Skip to content

The EU Corporate Sustainability Due Diligence Directive (CSDDD or CS3D) requires companies to be much more transparent about their human rights and environmental impacts. The CSDDD is a regulation designed to help companies identify and mitigate sustainability-related risks from their supply chains and sourcing operations.

The CSDDD is a companion law to the EU Corporate Sustainability Reporting Directive (CSRD) and a component of the EU Green Deal – the European Union’s strategy to make its economy more sustainable.

In 2024, the CSDDD will become EU law and should be transposed into national law by the Member States by 2026. At that point, the CSDDD will apply to a group of EU companies, only to encompass a host of non-EU businesses in 2029.

The CSDDD will apply to the following companies:

  1. From 2026, Group 1: EU companies with 500+ employees and €150 million+ in net annual turnover or revenue
  2. From 2028, Group 2: EU companies operating in high-impact sectors (textiles, agriculture, extraction of minerals) that don’t meet the thresholds of Group 1 but have 250+ employees and turnover of €40 million or more
  3. From 2029, Group 3: non-EU companies active in the bloc with turnover threshold aligned with Group 1, generated in the EU.
  4. From 2030, Group 4: non-EU companies active in the bloc with turnover threshold aligned with Group 2, generated in the EU.

The CSDDD will require companies to:

  1. Conduct due diligence to identify actual or potential impacts on human rights and the environment across the entire value chain
  2. Set an action plan to mitigate identified risks in their own operations and supply chain
  3. Continuously track the effectiveness of due diligence processes
  4. Be transparent about their due diligence efforts
  5. Align business strategy with the 1.5°C target of the Paris Agreement (Group 1 and Group 3)

Getting ready for the CSDDD? Take a look at our Regulatory Snapshot. In this guide, we’ll help you understand what the directive means for your business, what you need to do, and how to do it.

Applicable to:

The proposed EU directive establishes a corporate due diligence duty to identify and mitigate potential negative impacts on human rights and the environment within their operations or their value chains. In case of violations, a company must carry out remediation efforts, including financial compensation for the affected parties. Following the directive, the member states should establish legal liability for any reported damages.

Applicable to all asset and fund managers.

The SFDR introduces reporting rules to make the sustainability profile of funds more comparable to investors. Eligible companies must disclose pre-defined metrics that assess environmental, social and governance outcomes. The regulation requires asset managers to provide standardized reporting on how ESG factors integrate at both company and product levels.

The green taxonomy is primarily a classification system to clarify which economic activities can be considered environmentally sustainable. The EU Taxonomy provides a framework to define when a company operates in ways benefiting society and the environment, thus limiting greenwashing and creating a level playing field for sustainable investing.

The EU Taxonomy Regulation applies to the following three groups:

  1. Companies with more then 500 employees that fall under the Non-Financial Reporting Directive (NFRD)
  2. Players in the financial sector including occupational pension providers that offer offer and distribute financial products in teh EU, even if they are based outside the EU
  3. EU and member states institution when setting public measures, standards or labels for green financial products and corporate bonds

Requirements for companies from outside and within the financial sector differ, though some companies may fall into both categories.

The Corporate Sustainability Reporting Directive (CSRD) is a pivotal regulatory reform initiated by the European Commission aimed at improving the landscape of non-financial reporting. It significantly extends the existing Non-Financial Reporting Directive (NFRD) by expanding its scope, tightening reporting requirements, and integrating sustainability into corporate governance.

What companies are affected?

The breadth of companies affected by the CSRD is vast, encompassing nearly ten times the number of businesses covered by NFRD. It includes approximately 50,000 companies within the EU and an additional 10,000 companies headquartered outside the EU. Moreover, the scope is not confined to publicly listed companies. Entities, whether operating individually or as part of a consolidated group, across various categories may be subject to these reporting requirements.

When will reporting be required?

The reporting timeline differs based on the entity type. Entities classified as “large undertakings” with securities listed on an EU-regulated market and with over 500 employees, as well as those that are subject to NFRD will need report in 2024 with reports to be published by 2025. All other large companies will have their reporting deadline in 2025 with reports to be published in 2026. Reporting requirements for smaller entities will kick in a year later, companies headquartered outside the EU will need to report throught their EU subsidiaries in 2028, with the publication deadline in 2029.

What are the key reporting requirements?

