A Quiet Revolution: How the CSDDD (2026) creates opportunities for sustainable business.
By Liesbeth Unger, Human Rights at Work
Introduction: What Is the CSDDD and Why Does It Matter?
On March 18, 2026, the Corporate Sustainability Due Diligence Directive (CSDDD) officially entered into force. While compliance won’t be mandatory until July 26, 2029, this landmark EU law is set to reshape corporate accountability for human rights and environmental impacts. This will give companies sufficient time to prepare.
At first glance, the CSDDD applies to only about 1,000 large EU companies, but its influence will extend far beyond. Businesses of all sizes, whether suppliers, subcontractors, or SMEs, will feel its influence as larger corporations adapt their due diligence practices. This article explores how the CSDDD, despite its debated and diluted form, presents significant opportunities for businesses and sustainability professionals committed to meaningful sustainability.
Understanding the CSDDD: A Framework for Responsible Business
The CSDDD is an EU directive designed to ensure that companies identify, prevent, and mitigate adverse human rights and environmental impacts throughout their value chains. It requires businesses to adopt a proactive approach to due diligence, moving beyond voluntary commitments to legally binding obligations.
Who must comply?
The directive primarily targets large EU-based companies (5000+ employees and €1,5 billion turnover), as well as non-EU companies operating within the European market. However, its reach extends far beyond these entities. The CSDDD places a responsibility on in-scope companies to monitor their business partners, including those not directly covered by the legislation, such as smaller European suppliers and subcontractors.
This represents a significant shift from the first versions of the CSDDD, which initially proposed a broader scope with government oversight of compliance. Now, the burden of supervision and monitoring falls on companies themselves, rather than public authorities. While this reality aligns with the long-standing principles of responsible supply chains – as outlined in the OECD Guidelines for Multinational Enterprises – the CSDDD now formalizes this expectation into legal obligations, reinforcing the role of businesses as active guardians of human rights and environmental standards.
Timeline for implementation
Companies have until July 26, 2029, to fully comply with the CSDDD. However, the transition period offers an invaluable opportunity for businesses to prepare strategically, turning regulatory requirements into a competitive advantage.
The CSDDD’s Opportunities
The CSDDD has faced criticism for being diluted during negotiations of the Omnibus legislation, yet it still offers powerful tools for businesses to enhance their sustainability efforts. Below, I examine how the directive can drive meaningful change from the current situation, where some large companies already are (partly) implementing due diligence.
1. Smart Scoping: A Risk-Based Approach to Due Diligence
One of the most significant advantages of the CSDDD is its emphasis on risk-based scoping. Rather than requiring companies to map their entire supply chains, a task that is often resource-intensive and impractical, the directive allows businesses to focus on sectoral and geographical risks.
This approach aligns with what many companies are already doing for their first-tier suppliers but extends it further into the supply chain without relying on endless supplier questionnaires.
This shift represents a critical improvement. Too often, companies find themselves trapped in the endless cycle of supply chain mapping, dedicating substantial time and resources to documentation without driving meaningful change.
The CSDDD encourages businesses to move beyond mapping and instead focus on identifying and addressing actual risks, making due diligence more efficient and impactful.
2. Focused supplier assessments: reducing burdens, increasing impact
For high-risk areas, the CSDDD mandates in-depth assessments. However, it also imposes restrictions on the information companies can demand from smaller suppliers- those with fewer than 5,000 employees.
This limitation presents a dual opportunity : not only can it save business partners time by reducing the need to answer multiple, overlapping questionnaires from different clients, it also allows companies to make requests for information, often in the form of self-assessment questionnaires (SAQs), much more focused and risk-based.
The SAQs should not ask for information that can be obtained by other means, such as publicly available policies, websites or sustainability reports.
Instead of requesting information already available in public documents, companies can focus on what truly matters: the human rights due diligence management systems their business partners have in place and how they manage risks that are not already disclosed in public reports or policies. By standardizing these requests, suppliers can provide this information once, in a consistent format, rather than tailoring responses to each client’s unique demands.
This approach incentivizes greater transparency, as suppliers that proactively disclose relevant information will likely be viewed more favorably. It also fosters a culture of collaboration, where due diligence becomes a shared effort rather than a one-sided demand.
