Corporate Sustainability Due Diligence Directive (CSDDD, CS3D, CSDD)

What is the CDDD/CS3D/CSDD?

In recent years, the focus on sustainability in business has increased significantly. There is a growing emphasis on the need for companies to be responsible not only for their own activities, but also for the damage they cause to people and the environment through their activities. The European Commission (EC) has therefore published a proposal for a ‘due diligence policy’. Companies will have to identify, prevent, mitigate or eliminate negative impacts on human rights and the environment related to their activities (and those of their subsidiaries) within their value chain. This is known as the due diligence process.

Reporting on the results of due diligence makes it easier to identify and address negative human rights and environmental impacts. It also provides stakeholders with insight into the company’s performance and progress in this area.

A potential game-changer for business, society, and planet

Effect of ‘appropriate due diligence’ not yet achieved

Several companies have already implemented due diligence processes to conduct business in a sustainable and socially responsible manner. However, the fragmentation of national due diligence regulations hinders the widespread adoption of these initiatives and delays the development of best practices for specific sectors. These voluntary standards have not led to widespread improvements. As a result, negative externalities from production and consumption persist in the EU.

In addition, different interpretations of the concept of ‘due diligence’ by Member States create ambiguity in the interpretation of due diligence obligations in business. This is further complicated by the complexity of value chains, market pressures and lack of information. As a result, the intended effect of ‘due diligence’ is currently not being achieved.

EU legislation on ‘appropriate diligence’ in business would promote human rights compliance and environmental protection, create equal competition conditions for businesses within the EU, enhance transparency for stakeholders, and counter fragmentation resulting from individual actions by member states. The CSDDD will promote sustainability transition and protect human rights in the EU and beyond. The implementation of appropriate diligence in business will be encouraged in the coming years by this development, contributing to the promotion of corporate social responsibility (CSR) by Dutch companies in international trade. The CSDDD aims to have a far-reaching impact on the social responsibility of businesses, the conception of this responsibility by their directors and commissioners, and their strategy.

Scope of the CSDDD

Through the trilogue negotiations, the scope has been limited to ‘very large’ enterprises. ‘Very large’ encompasses the threshold values mentioned in the table below. Due to the significant increase in threshold values, only 0.05% of European enterprises fall within scope. However, because the directive includes provisions on the chain of activities, indirectly, other enterprises not within scope still encounter information requests and measures from enterprises falling within the scope (if they are business partners).

CSDDD entry into force

Like the CSRD, the CSDDD has a phased entry into force, that applies from the moment the CSDDD comes into effect, which looks as follows:

EUNon-EUWhen
Companies with more than 5000 employees and a turnover of €1500 millionCompanies with a turnover of more than €1500 million generated in the EU3 years after the CSDDD enters into force
Companies with more than 3000 employees and a turnover of €900 millionCompanies with a turnover of more than €900 million generated in the EU4 years after the CSDDD enters into force
Companies with more than 1000 employees and a turnover of €450 millionCompanies with a turnover of more than €450 million generated in the EU5 years after the CSDDD enters into force
Franchises receiving €22.5 million royalties worldwide and generating more than €80 million net turnover worldwideFranchises receiving €22.5 million royalties in the EU and generating more than €80 million net turnover in the EU5 years after the CSDDD enters into force

What does a due diligence policy entail?

The main objective of the CSDDD is to further clarify and strengthen due diligence in the value chain. It aims to (i) strengthen human rights safeguards, (ii) prevent or mitigate environmental harm, and (iii) take action to address global warming and climate change.

Companies must implement both human rights and environmental due diligence policies. Articles 7 to 16 apply to both.

The Due Diligence Policy consists of 6 (+1) steps:

1. Integration of due diligence into policies and risk management systems (Art. 7)

Companies are required to integrate a risico-based due diligence into their corporate policies and to adopt and annually update a due diligence policy that describes the company’s approach to due diligence, includes a code of conduct setting out the company’s rules and principles and lists the processes implemented to carry out due diligence.

