The Corporate Sustainability Due Diligence Directive is the most significant supply chain compliance development in a generation.
The EU Corporate Sustainability Due Diligence Directive — CSDDD, also known as CS3D — was formally adopted in July 2024 after a prolonged and at times turbulent legislative process. It establishes, for the first time at EU level, a mandatory human rights and environmental due diligence obligation for large companies operating in the European market — regardless of where they are headquartered.
The Directive requires Member States to transpose its provisions into national law by July 2026. Companies with more than 5,000 employees and global turnover exceeding 1.5 billion euros will be subject to the national implementing laws from 2027. The threshold drops to 3,000 employees and 900 million euros in 2028, and to 1,000 employees and 450 million euros in 2029. Companies from outside the EU are in scope if their EU-generated turnover exceeds the applicable thresholds.
The Directive goes further than LkSG in several significant respects. It introduces civil liability — meaning affected parties can sue in-scope companies in EU courts for damages caused by due diligence failures. It requires companies to adopt a climate transition plan aligned with the Paris Agreement's 1.5°C pathway. And it places explicit duties on company directors to oversee due diligence obligations and to consider sustainability matters in their decision-making.
Broader than LkSG, and designed to be.
LkSG focuses primarily on direct suppliers, with limited obligations regarding indirect suppliers triggered only by substantiated knowledge of violations. CSDDD takes a broader approach, covering the company's own operations, those of its subsidiaries, and the activities of its established business relationships — both direct and indirect — across the full value chain.
The concept of 'established business relationship' is key. CSDDD does not require due diligence across every transactional relationship. It focuses on relationships that are lasting, in view of their intensity or duration, and that form a significant part of the value chain. This is a risk-based concept — but it is deliberately wider than a simple tier-one supplier list, and companies that have designed their due diligence around direct suppliers only will need to revisit that scope as the Directive's national implementing laws come into force.
The human rights and environmental issues covered by CSDDD are enumerated in annexes to the Directive, drawn from major international instruments including ILO core conventions, the UN Guiding Principles on Business and Human Rights, and a range of multilateral environmental agreements. The list is extensive and, in some sectors, will require companies to engage with risks they have not previously treated as compliance obligations.
The critical planning question for any company that will be in scope — directly or through its EU revenue — is not what CSDDD requires in principle, but what it will require of this company's specific value chain by 2027, 2028, or 2029. The time between now and those dates is not as long as it looks. Building a functioning due diligence system from scratch takes between 18 months and three years for a company of meaningful complexity. Companies that have not yet begun should treat this as an urgent programme, not a future planning item.
For the first time, due diligence failure can end in a European courtroom.
The civil liability provision is the element of CSDDD that most distinguishes it from any previous supply chain due diligence framework. Under Article 29 of the Directive, companies that fail to comply with their due diligence obligations and thereby cause or contribute to harm will be liable in damages to affected parties — subject to national procedural rules on burden of proof, limitation periods, and access to evidence.
This creates a fundamentally different risk profile from a purely administrative enforcement regime. The company that has a documented due diligence system but has not implemented it operationally faces not only regulatory fines but potential civil claims from workers, communities, and other affected parties who can demonstrate that the company's failure to act caused them harm. The volume of potential claimants in complex global supply chains is, in some sectors, very large.
The civil liability provision also creates a significant incentive for companies to build genuine due diligence systems rather than formal ones — because the defence against a civil claim will require the company to demonstrate that it took all appropriate measures to avoid the harm. A policy document will not constitute that defence. An operational system, properly documented, proportionate to the risk, and genuinely implemented, will.
This article reflects the compliance advisory perspective of Compliance House and is intended for informational purposes. It does not constitute legal advice. The regulatory landscape described is subject to ongoing development. Organisations seeking guidance on specific obligations should consult qualified legal counsel in the relevant jurisdiction.
Diesen Artikel herunterladen
Speichern Sie eine PDF-Kopie zum Offline-Lesen oder teilen Sie sie mit einem Kollegen, der sie nützlich finden könnte.