3. The Cascading Effect: Extending Due Diligence Beyond Tier One
Most companies currently limit their due diligence efforts to direct suppliers. The CSDDD, however, encourages businesses to look deeper into their supply chains, particularly in high-risk sectors. Risks are often more severe deeper in the supply chain. The challenge is that information about risks beyond the first tier is often difficult to obtain without cooperation from direct business partners. By requiring companies to assess risks beyond their immediate suppliers, the directive promotes a much needed cascading effect of due diligence.
By leveraging their direct business relationships, companies can drive systemic improvements across entire industries, ensuring that due diligence is not just a first-tier exercise but a comprehensive, multi-level process.
4. Prevention and Mitigation: The Core of the CSDDD
The most transformative aspects of the CSDDD are found in Articles 10 and 11, which outline the ‘appropriate measures’ companies must take to prevent and mitigate adverse impacts. Notably, these articles remained largely unchanged under the Omnibus discussions, preserving their original intent and scope.
These provisions represent a significant departure from traditional compliance approaches, emphasizing proactive and corrective action rather than reactive measures. They require companies to go beyond documentation and actively address risks in their operations and supply chains.
- Prevention Action Plans
Companies are now required to develop prevention action plans that include clear timelines and measurable indicators for improvement. This structured approach ensures that due diligence is not merely a box-ticking exercise but a dynamic process aimed at driving continuous progress.
- Contractual Assurances with Shared Responsibility
The CSDDD moves beyond the practice of requiring suppliers to sign generic codes of conduct. Instead, it mandates contractual assurances that integrate due diligence obligations directly into formal agreements. Recital 46 clarifies that these assurances should be designed to ensure responsibilities are shared appropriately between companies and their business partners.
This is not just about ensuring compliance with a code of conduct. The real opportunity lies in the fact that companies can now require prevention action plans from their suppliers, including measures to ensure those suppliers, in turn, obtain contractual assurances from their own business partners. This creates a cascading effect, pushing due diligence deeper into the supply chain.
Additionally, the directive requires verification of compliance, meaning a mere signature will no longer suffice. Companies must actively check whether their suppliers are meeting their obligations. For SMEs, the CSDDD even allows for partial coverage of verification costs by the contracting company, reducing the burden on smaller businesses.
- Investments, adjustments, upgrades and business plan adjustments
Perhaps the most innovative aspect of the directive is its encouragement of investments, adjustments or upgrades – whether in facilities, production processes, and infrastructures or modifications and improvements in business plan or strategies.
Companies are prompted to modify purchasing practices that contribute to adverse impacts, such as unrealistic pricing or tight deadlines. This provision is particularly relevant for addressing systemic issues where a company’s business model may inadvertently exacerbate human rights or environmental risks. ·
- Support for SMEs
The CSDDD recognizes that smaller suppliers often lack the resources to implement complex due diligence requirements. As such, it encourages larger companies to provide targeted support, such as training and capacity-building initiatives. While this is already recognized as good practice – particularly in contrast to the ineffective “top-down policing” approach – it remains underutilized in reality.
The directive now has the potential to turn this good practice into a regular measure, ensuring that SMEs receive the assistance they need to meet due diligence expectations. This approach not only strengthens supply chain resilience but also promotes a more inclusive and equitable business environment.
- Responsible Suspension Over Termination
Responsible suspension replaces responsible termination of the business relationship when efforts to mitigate the risk are not working. The termination of the relationship when a so-called “zero-tolerance” issue occurs -such as child labor – has done a lot of damage in the past, as children often end up in worse situations when the relationship ends.
The CSDDD now emphasizes using leverage to solve the negative impact and suspend the relationship while looking for a solution, which requires more involvement from the buying company.
However, there will always be situations where termination is the only way to prevent complicity in human rights violations, and companies will likely continue to end relationships when no other solution exists.
Under the CSDDD, the mere continuation of a business relationship will not lead to penalties if there is a reasonable expectation that the enhanced prevention action plan will succeed.
However, once this expectation is no longer reasonable, companies may face penalties if they cannot demonstrate that they have taken all possible measures to influence their business partners.
5. Meaningful Stakeholder Engagement
While the CSDDD now excludes consumers, NGOs, human rights institutions, and environmental organizations from the mandatory stakeholder engagement requirements, it still makes practical sense for companies to consult these groups.
In many cases, direct engagement with affected stakeholders, such as workers or local communities, may not yet be possible due to accessibility, safety, or logistical challenges. In such situations, NGOs and other intermediary organizations can serve as critical bridges, helping companies reach and understand the perspectives of those most impacted.