2. Identifying, assessing and where necessary prioritising actual or potential negative impactsof actual or potential adverse impacts (Art. 8 & 9)

Companies should take appropriate measures to identify actual and potential adverse human rights impacts and adverse environmental impacts. To enable thorough identification of adverse impacts, this identification should be based on both quantitative and qualitative information. As part of this identification process, companies should engage with stakeholders potentially affected by the company’s activities.The duty to conduct due diligence extends to the company’s chain of activities. This includes both the upstream, and downstream activities of the company. Subsidiaries and business relationships should also be included in the due diligence process. Identification should take place before a new activity or relationship, before major operational decisions or changes, in response to or anticipation of changes in the operational environment, and periodically (at least annually) throughout the life of an activity or relationship. Companies should identify higher-risk business partners and evaluate the business models and strategies of their business relationships. The due diligence process is risk-based: the degree of due diligence should be proportionate to the severity and likelihood of a negative impact.Where it is not feasible to prevent, mitigate, eliminate or minimise all identified negative impacts at once and to their full extent, companies should prioritise negative impacts based on severity and likelihood.

When it is not feasible to prevent, mitigate, eliminate or minimise all identified negative impacts at once and to their full extent, enterprises should prioritise negative impacts based on severity and likelihood.

3. Prevent and reduce potential adverse impacts, and eliminate and minimise actual adverse impacts (Art. 10 and 11)

Companies must take appropriate measures to prevent or mitigate the identified potential adverse effects of its activities. Where appropriate, the following measures are required:

(a) develop and implement a preventive action plan, with reasonable and clearly defined timeframes for action and qualitative and quantitative indicators;

b) obtain contractual guarantees from direct business partners (cascade agreement), so that it will ensure compliance with the Code of Conduct and, if necessary, a preventive action plan;

c) make the necessary financial or non-financial investments in, for example, management or production processes and infrastructure;

(d) provide targeted and proportionate support to a small or medium-sized enterprise (SME) that is a business partner of the company, if compliance with the Code of Conduct or the Preventive Action Plan would jeopardise the viability of the SME;

e) cooperate with other entities to, inter alia, enhance the companies’ ability to prevent or mitigate the negative impact, especially when no other measure is effective.

Enterprises should take appropriate measures to eliminate actual negative effects or, if this is not possible, minimise the extent of the effects. In any case, it is expected to pay damages or financial compensation to affected individuals and communities and establish a corrective action plan (in addition to the measures listed above) if the actual negative impact cannot be ended immediately.

If a company has control and influence through contractual provisions, it must ensure that these provisions are effectively complied with. This may mean that the company materially supports the partner to comply with the contractual terms, for example with financial resources, education and training for management and operational staff. Simply contracting risk away to the partner is not an adequate measure to mitigate or terminate risk for the company. Terminating the contractual relationship with the business partner is seen as a last resort.

4. Providing remediation for actual negative effects (Art. 12)


When a firm has caused or jointly caused an actual negative effect, it must offer remedial measures. If it is caused solely by the firm’s business partner, the firm may offer voluntary remedial measures and/or use its ability to influence the business partner to enable remediation.

5. Meaningful cooperation with stakeholders (art. 13)

Companies shall ensure that appropriate measures are taken to cooperate effectively with stakeholders by providing relevant and comprehensive information. Stakeholders should be involved in the above due diligence steps. When consulting stakeholders, companies should remove obstacles to engagement as far as possible and ensure that participants are not subject to retaliation or retaliation, including by ensuring confidentiality or anonymity. Companies can fulfil these obligations through industry or multi-stakeholder initiatives, with the exception of consulting their own employees and their representatives.

6. Establish and maintain a notification mechanism and complaints procedure (Art. 14)

Companies are required to set up an effective grievance procedure accessible to (legal) persons, NGOs and trade unions. This enables them to file complaints when they have legitimate concerns about (potential) human rights violations and negative impacts of the company on the environment. A notification mechanism that meets the same conditions as the complaints procedure should also be set up.

7. Monitoring the effectiveness of due diligence policies and measures (Art. 15)

Companies should periodically assess the effectiveness of their policies and measures on the identification, prevention, mitigation, cessation and reduction of the magnitude of adverse impacts. Such assessments should be carried out at least once a year. And also when there has been a significant change in the chain of activities or there are reasonable grounds to believe that new risks may arise in relation to negative impacts. Companies should update their due diligence policies in line with the results of the assessment.

