The EU Corporate Sustainability Due Diligence Directive (CSDDD) is a 2024 EU law that obliges large companies operating in the Union—whether headquartered inside or outside it—to identify, prevent, mitigate and remedy human-rights and environmental harm across their entire value chains from 2027 onward. Because it imposes mandatory—not voluntary—duties, follows turnover instead of flag, and backs them with hefty fines and civil liability, the Directive will reshape supply-chain risk management. It anchors the OECD Guidelines and UN Guiding Principles in EU law and meshes with the Corporate Sustainability Reporting Directive, turning sustainability promises into enforceable duties.
Companies with 1,000 employees and €450 million global turnover (or the same EU turnover for non-EU firms) will fall in scope by July 2029, with larger groups captured two years earlier, so the countdown has begun. This guide explains who must comply, what ‘appropriate measures’ the law expects, the penalties, the timeline, and how the Netherlands plans to transpose the Directive. By the end, you will have a practical roadmap—and, if needed, a partner who can walk you through each step.
What Is the EU Corporate Sustainability Due Diligence Directive (CSDDD)?
Directive (EU) 2024/1760, better known as the Corporate Sustainability Due Diligence Directive (CSDDD), was published in the EU Official Journal on 5 July 2024 after a two-year legislative marathon: Commission proposal (February 2022), Council–Parliament compromise (March 2024), formal adoption by both institutions (13 June 2024). Member States must transpose it by 26 July 2026, giving companies only a short runway before the first hard obligations take effect in 2027.
The law’s purpose is straightforward: push large businesses to manage—not merely disclose—social and environmental risks wherever they arise. By embedding the OECD Due Diligence Guidance and UN Guiding Principles into binding EU law, the CSDDD seeks to:
- Protect internationally recognised human rights such as freedom of association, the abolition of child labour and fair wages.
- Safeguard the planet by tackling deforestation, excessive greenhouse-gas emissions, water and soil pollution, and biodiversity loss.
- Level the playing field across the single market so responsible firms are not undercut by laggards.
The Directive sits beside, rather than inside, the EU’s growing “sustainability toolbox.” Where the Corporate Sustainability Reporting Directive (CSRD) requires companies to report what they do, the CSDDD tells them to do it. Its due-diligence outputs will also feed into EU Taxonomy eligibility assessments, Sustainable Finance Disclosure Regulation (SFDR) statements, and new Ecodesign rules—so aligning processes early is smart.
Key Terms the Directive Uses
- Adverse impact – any negative effect on protected human-rights or environmental interests.
- Severe impact – an adverse impact that is particularly serious, widespread or irreversible.
- Value chain – activities of a company, its subsidiaries and all direct or indirect business partners involved in the production, distribution, or end-of-life of goods or services.
- Business partner – entity (legal or natural person) in a direct or indirect business relationship with the company.
- Appropriate measures – actions that are capable of achieving the objective and are reasonable in light of the company’s degree of influence.
- Risk-based approach – prioritising impacts according to their severity and likelihood instead of trying to address everything at once.
Directive’s Territorial Reach
Unlike classic company-law rules that stop at the border, the CSDDD follows the money. Any group that meets the employee and turnover thresholds—whether registered in Rotterdam or Rio—must run due diligence across its global chain if it generates the specified turnover inside the EU. Conversely, EU-headquartered firms must look outward, covering overseas mines, farms, factories and logistics providers. In short, geography no longer shields misconduct: if the EU market matters to your business, so does the Directive.
Scope: Which Companies Must Comply?
The corporate sustainability due diligence directive (CSDDD) does not cast its net over every firm; it targets the economic heavyweights whose purchasing power shapes global supply chains. The final text creates three “size buckets,” each with its own start date, and applies them symmetrically to EU-incorporated companies and to third-country companies that reach comparable turnover inside the Union.
| Group | Employees (EU firms) | Net turnover (global) | Equivalent threshold for non-EU firms | First reporting year* |
|---|---|---|---|---|
| 1 | ≥ 5,000 | ≥ €1.5 billion | ≥ €1.5 billion EU turnover | 2027 |
| 2 | ≥ 3,000 | ≥ €900 million | ≥ €900 million EU turnover | 2028 |
| 3 | ≥ 1,000 | ≥ €450 million | ≥ €450 million EU turnover | 2029 |
*Obligations bite as of the last day of July in the cited year.
