News & Insights

Client Alert

April 25, 2024

EU Council Approves Corporate Sustainability Due Diligence Directive


On 15 March 2024, the European Council approved the Corporate Sustainability Due Diligence Directive (“CSDDD” or “Directive”). 1The same text was approved by the EU Parliament on 24 April 2024 and is now final.The CSDDD will require large EU and non-EU companies to identify and address human rights and environmental impacts in their operations, supply chains and parts of their downstream value chains.

The 15 March vote follows a lengthy political saga which has seen a number of amendments to the text which had been agreed in principle by the Council and Parliament on December 14, 2023. While more restricted in scope than previously anticipated, the approved CSDDD nevertheless imposes wide-ranging due diligence obligations on a significant number of large EU and non-EU companies.2The European Parliament is expected to vote on this text in the plenary session that will run from 22 until 25 April 2024. If the European Parliament approves the CSDDD, formal adoption is expected in the first half of 2024, and it will then be implemented in each Member State.


After a phase-in period, the Directive will apply to the following companies:

  • EU companies and ultimate parent companies with more than 1,000 employees and a worldwide annual turnover higher than €450 million for each of the last two financial years.
  • Non-EU companies and ultimate parent companies with more than €450 million net turnover generated in the EU in the financial year preceding the last financial year. Unlike the Corporate Sustainability Reporting Directive (“CSRD”), this will apply irrespective of whether the non-EU company has a registered entity domiciled in the EU.
  • EU and non-EU companies that have entered into franchising or licensing agreements in the EU with third-party companies in return for The CSDDD covers EU franchising companies with more than €22.5 million in royalties and a net worldwide turnover of more than €80 million in the last financial year. The Directive covers non-EU franchising companies with more than €22.5 million in royalties in the Union and a net turnover in the Union of more than €80 million in the last financial year preceding the last financial year.

The Directive will apply to companies that meet those conditions for two consecutive financial years.

Although not covered by the Directive, small and medium enterprises (“SMEs”) could be impacted as contractors or subcontractors to covered companies, for example where a company within the scope of the CSDDD looks to flow down due diligence obligations to its suppliers and contractors.


The CSDDD sets out extensive due diligence obligations, based on the “soft law” international standards relating to human rights due diligence in the UN Guiding Principles on Business and Human Rights and OECD Guidelines for Multinational Enterprises. Companies must integrate risk-based human rights and environmental due diligence into their policies and risk-management systems. They must adopt due diligence policies describing their approach, processes, and code of conduct. Due diligence to identify and address actual or potential adverse impacts should cover the six steps defined by the OECD Due Diligence Guidance for Responsible Business Conduct. These comprise: (1) integrating due diligence into policies and management systems, (2) identifying and assessing adverse impacts, (3) preventing, ceasing, or minimizing actual and potential adverse impacts, (4) monitoring and assessing the effectiveness of measures, (5) communicating, and (6) providing remediation.

Due diligence must address risks of adverse impacts in a company’s upstream chain of activities which includes the design, extraction, sourcing, manufacture, transport, storage and supply of raw materials, products or parts, and development of the company’s product or service. Downstream risks are covered only with business partners engaged in distribution, transport, and storage of the product for or on the company’s behalf (impacts associated with the disposal or end use of the product or service have been excluded). Due diligence obligations of financial services companies, such as banks, insurance companies and asset managers, are limited to their own operations and their upstream supply chains, not their downstream value chains.

EU and non-EU large companies and their ultimate parent companies are also required to adopt and put into effect a transition plan for climate change mitigation that complies with the Paris Agreement goal to limit global warming to 1.5°C and with the EU objectives to achieve climate neutrality by 2050. The plan must cover Scopes 1 – 3 emissions and set time-bound targets related to climate change for 2030. It must also set intermediate targets in five-year steps up to 2050, based on conclusive scientific evidence, as well as key actions planned to reach those targets. This is an obligation of means, not results. Companies complying with CSRD climate change reporting, and companies covered by a parent company’s plan, are deemed to have met the obligation to adopt a plan. 3In addition to these topics, the CSDDD also addresses financial companies’ due diligence as well as the inclusion of due diligence criteria in public and concessions contracts, among a host of other topics. This Client Alert is not a full summary of the CSDDD text. The full text can be consulted here:


EU Member States will have two years from the entry into force of the Directive to enact transposition measures. The measures will apply to the companies affected within three to five years from the entry into force of the CSDDD, as set out by the following staggered timetable:

  • EU companies and ultimate parent companies with more than 5,000 employees and an annual net turnover higher than €1,500 million: three years;
  • EU companies and ultimate parent companies with more than 3,000 employees and an annual net turnover higher than €900 million: four years;
  • Non-EU companies and ultimate parent companies that have generated a net turnover in the EU higher than €1,500 million: three years;
  • Non-EU companies and ultimate parent companies that have generated a net turnover in the EU higher than €900 million: four years;
  • EU companies and ultimate parent companies with more than 1000 employees and an annual net turnover higher than €450 million, and non-EU companies and ultimate parent companies with an annual net turnover higher than €450 million generated in the EU, as well as companies with a franchising or licensing business model that fall under the scope of the Directive: five years.