CSRD breaks new ground for reporting requirements compared to NFRD that it replaces and many other national standards to date. Central to these requirements is the ‘double-materiality’ principle. It mandates companies to recognize not just the sustainability challenges posing risks to their operations, but also the global ecological and societal impacts generated by their business. The topics covered include climate change as well as additional environmental topics such as pollution and biodiversity, social topics such as own workforce and workers in the value chain, and governance topics such as business ethics and supplier payment

Companies will need to report in accordance with required standards depending on company location, size and sector. Some of these standards, such as European Sustainability Reporting Standards (ESRS,) have already been finalized, others are still in development.

Lieferkettengesetzes or LkSG requires companies that have their principal place of business in Germany and that employ at least 3,000 people (and starting January 2024, 1,000 or more) to disclose their due diligence measures to prevent and mitigate the risks of human rights violations and environmental damage. The law also indirectly impacts thousands of suppliers to those companies, not just in Germany.

The companies within the scope of the law are required to:

  1. Carry out regular, at least annual, human rights and environmental risk analyses of their operations and those of their direct (or in some cases indirect) suppliers
  2. Conduct ad hoc risk analyses for indirect suppliers where there is substantiated knowledge that human rights and environmental abuses exist

The law is designed to be consequential – penalties for non-compliance can range up to two percent of a company’s annual turnover. However, it comes with a raft of guidance from BAFA, the German government agency overseeing the implementation of LkSG, and established methodological pathways to be compliant.

Learn more about how EcoVadis solutions can support your company with LkSG-aligned risk analysis and compliance.

Applicable to companies operating in Germany with more than 3,000 employees (as of 2024, lowering the threshold to 1,000). Business that are part of the supply chains of those companies (directly or in tier 2 or more in some industries) will likely be required to respond to their ESG disclosure requests.

The German Supply Chain Act or Lieferkettensorgfaltspflichtengesetz (LkSG) aims to protect human rights and limit environmental harm by making it mandatory for companies in the scope noted above to conduct supply chain due diligence. LkSG mandates organizations to conduct risk identification and management, due diligence activities, and mitigation actions, as well as publish annual reports. Non-compliance can be costly, with penalties and fines ranging up to two percent of the company’s annual turnover.

In other words, companies within the scope of the German SUpply Chain Act must set up the following due diligence procedures:

  1. Establish a risk management system
  2. Define responsibility for compliance by, for example, appointing a human rights position
  3. Carry out regular risk analyses
  4. Adpot a policy on the company’s human rights strategy
  5. Implement preventive measures in the company’s own business area, which includes the activities of subsidiaries
  6. Take action in case of violation
  7. Set up an internal complaints procedures
  8. Establish and document due diligence procedures regarding risks associated with indirect suppliers
  9. Publish an annual report detailing due diligence procedures, risks identified and measures taken


Applicable to companies established in France, employing more than 5,000 people in France or 10,000 persons worldwide.

Under France’s devoir de vigilance, certain large companies must follow the UN Guiding Principles on Business and Human Rights in the execution of their business. It requires companies to establish due diligence processes throughout the supply chains to prevent human rights and environmental violations. Companies in the scope of the legislation need to do risk mapping to identify supplier risk levels by region or category, conduct due diligence assessments and mitigation, and develop annual plans (“plan de vigilance”), describing the related risks and measures taken to address them. Following a formal complaint, a failure to act with adequate diligence or adhere to standards of reasonable care may lead to civil liability of defaulting company.

To learn more about how the Duty of Care Law (Devoir de Vigilance) affects your business read our whitepaper (in French).

Applicable to companies selling goods and services to Dutch end-users, including companies registered outside the Netherlands.

The Child Labor Due Diligence Law requires companies to investigate whether child labor contributed to any goods or services they are selling or supplying. Companies must issue a due diligence statement, and if they identify any issues, set out a plan of action.

Companies that fail to comply with the requirements face steep fines, while continued non-compliance can result in criminal sanctions. It’s one of the first criminal enforcement tools for a failure to exercise human rights due diligence.

In short, below are the key requirements of the law:

  1. Companies are expected to investigate and determine whether there is reasonable suspicion that child labor contributed to the goods or services they are selling or supplying.
  2. If such a reasonable suspicion exists companies are required to create and engage in a “plan of action” to address their finding.
Scope 3 Decarbonization accelerates! See the Latest Strategies and Key Figures.
View Now
Need to respond to growing due diligence regulations? Check out our latest ebook.
View Now