8. Disclosure of information on appropriate due diligence (Art. 16)

Companies will be required to publish annually on their website the due diligence process used and its results. EU companies subject to Directive 2013/34/EU must report in the annual report.

Communicating about business operations and the due diligence approach used is critical to maintaining credibility with the outside world (especially directly affected parties and stakeholders). Companies need to demonstrate that and how they carry out due diligence and what the results are.

+1 Combat against climate change (Art. 15)

Companies and non-EU companies operating in the EU must also prepare a plan to ensure that the business model and strategy are compatible with limiting global warming to 1.5°C. This plan should primarily describe the extent to which climate change poses a risk to, or has an impact on, business activities. If climate change is (or should have been) identified as a risk, the company should include greenhouse gas emission reduction targets in its plan.

CSDDD enforcement

The CSDDD combines administrative and civil enforcement to ensure compliance. Member States must designate a supervisory authority. The EC is also setting up a European network of supervisory authorities to promote cooperation and coordination.

The supervisory authorities have the power to request information and carry out investigations. In the event of a breach of the obligations laid down in the CSDD, administrative orders and sanctions may be imposed on the offender. Sanctions must be effective, dissuasive and based on net turnover.

Companies can also be held liable under civil law for damage resulting from a wilful breach of prescribed obligations or from a failure to (adequately) prevent, mitigate or terminate adverse effects. The civil liability regime must be mandatory and apply to the company’s own activities, its subsidiary and its business relations. If a damaging event is caused solely by a business partner, the company cannot be held liable.

Consistency with other European sustainability legislation

Corporate Sustainability Reporting Directive (CSRD)

These two Directives are closely linked. The CSRD requires reporting on ESG issues. This requires the establishment of processes to identify positive and negative impacts. This is closely linked to the CSDD’s due diligence requirement to identify negative impacts. In addition, companies falling within the scope of both Directives have to report (CSRD) on their due diligence obligations (CSDDD). The CSDDD also requires Group 1 companies to prepare a plan to ensure that the business model and strategy are compatible with the transition to a sustainable economy and with limiting global warming to 1.5°C in line with the Paris Agreement. Companies within the scope of the CSRD are also required to report on this.

The Sustainable Finance Disclosure Regulation (SFDR)

Among other things, this regulation requires companies to publish a statement on their due diligence policy regarding the main adverse effects (PAI indicators) of their investment decisions on sustainability factors. Here, the “comply or explain” principle applies.

For companies with more than 500 employees, this declaration is already mandatory. The EC can set regulatory technical standards for the sustainability indicators related to the different types of negative impacts. The CSDDD thus clarifies the way in which companies must conduct research before reporting on it under the CSRD.

Impact of the CSDDD

The CSDDD imposes extensive obligations on enterprises within its scope. Therefore, it is important to become familiar with these obligations in a timely manner and to understand how they will impact your business operations. Non-compliance can result in high costs and serious damage to reputation. The CSDDD will not come into effect until 2027, but companies can begin preparing and considering how existing practices can be improved to align with the current text of the directive.

Establishing and implementing due diligence policies will entail significant costs for enterprises, including transition costs to change their own business operations and ensure respect for human rights and the environment in their value chains. Suppliers and buyers will need to scrutinize each other, which may lead to the revision or termination of existing contracts and negotiations for new contracts. New negotiations will also be necessary for contract drafting. Unilaterally changing agreements is often not possible. Therefore, it is advisable to engage in dialogue and work together to find solutions.

It is wise to start by (i) developing a human rights and environmental policy, (ii) conducting a risk analysis of the value chain, (iii) establishing a complaints and knowledge mechanism, (iv) mapping management involvement in these topics, and (v) evaluating the role, expertise, and staffing of the legal and compliance departments. This is because they will play a crucial role in the implementation and demonstrable compliance with the CSDDD. Most aspects of the directive were already part of existing soft law initiatives. Therefore, it is prudent to address these issues in a timely and thorough manner.