Meaningful stakeholder engagement, though not fully defined in the directive, has always been a cornerstone of effective human rights due diligence. The CSDDD’s emphasis on engagement- even if not universally mandatory – can increase the effectiveness of risk identification and mitigation efforts. For companies, well-executed stakeholder consultations can become a powerful tool, providing insights that desk-based research or supplier questionnaires alone cannot uncover.
6. Monitoring: don't wait five years
Monitoring to ensure that measures are effective and adequate remains part of the CSDDD, though under the revised text, it is now only mandatory once every five years (at least every five years or whenever there are reasonable grounds). A word of practical advice: don’t wait that long. Five years is a long time in a supply chain.
If a company cannot demonstrate that its due diligence measures are working, it will struggle to show compliance, regardless of what the minimum requirement says. For example how will a company know whether the corrective action plan of a supplier succeeds and the suspension can be lifted, if it is not monitoring its suppliers? How can it report aligning with the CSRD, which is required every year?
Preparing for the CSDDD: A Strategic Approach
For businesses looking to prepare for the CSDDD, the following steps provide a roadmap for turning compliance into an opportunity for leadership:
1. Conduct a risk scoping to prioritize high risk areas in the supply chain
Begin by identifying high-risk sectors and geographical areas within your operations and supply chains. This scoping exercise should rely on existing data, such as country risk reports, sector-specific analyses, and publicly available information, rather than attempting to map the entire supply chain. The goal is to prioritize risks and focus resources where they are most needed.
2. Conduct In-Depth Risk Assessments where risks are severest
Once high-risk areas are identified, conduct targeted, in-depth assessments in those specific parts of your operations or supply chain where the highest risks might occur. The CSDDD encourages companies to avoid unnecessary burdens on smaller suppliers (those with fewer than 5,000 employees) by focusing only on what is proportionate and risk-based.
3. Review and Refine Supplier Questionnaires
Review public available information on suppliers and adapt your supplier questionnaires accordingly, ensuring they are focused, risk-based, and non-redundant. Standardize requests where possible to reduce the burden on suppliers while maintaining the rigor of your assessments.
4. Develop Prevention Action Plans
Create detailed prevention action plans that include timelines, measurable goals, and clear responsibilities. Analyze business plan, strategies and operational processes including purchasing practices to identify where these can be used to prevent risks. Align these plans with internationally recognized frameworks, such as the UN Guiding Principles on Business and Human Rights.
5. Engage Stakeholders Meaningfully
Go beyond superficial consultations by engaging directly with workers, local communities, and other affected stakeholders. Working together with business partners, local organisations, digital tools, local experts to make this engagement possible. Their insights can provide a deeper understanding of risks and potential solutions.
6. Train Your Team
Human Rights and Environmental Due diligence is not just a compliance exercise, it is a strategic business practice. Invest in training your team to ensure they understand the importance of the CSDDD and how to implement its requirements effectively
Why the CSDDD Matters for Your Business
The CSDDD is more than a regulatory obligation; it is an opportunity to strengthen your business in several key ways:
Risk Reduction: By addressing human rights and environmental risks proactively, you can avoid costly disruptions and reputational damage.
Trust and Reputation: Demonstrating a commitment to sustainability builds trust with customers, investors, and other stakeholders.
Competitive Advantage: Companies that embrace the CSDDD early will position themselves as leaders in responsible business, gaining an edge in an increasingly sustainability-conscious market.
Conclusion: Leading the Change
- The CSDDD is not a perfect law, but it represents a critical step forward in corporate accountability.
- While the law provides a baseline for compliance, its real impact will depend on how it is interpreted, applied, and evolved over time.
- Courts, regulators, and stakeholders will shape its implementation, and what constitutes minimal compliance today may not align with emerging good practices tomorrow.
- The CSDDD is not the finish line, it is the starting point for a new era of corporate raccountability. The businesses that thrive will be those that embrace this shift, turning legal obligations into opportunities for real, measurable impact.
- The choice is clear: Will your company aim for minimal compliance or will it set the standard for what good practice looks like.
Useful links
To be kept up to date on developments around the CSDDD, EUFLR and human rights due diligence, subscribe to my newsletter: https://www.humanrightsatwork.nl/#newsletter
https://eur-lex.europa.eu/search.html?scope=EURLEX&text=omnibus+i+-+corporate+sustainability+due&lang=en&type=quick&qid=1775224061875