Several earlier drafts spoke of “high-risk sectors” (textiles, mining, agriculture) with lower entry points, but that carve-out was dropped during trilogue negotiations. Today, the only gating criteria are headcount and turnover. Counting is done on a consolidated basis, so subsidiaries are rolled up.
Because eligibility hinges on EU turnover, a California tech firm with 1,200 staff and €460 million annual sales to European customers falls in scope, whereas a similarly sized firm selling only to Asia does not—at least until its EU sales cross the line. Once in, the firm must perform due diligence across its worldwide value chain, not just the European slice.
Exemptions and Indirect Impact on SMEs
Micro-enterprises and small and medium-sized enterprises (SMEs) sit outside the Directive’s legal perimeter. Yet they will feel the ripple effects:
- Large buyers will insert CSDDD-aligned clauses into supply contracts, demanding codes of conduct, audit rights, and corrective-action plans.
- Tier-one suppliers may pass those requests downstream, creating a cascading due-diligence web.
- Banks and investors could ask for proof of compliance before extending credit, effectively making sustainability performance a gating factor for finance.
A Dutch textile SME, for instance, may receive a questionnaire about forced-labor safeguards even though it is nowhere near the turnover threshold. Preparing for such requests early will smooth future tenders.
Special Considerations for Financial Institutions
Banks, insurers, and asset managers meet the same size tests but face narrower operational duties. For now they must:
- Cover only “upstream” activities (their own operations and suppliers), not the ESG performance of every borrower or investee company.
- Integrate due-diligence expectations into policies such as Know-Your-Customer and ESG lending criteria.
- Await the 2027 Commission review that may expand the scope to downstream financial products.
Dutch supervisors have hinted that prudent institutions should still map high-risk client sectors and embed escalation triggers—prudence today may avoid penalties tomorrow.
Core Obligations Companies Need to Fulfill
Article 5 through 11 of the corporate sustainability due diligence directive (CSDDD) turn broad principles into seven concrete duties. Together they form a cycle: policy → risk assessment → action → grievance handling → monitoring → reporting → remediation. Because the regime is risk-based, companies must show they chose “appropriate measures” proportional to their leverage, not that they eliminated every problem overnight. Boards that view the list as a compliance tick-box will quickly run into trouble; supervisors will expect evidence that due diligence is embedded in day-to-day decision-making.
1. Embed Due Diligence in Corporate Policy
Each in-scope group must adopt a publicly available due-diligence policy, approved and reviewed annually by the board. The document must spell out:
- the company’s overall approach and measurable objectives,
- a code of conduct for employees and business partners, and
- the procedures used to implement, track, and update the program.
Integrating the policy into existing management systems (ISO 14001, SA8000, or your ERM framework) avoids duplication and shows regulators a coherent governance spine.
2. Identify and Assess Actual & Potential Impacts
A forward-looking risk map is required across the company’s own operations, subsidiaries, and full value chain. Firms must:
- Gather data from industry heat maps, supplier questionnaires, and on-site audits.
- Prioritize issues by severity and likelihood, documenting the rationale.
- Involve affected stakeholders or their representatives—trade unions, local NGOs, Indigenous communities—to ground assessments in reality.
3. Prevent and Mitigate Adverse Impacts
Where red flags surface, Article 7 lists a toolbox: develop corrective-action plans with clear timelines and KPIs; update purchasing practices to avoid “squeezing” suppliers; provide training and capacity building; include model clauses allowing suspension or termination if no improvement occurs. Termination must be last resort and accompanied by efforts to minimize harm to workers and communities.
4. Establish and Maintain a Complaints Procedure
Companies need an easily accessible channel—website portal, whistle-blower hotline, or local liaison office—that enables:
- workers (including those of suppliers),
- trade unions, civil-society groups, and
- communities directly affected
to submit concerns in their preferred language, anonymously if desired. Acknowledgement is due within five business days; reasoned responses and next steps within three months.
5. Monitor Effectiveness and Verify
At least once a year, firms must test whether their measures work. Typical elements include audit sampling, grievance-statistics analysis, and third-party verification. Findings feed back into the risk map and the board’s annual review, closing the Plan-Do-Check-Act loop.
6. Communicate Transparently
If the company is already under the CSRD, its due-diligence statement can sit inside the sustainability report; others must publish a stand-alone update on their website. The statement must cover policy, risks, actions taken, and results against KPIs—no marketing fluff, just verifiable facts.
