What is the Corporate Sustainability Due Diligence Directive (CSDDD)?

The Corporate Sustainability Due Diligence Directive (CSDDD) is a new EU directive that requires EU Member states to incorporate (“transpose”) the Directive’s provisions into national law to ensure that large companies (and their supply chains) who are operating in the EU comply with legally binding obligations to identify and mitigate environmental and human rights impacts.

The CSDDD forms part of a broader EU initiative to incorporate sustainability regulations into corporate conduct. It complements the Corporate Sustainability Reporting Directive (CSRD), which requires companies to disclose their environmental and social impacts, and the Sustainable Finance Disclosure Regulation (SFDR), which requires financial market participants to comply with mandatory reporting on sustainability practices across environmental, social and governance (ESG) factors.

Which companies are affected by the CSDDD?

The CSDDD applies to large companies (both EU-based and non-EU) and their third-party relationships with vendors and suppliers as follows:

• EU companies with more than 1,000 employees and more than €450 million worldwide gross revenue (also known as “turnover”); and

• Non-EU companies (for example, those headquartered in the US) with a net revenue of more than €450 million generated in the EU.

These requirements extend beyond the parent company—they apply to the company’s entire value chain (subsidiaries and business partners of those subsidiaries).

When does the CSDDD take effect?

Although it was adopted in 2024, the Directive’s goals will be rolled out on a staggered three-year timeline beginning in July 2027, depending on the size and revenue of the companies affected. The dates for rollout (originally planned for 2026) have changed to give companies more time to prepare. As of this writing, the dates are as follows:

July 26, 2027:

• EU companies with a net global revenue of at least €1,500 million and 5,000 or more employees; and
• Non-EU companies with a net EU revenue of at least €1,500 million.

July 26, 2028:

• EU companies with a net global revenue of at least €900 million and 3,000 or more employees; and
• Non-EU companies with a net EU revenue of at least €900 million.

July 26, 2029:

• EU companies with a net global revenue of at least €450 million and 1,000 or more employees; and
• Non-EU companies with a net EU revenue of at least €450 million.

What are the key requirements of the CSDDD?

There are 4 key requirements of the CSDDD:

• Mandatory due diligence obligations
• Climate Transition Plan requirement
• Establishing grievance mechanisms and public disclosures
• Monitoring and reporting obligations

Mandatory due diligence obligations

Companies must demonstrate that they have taken “appropriate measures” to meet due diligence requirements. For instance, companies must put in place a climate transition plan aligned with the Paris Agreement’s target goals. They must carry out due diligence to spot, prevent and address human rights and environmental risks across their operations (including supply chains). That said, they are not bound to avoid all adverse environmental or social impacts—though they must demonstrate that they have carried out due diligence to address them. If they cannot immediately avoid or mitigate negative impacts, they must demonstrate that they are creating an actionable plan to do so.

Measures include creating and executing preventative action plans and ensuring that business partners provide contractual assurances that they, too, will comply. Other measures include adjusting company operations (including purchasing, production, and distribution), infrastructure, strategy, and planning to comply.

Understanding the UK’s Economic Crime and Corporate Transparency Act (ECCTA)

While the CSDDD applies across EU member states, similar legislation has been introduced in other regions. The UK’s Economic Crime and Corporate Transparency Act 2023 (ECCTA) brings forward new rules to improve corporate transparency, strengthen company law, and combat financial crime. If your company operates in both the EU and the UK, you should ensure that your governance, due diligence, and reporting practices align with the requirements under both the CSDDD and ECCTA.

Climate Transition Plan requirement

Companies need to establish a transition plan for mitigating their operations’ effects on climate change (aligning with the goals of the Paris Agreement) through “best efforts”, as referred to in the CSDDD. Among other things, each company’s plan should include actionable timelines aligned with key milestones of the Paris Agreement, proof that the transition plan is feasible (e.g., funding), and an explanation of how senior leadership will manage the plan. Compliance with the EU’s CSRD may also satisfy this requirement.

Establishing grievance mechanisms and public disclosures

Businesses must demonstrate that they have a process for identifying and addressing grievances raised by individuals or communities affected by the company’s operations. This must also include a process to allow individuals to submit complaints.

Monitoring and reporting obligations

Companies are also required to provide a public accounting of their due diligence efforts (all policies and processes, as well as any issues they have identified, extending across their entire chain of vendors and business partners). A key part of this reporting also requires that they demonstrate how they’re identifying and addressing these issues.

How will the CSDDD and ECCTA be enforced?

As a legally binding Directive, the CSDDD allows for enforcement against non-compliant companies. However, as implementation is left to individual Member States, penalties will vary by country and are dependent on each country’s laws. If your business falls under the CSDDD, it’s important that you understand the specific enforcement mechanisms and penalties for each country in which you operate.

Penalties can range from large fines (up to 5% of gross global revenue or, if your company is a non-EU company, up to 5% of your gross EU revenue). There are other sanctions, including public disclosure of your non-compliance, which creates a heavy reputational risk, particularly for investors.

