EU CSDDD / CS3D (2024)

CSDDD is the EU's horizontal corporate due-diligence directive. It requires in-scope companies to integrate human-rights and environmental due diligence into corporate policies and risk-management systems, identify and assess actual and potential adverse impacts, take appropriate measures to prevent, mitigate, bring to an end and remediate impacts, establish and maintain a complaints mechanism, monitor effectiveness, and communicate publicly on due diligence.

It draws explicitly on the UN Guiding Principles on Business and Human Rights and the OECD Guidelines for Multinational Enterprises, raising those soft-law standards into binding EU law for in-scope companies.

Franchise / licensing arrangements with annual royalties >€22.5m and turnover thresholds also trigger inclusion. The Omnibus I proposal (February 2025) would push the first phase to 2028 and significantly narrow scope — track the trilogue outcome before relying on relaxed parameters.

CSDDD's coverage is the 'chain of activities': upstream business partners involved in production of the company's goods or services (including raw-material extraction, design, manufacture and transport) and certain downstream partners involved in distribution, transport and storage. It deliberately excludes downstream use, disposal and the end-customer relationship.

This is narrower than CSRD's value-chain horizon. A company may have value-chain reporting under CSRD that extends to product disposal but due-diligence obligations under CSDDD that stop at downstream distribution.

1. Integrate due diligence into policies and risk-management systems — board-level commitment, code of conduct, integration into operations and procurement.
2. Identify and assess actual and potential adverse impacts — periodically and ad hoc when triggers arise (new operation, new partner, country-risk change).
3. Prevent and mitigate — prevention action plans, contractual cascading, capacity building of suppliers, investment in changes, disengagement only as a last resort.
4. Bring actual adverse impacts to an end — remediation, including financial or non-financial compensation where the company caused or contributed to the impact.
5. Establish and maintain a notification mechanism and complaints procedure — accessible to affected stakeholders and others with legitimate concerns.
6. Monitor effectiveness — periodic assessment of the due-diligence measures and the policies, with revisions where ineffective.

CSDDD requires in-scope companies to adopt and put into effect a transition plan for climate change mitigation aimed at ensuring, through best efforts, compatibility with the 1.5°C limit and with EU 2050 climate neutrality. The plan must include time-bound targets (5-year intervals to 2050), key actions to reach those targets, and implementation actions. The first iteration must be adopted within 12 months of entering scope.

CSDDD establishes Member State civil-liability regimes: a company is liable for damage caused to a natural or legal person where the company intentionally or negligently failed to comply with prevention or bringing-to-an-end obligations and the failure resulted in the damage. Affected persons (and trade unions / NGOs on their behalf) can bring actions in Member State courts. The directive includes provisions on limitation periods, evidence disclosure and reasonable cost of proceedings.

Each Member State designates one or more supervisory authorities to monitor compliance, with powers to require information, conduct investigations and order interim measures. Penalties must be effective, proportionate and dissuasive, with a maximum that is at least 5% of net worldwide turnover for legal persons. A European Network of Supervisory Authorities supports cross-border coordination.

• CSRD — disclose due-diligence process and outcomes; CSDDD is the operational obligation behind much of S1-S4 and G1.
• EUDR — sectoral due-diligence for forest-risk commodities; CSDDD is horizontal and additional.
• Conflict Minerals Regulation 2017/821 — sectoral, additional to CSDDD.
• Forced Labour Regulation (EU) 2024/3015 — separate market-access mechanism; CSDDD process feeds it.
• Battery Regulation 2023/1542 — battery due-diligence (Articles 47-53) sits alongside CSDDD.

• Treating CSDDD as a procurement-only exercise rather than a board-level governance obligation.
• Disengagement-first response to identified impacts — the directive expects engagement and mitigation as the default.
• Climate transition plan published without operational anchoring.
• Complaints mechanism that is not accessible to chain-of-activities stakeholders (language, channel, anonymity).
• Risk assessments done once and not refreshed when country, partner or operation changes.
• Confusing CSRD value chain with CSDDD chain of activities — different scope, different lens.