EU Corporate Sustainability Due Diligence Directive (CSDDD): Which Companies Are In Scope and What Is Required
The EU Corporate Sustainability Due Diligence Directive (CSDDD, also called CS3D) was adopted in May 2024 and requires large EU and non-EU companies with significant EU operations to identify, prevent, and remedy actual and potential adverse human rights and environmental impacts in their own operations and value chains. Phased implementation begins from 2027.
- What CSDDD Requires in Plain Language
- Which Companies Are in Scope
- Supply Chain Mapping: The Core Operational Challenge
- Human Rights Obligations: What Counts as Adverse Impact
- Civil Liability and Enforcement
What CSDDD Requires in Plain Language#
CSDDD imposes a corporate duty of care for human rights and environmental impacts across the full value chain. Companies in scope must: conduct due diligence to identify actual and potential adverse impacts (child labour, forced labour, unsafe working conditions, pollution, biodiversity harm) in their direct operations and those of their business partners; take appropriate measures to prevent, mitigate, or end those impacts; establish a complaints mechanism for affected individuals and organisations; report publicly on their due diligence processes; and adopt a transition plan for climate change aligned with the Paris Agreement 1.5°C target. Critically, the duty extends to 'established business relationships' — direct suppliers and, for high-risk sectors and situations, indirect suppliers further up the chain. This goes significantly beyond most existing voluntary standards.
Which Companies Are in Scope#
CSDDD applies in three tiers. From 2027, EU companies with more than 5,000 employees and net worldwide turnover above €1.5 billion, and non-EU companies with EU turnover above €1.5 billion (generated in the EU). From 2028, EU companies with more than 3,000 employees and net worldwide turnover above €900 million, and equivalent non-EU companies. From 2029, EU companies with more than 1,000 employees and turnover above €450 million, and non-EU companies with EU turnover above €450 million. This phased scope means the largest multinationals must comply first and will require their suppliers — including smaller companies not directly in scope — to provide due diligence information as part of their contractual obligations. SMEs are not directly in scope but will be indirectly affected through customer contracts.
The most demanding operational requirement of CSDDD is comprehensive supply chain mapping.
Supply Chain Mapping: The Core Operational Challenge#
The most demanding operational requirement of CSDDD is comprehensive supply chain mapping. Companies must identify and document their 'chain of activities' — all business partners involved in producing, processing, and distributing their goods or services. For manufacturing companies, this typically means mapping Tier 1 (direct) suppliers and, for higher-risk products or geographies, Tier 2 and Tier 3 suppliers as well. Supply chain mapping at this depth is genuinely difficult: many large companies have thousands of Tier 1 suppliers and potentially millions of Tier 2 and Tier 3 relationships. The CSDDD adopts a risk-based approach — companies are required to prioritise due diligence efforts based on the severity and likelihood of adverse impacts, not to conduct identical scrutiny of every supplier. But the mapping must happen before risk prioritisation is possible.
Data-backed guides on AI, eCommerce, and SME strategy — straight to your inbox.
Human Rights Obligations: What Counts as Adverse Impact#
CSDDD's human rights obligations are grounded in international instruments: the UN Guiding Principles on Business and Human Rights, the OECD Guidelines for Multinational Enterprises, and the conventions of the International Labour Organization. The specific impacts companies must identify and address include: child labour, forced or compulsory labour, unsafe working conditions, inadequate wages, excessive working hours, freedom of association violations, and discrimination. Environmental obligations reference pollution, biodiversity impacts, and the handling of hazardous substances. In practice, the most common high-risk areas for global supply chains involve agricultural commodities, garment manufacturing, electronics assembly, and extractive industries — precisely the sectors where many EU companies source intensively from emerging market countries.
Civil Liability and Enforcement#
CSDDD introduces civil liability provisions: companies can be held liable for damages caused by adverse impacts that they failed to prevent or address, where those impacts were caused by their own operations or those of their subsidiaries and indirect business partners in their established business relationships. Member states must ensure that affected persons can bring claims, and that the limitation period for claims is at least five years. National supervisory authorities will enforce CSDDD with penalties including fines of up to 5% of global net turnover. This combination of public enforcement and private litigation creates significant legal risk for companies that treat CSDDD compliance as a box-ticking exercise. AskBiz tracks CSDDD transposition deadlines by member state and flags which of your supplier countries have been designated high-risk under relevant due diligence standards.
- The EU Corporate Sustainability Due Diligence Directive (CSDDD, also called CS3D) was adopted in May 2024 and requires large EU and non-EU companies with significant EU operations to identify, prevent, and remedy actual and potential adverse human rights and environmental impacts in their own operations and value chains.
- Phased implementation begins from 2027.
People also ask
Which companies must comply with CSDDD?
CSDDD applies to large EU companies and non-EU companies with significant EU turnover, phased from 2027 to 2029. From 2027: companies with 5,000+ employees and €1.5bn+ worldwide turnover (EU) or €1.5bn+ EU turnover (non-EU). From 2028: 3,000+ employees and €900m+ turnover. From 2029: 1,000+ employees and €450m+ turnover. SMEs are not directly in scope but will face indirect requirements through customer contracts with in-scope buyers. Your dashboard flags the CSDDD compliance timeline applicable to your company's size and structure.
What is supply chain due diligence under CSDDD?
CSDDD due diligence requires companies to identify, prevent, mitigate, and address adverse human rights and environmental impacts in their own operations and those of their business partners. This means mapping direct and indirect suppliers, conducting risk assessments, implementing contractual safeguards, and monitoring supplier compliance. For high-risk sectors and geographies, deeper due diligence of Tier 2 and Tier 3 suppliers is expected. The process is risk-based — priority goes to the most severe and likely impacts — but comprehensive supply chain mapping is the necessary starting point.
What penalties apply for CSDDD non-compliance?
CSDDD requires member states to establish penalties including fines of up to 5% of global net turnover for non-compliant companies. Member states must designate national supervisory authorities responsible for enforcement. CSDDD also introduces civil liability — affected persons can bring legal claims for damages from supply chain impacts that a company failed to prevent. The limitation period for claims is at least five years. Combined public and private enforcement creates significant risk for companies with incomplete due diligence systems.
Our team combines expertise in data analytics, SME strategy, and AI tools to produce practical guides that help founders and operators make better business decisions.
Map Your Supply Chain Risk Before CSDDD Kicks In
AskBiz helps you identify which of your supplier relationships carry CSDDD human rights and environmental risk flags, so your due diligence is documented and defensible. Start free.
Connects to Shopify, Xero, Amazon, QuickBooks, Stripe & more in minutes