Companies can also face legal claims from individuals or communities that have been adversely affected or harmed by a company’s actions.

The UK’s ECCTA similarly strengthens enforcement powers and penalties for companies that fail to meet transparency and compliance standards. This reflects a wider movement among regulators to hold companies accountable for their environmental, social, and governance practices.

What are the implications of the CSDDD for US-based employers?

The CSDDD has significant implications for US-based employers, particularly those with substantial operations, subsidiaries, or supply chains in the EU. These companies must proactively align their internal policies, procedures, and risk management frameworks with EU standards, including conducting rigorous human rights and environmental due diligence.

This will likely result in increased scrutiny of supply chain practices (a significant departure from existing US legal standards) as well as higher compliance costs. Companies will also face greater pressure to demonstrate transparency and accountability throughout their European operations (again, this is a marked difference from US law). Non-compliance may result in financial penalties, legal liability, and reputational harm in key EU markets.

How should companies prepare for CSDDD and ECCTA?

Know the CSDDD: Familiarize yourself with both the Directive and the specific laws from each EU country in which you operate.

Understand overlapping regulatory frameworks: If your business operates in the UK, ensure that your compliance programs also address the ECCTA. This includes reviewing policies around ownership transparency, supply chain documentation, and director verification. Aligning your programs to both EU and UK obligations can help reduce duplication and ensure consistent reporting standards.

Gap analysis: Evaluate and revise your internal practices to address gaps in how your operations meet the human rights, environmental, and governance goals of the CSDDD.

Expert partners: Consider hiring a global compliance expert well-versed in how companies like yours are preparing their policies, contracts, and operations to comply with the  CSDDD  in each EU country in which you operate.

Third-party vendors: Pay particular attention to how you find, select, monitor, and communicate with your value chain for CSDDD compliance (and how you will terminate those relationships if needed). Ensure that you can enforce the contractual requirements placed on those partners to ensure compliance with the CSDDD. 

Due diligence: Develop an ongoing due diligence strategy  aligned with the Directive’s requirements. Once you have identified any gaps, examined your value chain, and revised or created your relevant policies and procedures, take immediate action to address them.

Complaints mechanism: Establish a transparent, impartial mechanism for effectively receiving and addressing complaints from individuals or groups adversely affected by your company’s actions and those of your third-party relationships.

Reporting plan: Create a reporting plan that is mapped to the CSDDD requirements. Make sure that you have a comprehensive, accurate, and reliable mechanism for gathering the appropriate data across all of your company’s operations—particularly as it relates to your third-party vendors and partners. At any given time, you will want the ability to quickly understand how well (or poorly) your company and its value chain is doing in terms of compliance.

How does the CSDDD fit into the EU’s broader sustainability agenda?

There are 3 other key components of the EU’s sustainability push:

1. The Corporate Sustainability Reporting Directive’s (CSRD) requires companies to disclose sustainability information to investors and stakeholders. The Directive’s reporting obligations intersect with the CSDDD’s due diligence requirements by ensuring that reported data is grounded in verified insights obtained through companies’ own supply chain due diligence processes.

1. The EU’s Sustainable Finance Disclosure Regulation (SFDR), which sets transparency obligations for financial institutions, will drive them to disclose how sustainability risks are integrated into their investment decisions. This added scrutiny from the financial sector will amplify pressure on companies to carefully monitor their supply chains.

1. Finally, Environmental, Social, and Governance (ESG) convergence, which standardizes how companies measure and report ESG performance, aligns closely with CSDDD by promoting common sustainability risk management standards.

For companies operating in both EU and UK markets, incorporating ECCTA requirements into sustainability and due diligence planning will support a more unified compliance approach and demonstrate a commitment to responsible business practices.

Prepare Your Company for EU Sustainability Compliance with a Trusted Global Solutions Expert

The transition from voluntary guidelines to legally enforceable obligations represents a significant turning point for US-based businesses operating in Europe. If your company has operations in the EU, start preparing now by understanding each country’s laws and penalties, and by assessing and adapting your operations to ensure smooth and effective compliance.

At HSP, our global compliance experts support global companies as they navigate complex sustainability regulations. If your business needs guidance preparing for the CSDDD or managing other global compliance obligations, reach out to our team today.

HSP is an end-to-end global expansion solutions provider focused on helping companies scale their operations overseas effectively and efficiently. We are the only global expansion expert to offer growing companies a full suite of end-to-end solutions designed to help them scale to any size and country. 

Our in-country experts have delivered the full spectrum of global expansion solutions—from EoR to entity set-up and management—across more than 100 countries (and counting). HSP brings full payroll, accounting, tax, legal, compliance, and HR services to corporate teams, integrating with in-house staff to both guide and execute across every domain.

Contact us to discover how our full suite of global mobility services can help your company successfully operate overseas in any environment.