirect impact through large company supply chain HRDD requirements — customers subject to CSDDD will require HRDD documentation from SME suppliers.
CSDDD Due Diligence Obligations
Companies subject to CSDDD must:
1. Integrate due diligence into policies Adopt a company-level due diligence policy covering HRDD approach, supplier code of conduct, and climate transition plan.
2. Identify actual and potential adverse impacts Map own operations and value chain to identify where human rights and environmental adverse impacts may occur. Prioritize based on severity, scale, and remediability.
3. Prevent and mitigate potential impacts Develop and implement action plans to prevent potential adverse impacts before they materialize. Engage suppliers and business partners on HRDD compliance.
4. Bring actual impacts to an end and remediate When adverse impacts are confirmed in own operations or controlled supply chain, take corrective action. Provide or contribute to remediation for victims.
5. Establish grievance mechanisms Create accessible, effective complaint mechanisms for workers, communities, and others potentially affected by adverse impacts.
6. Monitor effectiveness Assess the effectiveness of HRDD policies and measures — including by consulting affected stakeholders.
7. Communicate publicly Report HRDD implementation as required by CSRD (ESRS S1-S4 and ESRS E1-E5 disclosures).
8. Climate transition plan Have a climate transition plan consistent with the Paris Agreement 1.5°C pathway — updating existing plans if the company has them.
Value Chain Scope
Chain of activities (CSDDD's term for value chain):
Upstream: Suppliers of raw materials, components, and services used in production. Includes tier 1 suppliers (direct relationships) and deeper tiers where the company has established relationships.
Own operations: The company's own facilities, employees, and processes.
Downstream (limited): Distribution, transport, and storage by entities on behalf of the company. Customer use of the company's products is specifically excluded from CSDDD's downstream scope (a significant limitation relative to the initial Commission proposal).
Business relationship depth: CSDDD applies to established business relationships — both direct suppliers (tier 1) and indirect suppliers if the company has an established relationship. One-time transactions with unknown suppliers are not in scope.
Prioritization principle: Due diligence must prioritize actual severe impacts before potential lower-severity impacts. Companies are not required to prevent all possible impacts — they must apply risk-based prioritization.
Civil Liability
CSDDD's most distinctive enforcement feature:
Civil liability standard: Persons who have suffered harm due to a company's failure to comply with its HRDD obligations may bring civil liability claims in EU member state courts.
Conditions for liability:
- The company failed to comply with CSDDD obligations (prevent impacts, establish grievance mechanisms, remediate)
- Harm occurred as a result of the failure
- The harm was caused by an adverse impact in the company's chain of activities
Legal standing: NGOs and trade unions may bring representative actions on behalf of affected persons — not only direct victims.
Complementarity: Civil liability under CSDDD is intended to complement (not replace) existing national civil liability regimes. Where national law provides more protection, CSDDD does not reduce it.
Insurance implications: CSDDD civil liability creates insurance demand — companies will need liability coverage for HRDD failure risks. The insurance market for HRDD liability is developing.
CSDDD vs. Existing National HRDD Laws
CSDDD builds on existing national HRDD legislation:
Germany LkSG (Supply Chain Due Diligence Act, 2023): Applies to companies with 1,000+ employees; requires HRDD for own operations and direct suppliers (tier 1). Civil liability not included in LkSG — CSDDD adds this.
France Duty of Vigilance Law (2017): Applies to companies with 5,000+ French employees or 10,000+ global employees; broader scope (subsidiaries + suppliers + subcontractors); civil liability included. CSDDD aligns French approach with EU-wide standard.
UK Modern Slavery Act (2015): Requires disclosure of slavery and human trafficking in supply chains (transparency obligation) but no mandatory due diligence or civil liability — weaker than CSDDD.
Netherlands, Norway: Voluntary HRDD approaches; national HRDD laws under development aligning with CSDDD framework.
OECD MNE Guidelines and UNGPs: CSDDD operationalizes the UN Guiding Principles on Business and Human Rights (UNGP) and OECD Guidelines for Multinational Enterprises into mandatory EU law — representing the culmination of a decade of corporate HRDD norm development.
Implications for Investors
Portfolio company HRDD compliance monitoring: CSDDD creates a clear investor engagement anchor — are portfolio companies CSDDD-compliant? Do they have adequate HRDD systems? Civil liability risk from HRDD failure is a new category of investable financial risk.
Supply chain data availability: CSDDD HRDD processes will generate supply chain human rights and environmental impact data that is currently rarely available to investors. As CSDDD implementation progresses, supply chain ESG data quality should improve.
Climate transition plan obligation: CSDDD's 1.5°C-consistent transition plan requirement creates a new corporate obligation — alongside CSRD E1 disclosure and potential CA100+ engagement demands. Investors can reference CSDDD compliance in climate engagement.
Financial sector due diligence: While financial sector CSDDD scope is limited (own operations focus rather than full investment portfolio), the direction of EU regulation — extending due diligence to investment activities — remains a live policy debate.
Common Mistakes
Conflating CSDDD with CSRD. CSRD = reporting obligation; CSDDD = due diligence and prevention obligation. They have different scope, different requirements, and different enforcement mechanisms. Many companies are covered by CSRD but not CSDDD (and vice versa for some non-EU companies).
Treating value chain scope as limited to tier 1 suppliers. CSDDD covers established business relationships throughout the chain of activities — beyond direct suppliers where the company has ongoing relationships. Tier 2 and tier 3 suppliers with established relationships are in scope.
Ignoring the extraterritorial reach. Non-EU companies with €450M+ EU turnover are subject to CSDDD from approximately 2029 — including major US, Japanese, and other global corporations.
Related Concepts
Summary
CSDDD creates the EU's first legally binding mandatory human rights and environmental due diligence obligation for large companies — requiring identification, prevention, mitigation, and remediation of adverse impacts in own operations and value chains, with civil liability for HRDD failures. The final directive scope (1,000+ employees, €450M+ turnover) is narrower than originally proposed, with financial sector scope limited to own activities. Civil liability enforcement — allowing victims and NGOs to sue in EU courts for HRDD failures — is CSDDD's most distinctive feature. CSDDD complements CSRD: CSRD requires reporting on HRDD conducted; CSDDD requires actually conducting it. For investors, CSDDD creates a new financial risk category (HRDD failure liability) and an engagement anchor (requiring portfolio companies to demonstrate CSDDD compliance), while the supply chain data generated by widespread HRDD implementation will improve investor supply chain ESG analysis.