Where a company fails to implement adequate due diligence in accordance with the CSDDD, it may be liable for administrative penalties and civil law damages:

Civil law damages: Under the Directive, a company will not be liable where damage was caused “only” by its business partners in its chain of activities (for example, a supplier). However, the scope of this limitation is unclear. Under the UN Guiding Principles, which underpin various aspects of the CSDDD, a purchaser company contributes to an adverse labour rights impact caused by a supplier where it applies undue pressure to that supplier to cut costs, in the knowledge that there is a risk that this might result in lowering labour standards. It is unclear whether, in these circumstances, the purchaser would benefit from the exclusion of liability under the CSDDD. Such issues of causation are generally left to the discretion of EU Member States in implementing the Directive.

Administrative sanctions: Each EU Member State will designate a supervisory authority to monitor whether companies comply with their human rights and environmental due diligence obligations. These authorities will be able to launch inspections and investigations, receive substantiated concerns, order cessation or remediation, and impose penalties on non-compliant companies, including “naming and shaming” and fines of up to 5% of their net worldwide turnover.


Companies that fall outside the scope of the CSDDD may nonetheless be subject to specific human rights and environment-related due diligence obligations under other measures of EU or domestic law, depending on their business sector, size and area of geographical operations, in particular: the Deforestation Regulation4Regulation (EU) 2023/1115 of the European Parliament and of the Council of 31 May 2023 on the making available on the Union market and the export from the Union of certain commodities and products associated with deforestation and forest degradation and repealing Regulation (EU) No 995/2010., the Batteries Regulation5Regulation (EU) 2023/1542 of the European Parliament and of the Council of 12 July 2023 concerning batteries and waste batterie, amending Directive 2008/98/EC and Regulation (EU) 2019/1020 and repealing Directive 2006/66/EC. See K&S Client Alert on the Batteries Regulation here., and the Conflict Minerals Regulation.6Regulation (EU) 2017/821 of the European Parliament and of the Council of 17 May 2017 laying down supply chain due diligence obligations for Union importers of tin, tantalum and tungsten, and their ores, and gold originating from conflict-affected and high-risk areas.

The first two regulations have a very broad scope. The Deforestation Regulation covers a wide range of commodities (products based on cattle, cocoa, coffee, oil palm, rubber, soya, and wood),7In-scope products are listed in Annex I of the Deforestation Regulation. while the Batteries Regulation applies to any type of batteries placed on the European market (either portable, LMT, SLI, industrial and electric vehicles batteries). Consequently, numerous sectors are impacted, from food and fashion to automotive and transportation.

More specifically, the due diligence obligations aim to collect information, data, and documents to ascertain the origin of either the above-mentioned commodities (Deforestation Regulation), or of the lithium, cobalt, nickel, natural graphite, and chemical compounds based on these raw materials used to manufacture batteries (Batteries Regulation). Operators are also required to adopt risk assessment and mitigation measures. These due diligence policies must address both social and environmental risks, which include, for instance, child and forced labour, GHG emissions, water-related issues (water pollution, access to water, flooding), or damage to wildlife and ecosystems. Furthermore, operators can be subject to complementary obligations, such as the establishment of a grievance mechanism.

Penalties for non-compliance with both regulations are to be adopted by Member States. The Batteries Regulation specifies only that the sanctions must be “effective, proportionate and dissuasive”.8Article 93 of the Batteries Regulation. The Deforestation Regulation is more precise and lays down a list of possible penalties: they may include fines up to 4% of the operator’s total annual Union-wide turnover, confiscation of the relevant products from the operator or revenues gained by the operator from transactions with the relevant products, temporary exclusion from public procurement processes and from access to public funding, and temporary prohibition from placing or making available on the European market the relevant products9Article 25 of the Deforestation Regulation..

In addition to the due diligence obligations described above, some European countries have also enacted domestic mandatory human rights and environmental due diligence legislation. A summary of these measures is provided through the K&S Business & Human Rights Regulation Tracker.

In addition, the CSRD imposes reporting obligations on certain companies doing business in the EU to report on the human rights and environmental due diligence programs which they have in place, in accordance with a set of sustainability reporting standards which are broadly aligned with the international standards on which the due diligence obligation under the CSDDD is founded.


The authors would like to thank Juliette Maler for her help preparing this article.