7. Provide Remediation
When harm occurs and the company contributed to it, it must cooperate with victims to restore the situation—clean up pollution, pay unpaid wages, or offer financial compensation—while documenting the remedy process. Failure to do so may expose the firm to civil liability under Article 22 and sizable administrative fines.
Governance, Liability, and Enforcement Mechanisms
The corporate sustainability due diligence directive (CSDDD) does not just set technical duties; it rewires corporate governance and creates real teeth for enforcement. Boards, regulators and courts all receive new levers to make sure due-diligence promises translate into action—and victims finally gain a clear litigation pathway.
Directors’ Duties and Variable Remuneration Link
Article 29b obliges directors of EU companies in Groups 1 and 2 to oversee due-diligence integration, weigh human-rights and environmental impacts in strategic decisions, and report to the board on progress. Member States must also ensure that variable pay—for example, executive bonuses—“may” be linked to achieving climate-transition targets, giving remuneration committees an optional but powerful nudge. Breaches can trigger existing director-liability rules under national company law.
Civil Liability Regime
Victims can sue an in-scope company in the Member State where it is domiciled or where the harm occurred if they show:
- the firm breached its CSDDD duties,
- the breach caused damage, and
- a causal link exists.
The limitation period is five years from when the claimant knew (or should have known) the harm and the responsible party. The Directive rejects a reversal of the burden of proof but allows courts to order disclosure of relevant evidence—crucial in cross-border cases. Contractual waivers of liability are void.
Administrative Supervision and Sanctions
Each Member State must appoint a supervisory authority —AFM or ACM are the Dutch front-runners—with power to conduct inspections, subpoena documents, and impose corrective orders. Fines can reach up to 5 % of a company’s worldwide net turnover; repeat offenders face public naming-and-shaming on an EU portal. Authorities will cooperate through a new European Network to harmonise enforcement and share intelligence.
Interaction with Existing National Laws
Where national regimes already exist—France’s Loi de Vigilance, Germany’s Lieferkettengesetz, or the Netherlands’ proposed Wet verantwoord en duurzaam internationaal ondernemen—the CSDDD sets the floor, not the ceiling. Member States may keep or introduce stricter rules, but they cannot dilute the Directive’s minimum standards, ensuring a baseline of uniform obligations across the single market.
Practical Timeline: When and How to Prepare
The clock is ticking: once Member States transpose Directive (EU) 2024/1760 into national law, supervisory authorities will expect companies to show a concrete action plan, not excuses. Use the window between now and 2027 to move from PowerPoint to practice.
Transposition and Application Calendar
| Date | Milestone | What it Means |
|---|---|---|
| 5 Jul 2024 | Directive published | Legal text is final; no more lobbying. |
| 26 Jul 2026 | NL transposition deadline | Dutch implementing act enters Statute Book. |
| 31 Jul 2027 | Group 1 duties start | 5,000+ staff / €1.5 bn turnover must comply. |
| 31 Jul 2028 | Group 2 duties start | 3,000+ staff / €900 m turnover in scope. |
| 31 Jul 2029 | Group 3 duties start | 1,000+ staff / €450 m turnover caught. |
| 31 Jul 2030 | First fines possible | Supervisors can sanction year-one laggards. |
Step-by-Step Compliance Roadmap
- Board mandate & budget approval.
- Gap analysis against CSDDD Articles 5 – 11.
- Value-chain mapping and risk prioritisation.
- Draft due-diligence policy; update supplier contracts.
- Launch grievance mechanism and whistle-blower training.
- Integrate KPIs and controls into CSRD reporting cycle.
- Annual review, audit, and continuous improvement loop.
Leveraging Existing ESG and CSRD Processes
Most large Dutch companies already collect greenhouse-gas data and human-rights metrics for CSRD. Re-use that machine: align materiality assessment boundaries, feed risk-mapping outputs into the sustainability report, and embed CSDDD KPIs in the same internal-control framework to avoid parallel bureaucracies.
Tools, Frameworks, and Certifications
- OECD Alignment Assessment Tool
- ISO 20400 Sustainable Procurement
- SA8000 social-auditing standard
- Rainforest Alliance supply-chain traceability
- Global Reporting Initiative (GRI) for disclosure structure
These voluntary instruments are not silver bullets, but they provide off-the-shelf checklists that satisfy most supervisory expectations under the corporate sustainability due diligence directive (CSDDD).
