CSDDD Explained: Requirements, Timeline, and Compliance After the Omnibus

CSDDD Explained: Requirements, Timeline, and Compliance After the Omnibus

The Corporate Sustainability Due Diligence Directive (CSDDD) makes human rights and environmental due diligence a legal obligation for the largest companies operating in the EU. After the Omnibus I package entered into force in March 2026, the directive looks substantially different from its original 2024 version: higher thresholds, a risk-based approach, reduced penalties, and a delayed timeline. Yet one common misconception persists—the Omnibus weakened the CSDDD, but it did not abolish it.

This guide explains who is subject to the directive, what companies must do, how the CSDDD differs from the CSRD, and why suppliers well below the thresholds should prepare now.

 

CSDDD: Key Facts at a Glance

  • Scope: The CSDDD (also written CS3D) obliges large companies to identify, prevent, and address adverse human rights and environmental impacts in their own operations, subsidiaries, and chains of activities.

  • Thresholds after the Omnibus: The directive applies to EU companies with more than 5,000 employees and over €1.5 billion in net worldwide turnover, and to non-EU companies generating over €1.5 billion in net turnover in the EU.

  • Timeline: Member States must transpose the directive by July 26, 2028; companies must comply from July 26, 2029.

  • Penalties: Fines reach up to 3% of worldwide net turnover, and civil liability follows national law in each Member State.

  • Weakened, not abolished: The Omnibus softened the CSDDD but due diligence obligations remain legally binding for the largest companies and cascade through supply chains contractually.

 

What Is the CSDDD? The Corporate Sustainability Due Diligence Directive

The Corporate Sustainability Due Diligence Directive (Directive (EU) 2024/1760) entered into force on July 25, 2024, and establishes mandatory human rights and environmental due diligence for the largest companies active in the EU market. The Omnibus I Directive (EU) 2026/470, in force since March 18, 2026, substantially amended it.

Who is in scope after the Omnibus amendments:

  • EU companies with more than 5,000 employees and a net worldwide turnover above €1.5 billion, including on a consolidated basis for ultimate parent companies

  • Non-EU companies generating more than €1.5 billion net turnover within the EU—headquarters location does not shield foreign companies with significant EU business

  • Franchising and licensing arrangements can also bring companies into scope where royalty and turnover thresholds are met

The raised thresholds narrowed the directive from roughly 13,000 companies to about 6,000. Many readers will find their company formally out of scope—but as the supply chain section below shows, that does not mean the CSDDD is irrelevant for them.

What the Omnibus changed: Beyond raising thresholds, the Omnibus deleted the obligation to adopt a Paris-aligned climate transition plan, replaced comprehensive value chain mapping with a risk-based scoping exercise, removed the harmonized EU civil liability regime, and reduced the penalty framework. The core due diligence obligation, however, remains intact.

 

CSDDD Requirements: The Due Diligence Process

The CSDDD builds on the OECD due diligence framework. Companies in scope must embed a continuous process covering their own operations, subsidiaries, and direct business partners in their chain of activities:

  • Integrate due diligence into policies and risk management systems

  • Identify and assess actual and potential adverse human rights and environmental impacts—focusing on areas where impacts are most likely to occur and most severe

  • Prioritize impacts based on severity and likelihood where full simultaneous action is not possible

  • Prevent, mitigate, and remediate identified impacts through appropriate measures, contractual assurances, and support for business partners

  • Monitor the effectiveness of measures through periodic assessments

  • Communicate publicly on due diligence via an annual statement

Covered impacts include forced labor, child labor, unsafe working conditions, harmful soil changes, water and air pollution, deforestation, and excessive water consumption. The risk-based approach introduced by the Omnibus allows companies to rely on reasonably available information instead of exhaustively mapping every tier of the value chain.

 

CSDDD Timeline: Key Dates After the Omnibus Amendments

The CSDDD timeline has shifted multiple times. After the Stop-the-Clock Directive (2025) and the Omnibus I amendments (2026), the current dates are set out below. The original phased rollout by company size no longer exists—the Omnibus amendments consolidated the application into a single compliance date for all in-scope companies.

csddd_timeline_en

CSDDD timeline: from entry into force in 2024 to annual public statements applying from 2030.

 

CSDDD vs. CSRD: Key Differences

The CSDDD and the CSRD are complementary but fundamentally different instruments. The CSRD requires companies to report on sustainability matters; the CSDDD requires companies to act on adverse impacts. A company can be subject to both, only the CSRD, or neither.

Aspect CSDDD CSRD
Core obligation Conduct due diligence: identify, prevent, mitigate adverse impacts Report sustainability information per the ESRS
Nature Behavioral obligation (doing) Disclosure obligation (reporting)
Thresholds (post-Omnibus) >5,000 employees and >€1.5bn worldwide turnover >1,000 employees and >€450m turnover
Non-EU companies >€1.5bn net turnover in the EU >€450m EU turnover (with EU branch/subsidiary thresholds)
First application July 26, 2029 Financial years from January 1, 2027 (post-Omnibus waves)
Enforcement Supervisory authorities, fines up to 3% of worldwide turnover National enforcement of reporting requirements
Value chain focus Chain of activities: own operations, subsidiaries, business partners Reporting on value chain impacts, including Scope 3 emissions

CSDDD vs. CSRD: a behavioral obligation to act compared with a disclosure obligation to report.

