Skip to content
GT
⚖️ Human Rights Due Diligence
Back to course
Regulatory LandscapeLesson 1 of 46 min readEU CSDDD (2024)

EU Corporate Sustainability Due Diligence Directive (CSDDD)

EU Corporate Sustainability Due Diligence Directive (CSDDD)

On 25 July 2024, Directive 2024/1760 on corporate sustainability due diligence entered into force, marking the most significant mandatory human rights due diligence legislation in the world. The CSDDD transforms voluntary best practice into a binding legal obligation for thousands of companies operating in or selling into the European Union, with the explicit aim of ensuring that large businesses identify, prevent, mitigate, and account for their adverse human rights and environmental impacts across global value chains.

Why the CSDDD Was Needed

Before the CSDDD, corporate human rights due diligence in Europe was fragmented. Individual member states, notably France with its Loi de Vigilance (2017) and Germany with its LkSG (2023), had enacted national laws, but these created an uneven playing field. A company could relocate its European headquarters to avoid stricter national rules while continuing to trade freely across the single market. The European Commission's own research found that only one-third of large companies had taken meaningful steps to assess their human rights impacts, and progress was slow and uneven.

The Directive responds to this gap by establishing a harmonised legal framework across all EU member states, creating legal certainty and ensuring that responsible behaviour does not become a competitive disadvantage. Seventy percent of businesses that responded to the Commission's public consultation confirmed that EU-level action was needed.

Scope: Which Companies Are Covered?

The CSDDD applies to two categories of companies:

  • Large EU companies: approximately 6,000 EU limited liability companies and partnerships with more than 1,000 employees and a net worldwide turnover exceeding EUR 450 million.
  • Large non-EU companies: approximately 900 non-EU companies generating more than EUR 450 million net turnover in the EU, regardless of employee headcount.

SMEs (small and medium-sized enterprises) are explicitly excluded from the scope. However, the Directive includes protective provisions for SMEs that may be indirectly affected as suppliers or business partners in the value chains of in-scope companies, to prevent disproportionate compliance burdens being passed down the chain.

Key Scope Thresholds

EU companies: over 1,000 employees AND over EUR 450 million global turnover. Non-EU companies: over EUR 450 million turnover in the EU. These thresholds were raised from earlier drafts through the Omnibus simplification package of February 2025, reducing the estimated number of directly in-scope companies while maintaining the core obligations.

Core Obligations: The Due Diligence Duty

The heart of the CSDDD is a corporate due diligence duty requiring companies to:

  • Integrate due diligence into their policies and risk management systems with a written due diligence policy updated annually.
  • Identify actual and potential adverse human rights and environmental impacts in their own operations, their subsidiaries, and across their value chains.
  • Prevent and mitigate potential adverse impacts, including through action plans, contractual assurances from business partners, and financial and non-financial support for SME suppliers.
  • Bring to an end actual adverse impacts and minimise their extent, with priority given to the most severe and most likely impacts.
  • Establish and maintain a complaints procedure allowing affected persons, trade unions, and civil society organisations to raise concerns.
  • Monitor the effectiveness of the due diligence policy at least annually.
  • Communicate publicly on due diligence, consistent with the Corporate Sustainability Reporting Directive (CSRD) requirements.

In addition to the due diligence duty, large companies (those meeting the full employee and turnover thresholds) must adopt and put into effect a climate transition plan aligned with the Paris Agreement's 1.5°C pathway and the EU's 2050 climate neutrality objective.

Analogy: The CSDDD as a Financial Audit Requirement

Just as financial auditing laws require companies to maintain accurate accounts and identify financial risks - not simply to report them after the fact, but to have systems in place to prevent and correct errors - the CSDDD requires companies to maintain human rights and environmental due diligence systems. The legal obligation is not to guarantee zero harm, but to demonstrate that a genuine, systematic process of identification and prevention was undertaken.