CSDDD vs. CSRD and Other EU Sustainability Rules
If the growing pile of Brussels acronyms feels like alphabet soup, you are not alone. The EU has built a “toolbox” where each instrument tackles a different piece of the sustainability puzzle: some oblige companies to act, others to explain, and a few simply classify activities. Understanding who must do what helps avoid both gaps and duplicate work.
Purpose, Scope, and Audience: A Comparison Table
| Instrument | Nature of rule | Who it targets | Core obligation |
|---|---|---|---|
| CSDDD | Conduct-based due diligence | Companies ≥ 1,000 employees / €450 m turnover (incl. non-EU with equal EU sales) | Identify, prevent, mitigate, and remedy human-rights & environmental harm across the value chain |
| CSRD | Disclosure standard | Listed firms plus large undertakings (≈ 500 employees) | Publish ESRS-aligned sustainability statements in annual report |
| SFDR | Financial disclosure | Asset managers, insurers, pension funds | Explain how ESG risks & impacts affect investment decisions |
| EU Taxonomy | Classification system | Firms under CSRD & SFDR | Label revenue/capex/opex as “environmentally sustainable” or not |
Overlapping Data Requirements
All four regimes touch on greenhouse-gas emissions, workforce metrics, and supply-chain risks. The difference: CSRD asks you to report the numbers; CSDDD expects you to fix the underlying problems.
How to Streamline Compliance
- Map data once, pipe it into both CSRD reports and CSDDD risk dashboards.
- Use taxonomy tags to prioritise high-impact activities in due-diligence plans.
- Form a cross-functional ESG taskforce so legal, finance, and procurement speak the same language.
Common Questions from Businesses About the CSDDD
Clients keep asking the same practical questions the moment “Corporate Sustainability Due Diligence Directive” shows up on an agenda. Below are crisp answers to the five issues that dominate board and C-suite conversations.
Is the CSDDD mandatory or voluntary?
Mandatory—full stop. Once the Dutch implementing act transposes Directive (EU) 2024/1760, compliance becomes a legal duty. Supervisory authorities can levy fines up to 5 % of worldwide turnover and victims gain a statutory right to sue.
What is the threshold for CSDDD applicability?
For EU-incorporated companies: 1,000 employees and €450 million global turnover by July 2029, with higher bands (3,000/€900 m and 5,000/€1.5 bn) kicking in earlier. Non-EU firms must meet the same turnover levels generated inside the Union; headcount is irrelevant for them.
How does CSDDD differ from CSRD?
Think “do” versus “disclose.” The CSDDD obliges firms to run human-rights and environmental due diligence and fix problems; the CSRD obliges a wider set of firms to report sustainability data under ESRS standards. One is an operational duty, the other a transparency duty.
What does the Directive mean for companies operating in the Netherlands?
Dutch law will designate a national supervisor—likely the AFM or ACM—and spell out procedural rules. Companies already familiar with the Child-Labour Due Diligence draft bill will find many concepts similar but the CSDDD’s scope and penalties are broader.
Will SMEs have to do anything?
SMEs fall outside the legal thresholds, yet they will be asked by larger customers and banks to share data, sign codes of conduct, and remedy issues. Early preparation—basic policies, traceability, grievance channels—will keep them competitive in tenders and financing rounds.
Moving Forward
The corporate sustainability due diligence directive (CSDDD) is not another box-ticking exercise—it is a legal mandate to prevent harm before it happens. From 2027, boards must be able to show that their company can spot human-rights and environmental risks early, act to stop or limit them, track progress, and repair damage when things still go wrong.
So where should you start?
- Commission a legal and operational gap analysis against Articles 5–11.
- Map your top 80 % suppliers and open a dialogue on shared improvement plans rather than one-way questionnaires.
- Fold CSDDD checkpoints into existing CSRD, ISO, and internal-control cycles to avoid parallel reporting universes.
- Invest in traceability tech and a multilingual grievance channel—both will pay dividends when regulators come knocking.
Time is short, but help is close. Our sustainability and corporate teams have already guided Dutch and international clients through Germany’s Lieferkettengesetz, France’s Loi de Vigilance, and now the EU’s flagship CSDDD. If you need a sparring partner—or a full project lead—reach out to Law & More and turn compliance into a competitive edge. We are ready when you are.