Because the CSRD threshold sits far lower, many companies must report under the CSRD without falling under the CSDDD. Due diligence data and reporting data overlap heavily in practice—companies subject to both benefit from a unified data foundation. Details on the Omnibus changes to the CSRD: CSRD Omnibus: EU postpones sustainability reporting requirements.

 

CSDDD Compliance: Penalties and Liability

Non-compliance carries substantial consequences even after the Omnibus softened the original framework:

  • Administrative penalties: Supervisory authorities in each Member State can impose fines of up to 3% of a company's net worldwide turnover. For a company at the €1.5 billion threshold, this means a maximum potential penalty of €45 million—larger companies face proportionally higher caps. Authorities can also issue injunctions requiring companies to cease violations.

  • Civil liability: The Omnibus deleted the harmonized EU-wide civil liability regime. Liability for damages now follows the national law of each Member State, which means exposure varies across the EU. Procedural facilitations for affected persons remain, including rules on limitation periods and court-ordered disclosure of evidence. A review clause allows the EU to reassess a harmonized liability framework in the future.

  • Market consequences: CSDDD compliance can become a criterion in public procurement. Companies that fail to address adverse impacts also risk losing business partners who must enforce due diligence standards contractually.

 

CSDDD and the Supply Chain: Why SMEs Should Prepare

The CSDDD formally targets only the largest companies. In practice, its obligations cascade through entire supply chains: in-scope companies must obtain information from business partners, secure contractual assurances, and terminate relationships where severe impacts cannot be mitigated.

For suppliers, this means: customer questionnaires on human rights and environmental risks, contractual due diligence clauses, requests for emissions and sourcing data, and audits. Suppliers that cannot deliver credible data risk losing key accounts to better-prepared competitors.

The Omnibus introduced safeguards limiting information requests to companies below 5,000 employees—in-scope companies may only request such information where they cannot obtain it by other means. This protects SMEs from excessive data demands but does not eliminate the trickle-down effect. Preparing early with structured sustainability data, for instance on Product Carbon Footprints, turns a compliance burden into a competitive advantage.

Note for Companies in Germany:

The German Supply Chain Due Diligence Act (LkSG) applies to companies with 1,000+ employees in Germany and thus reaches far more companies than the amended CSDDD.

The German government plans to replace the LkSG with a new act implementing the CSDDD (Gesetz über die internationale Unternehmensverantwortung) by July 2028. In the transition period, the LkSG applies in a reduced form: lawmakers abolished the reporting obligation retroactively, and enforcement focuses on severe violations only.

The due diligence obligations themselves remain in force, and companies already complying with the LkSG hold a significant head start, since risk analysis methodology and documentation requirements overlap substantially.

 

From Compliance to Intelligence: The Better Question

Companies that treat the CSDDD as a checkbox exercise collect data once, file a statement, and repeat the scramble every year. Companies that treat due diligence data as a strategic asset answer a better question—not "How do we comply with the CSDDD?" but "How do we use this data for better decisions?"

Supply chain risk data, supplier assessments, and impact analyses feed procurement decisions, product design, and investor communication. The path leads from collecting data through analyzing, governing, and reporting it, toward evolving and scaling sustainability intelligence across the organization.

Turn Due Diligence Data into Strategic Advantage

sustainability-intelligence-wp-mailing

Learn how leading companies build a sustainability data foundation that serves compliance today and decision-making tomorrow: Collect → Analyze → Govern → Report → Evolve → Scale.

Download the Whitepaper

 

Frequently Asked Questions

What is the CSDDD?

The Corporate Sustainability Due Diligence Directive (CSDDD or CS3D) is an EU directive obliging the largest companies to identify, prevent, mitigate, and account for adverse human rights and environmental impacts in their own operations, subsidiaries, and chains of activities. It entered into force in July 2024 and was substantially amended by the Omnibus I Directive in March 2026.

Who falls under the CSDDD?

After the Omnibus amendments, the CSDDD applies to EU companies with more than 5,000 employees and over €1.5 billion net worldwide turnover, and to non-EU companies generating more than €1.5 billion net turnover within the EU. Thresholds also apply on a consolidated basis for ultimate parent companies. Roughly 6,000 companies remain in scope.

When does the CSDDD apply?

Member States must transpose the amended directive into national law by July 26, 2028. Due diligence obligations apply to in-scope companies from July 26, 2029. The annual public due diligence statement applies for financial years starting on or after January 1, 2030.

What is the difference between CSDDD and CSRD?

The CSRD is a reporting obligation: companies must disclose sustainability information according to the ESRS. The CSDDD is a behavioral obligation: companies must actively conduct due diligence and address adverse impacts. The CSRD applies from 1,000 employees and €450 million turnover, the CSDDD only from 5,000 employees and €1.5 billion turnover.

Did the Omnibus abolish the CSDDD?

No. This is a common misconception. The Omnibus raised thresholds, deleted the climate transition plan obligation, removed the harmonized EU civil liability regime, reduced maximum fines to 3% of worldwide turnover, and delayed application to July 2029. The core due diligence obligation remains legally binding for in-scope companies.

Does the CSDDD affect SMEs?

Not directly, but in practice yes. In-scope companies pass due diligence requirements to suppliers through contractual clauses, questionnaires, and data requests. The Omnibus limits information requests to companies below 5,000 employees, but suppliers who prepare structured sustainability data early gain a competitive advantage in customer relationships.

Jan Horst Schnakenberg

Jan Horst Schnakenberg

You may also like