Civil Liability and Access to Justice

One of the most significant innovations of the CSDDD is its civil liability regime. Member states must ensure that companies can be held civilly liable for damages caused to natural persons or property as a result of the company's failure to comply with its due diligence obligations, where the failure led to the harm and where the company failed to prevent or end the adverse impact.

Importantly, the Directive places the burden of proof on the company to demonstrate that it took all due care in accordance with the Directive. Affected persons have a five-year limitation period to bring claims, and courts may order disclosure of evidence held by the company. Trade unions and civil society organisations are also permitted to bring representative actions on behalf of affected individuals, significantly lowering barriers to access to justice.

Enforcement: Administrative Supervision

Each member state must designate a national supervisory authority responsible for monitoring compliance. These authorities can carry out investigations, issue guidance, and impose sanctions, including:

  • Injunctive orders requiring a company to cease a breach or to take remedial action.
  • Administrative fines that are effective, proportionate, and dissuasive. The Directive mandates that fines must be capable of reaching at least 5% of the company's net worldwide turnover for the most serious breaches.

At the European level, the Commission will establish a European Network of Supervisory Authorities to coordinate enforcement across member states and ensure consistent application of the rules.

Transition Timeline and the Omnibus Simplification

The CSDDD follows a staggered implementation timeline. Under the current proposals, member states must transpose the Directive into national law by 26 July 2027. The rules will then begin to apply to the first group of companies one year later, with full application across all in-scope companies by 26 July 2029.

In February 2025, the European Commission adopted an Omnibus package aimed at simplifying due diligence requirements, reducing the regulatory burden on companies while preserving the Directive's core policy objectives. The package raised the scope thresholds and proposed simplifications to value chain requirements. As of early 2026, the Omnibus amendments are being considered by the European Parliament and Council.

Example: A German Retailer's CSDDD Obligations

A German clothing retailer with 1,200 employees and EUR 600 million annual turnover is directly in scope. It must map its supply chain from Tier 1 cut-and-sew factories through to cotton farms, identify salient human rights risks (including forced labour risks in cotton sourcing from high-risk regions), develop prevention action plans, establish a complaints mechanism accessible to affected workers, and publish an annual due diligence report aligned with CSRD disclosures. If a documented adverse impact occurs and the company cannot demonstrate it exercised genuine due diligence, it faces civil liability claims and administrative fines of up to 5% of global turnover.

Relationship to Other Frameworks

The CSDDD explicitly builds on the UN Guiding Principles on Business and Human Rights and the OECD Guidelines for Multinational Enterprises. Companies that have already implemented robust UNGP-aligned due diligence processes will find many obligations familiar, though the CSDDD adds binding legal weight and specific procedural requirements not present in voluntary frameworks.

The Directive also interacts closely with the Corporate Sustainability Reporting Directive (CSRD) and the EU Taxonomy Regulation, creating an integrated sustainability governance architecture in which due diligence processes inform disclosures, and disclosures are used to verify that the due diligence duty is being met in practice.

Key Takeaways

  • 1The CSDDD (Directive 2024/1760) entered into force on 25 July 2024 and applies to approximately 6,000 EU companies and 900 non-EU companies meeting employee and turnover thresholds
  • 2Core obligations include integrating due diligence into governance, identifying and preventing adverse impacts across value chains, establishing complaints procedures, and publishing annual communications
  • 3The civil liability regime allows affected persons to sue companies for damages caused by due diligence failures, with the burden of proof on the company
  • 4Administrative enforcement by national supervisory authorities can include fines of up to 5% of global net turnover for the most serious breaches
  • 5An Omnibus simplification package adopted in February 2025 proposed raising scope thresholds while preserving core obligations, with full application expected by 26 July 2029

Knowledge Check

1.Under the EU CSDDD (Directive 2024/1760), which threshold determines whether a large EU limited liability company is in scope?

2.What is the maximum administrative fine that can be imposed on a company for the most serious breaches of the CSDDD?

3.How does the CSDDD's civil liability regime differ from a simple regulatory fine?

1 of 4